CVEs from 2024
Total
6,632
critical
critical 166
high
high 1,073
medium
medium 2,066
low
low 49
% Critical
2.5%
% with KEV
2.5%
% with exploit
3.4%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- propertyhive 5
- glibc 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-24882 | critical | 9.8 | 9.8 | 2y ago | Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2. | |||
| CVE-2024-33914 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1. | |||
| CVE-2024-33553 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5. | |||
| CVE-2024-33551 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore Core allows SQL Injection.This issue affects XStore Core: from n/a through 5.3.5. | |||
| CVE-2024-32430 | critical | 9.8 | 9.8 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14. | |||
| CVE-2024-25935 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. | |||
| CVE-2024-25912 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | |||
| CVE-2024-3566 | critical | 9.8 | 9.8 | 2y ago | A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. | |||
| CVE-2024-25096 | critical | 9.8 | 9.8 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7. | |||
| CVE-2024-30477 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4. | |||
| CVE-2024-30508 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2. | |||
| CVE-2024-30502 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9. | |||
| CVE-2024-30510 | critical | 9.8 | 9.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5. | |||
| CVE-2024-30490 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | |||
| CVE-2024-30224 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2. | |||
| CVE-2024-30223 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. | |||
| CVE-2024-2865 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection. This issue affects Quality Manag… | |||
| CVE-2024-1202 | critical | 9.8 | 9.8 | 2y ago | Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass. This issue affects Octopod: before v1. NOTE: The vendor was contacted and it was learned tha… | |||
| CVE-2024-2702 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.This issue affects Olive One Click Demo Import: from n/a … | |||
| CVE-2024-27957 | critical | 9.8 | 9.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1. | |||
| CVE-2024-27304 | critical | 9.8 | 9.8 | 2y ago | pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message si… | |||
| CVE-2024-25927 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n… | |||
| CVE-2024-25910 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | |||
| CVE-2024-25925 | critical | 9.8 | 9.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & D… | |||
| CVE-2024-25913 | critical | 9.8 | 9.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | |||
| CVE-2024-23512 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks… | |||
| CVE-2024-24797 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1… | |||
| CVE-2024-23513 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5. | |||
| CVE-2024-25100 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Referral Program: from n/a before 1.8.4. | |||
| CVE-2024-22309 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0. | |||
| CVE-2024-22284 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2. | |||
| CVE-2024-5619 | critical | 9.6 | 9.6 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels. This issu… | |||
| CVE-2024-33913 | critical | 9.6 | 9.6 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver Migrator.This issue affects Xserver Migrator: from n/a through 1.6.1. | |||
| CVE-2024-33546 | critical | 9.6 | 9.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | |||
| CVE-2024-30560 | critical | 9.6 | 9.6 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4. | |||
| CVE-2024-32600 | critical | 9.6 | 9.6 | 2y ago | Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5. | |||
| CVE-2024-3094 | critical | — | 9.5 | — | Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a… | |||
| CVE-2024-12084 | critical | — | 9.5 | — | A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the… | |||
| CVE-2024-40624 | critical | — | 9.5 | 2y ago | TorrentPier Deserialization of Untrusted Data vulnerability | |||
| CVE-2024-2616 | critical | — | 9.5 | 2y ago | RHSA-2024:1484: firefox security update (Critical) | |||
| CVE-2024-29944 | critical | — | 9.5 | 2y ago | An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, … | |||
| CVE-2024-46636 | critical | 9.4 | 9.4 | 1mo ago | NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter | |||
| CVE-2024-3375 | critical | 9.4 | 9.4 | 2y ago | Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dialogue: from v1.83… | |||
| CVE-2024-52474 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Сервис “Экспресс Платежи” Express Payments Module express-pay allows Blind SQL Injection.This iss… | |||
| CVE-2024-49246 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anand23 Ajax Rating with Custom Login ajax-rating-with-custom-login allows SQL Injection.This iss… | |||
| CVE-2024-33544 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | |||
| CVE-2024-32709 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | |||
| CVE-2024-32128 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects Realtyna Organic IDX plugin: from n/a thr… | |||
| CVE-2024-47685 | critical | 9.1 | 9.1 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending ga… | |||
| CVE-2024-54285 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through 6.18.10. | |||
| CVE-2024-5535 | critical | 9.1 | 9.1 | 2y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-37371 | critical | 9.1 | 9.1 | 2y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-35845 | critical | 9.1 | 9.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is… | |||
| CVE-2024-35960 | critical | 9.1 | 9.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle int… | |||
| CVE-2024-34416 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through 2.1. | |||
| CVE-2024-27053 | critical | 9.1 | 9.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to th… | |||
| CVE-2024-31266 | critical | 9.1 | 9.1 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommer… | |||
