Microsoft Releases Tool to Fix CrowdStrike-Caused Windows Chaos
Check Point Research Reports Highest Increase of Global Cyber Attacks Seen in Last Two Years
Two Foreign Nationals Plead Guilty to Participating in LockBit Ransomware Group
EC-Council Democratizes Hands-On Cybersecurity Training With 8 Cyber Courses
Seemplicity 2024 Remediation Operations Report: Rising Exposure Management Risk
Ransomware attack shuts down three dozen Los Angeles courts
US sanctions Russian hacktivists who breached water facilities
Swipe Right for Data Leaks: Dating Apps Expose Location, More
Teenage Scattered Spider Suspect Arrested in Global Cybercrime Sting
Threat Hunting Market Worth $6.9B by 2029
VMware ESXi servers targeted by new Linux ransomware variant
New Play ransomware Linux version targets VMware ESXi VMs
Quantum Leap: Advanced Computing Is a Vulnerable Cyber Target
Russian Hacktivists Sanctioned for Attacks on US Critical Infrastructure
Play Ransomware Expands to Target VMWare ESXi Environments
Telegram Android Vulnerability "EvilVideo" Sends Malware as Videos
Chinese Vigorish Viper Exploits DNS and Football Sponsorships for Illegal Gambling
Los Angeles Superior Court shuts down after ransomware attack
Police infiltrates, takes down DigitalStress DDoS-for-hire service
Telegram zero-day allowed sending malicious Android APKs as videos
End-user cybersecurity errors that can cost you millions
Kaspersky Is an Unacceptable Risk Threatening the US's Cyber Defense
Ransomware Groups Fragment Amid Rising Cybercrime Threats
Most of SolarWinds hacking suit filed by SEC dismissed
Spain arrests three for using DDoSia hacktivist platform
Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update
Chinese Crime Ring Hides Behind Stealth Tech and Soccer
Fallout From Faulty Friday CrowdStrike Update Persists
Android spyware deployed by against Yemeni humanitarian orgs
Guilty plea entered by LockBit ransomware affiliates
Improved AI cybersecurity sought by new consortium
Malicious payloads distributed via fraudulent CrowdStrike fixes
Russian Cyber Army members face US sanctions
Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking
PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing
Ransomware Attack Shuts Down LA County Courts, Halts Inmate Transfers, Evictions
India's Largest Cryptocurrency Exchange WazirX Hacked: $234.9 Million Stolen
Heeler Security raises $8.5 million to boost application security
Fallout from the CrowdStrike outage: Time to regulate EDR software
SocGholish malware used to spread AsyncRAT malware
How to Set up an Automated SMS Analysis Service with AI in Tines
MSPs & MSSPs: How to Increase Engagement with Your Cybersecurity Clients Through vCISO Reporting
Cybercriminals Exploit CrowdStrike Outage Chaos
Two Russians Convicted for Role in LockBit Attacks
Info Stealers Exposed: The Silent Threat Stealing Your Data
UK police arrested a 17-year-old linked to Scattered Spider gang
SocGholish Malware Exploits BOINC Project for Covert Cyberattacks
Under-Resourced Maintainers Pose Risk to Africa's Open Source Push
Shuffle Automation: Open-source security automation platform
Cyber insurance 2.0: The systemic changes required for future security
Ad-injecting malware posing as DwAdsafe ad blocker uses Microsoft-signed driver
Cross-industry standards for data provenance in AI
New Linux Variant of Play Ransomware Targeting VMWare ESXi Systems
Microsoft releases Windows repair tool to remove CrowdStrike driver
Fake CrowdStrike fixes target companies with malware, data wipers
Fake Hot Fix for CrowdStrike ''crowdstrike-hotfix.zip'' Spreads Remcos RAT
Fake CrowdStrike updates target companies with malware, data wipers
Malware Newsletter - Round 3
newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION
Beware Grand Theft Auto Fans! Fake GTA VI Beta Download Spreads Malware
Week in review: CrowdStrike update causes widespread IT outage, critical Splunk Enterprise flaw
U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog
UK arrests suspected Scattered Spider hacker linked to MGM attack
Threat actors attempted to capitalize CrowdStrike incident
Microsoft confirms CrowdStrike update also hit Windows 365 PCs
Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware
CrowdStrike discloses new technical details behind outage
Infostealer Infection Results in Data Breach of Blockchain Identity Platform, Fractal ID
Russian nationals plead guilty to participating in the LockBit ransomware group
17-Year-Old Linked to Scattered Spider Cybercrime Syndicate Arrested in U.K.
Researchers find 'Port Shadow' flaws in VPN platforms
Police nab 17-year-old linked to group behind MGM Resorts cyberattack | CyberScoop
Pocket Women Locksport Hangout - having fun with locks S1 E10 - YouTube
Vulnerability Summary for the Week of July 15, 2024 | CISA
Doppelganger – How Russia uses EU companies for propaganda
Web Browser Notification Threat More Alarming than Expected - GoSecure
3 ways to get Remote Code Execution in Kafka UI - The GitHub Blog
GitHub - ouaibe/dreo-cloudcutter: A repository describing how we can cut some Dreo fans from the cloud, allowing them to run completely locally via HA.
Can Engineers Stage a Coup and Take Over Their Company? | by Utku Şen | Jul, 2024 | Medium
Understanding Wireless Packets: Control and Data Frames in 802.11 Networks | TheXero
[2407.12297] WebAssembly and Security: a review
API Threat Landscape
Vulnerability in Cisco Smart Software Manager lets attackers change any user password | Ars Technica
CrowdStrike: 'Significant number' of impacted devices back online
'Blue screen of death': Microsoft users hit by huge outage
A Comprehensive Guide to Autonomous Website Security Audits - Supplement Research & Comparison | Pillser
Flights, banks and media hit as internet users report global outages | AP News
Tech outage: 8.5M computers running Windows affected by CrowdStrike issue | AP News
Global IT outage live updates: Microsoft-CrowdStrike blackout
How the world’s tech crashed all at once | CNN Business
Trusted Platform Module (TPM)
UK Detains Alleged Scattered Spider Hacker Tied to MGM Cyber Attack - The Old Herald
I Created a Burp Suite Extension from SCRATCH - YouTube
x.com
Influence – The psychology of Persuasion – The Read Mind
LAPD warns residents after spike in burglaries using Wi-Fi jammers that disable security cameras, smart doorbells | Tom's Hardware
West 917 (Black Belt 2) Picked and Gutted - YouTube
x.com
India's TOP HACKER opens up - BIGGEST Cyber Crimes, Cyber Warfare and Hacking Stories REVEALED - YouTube
Google Uncovers Global APT41 Chinese Hackers Cyberespionage Campaign | Cyber Insider
Infostealer Infection Results in Data Breach of Blockchain Identity Platform, Fractal ID | InfoStealers
Project 2025 Suffers Online 'Hack' - Newsweek
ABUS-C83 with the "old pinning" picked and gutted (pt 5 in the ABUS door lock expedition) [287] - YouTube
Inside The Outages: A Dangerous Null Pointer Exception Deployed On Friday | by Jan Kammerath | Jul, 2024 | Medium
GRC in Cybersecurity - Beginner's Guide | IT Certifications | Standards & Frameworks | Homelab Ideas - YouTube
17-Year-Old Arrested for Last Year's Ransomware Attack on MGM Resorts
The Rich Are Pushing Right-Wing Tax Education in Schools
923. SPP Euro Cylinder locks with Snake Rake. Why is the cam not turning on thumb turn euro cylinder - YouTube
Navigating the RDP security consequences of TLS vs. NLA from a threat exposure perspective - GoSecure
17-Year-Old Arrested for Last Year's Ransomware Attack on MGM Resorts | PCMag
hacking
This program is designed to crawl Nigerian news websites, retrieve recent crime data, and assign a severity score to each incident. The severity score ranges from 1 to 10, with 10 indicating cases involving fatalities or serious injuries. This program is
FL_security
The Microservice That Manage all About User Security In the ZStrong Application
This MERN stack chat application combines security, real-time functionality, and a user-friendly interface to deliver a comprehensive messaging solution. By leveraging modern web technologies, it ensures a smooth and reliable user experience.
