IDCVSSSummaryLast (major) updatePublished
CVE-2022-4888 None
The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration For
17-10-2024 - 21:35 31-07-2023 - 10:15
CVE-2023-3292 None
The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admi
17-10-2024 - 21:35 31-07-2023 - 10:15
CVE-2022-47501 None
Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a  pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07.
17-10-2024 - 21:35 14-04-2023 - 16:15
CVE-2023-27987 None
In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrad
17-10-2024 - 21:35 10-04-2023 - 08:15
CVE-2010-3941 7.2
Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a cr
17-10-2024 - 21:35 16-12-2010 - 19:33
CVE-2010-1896 7.2
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows l
17-10-2024 - 21:35 11-08-2010 - 18:47
CVE-2010-3243 4.3
Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to injec
17-10-2024 - 21:35 13-10-2010 - 19:00
CVE-2011-0029 9.3
Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contain
17-10-2024 - 21:35 09-03-2011 - 23:00
CVE-2010-0820 9.0
Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP S
17-10-2024 - 21:35 15-09-2010 - 19:00
CVE-2024-43609 None
Microsoft Office Spoofing Vulnerability
17-10-2024 - 21:18 08-10-2024 - 18:15
CVE-2024-48924 None
### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption dispro
17-10-2024 - 21:15 17-10-2024 - 21:15
CVE-2024-43497 None
DeepSpeed Remote Code Execution Vulnerability
17-10-2024 - 21:15 08-10-2024 - 18:15
CVE-2024-43480 None
Azure Service Fabric for Linux Remote Code Execution Vulnerability
17-10-2024 - 21:14 08-10-2024 - 18:15
CVE-2024-48911 None
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the
17-10-2024 - 21:13 14-10-2024 - 21:15
CVE-2024-9687 None
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validate_tg' action. This makes it possible for auth
17-10-2024 - 21:11 15-10-2024 - 02:15
CVE-2024-6757 None
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attac
17-10-2024 - 21:09 15-10-2024 - 02:15
CVE-2024-43501 None
Windows Common Log File System Driver Elevation of Privilege Vulnerability
17-10-2024 - 21:06 08-10-2024 - 18:15
CVE-2024-30117 None
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.
17-10-2024 - 21:01 14-10-2024 - 23:15
CVE-2024-43500 None
Windows Resilient File System (ReFS) Information Disclosure Vulnerability
17-10-2024 - 21:01 08-10-2024 - 18:15
CVE-2024-9953 None
A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profile, which may lead to a DoS condition when the prof
17-10-2024 - 20:59 14-10-2024 - 22:15
CVE-2024-43502 None
Windows Kernel Elevation of Privilege Vulnerability
17-10-2024 - 20:58 08-10-2024 - 18:15
CVE-2024-45461 None
The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administr
17-10-2024 - 20:50 16-10-2024 - 08:15
CVE-2024-9895 None
The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on
17-10-2024 - 20:50 15-10-2024 - 09:15
CVE-2024-9944 None
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated
17-10-2024 - 20:47 15-10-2024 - 06:15
CVE-2024-21535 None
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.
17-10-2024 - 20:36 15-10-2024 - 05:15
CVE-2023-1213 None
Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
17-10-2024 - 20:35 07-03-2023 - 22:15
CVE-2023-1214 None
Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
17-10-2024 - 20:35 07-03-2023 - 22:15
CVE-2023-1215 None
Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
17-10-2024 - 20:35 07-03-2023 - 22:15
CVE-2011-0671 7.2
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local user
17-10-2024 - 20:35 13-04-2011 - 20:26
CVE-2011-1881 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
17-10-2024 - 20:35 13-07-2011 - 23:55
CVE-2011-2013 10.0
Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a clos
17-10-2024 - 20:35 08-11-2011 - 21:55
CVE-2011-1231 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a craft
17-10-2024 - 20:35 13-04-2011 - 20:26
CVE-2011-1282 7.2
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not proper
17-10-2024 - 20:35 13-07-2011 - 23:55
CVE-2012-0003 9.3
Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MI
17-10-2024 - 20:35 10-01-2012 - 21:55
CVE-2012-1867 7.2
Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a
17-10-2024 - 20:35 12-06-2012 - 22:55
CVE-2012-0157 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local u
17-10-2024 - 20:35 13-03-2012 - 21:55
CVE-2013-1292 6.9
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafte
17-10-2024 - 20:35 09-04-2013 - 22:55
CVE-2013-1278 7.2
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain p
17-10-2024 - 20:35 13-02-2013 - 12:04
CVE-2011-0657 7.5
DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote
17-10-2024 - 20:35 13-04-2011 - 18:55
CVE-2024-9971 None
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.
17-10-2024 - 20:34 15-10-2024 - 04:15
CVE-2024-9970 None
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.
17-10-2024 - 20:33 15-10-2024 - 04:15
CVE-2024-9964 None
Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
17-10-2024 - 20:30 15-10-2024 - 21:15
CVE-2024-45462 None
The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user's browser can use an unexpired session to ga
17-10-2024 - 20:24 16-10-2024 - 08:15
CVE-2024-45693 None
Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticat
17-10-2024 - 20:21 16-10-2024 - 08:15
CVE-2024-3322 None
A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in th
17-10-2024 - 20:20 06-06-2024 - 19:16
CVE-2024-43503 None
Microsoft SharePoint Elevation of Privilege Vulnerability
17-10-2024 - 20:19 08-10-2024 - 18:15
CVE-2024-43506 None
BranchCache Denial of Service Vulnerability
17-10-2024 - 20:19 08-10-2024 - 18:15
CVE-2024-45710 None
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.
17-10-2024 - 20:18 16-10-2024 - 08:15
CVE-2024-43508 None
Windows Graphics Component Information Disclosure Vulnerability
17-10-2024 - 20:18 08-10-2024 - 18:15
CVE-2024-43511 None
Windows Kernel Elevation of Privilege Vulnerability
17-10-2024 - 20:18 08-10-2024 - 18:15
Back to Top Mark selected
Back to Top