6.4

CVSS3.1

CVE-2024-7791 - 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.4.3 - Authenticated (Contributor+) Stored Cr…

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arrow’ parameter within the Post Grid widget in all versions up to, and including, 1.4.4.3 due to insufficient input sanitization and output escaping. This makes it possibl…

📅 Published: Aug. 27, 2024, 10:59 a.m. 🔄 Last Modified: April 8, 2026, 5:21 p.m.

0.0

CVE-2024-8197 -

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-7859. Reason: This candidate is a reservation duplicate of CVE-2024-7859. Notes: All CVE users should reference CVE-2024-7859 instead of this candidate. All references and descriptions in this candidate have been removed to prevent…

📅 Published: Aug. 27, 2024, 10:59 a.m. 🔄 Last Modified: Oct. 4, 2024, 4:15 p.m.

8.4

CVSS4.0

CVE-2024-6789 - Path traversal in M-Files API

A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files

📅 Published: Aug. 27, 2024, 9:57 a.m. 🔄 Last Modified: Feb. 23, 2026, 11:16 a.m.

7.3

CVSS3.1

CVE-2024-41176 - Beckhoff: Local Denial of Service issue in package MDP included in TwinCAT/BSD

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in the context of user “root” via a crafted HTTP request.

📅 Published: Aug. 27, 2024, 8:01 a.m. 🔄 Last Modified: Oct. 1, 2024, 7:15 a.m.

5.5

CVSS3.1

CVE-2024-41175 - Beckhoff: Local Denial-of-Service vulnerability in TwinCAT/BSD and the IPC-Diagnostics package

The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local denial-of-service attack by a low privileged attacker.

📅 Published: Aug. 27, 2024, 8:01 a.m. 🔄 Last Modified: Sept. 12, 2024, 2:25 p.m.

7.3

CVSS3.1

CVE-2024-41174 - Beckhoff: Improper input neutralization vulnerability in the IPC-Diagnostics package in TwinCAT/BSD

The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker.

📅 Published: Aug. 27, 2024, 8:01 a.m. 🔄 Last Modified: Jan. 28, 2025, 5:27 p.m.

7.8

CVSS3.1

CVE-2024-41173 - Beckhoff: Local authentication bypass in the IPC-Diagnostics package included in TwinCAT/BSD

The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker.

📅 Published: Aug. 27, 2024, 8 a.m. 🔄 Last Modified: Sept. 12, 2024, 2:52 p.m.

5.9

CVSS3.1

CVE-2024-7608 -

An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.

📅 Published: Aug. 27, 2024, 7:40 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-8046 - Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.4.1 - Authenticated (Author+) …

The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

📅 Published: Aug. 27, 2024, 7:34 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-7304 - Ninja Tables – Easiest Data Table Builder <= 5.0.12 - Authenticated (Author+) Stored Cross-Site Scr…

The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Auth…

📅 Published: Aug. 27, 2024, 6:48 a.m. 🔄 Last Modified: April 8, 2026, 5:16 p.m.
Total resulsts: 347742
Page 8580 of 34,775
« previous page » next page
Filters