Security, Logging and Maintenance of the Simulation Materials API and a Minimal Frontend Application.
Script Changes the UPN to match the User's email address and adds user to a security group
Implement security best practices with this set of tools and libraries.
Proof of concept for a Server-sent event proxy server
Detect and Delete Security Products
Proof of concept for sharing shadcn based UI between and Expo and React.
Bypass-403-Matrix is a powerful tool for security professionals and ethical hackers, designed to bypass 403 Forbidden errors on web servers. With innovative methods, it attempts to access restricted files and directories, enhancing your penetration testin
TCM-Security-Sample-Pentest-Report
security-wp
인증 인가 연습용 리포지토리입니다.
A proof of concept for mqtt communication for bridging iot to backend through pub/sub and dataflow with google cloud
Testing and proof of concept for cool visualizations. All data sourced publicly, or available upon request.
EthicalHacking
proof of concept for group classification algorithms
fkk-proof-of-concept
JWT security in Spring Boot (Access & Refresh Token)
Anathema logging proof-of-concept
Hack to Hamster Kombat on pc.
Proof of Concept of a bug present in Gevent but not Flask
java-security
Group 23 came forward and developed a webpage of a porftolio
TechChallange 5 Login with JWT and Spring Security Basic
cyber-security
The concept of "leftshift" in DevSecOps emphasizes integrating security early (shift-left) in the development lifecycle. This model focuses on embedding security practices from the very beginning of the development process.
Backend service written in golang to handle form information from frontend and send it via mail to clients using plain/text as well as html/template. Extremely secure with a 2 phase authentication and TLS security.
solidity_security
Proof of Concept repository for Sunnova Tasks
QuickRide is a cutting-edge taxi booking application that combines reliability and security with the convenience of discovering tourist spots in your city. It ensures timely and dependable transportation through professional drivers and incorporates advan
Ensure that you do not run these scripts on public Wi-Fi networks due to potential security risks. Public networks are more susceptible to attacks, and using them can expose your system to vulnerabilities. If necessary, use VPN services to mask your IP ad
A Proof Of Concept of using OpenAI GPT Models for Data Request extraction
security
This is the proof of concepts of different tests and security flaws in most systems and web application. Fun and exciting! :)
Post-marketing Assessment of Antibody-Drug Conjugates: Proof-of-concept using Trastuzumab-Drug Conjugates, Model-Based Meta-Analysis, and a Clinical Utility Index Approach.
Testing and proof of concept for cool visualizations. All data sourced publicly, or available upon request.
This project simply gives an overall idea about jwt based authentication in spring boot using spring security and mysql db
K-Shield.Jr 13 Vuln.
spring-security-lab
Proof of Concepts
A simple Java application that checks code files for security vulnerabilities and provide reviews/recommendations based on the analysis.
springSecurity
Best Trainer in the world, can be used in any game, made by C++ fastest programing language for game hacking
Computer-Security-Capstone
Exploring different portfolio optimization methods on a control set of securities
Hacking
A quick demo for the AI Hackathon. Provide a file to be reviewed for security issues.
Pressle Coin Elephant is an innovative dApp platform that allows users to connect their wallets and easily purchase Pressle coins. With high-security features and a user-friendly interface, we offer a new way to invest and participate in the rapidly growi
SpringSecurity
Security-Chrome-Extension
Effortlessly share files with lightning-fast speed and top-notch security. Our intuitive interface makes file sharing seamless, whether you're sending documents, images, or videos. Stay connected and efficient with our cutting-edge file-sharing solution.
dot files for security research
Support Row Level Security with Prisma
This repository is dedicated to providing you with valuable tips, best practices, and resources to help you maximize the security features of GitHub Copilot.
When the correct key is entered, this program will redirect the user to a different webpage with the requested information. However, if the wrong key is entered, the website will redirect the user to another webpage that appears to link to a dummy virus.
Proof of concepts for various experiments
A proof of concept video player for comfyUI
To automate the process of calculating client security holdings within ACME Systems Inc.'s Finance and Accounting department
Proof of concept
Using virtual k8s clusters to build a "multi-verse" of disposable environments for offensive security
spring-security
Spring Boot 3 Security | Authentication and Authorization
rqlite proof of concept
lios hack andlua menu source based on chinese esp and memory tools 1.0 with full writen gui
This is a capstone level project that aims to recognize objects with OpenCV with Python
anvesana hackathon (hack for hire)
Free-CyberSecurity-Books
security-vulnerability-news
A quick implementation of signalR real time chat for proof of concept
My own created web hacking scripts.
This is an arduino UNO sketch.
Demonstrates how to use Terraform to create a basic AWS infrastructure, including a VPC, Subnet, Internet Gateway, Route Table, Security Group, Network ACL, and an EC2 instance
a proof of concept for CVE-2019-5784
Hello! I’m Sourav Kaushik, a dedicated and enthusiastic student currently pursuing a Bachelor of Computer Applications (BCA). With a strong foundation in computer science, I have also earned my certification as an Ethical Hacker (CEH) and developed a pass
Explore Istio Security Features on the Google Cloud
security
A Proof of Concept (PoC) for decentralized logging using Rust. This project demonstrates how to set up a logging client and server to handle distributed log data collection and aggregation.
FFH4X Injector - MOD Menu for Free Fire with amazing features. Players can enjoy a variety of amazing features when using the Windows Ffh4x Menu. This injector provides numerous paid hacks for free, and it is used by many users all over the world to custo
kubernetes-security-observability_workshop
Proof of Concept for DL/ML
This is an Internal penetration testing report on an home lab active directory environment setup. Attack scenarios in this report try to replicate the events from an actual organizational active directory enivironment, attacker/pentester is connet to the
An article on the security scenario of modern cars
A Python script to audit PHP.ini configurations for security best practices
hack_python_1
ticketing-project-security
This repository contains a simulation of a security architecture for satellite communication systems. The simulation includes RSA encryption, Quantum Key Distribution (QKD), Multi-Factor Authentication (MFA), threat detection, and incident response mechan
Web-Security
Nihon is a leading Roblox exploit founded in 2020, known for its intuitive user interface, robust features, and exceptional performance. Developed by top industry professionals, it offers enhanced security, customization options, and a globally trusted se
spring_security_tests
Precursor-to-Security-Operations
Carbon Executor is a state-of-the-art Roblox exploit that offers unmatched performance and security, boasting 90% UNC support and Level 8 execution capabilities. Compatible with Windows 7 through 11, it empowers users to unlock the full potential of Roblo
A Python keylogger designed to capture keyboard input for assessing security and performance within controlled environments. This tool is intended for non-malicious use only.
Bunni is a premier Roblox exploiting platform, renowned for its cutting-edge tools, rapid updates, and robust support. Developed by experienced professionals, it ensures maximum efficiency, security, and a seamless user experience with features like HWID
security_cw_project
A free and open-source utility modification for PixelGun3D featuring AimBot, ESP, Infinite Ammo, Rapid Fire, and more. Created for educational and security research purposes, this software includes various enhancements and cheats for the game. Always avai
spring-security-users
hack insta
rust-no-recoil-hack
Door-Locker-Security-System
Wifi-hacking-rtl8723bu
Explore Cloud Service Mesh Security Features on the Google Cloud
Proof of concept of CRUD application with Agents (Langchain, Qdrant, FAST API, Pedantic, React, Tailwind, Whisper)
Ultimate Tic Tac Toe for Hack Club's Sprig
This project demonstrates the deployment and hosting of a dynamic website on AWS, utilizing various services and components to ensure high availability, scalability, security, and fault tolerance.
