Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53802 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.14.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-53801 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 5.2.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-53799 |
Description: Missing Authorization vulnerability in BAKKBONE Australia FloristPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FloristPress: from n/a through 7.3.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-53797 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.4.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-53796 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-53795 |
Description: Missing Authorization vulnerability in Andy Moyle Church Admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through 5.0.8.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-53794 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.27.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-52558 |
Description: The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-51727 |
Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-50404 |
Description: A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.
We have already fixed the vulnerability in the following versions:
Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|