7.5

CVSS3.1

CVE-2023-7269 - ArtPlacer Widget < 2.21.2 - Stored XSS via CSRF

The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

πŸ“… Published: July 19, 2024, 6 a.m. πŸ”„ Last Modified: May 16, 2025, 1:07 p.m.

6.5

CVSS3.1

CVE-2023-7268 - ArtPlacer Widget < 2.21.2 - Subscriber+ Arbitrary Widget Deletion

The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets

πŸ“… Published: July 19, 2024, 6 a.m. πŸ”„ Last Modified: May 16, 2025, 1:15 p.m.

5.3

CVSS4.0

CVE-2024-6899 - SourceCodester Record Management System view_info.php sql injection

A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file view_info.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been discl…

πŸ“… Published: July 19, 2024, 5 a.m. πŸ”„ Last Modified: Nov. 21, 2024, 9:50 a.m.

8.2

CVSS3.1

CVE-2024-21527 -

Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-side…

πŸ“… Published: July 19, 2024, 5 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.1

CVSS3.1

CVE-2024-21583 -

Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/auth …

πŸ“… Published: July 19, 2024, 5 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.9

CVSS4.0

CVE-2024-6898 - SourceCodester Record Management System index.php sql injection

A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument UserName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been di…

πŸ“… Published: July 19, 2024, 3:31 a.m. πŸ”„ Last Modified: Nov. 21, 2024, 9:50 a.m.

3.7

CVSS3.1

CVE-2024-30130 - HCL Nomad server on Domino is affected by a use of web browser cache containing sensitive informati…

HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.

πŸ“… Published: July 19, 2024, 12:03 a.m. πŸ”„ Last Modified: Oct. 30, 2025, 6:31 p.m.

8.8

CVSS3.1

CVE-2024-41602 -

Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL

πŸ“… Published: July 19, 2024, midnight πŸ”„ Last Modified: May 29, 2025, 4:08 p.m.

7.5

CVSS3.1

CVE-2024-27489 -

An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request.

πŸ“… Published: July 19, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2024-40400 -

An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file.

πŸ“… Published: July 19, 2024, midnight πŸ”„ Last Modified: June 4, 2025, 4:46 p.m.
Total resulsts: 349182
Page 9103 of 34,919
Β« previous page Β» next page
Filters