Albion Ultimate Hack 2024
hacking
The Bank Statement Aggregator project automates the collection, storage, and retrieval of bank statements from multiple branches of different banks. It provides users with a secure and efficient way to manage their financial records, utilizing Java, Sprin
Proof of concept/learning for deploying a streamlit application using Traefik and Docker
Diablo 4 Ultimate Hack 2024
Hacking
school-security-system-using-rfid-Website
Crossout Ultimate Hack 2024
The motivation of this project is to design a Hospital System Network and meet all the requirements of infrastructure. All the departments will be on a separate network segment and Access Control Lists and Virtual Private Network (VPN) is also implemented
L
HackingNotes
Repository for general projects and proof of concepts
A proof of concept and testing of HLS and adaptive bitrate streaming for Project Gacha.
Security-Source-Code
SpringSecurityRegistrationAndLoginSystem
In the backend, separate APIs handle vendor and user logins using Node.js and Express. Registered users and vendors are validated for access. Data is stored in JSON files, leveraging hashing and salting for login security, and JWT tokens for session manag
AI-Security-System
mini project practice spring security
This repository provides a comprehensive toolkit for FYM Dice. It includes hack scripts, cheat strategies, and advanced Predictor Bots to enhance your casino gameplay. Use these tools to predict outcomes, optimize your strategies, and maximize your winnin
Repository containing information for relating to the Windows Security Cookie used in a Vulnerable Chat server VChat that is based on Vulnserver.
Made as a part of the 100 days of SwiftUI tutorial from Hacking with Swift
PhD-CyberSecurity-ResearchLab_nw
Effects of Vertical & Horizontal Integration on Food Security
This repository offers a comprehensive collection of powerful tools for Kov-Twist Casino games, designed to give you a significant edge. Inside, you ll find advanced hack scripts, detailed cheat strategies, and sophisticated Predictor Bots to enhance your
A simple Terraform configuration to set up basic AWS infrastructure.* This repository contains Terraform configuration files to deploy a simple AWS infrastructure setup, including a VPC, subnet, internet gateway, route table, security group, EC2 instance
Hacking with Swift: 100 Days of SwiftUI
ABOUT SFTPROJECT This SFTPROJECT token was created to help programmers sell their work without using physical currency or more complex security, such as selling software without the slightest privacy issues.
build simple communication between game hacks(for example)
STEMist Hacks III 20-21/07/2024
This project is a comprehensive banking system designed to handle various banking operations including account management, transactions, and customer services. The system is built with a focus on security, scalability, and user-friendliness.
This repository offers a powerful set of tools for Jyrk Crash Casino. Inside, you ll find hack scripts, cheat strategies, and advanced Predictor Bots to enhance your gameplay. Use these tools to predict outcomes, strategize effectively, and maximize your
Builds off a simple server implementation in C. I want to create a robust HTTP server, keeping security in mind.
The SY0-701 Real Questions 2024 is a valuable resource for anyone who wants to pass the CompTIA Security+ certification exam. The Study Guide is comprehensive and up-to-date, and it provides a realistic testing environment. https://www.dumpsspot.com/compt
This repository provides a collection of tools for Lynz Blast Casino. It includes hack scripts, cheat strategies, and advanced Predictor Bots designed to give you an edge. Enhance your gameplay, predict outcomes, and maximize your winnings with these powe
CyberSecurity-Research-Lab
This repository offers a robust set of tools for Plinko. Inside, you ll find hack scripts, cheat strategies, and advanced Predictor Bots to give you an edge in the casino. Enhance your gameplay, predict outcomes, and maximize your winnings. For educationa
The backend system will be responsible for managing users, hotels, rooms, bookings, and related functionalities. It will ensure data integrity, security, and efficient performance.
1:1 CrowdStrike Security Patch for Windows System that caused BSOD
security_backend
Starter project for Vaadin Flow using Gradle and Spring Security
ethical hacking project submission
SocialSecurityCRUD
Monitor AWS Security Service using EventRule and Lambda.
Hackingly_DSA
SDES implementation using c++, with the guidance of Cryptography and Network Security, Fifth Edition William Stallings.
The Smart Garage System enhances convenience and security with key features: an LCD showing the number of cars and garage status (Available/Busy), an automated arm gate controlled by a servo motor, automatic lighting that activates at night and deactivate
ProofOfConcept
The Roblox Scriptify Executor is a robust tool designed for seamless script execution in Roblox. It features an efficient injector and DLL mapping for smooth integration, along with a whitelisting system for enhanced security. The executor boasts a user-f
Spring-Security
This repository demonstrates how a Proof of Concept of the applications demonstrated in Lukas Neuenschwander's master's thesis "Intrusion Detecion in Kubernetes - a study of tools and techniques" can be installed on an x86-based Ubuntu Linux server that c
In this repositary we will be making tools based on hacking phase which could help us in doing recon, cracking password, image encryption,etc...
This repository provides a complete toolkit for Keno. Inside, you ll find hack scripts, cheat strategies, advanced Predictor Bots, and profit detectors to enhance your casino gameplay. Use these tools to predict outcomes, detect profitable opportunities,
This repository provides a powerful collection of tools for Roulette. You ll find hack scripts, cheat strategies, and advanced Predictor Bots to give you an edge in casino games. Enhance your gameplay, predict outcomes, and maximize your winnings. For edu
A proof of concept concerning the automatic update of FreeBSD loaders
A web browser app is essential for accessing and navigating the internet, allowing users to view web pages, multimedia content, and interact with online services. It provides a graphical interface for easy navigation and features such as tabbed browsing,
This repository offers a complete toolkit for the Sugar Rush slot game. Inside, youll find hack scripts, cheat strategies, and features to increase your profits and unlock free spins. Enhance your gameplay and maximize your winnings. For educational purpo
My proof of concept for a Local Privilege Escalation via msiexec in ZScaler Client Connector 3.7.2.18
This repository features the Wavix OTP Bot, designed for handling one-time passwords across Telegram, PayPal, and WhatsApp. It provides tools for verification bypass and streamlining OTP management in these platforms.
A proof-of-concept for tx/rx using spoofed source IP address. Implements ipcrypt to encrypt original source IP addresses.
This repository provides a comprehensive set of tools for EtherCrash.io. It includes hack scripts, cheat strategies, and advanced Predictor Bots designed to give you an edge in casino gameplay. Use these tools to predict outcomes, enhance your strategies,
Proof of concept to implement Payment Gateway implementation using Angular and Nodejs
security
Proof of concept Solana web app
This repository offers a powerful toolkit for Blix Gates of Olympus slot game. Inside, you ll find hack scripts, cheat strategies, and features to unlock free spins and maximize your profits. Enhance your gameplay and increase your winnings. For education
Security-study
This repository provides a comprehensive toolkit for Mines. It includes hack scripts, cheat strategies, and advanced Predictor Bots to enhance your gameplay. Use these tools to predict outcomes, detect profitable opportunities, and maximize your winnings.
A Python implementation of Arknights pull history tracker as a proof of concept utilizing minimal OpenCV2.
This repository offers the Zylo OTP Bot, designed to bypass SMS verifications for various services, including banking. It provides tools to manage and streamline OTP processes, ensuring efficient and secure verifications.
Brainwave Matrix Solution Cyber Security and Ethical Hacking Internship Task 02
This repository is a collection of Proof of Concept (POC) projects and serves as a sandbox for experimentation, learning, and demonstrating technical proficiency across various programming languages and tools.
A proof-of-concept FastAPI-based service for sending emails via SMTP. Supports plain text and HTML emails, with or without attachments. Includes validation, error handling and Swagger UI documentation. Ideal for educational purposes and demonstrations.
This repository offers a robust collection of tools for Dragon Tower. Inside, you ll find hack scripts, cheat strategies, and advanced Predictor Bots to give you an edge in the casino. Enhance your gameplay, predict outcomes, and maximize your winnings. F
Developed a personal memory keeper app for Android users using Kotlin and XML for UI layouts. Utilized SQLite for robust local data storage, ensuring data persistence and security. Enhanced user engagement by providing a private platform to capture and re
All Writeups of CTF Challenges
This repository provides an edited and packed version of KeyAuth for enhanced security and customization. The Qanta KeyAuth version includes modifications to streamline authentication processes and improve protection for your applications.
