IDCVSSSummaryLast (major) updatePublished
CVE-2015-10132 None
A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulation of the argument Spreadplugin leads to cross sit
21-04-2024 - 20:15 21-04-2024 - 20:15
CVE-2024-29733 None
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing contex
21-04-2024 - 18:15 21-04-2024 - 18:15
CVE-2024-29217 None
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their
21-04-2024 - 16:15 21-04-2024 - 16:15
CVE-2024-4022 None
A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /version.js of the component Version Data Handler.
21-04-2024 - 11:15 21-04-2024 - 11:15
CVE-2024-4021 None
A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /ndmComponents.js of the component Config
21-04-2024 - 10:15 21-04-2024 - 10:15
CVE-2024-27316 None
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
21-04-2024 - 04:15 04-04-2024 - 20:15
CVE-2024-3914 None
Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
21-04-2024 - 04:15 17-04-2024 - 18:15
CVE-2024-3832 None
Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
21-04-2024 - 04:15 17-04-2024 - 08:15
CVE-2024-3838 None
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)
21-04-2024 - 04:15 17-04-2024 - 08:15
CVE-2024-3841 None
Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)
21-04-2024 - 04:15 17-04-2024 - 08:15
CVE-2024-3843 None
Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
21-04-2024 - 04:15 17-04-2024 - 08:15
CVE-2024-3845 None
Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)
21-04-2024 - 04:15 17-04-2024 - 08:15
CVE-2024-3847 None
Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
21-04-2024 - 04:15 17-04-2024 - 08:15
CVE-2024-3833 None
Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
21-04-2024 - 04:15 17-04-2024 - 08:15
CVE-2024-3837 None
Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
21-04-2024 - 04:15 17-04-2024 - 08:15
CVE-2024-3840 None
Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
21-04-2024 - 04:15 17-04-2024 - 08:15
CVE-2024-3846 None
Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
21-04-2024 - 04:15 17-04-2024 - 08:15
CVE-2024-3834 None
Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
21-04-2024 - 04:15 17-04-2024 - 08:15
CVE-2024-3839 None
Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
21-04-2024 - 04:15 17-04-2024 - 08:15
CVE-2024-3844 None
Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
21-04-2024 - 04:15 17-04-2024 - 08:15
CVE-2024-32462 None
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Norma
21-04-2024 - 03:15 18-04-2024 - 18:15
CVE-2023-5752 None
When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the
21-04-2024 - 03:15 25-10-2023 - 18:17
CVE-2024-4020 None
A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument entrys leads to buffer overflow. The attack may be ini
20-04-2024 - 23:15 20-04-2024 - 23:15
CVE-2024-4019 None
A vulnerability classified as critical has been found in Byzoro Smart S80 Management Platform up to 20240411. Affected is an unknown function of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. It is possible t
20-04-2024 - 14:15 20-04-2024 - 14:15
CVE-2024-4014 None
The hCaptcha for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf7-hcaptcha shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user suppli
20-04-2024 - 10:15 20-04-2024 - 10:15
CVE-2024-1730 None
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, i
20-04-2024 - 04:15 20-04-2024 - 04:15
CVE-2024-28182 None
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync.
20-04-2024 - 03:15 04-04-2024 - 15:15
CVE-2024-2961 None
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neig
20-04-2024 - 03:15 17-04-2024 - 18:15
CVE-2024-27351 None
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack vi
20-04-2024 - 03:15 15-03-2024 - 20:15
CVE-2024-24680 None
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
20-04-2024 - 03:15 06-02-2024 - 22:16
CVE-2023-41164 None
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
20-04-2024 - 03:15 03-11-2023 - 05:15
CVE-2023-43665 None
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long,
20-04-2024 - 03:15 03-11-2023 - 05:15
CVE-2023-36053 None
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
20-04-2024 - 03:15 03-07-2023 - 13:15
CVE-2024-1057 None
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuite_button' shortcode in all versions up t
20-04-2024 - 02:15 20-04-2024 - 02:15
CVE-2024-27983 None
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINU
20-04-2024 - 02:15 09-04-2024 - 01:15
CVE-2024-25692 None
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The
19-04-2024 - 23:15 04-04-2024 - 18:15
CVE-2024-3159 None
Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
19-04-2024 - 23:15 06-04-2024 - 15:15
CVE-2023-38709 None
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
19-04-2024 - 23:15 04-04-2024 - 20:15
CVE-2024-25698 None
There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially
19-04-2024 - 23:15 04-04-2024 - 18:15
CVE-2024-3156 None
Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
19-04-2024 - 23:15 06-04-2024 - 15:15
CVE-2024-25690 None
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.
19-04-2024 - 23:15 04-04-2024 - 18:15
CVE-2024-24795 None
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59,
19-04-2024 - 23:15 04-04-2024 - 20:15
CVE-2024-25709 None
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS versions 10.8.1 – 1121 that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item which will
19-04-2024 - 23:15 04-04-2024 - 18:15
CVE-2024-25696 None
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.0 that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The pri
19-04-2024 - 23:15 04-04-2024 - 18:15
CVE-2024-25697 None
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.1 that may allow a remote, authenticated attacker to create a crafted link which when opening an authenticated users bio page will render an image in the victims bro
19-04-2024 - 23:15 04-04-2024 - 18:15
CVE-2024-25708 None
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.8.1 – 10.9.1 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute a
19-04-2024 - 23:15 04-04-2024 - 18:15
CVE-2024-25693 None
There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code outside of the intended directory. 
19-04-2024 - 23:15 04-04-2024 - 18:15
CVE-2024-25699 None
There is a difficult to exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 10.8.1 through 11.2 on Windows and Linux, and ArcGIS Enterprise 11.1 and below on Kubernetes which, under unique circumstances,
19-04-2024 - 23:15 04-04-2024 - 18:15
CVE-2024-3158 None
Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
19-04-2024 - 23:15 06-04-2024 - 15:15
CVE-2024-30260 None
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
19-04-2024 - 23:15 04-04-2024 - 16:15
Back to Top Mark selected
Back to Top