Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-52454 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoQSystem Inc. GoQMieruca allows Reflected XSS.This issue affects GoQMieruca: from n/a through 1.0.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-52453 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jon Lorang Library Bookshelves allows Reflected XSS.This issue affects Library Bookshelves: from n/a through 5.8.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-52452 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eduNEXT Open edX LMS allows Reflected XSS.This issue affects Open edX LMS: from n/a through 2.6.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-52447 |
Description: Path Traversal: '.../...//' vulnerability in Corporate Zen Contact Page With Google Map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through 1.6.1.
CVSS: HIGH (8.6) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-51900 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard K Miller What Would Seth Godin Do allows Stored XSS.This issue affects What Would Seth Godin Do: from n/a through 2.1.1.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-51636 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Z.com by GMO GMO Social Connection allows Cross-Site Scripting (XSS).
This issue affects GMO Social Connection: from n/a through 1.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-37094 |
Description: Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects MasterStudy LMS: from n/a through 3.2.12.
CVSS: HIGH (8.2) EPSS Score: 0.09%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-1754 |
Description: The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-12015 |
Description: The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route.
CVSS: HIGH (7.7) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-3371 |
Description: The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content.
CVSS: MEDIUM (5.3) EPSS Score: 0.16%
December 3rd, 2024 (6 months ago)
|