This repository features the Qubix OTP Bot, designed to handle one-time password verifications for banking, PayPal, and 2FA systems. It provides tools for bypassing OTP processes, ensuring streamlined and efficient verifications.
This is the flutter application repository for SmartKrishi which we developed for Hack To The Future 2024 for the Open Innovation Track.
A tool for scanning IoT devices for security vulnerabilities and providing detailed reports and recommendations.
Decentralized AI-Powered IoT Security System for the Pi Network
HardwareinSecurity.github.io
This repository provides a comprehensive guide to implementing two-factor authentication (2FA) for Exodus. Enhance your account security with robust 2FA methods to protect against unauthorized access and safeguard your assets.
FirebaseAuth is a Rails engine that provides seamless integration with Firebase Authentication for Rails applications. It leverages Firebase's powerful and secure authentication services, allowing you to quickly implement user authentication without compr
The Knight Hacks Discord Bot
A tools for Grey Hack that will automate mission for you
security-challenge
spring-security
Some experiments and proof of concepts on Retrieval Augmented Generation (RAG)
Simple proof-of-concept with counter contract.
Client that allows us to search, from a Linux console, for particular machines available in the "Hack The Box" platform. Practice from S4vitar course "Introduction to Linux"
Working with JWTs in Spring Boot bruvv
Smart-Home-Security-Security
security-deploy
A simple proof of concept implmentation of a Blockchain
The XSSInpector Security AI ML is a comprehensive tool designed to detect Refeclted, Stored, Blind (XSS) vulnerabilities in server/apps at RFC design, forms, crawls & advanced AI techniques, including deep learning, natural language processing (NLP), rein
Welcome to the vibrant world of Root me Daily Problem of the Day solutions! Code written while solving challenges and CTFs on root-me. Root Me is a platform for everyone to test and improve knowledge in computer security, hacking and CTFs.
A tools for Grey Hack that will automate mission for you
Un booklet para principiantes de Ethical hacking con Kali, paso a paso, cómo empezar en el mundo del Ethical hacking red team.
A (WIP) API that uses military-grade encryption by implementing Perfect Forward Secrecy (PFS) and AES-256 with ephemeral session keys.
spring-security
A hack of Orange Islands by Kalarie with additional content.
A Fully Functional Cloud Security Information and Event Management (SIEM) Software Built with Micro-Service Architecture with Various Standalone Components Designed and Implemented for Flexibility and Robustness
Security configs and deployment tips for a secure Shopware 6 setup.
Welcome to the Simple Python Project For CyberSecurity repository! This collection of scripts is designed to help beginners and enthusiasts learn and explore various cybersecurity concepts through practical Python projects.
An API that allows users to post song recommendations. Each recommendation can include an associated image and is protected by an authentication system to ensure data security and privacy.
Who has time for that: security
Board-Concurrent-With-Security-Whit-Token-Test
Ethical-Hacking-Notes
Spring Boot 3: Learn Spring 6, Spring Core, Spring REST, Spring MVC, Spring Security, Thymeleaf, JPA, Hibernate, MySQL
uds_security_app
Exemplos desenvolvidos na semana 08 do módulo 02 sobre Spring MVC, CRUD REST API e Spring Security
This repository contains various projects and examples to help understand and master Spring Boot. It covers essential topics, including dependency injection, RESTful web services, data persistence with JPA, and security configurations.
a backend authentication demo using springboot, spring security, postgres and jwt
Benchmark circuits used to gauge security in Edwards, et. al. "Physically Secure Logic Locking with Nanomagnet Logic" IEEE TCAD (2024)
tsunami-security-scanner_iac_and_monitoring
security
naflan-cyber-security
security
security
security
security
Application-Security-Interview-Notes
Spring Booot | MySql | Spring Security |
security oauth2 jwt 공부용
SecurityTools
security
security_dawm
About This is a comprehensive User Management system using the MERN stack (MongoDB, Express.js, React.js, Node.js). Features include full CRUD operations, a user-friendly interface, and the latest security and performance enhancements for a robust and eff
Board-Concurrent-With-Security-Whit-Token
삼성전자 오픈소스 공개 취약점의 보안 권고 정보 관리
🔒Spring Security DeepDive
Step-by-step guide to setting up a low-overhead VPS server, focusing on security and efficiency
spring_security_basic
MedLock is an innovative blockchain based project that designed to give patients complete control over their healthcare data. Using Solidity smart contracts, it securely stores patient information on the Ethereum blockchain, ensuring data privacy and secu
Hacker News clone made with Hono
The Shopping Cart is a comprehensive e-commerce platform designed to offer a seamless and secure shopping experience. It integrates high-security features, product management, user management, and online payment solutions, catering to both end-users and a
SpringSecurity
This project is a web-based application designed to recognize and assess suspicious and phishing links. By leveraging a comprehensive dataset with rating data, the website provides a reliable evaluation of potentially harmful URLs. The application aims to
Security
Indicators of Compromise & Attack (IoC/IoA)) of our security investigations & researchess.
practice project pos with security
Pairs Trading Model for Various Security Types
Configuration and Docker files for the Sentinel security server
Task Management Service with streamlined task handling, user authentication, and role-based access control. Developed using Spring Boot, Spring Security, JWT, and REST API. 📝🔒
Solidity_Security_Auditing_Handbook
Hack On Blocks submission
COURSE Spring Boot Expert: JPA, RESTFul API, Security, JWT and more
PP_3_1_5_Spring_JPA-MVC-Boot-Security_Bootstrap_REST_draft
Successor to the classic XP-AntiSpy
I4H is a course/ebook to learn hacking, with dozens of powerful and diverse tools. This is the second edition of the course.
Proof of concept deploying cloud ready images on metal via USB Stick, CD Drive or PXE Boot
This is a web application through which people can easily vote in online mode from their home without compromising with data security.
Armagedon is a Python-based keylogger tool designed to capture keystrokes and send them to a remote server at regular intervals. This tool is intended for ethical hacking and educational purposes only. Misuse of this tool for illegal activities is strictl
Examples in the ASP.NET API 8 for applying some security concepts
Spring_Crud_security2.0
School-security-system-using-rfid
Fala, meus lindos e minhas lindas! Tudo bem? Este software básico vai te ajudar a não esquecer suas queridas senhas e te manter seguro contra hackers. Recomendo que você rode este código em uma VM offline para que ninguém, além de você, tenha acesso às su
SkailarCheats is a GitHub repository offering game cheats and hacks. It features a variety of tools and scripts designed to enhance gaming experiences by providing competitive advantages. The repository includes a user-friendly interface, secure transacti
A proof of concept about programming a method of hot swapping what controls are used in a mech
Computer-security
spring-security
HACKING-MD-
Cold Compress is a hackable, lightweight, and open-source toolkit for creating and benchmarking cache compression methods built on top of GPT-Fast, a simple, PyTorch-native generation codebase.
Enterprise firewall for Windows
Cyber-security-
Notebook is a simple text editor built using the MERN stack (MongoDB, Express, React, Node.js). It allows users to store text data and files online securely. The app also features user authentication to ensure data privacy and security.
Elevate your WordPress security with powered AI technology and stay protected 24/7. Easy setup, real-time defensing with Wp Safe Zone
CDK app that makes use of Checkmarx's KICS Validator plugin for checking the security of a S3 bucket
my hacking scripts
Kubernetes Proof of Concept
This repository contains code for detecting credit card fraud, a critical task in financial security. It includes data preprocessing, model training, evaluation, and deployment resources tailored for fraud detection. By identifying fraudulent transactions
Сервис типа Pastebin, позволяющий делиться текстовыми данными с другими пользователями и комментировать их (REST, Spring Boot, Spring Security, Spring Data JPA)
A program created specifically for hackers and OSINT researchers based on Python.
