10

CVSS3.1

CVE-2024-56829 -

Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx.

πŸ“… Published: Jan. 2, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2025-22214 -

Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection.

πŸ“… Published: Jan. 2, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS4.0

CVE-2025-0168 - code-projects Job Recruitment _feedback_system.php sql injection

A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. This affects an unknown part of the file /_parse/_feedback_system.php. The manipulation of the argument person leads to sql injection. It is possible to initiate the attack remotely. The exploit has been dis…

πŸ“… Published: Jan. 1, 2025, 1:31 p.m. πŸ”„ Last Modified: Feb. 25, 2025, 9:26 p.m.

6.1

CVSS3.1

CVE-2024-11846 - Travel Tour < 5.2.4 - Reflected XSS

The does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

πŸ“… Published: Jan. 1, 2025, 6 a.m. πŸ”„ Last Modified: Jan. 9, 2026, 6:37 p.m.

0.0

CVE-2024-56020 - WordPress SvegliaT Buttons Plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in svegliadesign SvegliaT Buttons svegliat-buttons allows Stored XSS.This issue affects SvegliaT Buttons: from n/a through <= 1.3.0.

πŸ“… Published: Dec. 31, 2024, 11:09 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

0.0

CVE-2024-56021 - WordPress Category Post Shortcode Plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibnuyahya Category Post Shortcode category-post-shortcode allows Stored XSS.This issue affects Category Post Shortcode: from n/a through <= 2.4.

πŸ“… Published: Dec. 31, 2024, 11:08 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.4

CVSS3.1

CVE-2024-56062 - WordPress Royal Elementor Addons and Templates plugin <= 1.3.987 - Cross Site Scripting (XSS) vulne…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through <= 1.3.987.

πŸ“… Published: Dec. 31, 2024, 11:07 p.m. πŸ”„ Last Modified: April 1, 2026, 4:21 p.m.

5.4

CVSS3.1

CVE-2024-56063 - WordPress Essential Addons for Elementor plugin <= 6.0.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.0.7.

πŸ“… Published: Dec. 31, 2024, 11:06 p.m. πŸ”„ Last Modified: April 1, 2026, 4:21 p.m.

5.1

CVSS4.0

CVE-2024-56803 - Ghostty improperly handles window title sequences which can lead to arbitrary command execution

Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious se…

πŸ“… Published: Dec. 31, 2024, 10:48 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

0.0

CVE-2024-56825 -

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2024. Notes: none

πŸ“… Published: Dec. 31, 2024, 10:35 p.m. πŸ”„ Last Modified: Jan. 5, 2026, 6:48 p.m.
Total resulsts: 344974
Page 6896 of 34,498
Β« previous page Β» next page
Filters