Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound SEO Tools allows Reflected XSS. This issue affects SEO Tools: from n/a through 4.0.7. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/seo-automatic-seo-tools/vulnerability/wordpress-seo-tools-plugin-4-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in zookatron MyBookProgress by Stormhill Media allows Stored XSS. This issue affects MyBookProgress by Stormhill Media: from n/a through 1.0.8. Assigner : audit@patchstack.com...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Easy Contact allows Reflected XSS. This issue affects Easy Contact: from n/a through 0.1.2. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/easy-contact/vulnerability/wordpress-easy-contact-plugin-0-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-11-1-csrf-to-remote-code-execution-rce-vulnerability?_s_id=cve
Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-11-1-path-traversal-vulnerability?_s_id=cve
Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off). Assigner : ics-cert@hq.dhs.gov More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04
An attacker can upload an arbitrary file instead of a plant image. Assigner : ics-cert@hq.dhs.gov More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04
Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account. Assigner : ics-cert@hq.dhs.gov More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04
Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field. Assigner : cve@mitre.org More information : https://www.exploit-db.com/exploits/52117
Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts. Assigner : ics-cert@hq.dhs.gov More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API. Assigner : ics-cert@hq.dhs.gov More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04
Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression. Assigner : cve@mitre.org More information : https://github.com/shopware/shopware/security/advisories/GHSA-8g35-7rmw-7f59
Unauthenticated attackers can query an API endpoint and get device details. Assigner : ics-cert@hq.dhs.gov More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04
An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID. Assigner : ics-cert@hq.dhs.gov More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04