Spring Boot 3: Learn Spring 6, Spring Core, Spring REST, Spring MVC, Spring Security, Thymeleaf, JPA, Hibernate, MySQL
Compilado de estudo como uma livraria pública e gratuita que visa conscientizar e auxiliar no processo de aprendizado de estudantes sobre TI, desde programação, segurança da informação e computação forense.
Discord bot, made for security of servers.
Top down shooter proof of concept
Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you co
A portfolio repository for Egis Security's past audits
Proof of Concept for SuiteCRM installation
Cyber Security Operation Center Project Documentation
SecureAuth is a authentication platform designed to implement Two-Factor Authentication (2FA) using email.It provides a authentication mechanism that enhances security by requiring users to verify their identity through a code sent to their email and also
Kevin's Security Attic (dandylife.net in the past)
The application employs deep learning and machine learning with Scapy, TensorFlow, and Scikit-learn to classify network packets in real-time. Users can set packet sniffing timeout, with results displayed in a Tkinter GUI. It enhances network security by s
Security-System
The resource aggregation layer Proof of Concept code
List of CVEs found by dmdhrumilmistry
proof of concept of the covenant-less Ark implementation written in Rust
NoPixel 4.0 hacks practice
An I2P based OS made for security
LoggableActivity is a Ruby gem for Rails applications that records user activities and protects sensitive data.
A proof of concept importless way to modify Il2Cpp Unity games.
Extra utilities for use with portable-hack-ast
Hacking ChatGPT, or just an use case to play for a while (yoquGPT / w2uGPT / iwuGPT)
Hackbook Of A Hacker
QuickFetch - quick system info tool that promotes hackability
proof_of_concept
Göktürk Hack Team Tool
afrog-pocs 是 afrog 漏洞检测工具的官方 PoCs(Proof of Concepts)库。
WebSecurity
linguisize_proof_of_concept
general scripting repository for quick hacks in Rhino using Python
CodeScan: A Bash script for identifying potential security vulnerabilities in source code. Scan and find common patterns associated with risks like remote code execution. Get a detailed report on potential issues. Enhance your code security.
We implemented different autonomous vehicle (AV) interfaces in virtual reality (VR) using Unity (C#) to understand older adults' design needs while interacting with AVs as passengers. We created five proof-of-concept prototypes in a VR environment using t
Malware Development for Ethical Hackers, published by Packt
AWS Security Cookbook - Second Edition, published by Packt
reverse engineered php shell collection for security research
Nutek Security Platform for macOS and Linux operating systems
Um projeto de autenticação jwt com spring boot security
Tiled Hacker news with Remix, Zod & FxTS
spark hacks hackathon
Proof of concept implementation of the IC HTTP Gateway Protocol that enables end-to-end secure connections with dApps being served from the internet computer.
Encryption's Builder Studio - Security Systems
GitHub Advanced Security Policy as Code
eslint-plugin-security Online Playground
Ataque WPS transparente con rogue AP
A collection of proof-of-concept exploit scripts written by the team at Redway Security for various CVEs.
Open Geoservice scraper proof of concept to extract info of each dataset contained in an OGC compliant Geoservice
Webchat with strong security options & WebRTC support
Unlock new level of security with BitMono. Advanced code obfuscation that protects your intellectual property like never before. Try now!
Musicians Site: A modern web application for music enthusiasts. Features robust user articles management (CRUD), advanced authentication with Django-allauth, custom validations, media handling, responsive design, and secure hosting. Built with Django, HTM
Documentation source and development of the PSA Certified API
MetaFrm.Security.SHA512
RESTful API built with Node.js and Express, featuring authentication, MongoDB integration, and full CRUD operations. It includes robust security and validation measures for secure data handling.
spring-security-core
This is a voting system page with multiple security likes face verification, OTP with Block chain feature to secure the vote.
Duo Security's organizational README
Lightweight Hacker News client for iPhone.
A proof of concept full-stack website using Rust and TypeScript
Visual Studio Code extension that allows you to perform a web search for the selected text using your favorite search engines (add as many as you like, editable in extension settings). I wrote this as a proof-of-concept idea when teaching myself TypeScrip
Infinity Next's Terraform Provider for managing CloudGuard AppSec and other Infinity Next security application using Terraform.
pytest + rich integration (proof of concept)
Webauthn/FIDO2 library in golang
about hacks
Trusted Data Format (TDF) is an Open, Interoperable, JSON encoded data format for implementing Data Centric Security for objects (such as files or emails) in zero-trust security world. This repository specifies the protocols and schemas required for TDF o
Tech Hacks: Android, Linux, Developer
Nova Wallet Android is a next gen application for Polkadot & Kusama ecosystem, transparent & community-oriented, focused on convenient UX/UI, fast performance & security.
The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.
Public proof-of-concept obfuscator using the MapleIR framework designed by cts & bibl
aws-modernization-with-snyk-container-security
Preventative home and business security system
Pākiki is an intercepting proxy designed to help penetration testers find security vulnerabilities in web or mobile applications. This repository contains the core.
A statically linked lightweight version of setcap(8) to use in `scratch` images
Common Security Advisory Framework (CSAF) Verification, Validation, and Application Programming Interface (API).
1st Place Winner at Super Hacks 2021
Collection of 7 Days to Die bots, scripts and hacks
Security-oriented Arch Linux installation script. Key features such as Secure Boot, disk encryption with LUKS + TPM 2.0, encrypted home directories, and a stateful firewall.
VGS Show - Android SDK that enables you to securely display sensitive data https://www.verygoodsecurity.com/docs/vgs-show
Tanker client-side encryption SDK for Rust
A free, custom, open source hacked client for Minecraft 1.21 using Fabric
Cross-platform command-line password manager with sessions
Hacker News weekly top 10 posts
🌿 It's Hacker News in your terminal
VGS Collect Android SDK
TOTP MFA/2FA application written in Rust and GTK3
Manage and access your Kali Linux or Parrot Security VM from the terminal (SSH support + file sharing, especially convenient during CTFs, Hack The Box, etc.) :rocket::wrench:
SSH-keys, password lists, everything a hacker wants! Unfortunately, encrypted. And no, not with AES alone! Sorry NSA.
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
proof of concept for gyroveraging transform precomputation
This repository has code and circuit plans to hack a 1995 Pay Phone. (WIP)
The tool is consist of 1- ddos section 2-wifi hack section 3-distribution and setup and install from two different apps
IAM Least Privilege Policy Generator
Contenus et ressources de la chaîne FormationVidéo (YouTube)
Simple and lightweight library that helps to validate SVG files in security manners.
Visit https://la1r.com for more details on this project!
A simple tool to ban SSH invalid user for all machine accesses
Authentication and Authorization with Azure AD
Alloy is a language for describing structures and a tool for exploring them. It has been used in a wide range of applications from finding holes in security mechanisms to designing telephone switching networks. This repository contains the code for the to
Integrations, examples, and proof-of-concepts that are not part of OPA proper.
Amazon Dash Button hack in Docker for Synology
Go security checker
Security Proxy for Web Processing Services (WPS)
Proof of Concept CommCare HQ OpenHIE integration app
Jameica is an Application-Platform written in Java containing a SWT-UI. It provides different services (GUI-Toolkit, Logging, Security, Backup, Lifecycle-Management, Message-Bus) to the installed plugins. It's a kind of runtime environment similar to OSGi
Open source security data pipelines.
CVE-2020-24102 -- Directory Traversal vulnerability in Punkbuster pbsv.d64 2.351, allows remote attackers to execute arbitrary code.
CVE-2024-21552 -- All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary code execution on the SuperAGI application server.
CVE-2024-23321 -- For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions.
CVE-2024-25638 -- dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
CVE-2024-26020 -- An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.
CVE-2024-28698 -- Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component.
