CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: April 24, 2024. 17:00:48 UTC
click on an item for more info;
ID | Description | Modified | References |
---|---|---|---|
CVE-2017-18017 | The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | April 24, 2024. 13:40:00 | [www.kernel.org][lkml.org] |
CVE-2022-45852 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5. | April 24, 2024. 13:39:00 | [patchstack.com] |
CVE-2023-23976 | Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2. | April 24, 2024. 13:39:00 | [patchstack.com] |
CVE-2023-23985 | Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4. | April 24, 2024. 13:39:00 | [patchstack.com] |
CVE-2024-32702 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute info systems ARForms allows Reflected XSS.This issue affects ARForms: from n/a through 6.4. | April 24, 2024. 13:39:00 | [patchstack.com] |
CVE-2024-32707 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Image Slider Widget allows Stored XSS.This issue affects Image Slider Widget: from n/a through 1.1.125. | April 24, 2024. 13:39:00 | [patchstack.com] |
CVE-2024-32711 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a through 2.6.3. | April 24, 2024. 13:39:00 | [patchstack.com] |
CVE-2024-32772 | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. | April 24, 2024. 13:39:00 | [patchstack.com] |
CVE-2024-32785 | Cross-Site Request Forgery (CSRF) vulnerability in Webangon The Pack Elementor addons allows Cross-Site Scripting (XSS).This issue affects The Pack Elementor addons: from n/a through 2.0.8.3. | April 24, 2024. 13:39:00 | [patchstack.com] |
CVE-2024-32789 | Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through 8.1.0. | April 24, 2024. 13:39:00 | [patchstack.com] |
CVE-2024-32808 | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. | April 24, 2024. 13:39:00 | [patchstack.com] |
CVE-2024-32823 | Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.4. | April 24, 2024. 13:39:00 | [patchstack.com] |
CVE-2024-32954 | Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5. | April 24, 2024. 13:39:00 | [patchstack.com] |
CVE-2024-32721 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.3. | April 24, 2024. 13:39:00 | [patchstack.com] |
CVE-2024-32722 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coupon & Discount Code Reveal Button allows Stored XSS.This issue affects Coupon & Discount Code Reveal Button: from n/a through 1.2.5. | April 24, 2024. 13:39:00 | [patchstack.com] |
CVE-2024-32723 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Tides Advanced Floating Content allows Stored XSS.This issue affects Advanced Floating Content: from n/a through 1.2.5. | April 24, 2024. 13:39:00 | [patchstack.com] |
CVE-2024-28963 | Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information. | April 24, 2024. 13:39:00 | [www.dell.com] |
CVE-2024-28976 | Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the running web application. | April 24, 2024. 13:39:00 | [www.dell.com] |
CVE-2024-28977 | Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with the privileges of the running web application. | April 24, 2024. 13:39:00 | [www.dell.com] |
CVE-2024-32709 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | April 24, 2024. 13:39:00 | [patchstack.com] |
Page 1 of 1207