| CVE-2024-32954 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5. | |||
| CVE-2024-32948 | critical | 9.1 | 9.1 | 2y ago | Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28. | |||
| CVE-2024-31345 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2. | |||
| CVE-2024-31114 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5. | |||
| CVE-2024-2890 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12. | |||
| CVE-2024-3596 | critical | 9.0 | 9.0 | 2y ago | RHSA-2024:8860: krb5 security update (Important) | |||
| CVE-2024-22144 | critical | 9.0 | 9.0 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Secu… | |||
| CVE-2024-30227 | critical | 9.0 | 9.0 | 2y ago | Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4. | |||
| CVE-2024-30226 | critical | 9.0 | 9.0 | 2y ago | Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3. | |||
| CVE-2024-30167 | medium | 6.3 | 7.3 | 27d ago | /cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter. | |||
| CVE-2024-53150 | medium | — | 7.0 | 1y ago | Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attacker to obtain potentially sensitive information. | |||
| CVE-2024-50302 | medium | 5.5 | 7.0 | 1y ago | The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report. | |||
| CVE-2024-12136 | medium | 6.9 | 6.9 | 1y ago | Missing Critical Step in Authentication vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Authentication Bypass. This issue affects ANKA JPD-00028: before V.01.01. | |||
| CVE-2024-11406 | medium | 6.9 | 6.9 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django CMS Attributes Fields allows Stored XSS. This issue affects… | |||
| CVE-2024-11399 | medium | 6.8 | 6.8 | 8d ago | Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks… | |||
| CVE-2024-12086 | medium | 6.8 | 6.8 | 16d ago | Important: rsync security update | |||
| CVE-2024-13063 | medium | 6.8 | 6.8 | 9mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft MyRezzta allows Forceful Browsing. This issue affects MyRezzta: from s2.02.02 before v2.05.01. | |||
| CVE-2024-57256 | medium | 6.8 | 6.8 | 1y ago | An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resultin… | |||
| CVE-2024-24857 | medium | 6.8 | 6.8 | 2y ago | A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth conn… | |||
| CVE-2024-35976 | medium | 6.7 | 6.7 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING syzbot reported an illegal copy in xsk_setsockopt() [1] Make sure t… | |||
| CVE-2024-7143 | medium | 6.7 | 6.7 | 2y ago | A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_… | |||
| CVE-2024-0193 | medium | 6.7 | 6.7 | 2y ago | A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This… | |||
| CVE-2024-5042 | medium | 6.6 | 6.6 | 2y ago | A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal servic… | |||
| CVE-2024-47692 | medium | 6.5 | 6.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen be… | |||
| CVE-2024-12604 | medium | 6.5 | 6.5 | 1y ago | Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Re… | |||
| CVE-2024-9819 | medium | 6.5 | 6.5 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse. This issue affects NG Analyser: before 2.2.711. | |||
| CVE-2024-8475 | medium | 6.5 | 6.5 | 2y ago | Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables. This issue affects WiFiBurada: before 1.0.5. | |||
| CVE-2024-54313 | medium | 6.5 | 6.5 | 2y ago | Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25. | |||
| CVE-2024-54259 | medium | 6.5 | 6.5 | 2y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Path Traversal.This issue affects DELUCKS SEO: from n/a through … | |||
| CVE-2024-54241 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in Appsbd Elite Notification – Sales Popup, Social Proof, FOMO & WooCommerce Notification allows Exploiting Incorrectly Configured Access Control Security Levels.T… | |||
| CVE-2024-54247 | medium | 6.5 | 6.5 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABCBiz ABCBiz Addons and Templates for Elementor allows Stored XSS.This issue affects ABCBiz Addo… | |||
| CVE-2024-53745 | medium | 6.5 | 6.5 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 코스모스팜 – Cosmosfarm 소셜 공유 버튼 By 코스모스팜 cosmosfarm-share-buttons allows Stored XSS.This issue affect… | |||
| CVE-2024-53763 | medium | 6.5 | 6.5 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rejuan Ahamed Best Addons for Elementor allows Stored XSS.This issue affects Best Addons for Elem… | |||
| CVE-2024-10270 | medium | 6.5 | 6.5 | 2y ago | org.keycloak:keycloak-services has Inefficient Regular Expression Complexity | |||
| CVE-2024-7882 | medium | 6.5 | 6.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Special Minds Design and Software e-Commerce allows SQL Injection. This issue affects e-Commerce… | |||
| CVE-2024-51901 | medium | 6.5 | 6.5 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wojciechborowicz Smooth Maps colour-smooth-maps allows Stored XSS.This issue affects Smooth Maps:… | |||
| CVE-2024-51808 | medium | 6.5 | 6.5 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pat O’Brien codeSnips codesnips allows Stored XSS.This issue affects codeSnips: from n/a through … | |||
| CVE-2024-51802 | medium | 6.5 | 6.5 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bread & Butter Bread & Butter bread-butter allows DOM-Based XSS.This issue affects Bread & Butter… | |||
| CVE-2024-11193 | medium | 6.5 | 6.5 | 2y ago | An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of se… | |||
| CVE-2024-50465 | medium | 6.5 | 6.5 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: … | |||
| CVE-2024-49280 | medium | 6.5 | 6.5 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weblizar - WordPress Themes & Plugin Lightbox slider – Responsive Lightbox Gallery simple-lightbo… | |||
| CVE-2024-49262 | medium | 6.5 | 6.5 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wepic Country Flags for Elementor allows Stored XSS.This issue affects Country Flags for E… | |||
| CVE-2024-49289 | medium | 6.5 | 6.5 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gora Tech LLC Cooked Pro allows Stored XSS.This issue affects Cooked Pro: from n/a before … |