CVE-2024-29073 -- An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flas
CVE-2024-32152 -- A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnera
CVE-2024-32484 -- An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious
CVE-2024-33933 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force, Nikhil Chavan Elementor – Header, Footer & Blocks Template allows DOM-Based XSS.This issue affects Elementor – Header, Footer &
CVE-2024-34457 -- On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config.
CVE-2024-35656 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elementor Elementor Pro allows Reflected XSS.This issue affects Elementor Pro: from n/a through 3.21.2.
CVE-2024-37097 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UnitedThemes Shortcodes by United Themes allows Reflected XSS.This issue affects Shortcodes by United Themes: from n/a before 5.0.5.
CVE-2024-37100 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mayur Somani, threeroutes media Elegant Themes Icons allows Stored XSS.This issue affects Elegant Themes Icons: from n/a through 1.3.
CVE-2024-37101 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AF themes WP Post Author allows Stored XSS.This issue affects WP Post Author: from n/a through 3.6.7.
CVE-2024-37114 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Takashi Matsuyama My Favorites allows Stored XSS.This issue affects My Favorites: from n/a through 1.4.1.
CVE-2024-37116 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sinatrateam Sinatra allows Stored XSS.This issue affects Sinatra: from n/a through 1.3.
CVE-2024-37117 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Automator Pro allows Reflected XSS.This issue affects Uncanny Automator Pro: from n/a through 5.3.
CVE-2024-37120 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Tabs allows Stored XSS.This issue affects Tabs: from n/a through 4.0.6.
CVE-2024-37121 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Shortcode Addons allows Stored XSS.This issue affects Shortcode Addons: from n/a through 3.2.5.
CVE-2024-37122 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Accordions allows Stored XSS.This issue affects Accordions: from n/a through 2.3.5.
CVE-2024-37199 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kriesi.At Enfold allows Reflected XSS.This issue affects Enfold: from n/a through 5.6.9.
CVE-2024-37206 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme4Press Demo Awesome allows Reflected XSS.This issue affects Demo Awesome: from n/a through 1.0.1.
CVE-2024-37211 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
CVE-2024-37215 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeinteractivemedia Transition Slider – Responsive Image Slider and Gallery allows Stored XSS.This issue affects Transition Slider – Responsi
CVE-2024-37216 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rami Yushuvaev Sketchfab Embed allows Stored XSS.This issue affects Sketchfab Embed: from n/a through 1.5.
CVE-2024-37217 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8.
CVE-2024-37219 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PBN Hosting SL Page Builder Sandwich – Front-End Page Builder allows Stored XSS.This issue affects Page Builder Sandwich – Front-End Page Builder:
CVE-2024-37221 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Bester Kimili Flash Embed allows Stored XSS.This issue affects Kimili Flash Embed: from n/a through 2.5.3.
CVE-2024-37223 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 2.0.
CVE-2024-37229 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AuburnForest Blogmentor – Blog Layouts for Elementor allows Stored XSS.This issue affects Blogmentor – Blog Layouts for Elementor: from n/a throug
CVE-2024-37239 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17.
CVE-2024-37244 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ninja Team Ninja Beaver Add-ons for Beaver Builder allows Stored XSS.This issue affects Ninja Beaver Add-ons for Beaver Builder: from n/a through
CVE-2024-37245 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.This issue affects All In One Redirection: from n/a through 2.2.0.
CVE-2024-37246 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jethin Gallery Slideshow allows Stored XSS.This issue affects Gallery Slideshow: from n/a through 1.4.1.
CVE-2024-37257 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.3.
CVE-2024-37258 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Social Rocket allows Reflected XSS.This issue affects Social Rocket: from n/a through 1.3.3.
CVE-2024-37259 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: fro
CVE-2024-37261 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon allows Reflected XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.16.
CVE-2024-37262 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar
CVE-2024-37263 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons enteraddons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.6.
CVE-2024-37264 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Groundhogg Inc. Groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through 3.4.2.3.
CVE-2024-37265 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.60.
CVE-2024-37267 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in kaptinlin Striking allows Reflected XSS.This issue affects Striking: from n/a through 2.3.4.
CVE-2024-37271 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Nelson Print My Blog allows Stored XSS.This issue affects Print My Blog: from n/a through 3.27.0.
CVE-2024-37275 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NextScripts allows Reflected XSS.This issue affects NextScripts: from n/a through 4.4.6.
CVE-2024-37278 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pratik Chaskar Cards for Beaver Builder.This issue affects Cards for Beaver Builder: from n/a through 1.1.4.
CVE-2024-37380 -- A misconfiguration on UniFi U6+ Access Point could cause an incorrect VLAN traffic forwarding to APs meshed to UniFi U6+ Access Point.
CVE-2024-37391 -- ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.
CVE-2024-37409 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Beaver Addons PowerPack Lite for Beaver Builder allows Stored XSS.This issue affects PowerPack Lite for Beaver Builder: from n/a through 1.3.0.4.
CVE-2024-37414 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.0.2.
CVE-2024-37416 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Reflected XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.00.002.
CVE-2024-37422 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Emilia Projects Progress Planner allows Stored XSS.This issue affects Progress Planner: from n/a through 0.9.2.
CVE-2024-37428 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.0.
CVE-2024-37429 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hamid Alinia – idehweb Login with phone number allows Stored XSS.This issue affects Login with phone number: from n/a through 1.7.35.
CVE-2024-37432 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Esteem allows Stored XSS.This issue affects Esteem: from n/a through 1.5.0.
CVE-2024-37433 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EverPress Mailster allows Reflected XSS.This issue affects Mailster: from n/a through 4.0.9.
CVE-2024-37434 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Atarim allows Stored XSS.This issue affects Atarim: from n/a through 3.31.
CVE-2024-37436 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Reflected XSS.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a before 4.1.4.1.
CVE-2024-37445 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23.
CVE-2024-37942 -- Server-Side Request Forgery (SSRF) vulnerability in Berqier Ltd BerqWP.This issue affects BerqWP: from n/a through 1.7.5.
CVE-2024-37998 -- A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the know
CVE-2024-38503 -- When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits.
CVE-2024-38692 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11.
CVE-2024-38701 -- Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.
CVE-2024-38708 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows SQL Injection.This issue affects Barcode Scanner with Inventory & Order Manager: from n
CVE-2024-38723 -- Server-Side Request Forgery (SSRF) vulnerability in Bernhard Kux JSON Content Importer.This issue affects JSON Content Importer: from n/a through 1.5.6.
CVE-2024-38728 -- Server-Side Request Forgery (SSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9.
CVE-2024-38730 -- Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor.This issue affects Magical Addons For Elementor: from n/a through 1.1.41.
CVE-2024-38755 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10.
CVE-2024-38759 -- Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace.This issue affects Search & Replace: from n/a through 3.2.2.
CVE-2024-38773 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.
CVE-2024-38788 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in B?i Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.
CVE-2024-38944 -- An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component.
CVE-2024-39601 -- A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated user with physical access to downgr
CVE-2024-39685 -- Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the resample function, which leads to arbitrary command execution. This af
CVE-2024-39686 -- Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to arbitrary command execution. This af
CVE-2024-39688 -- Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is concatenated with other folders and used to open a new file in the generate_config function, which leads to a limited file write. The issue allows for
CVE-2024-39902 -- Tuleap is an open source suite to improve management of software developments and collaboration. Prior to Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8, the checkbox "Apply same permissions to all sub-items of this
CVE-2024-40051 -- IP Guard v4.81.0307.0 was discovered to contain an arbitrary file read vulnerability via the file name parameter.
CVE-2024-40075 -- Laravel v11.x was discovered to contain an XML External Entity (XXE) vulnerability.
CVE-2024-40430 -- In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms.
CVE-2024-40634 -- Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing exce
CVE-2024-41129 -- The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju (>=3.0), Juju sec
CVE-2024-41130 -- llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp contains a null pointer dereference in gguf_init_from_file. This vulnerability is fixed in b3427.
