CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-43852 In the Linux kernel, the following vulnerability has been resolved: hwmon: (ltc2991) re-order conditions to fix off by one bug LTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHAN... | 7.8 | HIGH | β | 0 |
| CVE-2024-7703 The ARMember β Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions ... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-7899 A vulnerability, which was classified as critical, has been found in InnoCMS 0.3.1. This issue affects some unknown processing of the file /panel/pages/1/edit of the component Backend. The manipulatio... | 4.7 | MEDIUM | β | 0 |
| CVE-2024-7900 A vulnerability, which was classified as problematic, was found in xiaohe4966 TpMeCMS 1.3.3.2. Affected is an unknown function of the file /h.php/general/config?ref=addtabs of the component Basic Conf... | 2.4 | LOW | β | 0 |
| CVE-2024-7901 A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the compone... | 3.5 | LOW | β | 0 |
| CVE-2024-7902 A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login/signOut. The manipulation of the argument sour... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-7903 A vulnerability was found in DedeBIZ 6.3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/media_add.php of the component File Extension... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-7904 A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/file_manage_control.php of the component File Extensio... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-45436 extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory. | 7.5 | HIGH | β | 0 |
| CVE-2024-7905 A vulnerability classified as critical has been found in DedeBIZ 6.3.0. This affects the function AdminUpload of the file admin/archives_do.php. The manipulation of the argument litpic leads to unrest... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-39666 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2. | 5.9 | MEDIUM | β | 0 |
| CVE-2024-43344 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Icegram allows Stored XSS.This issue affects Icegram: from n/a through 3.1.25. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-43347 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VirusTran Button contact VR allows Stored XSS.This issue affects Button contact VR: from n/... | 5.9 | MEDIUM | β | 0 |
| CVE-2024-43348 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iznyn Purity Of Soul allows Reflected XSS.This issue affects Purity Of Soul: from n/a throu... | 7.1 | HIGH | β | 0 |
| CVE-2024-43351 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Bravada bravada allows Stored XSS.This issue affects Bravada: from n/a thro... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-43352 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Organic Themes GivingPress Lite allows Stored XSS.This issue affects GivingPress Lite: from... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-43305 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Code Amp Custom Layouts β Post + Product grids made easy allows Stored XSS.This issue affec... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-22520 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2023-39450 Rejected reason: This is unused. | N/A | NONE | β | 0 |
| CVE-2024-43307 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gordon BΓΆhme, Antonio Leutsch Structured Content allows Stored XSS.This issue affects Struc... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-43320 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-43321 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS.This issue affects Team Showcase: from n/a thro... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-7907 A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulati... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-7908 A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation o... | 8.8 | HIGH | β | 0 |
| CVE-2024-7909 A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi.... | 8.8 | HIGH | β | 0 |
| CVE-2024-42780 An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a cr... | 8.8 | HIGH | β | 0 |
| CVE-2024-7910 A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php ... | 4.7 | MEDIUM | β | 0 |
| CVE-2024-7911 A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /simple-online-bidding-system/bidding/index.p... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-43303 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in videousermanuals.Com White Label CMS allows Reflected XSS.This issue affects White Label CM... | 7.1 | HIGH | β | 0 |
| CVE-2024-35686 Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a thr... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-43207 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Valiano Unite Gallery Lite.This issue affects Unite Gallery Lite: from n/a through 1.7.62. | 8.5 | HIGH | β | 0 |
| CVE-2024-43244 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS.This issue affects Houzez: from n/a through 3.2.4. | 7.1 | HIGH | β | 0 |
| CVE-2024-43246 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeon WHMpress allows Reflected XSS.This issue affects WHMpress: from n/a through 6.2-... | 7.1 | HIGH | β | 0 |
| CVE-2024-43262 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in webriti Busiprof allows Stored XSS.This issue affects Busiprof: from n/a through 2.4.8. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-43263 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visual Composer Visual Composer Starter allows Stored XSS.This issue affects Visual Compose... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-22525 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | N/A | NONE | β | 0 |
| CVE-2023-51381 Rejected reason: This CVE ID has been rejected or withdrawn by GitHub. | N/A | NONE | β | 0 |
| CVE-2024-43267 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Qamar Sheeraz, Nasir Ahmad, GenialSouls Mega Addons For Elementor allows Stored XSS.This is... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-43278 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Phi Phan Meta Field Block allows Stored XSS.This issue affects Meta Field Block: from n/a t... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-43279 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through... | 7.1 | HIGH | β | 0 |
| CVE-2024-43284 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Stored XSS.This issue affects WP Travel Gutenbe... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-43294 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes Bold Timeline Lite allows Stored XSS.This issue affects Bold Timeline Lite: from... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-43315 Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a ... | 7.5 | HIGH | β | 0 |
| CVE-2024-43350 Authorization Bypass Through User-Controlled Key vulnerability in Propovoice Propovoice CRM.This issue affects Propovoice CRM: from n/a through 1.7.6.4. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-7912 A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation ... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-7913 A vulnerability was found in itsourcecode Billing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addclient1.php. The manipulation of the argument ln... | 7.3 | HIGH | β | 0 |
| CVE-2023-42437 Rejected reason: This is unused. | N/A | NONE | β | 0 |
| CVE-2023-42665 Rejected reason: This is unused. | N/A | NONE | β | 0 |
| CVE-2024-7914 A vulnerability classified as problematic has been found in SourceCodester Yoga Class Registration System 1.0. Affected is an unknown function of the file /php-ycrs/classes/SystemSettings.php. The man... | 3.5 | LOW | β | 0 |
| CVE-2024-7917 A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Fa... | 4.7 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.