CVE-2024-33549 |
Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-33550 |
Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-33552 |
Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-33556 |
Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-33567 |
Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-33569 |
Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-33644 |
Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-33917 |
Authentication Bypass by Spoofing vulnerability in webtechideas WTI Like Post allows Functionality Bypass.This issue affects WTI Like Post: from n/a through 1.4.6.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-34058 |
The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail message).
|
MITRE Corporation |
2024-05-18 21:54:50 |
CVE-2024-34241 |
A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications.
|
MITRE Corporation |
2024-05-18 21:54:50 |
CVE-2024-34370 |
Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-34434 |
Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.2.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-34567 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 1.1.29.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-34575 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.2.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-34752 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.8.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-34755 |
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through 1.3.9.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-34756 |
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 HubSpot.This issue affects Integration for Contact Form 7 HubSpot: from n/a through 1.3.1.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-34757 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visualmodo Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg allows Stored XSS.This issue affects Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg: from n/a through 1.5.3.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-34806 |
Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-34807 |
Cross-Site Request Forgery (CSRF) vulnerability in CodeBard Fast Custom Social Share by CodeBard.This issue affects Fast Custom Social Share by CodeBard: from n/a through 1.1.2.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-34809 |
Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-34919 |
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file.
|
MITRE Corporation |
2024-05-18 21:54:50 |
CVE-2024-34959 |
DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php.
|
MITRE Corporation |
2024-05-18 21:54:50 |
CVE-2024-34982 |
An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.
|
MITRE Corporation |
2024-05-18 21:54:50 |
CVE-2024-34997 |
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array().
|
MITRE Corporation |
2024-05-18 21:54:50 |
CVE-2024-35110 |
A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker.
|
MITRE Corporation |
2024-05-18 21:54:50 |
CVE-2024-35173 |
Missing Authorization vulnerability in PluginEver Serial Numbers for WooCommerce – License Manager.This issue affects Serial Numbers for WooCommerce – License Manager: from n/a through 1.7.3.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-35174 |
Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42.
|
Patchstack OÜ |
2024-05-18 21:54:50 |
CVE-2024-35190 |
Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.
|
GitHub (maintainer security advisories) |
2024-05-18 21:54:50 |
CVE-2024-35312 |
In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 (with lite vanguards), aka TROVE-2024-003.
|
MITRE Corporation |
2024-05-18 21:54:50 |