CVE-2024-41131 -- ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to
CVE-2024-41132 -- ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to proces
CVE-2024-41314 -- TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVE-2024-41315 -- TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVE-2024-41316 -- TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVE-2024-41317 -- TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVE-2024-41318 -- TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVE-2024-41320 -- TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function.
CVE-2024-41703 -- LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed version release has started in PR 3363.)
CVE-2024-41704 -- LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a fixed version release has started in PR 3363.)
CVE-2024-41709 -- Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permiss
CVE-2024-41824 -- In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases
CVE-2024-41825 -- In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
CVE-2024-41826 -- In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
CVE-2024-41827 -- In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
CVE-2024-41828 -- In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
CVE-2024-41829 -- In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
CVE-2024-41880 -- In veilid-core in Veilid before 0.3.4, the protocol's ping function can be misused in a way that decreases the effectiveness of safety and private routes.
CVE-2024-5004 -- The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
CVE-2024-5004 -- The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
CVE-2024-5529 -- The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (
CVE-2024-5973 -- The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.
CVE-2024-5973 -- The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.
CVE-2024-6243 -- The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is di
CVE-2024-6244 -- The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-6271 -- The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack
CVE-2024-6271 -- The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack
CVE-2024-6542 -- Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution.
CVE-2024-6962 -- A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buffer overflow. The attack can be ini
CVE-2024-6963 -- A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. T
CVE-2024-6964 -- A vulnerability, which was classified as critical, was found in Tenda O3 1.0.0.10. Affected is the function fromDhcpSetSer. The manipulation of the argument dhcpEn/startIP/endIP/preDNS/altDNS/mask/gateway leads to stack-based buffer overflow. It is possib
CVE-2024-6965 -- A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Affected by this vulnerability is the function fromVirtualSet. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. The attack ca
CVE-2024-6966 -- A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php of the component Login. The manipulation of the argument user/pass lea
CVE-2024-6967 -- A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. This affects an unknown part of the file /employee_gatepass/admin/?page=employee/manage_employee. The manipulation of the ar
CVE-2024-6968 -- A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /print_patients_visits.php. The manipulation of the argument from/to leads to sql inje
CVE-2024-6969 -- A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ajax/get_patient_history.php. The manipulation of the argument patient_id leads to sq
CVE-2024-6970 -- A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file /staffcatadd.php. The manipulation of the argument title leads to sql injection. It is possible to launch th
CVE-2024-37446 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Chained Quiz allows Stored XSS.This issue affects Chained Quiz: from n/a through 1.3.2.8.
CVE-2024-37447 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager allows Stored XSS.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager:
CVE-2024-37449 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.7.13.
CVE-2024-37457 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks – Gutenberg Blocks Plugin allows Stored XSS.This issue affects Ultimate Blocks – Gutenberg Blocks Plugin: from n/a
CVE-2024-37459 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.This issue affects PayPlus Payment Gateway: from n/a through 6.6.8.
CVE-2024-37460 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SuperSaaS SuperSaaS – online appointment scheduling allows Stored XSS.This issue affects SuperSaaS – online appointment scheduling: from n/a throu
CVE-2024-37461 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.65.
CVE-2024-37465 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Senol Sahin GPT3 AI Content Writer allows Stored XSS.This issue affects GPT3 AI Content Writer: from n/a through 1.8.66.
CVE-2024-37466 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements.This issue affects Mega Elements: from n/a through 1.2.2.
CVE-2024-37480 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions apollo13-framework-extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: fro
CVE-2024-37485 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vinny Alves (UseStrict Consulting) bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3.
CVE-2024-37487 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpdirectorykit.Com WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.3.5.
CVE-2024-37488 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.9.
CVE-2024-37489 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.2.9.
CVE-2024-37492 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gutenberg Team Gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a through 18.6.0.
CVE-2024-37495 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mediavine Create by Mediavine allows Stored XSS.This issue affects Create by Mediavine: from n/a through 1.9.7.
CVE-2024-37500 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.2.2.
CVE-2024-37507 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57.
CVE-2024-37509 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Maksekeskus AS MakeCommerce for WooCommerce allows Reflected XSS.This issue affects MakeCommerce for WooCommerce: from n/a through 3.5.1.
CVE-2024-37512 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.10.
CVE-2024-37514 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArtistScope CopySafe Web Protection allows Stored XSS.This issue affects CopySafe Web Protection: from n/a through 3.14.
CVE-2024-37515 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Optemiz XPlainer - WooCommerce Product FAQ allows Reflected XSS.This issue affects XPlainer - WooCommerce Product FAQ: from n/a through 1.6.3.
CVE-2024-37519 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from
CVE-2024-37521 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in zwwooooo zBench allows Stored XSS.This issue affects zBench: from n/a through 1.4.2.
CVE-2024-37522 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dario Curasì CC & BCC for Woocommerce Order Emails allows Stored XSS.This issue affects CC & BCC for Woocommerce Order Emails: from n/a through 1.
CVE-2024-37523 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AMP-MODE Login Logo Editor allows Stored XSS.This issue affects Login Logo Editor: from n/a through 1.3.3.
CVE-2024-37536 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Web357 Easy Custom Code (LESS/CSS/JS) – Live editing allows Stored XSS.This issue affects Easy Custom Code (LESS/CSS/JS) – Live editing: from n/a
CVE-2024-37537 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UusWeb.Ee WS Contact Form allows Stored XSS.This issue affects WS Contact Form: from n/a through 1.3.7.
CVE-2024-37538 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thomas Kuhlmann Link To Bible allows Stored XSS.This issue affects Link To Bible: from n/a through 2.5.9.
CVE-2024-37545 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nick Halsey Floating Social Media Links allows Stored XSS.This issue affects Floating Social Media Links: from n/a through 1.5.2.
CVE-2024-37548 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Easy Ads Widget allows Stored XSS.This issue affects Meks Easy Ads Widget: from n/a through 2.0.8.
CVE-2024-37549 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 4.0.0.
CVE-2024-37550 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Envato Template Kit – Export allows Stored XSS.This issue affects Template Kit – Export: from n/a through 1.0.22.
CVE-2024-37551 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Perials Simple Social Share allows Stored XSS.This issue affects Simple Social Share: from n/a through 3.0.
CVE-2024-37552 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Inisev Social Media & Share Icons allows Stored XSS.This issue affects Social Media & Share Icons: from n/a through 2.9.1.
CVE-2024-37556 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SeedProd WordPress Notification Bar allows Stored XSS.This issue affects WordPress Notification Bar: from n/a through 1.3.10.
CVE-2024-37557 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Soham Web Solution WP Cookie Law Info allows Stored XSS.This issue affects WP Cookie Law Info: from n/a through 1.1.
CVE-2024-37558 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nazmul Hossain Nihal WPFavicon allows Stored XSS.This issue affects WPFavicon: from n/a through 2.1.1.
CVE-2024-37559 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Echenley Counterpoint allows Reflected XSS.This issue affects Counterpoint: from n/a through 1.8.1.
CVE-2024-38434 -- Unitronics Vision PLC –
CVE-2024-38435 -- Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service
CVE-2024-38436 -- Commugen SOX 365 – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38437 -- D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel
CVE-2024-38438 -- D-Link -
CVE-2024-38781 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArtistScope CopySafe Web Protection allows Reflected XSS.This issue affects CopySafe Web Protection: from n/a through 3.15.
CVE-2024-38782 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MapsMarker.Com e.U. Leaflet Maps Marker allows Stored XSS.This issue affects Leaflet Maps Marker: from n/a through 3.12.9.
CVE-2024-38784 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Beaver Builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through 3.6.1.
CVE-2024-38785 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.2.
CVE-2024-38786 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BurgerThemes CoziPress allows Stored XSS.This issue affects CoziPress: from n/a through 1.0.30.
CVE-2024-6933 -- A vulnerability was found in LimeSurvey 6.5.14-240624. It has been rated as critical. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveylocalesettings_generalse
CVE-2024-6934 -- A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1. This affects an unknown part of the file /admin/forms/add/step2.php?submission_type=direct. The manipulation of the argument Form URL leads to cross site scripting
CVE-2024-6935 -- A vulnerability classified as problematic was found in formtools.org Form Tools 3.1.1. This vulnerability affects unknown code of the file /admin/clients/ of the component User Settings Page. The manipulation leads to cross site scripting. The attack can
CVE-2024-6936 -- A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts of the component Setting Handler. The manipulation of th
CVE-2024-6937 -- A vulnerability, which was classified as problematic, was found in formtools.org Form Tools 3.1.1. Affected is the function curl_exec of the file /admin/forms/option_lists/edit.php of the component Import Option List. The manipulation of the argument url
CVE-2024-6938 -- A vulnerability has been found in SiYuan 3.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PDF.js of the component PDF Handler. The manipulation leads to cross site scripting. The attack can be lau
CVE-2024-6939 -- A vulnerability was found in Xinhu RockOA 2.6.3 and classified as problematic. Affected by this issue is the function okla of the file /webmain/public/upload/tpl_upload.html. The manipulation of the argument callback leads to cross site scripting. The att
CVE-2024-6940 -- A vulnerability was found in DedeCMS 5.7.114. It has been classified as critical. This affects an unknown part of the file article_template_rand.php. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has
CVE-2024-6941 -- A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument site_title/site_subtitle/site_key/site_desc/site_url
CVE-2024-6942 -- A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin Panel Security Center. The manipulation of the argument ip/email/phone leads
CVE-2024-6943 -- A vulnerability has been found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this vulnerability is the function downloadImage of the file app/services/product/product/CopyTaobaoServices.php. The manipulation leads to deseriali
CVE-2024-6944 -- A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function get_image_base64 of the file PublicController.php. The manipulation of the argument file leads to deserialization. The attack m
CVE-2024-6945 -- A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been classified as critical. This affects an unknown part of the file app/Core/Http/Controllers/Profile/ImagesController.php of the component Avatar Upload Page. The manipulation of the argument
CVE-2024-6946 -- A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been declared as critical. This vulnerability affects unknown code of the file /admin/pages/list. The manipulation of the argument blocks leads to code injection. The attack can be initiated rem
CVE-2024-6947 -- A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been rated as critical. This issue affects the function replaceContent of the file app/Core/Support/ContentParser.php of the component Notification Handler. The manipulation leads to code inject
CVE-2024-6948 -- A vulnerability classified as critical has been found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected is an unknown function of the file /slideeditor.php of the component Slide Editor. The manipulation of the argument newSlideFile
CVE-2024-6949 -- A vulnerability classified as problematic was found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected by this vulnerability is an unknown functionality of the file /pages.php?edit=News. The manipulation leads to path traversal. The a
CVE-2024-6950 -- A vulnerability, which was classified as critical, has been found in Prain up to 1.3.0. Affected by this issue is some unknown functionality of the file /?import of the component HTTP POST Request Handler. The manipulation of the argument file leads to co
CVE-2024-6951 -- A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System 1.0. This affects an unknown part of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. It is possible
CVE-2024-6952 -- A vulnerability has been found in itsourcecode University Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_single_result.php?vr=123321&vn=mirage. The manipulation of the argument seme leads to sql
CVE-2024-6953 -- A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file sms.php. The manipulation of the argument customer leads to sql injection. The attack may be initi
CVE-2024-6954 -- A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file sort1.php. The manipulation of the argument position leads to cross site
CVE-2024-6955 -- A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file sort2.php. The manipulation of the argument qualification leads to cross site scripting. It is pos
CVE-2024-6956 -- A vulnerability was found in itsourcecode University Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view_cgpa.php. The manipulation of the argument VR/VN leads to sql injection. The
CVE-2024-6957 -- A vulnerability classified as critical has been found in itsourcecode University Management System 1.0. This affects an unknown part of the file functions.php of the component Login. The manipulation of the argument username leads to sql injection. It is
CVE-2024-6958 -- A vulnerability classified as critical was found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /st_update.php of the component Avatar File Handler. The manipulation of the argument personal_image lea
CVE-2024-6960 -- The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized (no
CVE-2024-6961 -- RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the S
CVE-2024-2337 -- The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied
CVE-2024-37561 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jamie Bergen Plugin Notes Plus allows Stored XSS.This issue affects Plugin Notes Plus: from n/a through 1.2.6.
CVE-2024-37562 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BracketSpace Simple Post Notes allows Stored XSS.This issue affects Simple Post Notes: from n/a through 1.7.7.
CVE-2024-37563 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TOCHAT.BE allows Stored XSS.This issue affects TOCHAT.BE: from n/a through 1.3.0.
CVE-2024-37565 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.5.
CVE-2024-37918 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCone.Com ConeBlog – WordPress Blog Widgets allows Stored XSS.This issue affects ConeBlog – WordPress Blog Widgets: from n/a through 1.4.8.
CVE-2024-37919 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pratik Chaskar Timeline Module for Beaver Builder allows Stored XSS.This issue affects Timeline Module for Beaver Builder: from n/a through 1.1.3.
CVE-2024-37920 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Repute InfoSystems ARForms Form Builder allows Reflected XSS.This issue affects ARForms Form Builder: from n/a through 1.6.7.
CVE-2024-37922 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.34.
CVE-2024-37936 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in labibahmed Tabs For WPBakery Page Builder allows Stored XSS.This issue affects Tabs For WPBakery Page Builder: from n/a through 1.2.
CVE-2024-37943 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Ajax Product Filter allows Reflected XSS.This issue affects YITH WooCommerce Ajax Product Filter: from n/a through 5.1.0.
CVE-2024-37944 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel Engine allows Stored XSS.This issue affects WP Travel Engine: from n/a through 5.9.1.
CVE-2024-37946 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs ReCaptcha Integration for WordPress allows Stored XSS.This issue affects ReCaptcha Integration for WordPress: from n/a through 1.2.5.
CVE-2024-37947 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2.
CVE-2024-37948 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PootlePress Caxton – Create Pro page layouts in Gutenberg allows Stored XSS.This issue affects Caxton – Create Pro page layouts in Gutenberg: from
CVE-2024-37949 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Mobile allows Stored XSS.This issue affects Responsive Mobile: from n/a through 1.15.1.
CVE-2024-37950 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodexHelp Master Popups allows Stored XSS.This issue affects Master Popups: from n/a through 1.0.3.
CVE-2024-37951 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor alam Magical Posts Display – Elementor & Gutenberg Posts Blocks allows Stored XSS.This issue affects Magical Posts Display – Elementor & Gute
CVE-2024-37953 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MBE Worldwide S.P.A. MBE eShip allows Reflected XSS.This issue affects MBE eShip: from n/a through 2.1.2.
CVE-2024-37954 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in marcelotorres Simple Responsive Slider allows Reflected XSS.This issue affects Simple Responsive Slider: from n/a through 0.2.2.5.
CVE-2024-37955 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zakaria Binsaifullah GutSlider – All in One Block Slider allows Stored XSS.This issue affects GutSlider – All in One Block Slider: from n/a throug
CVE-2024-37956 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.98.1.0.
CVE-2024-37957 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bradmax Bradmax Player allows Stored XSS.This issue affects Bradmax Player: from n/a through 1.1.27.
CVE-2024-37958 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4.
CVE-2024-37959 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Atlas Public Policy Power BI Embedded for WordPress allows Stored XSS.This issue affects Power BI Embedded for WordPress: from n/a through 1.1.7.
CVE-2024-37960 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.0.
CVE-2024-37961 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in codoc.Jp allows Stored XSS.This issue affects codoc: from n/a through 0.9.51.12.
CVE-2024-38669 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in a3rev Software WooCommerce Predictive Search allows Reflected XSS.This issue affects WooCommerce Predictive Search: from n/a through 6.0.1.
CVE-2024-38670 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Members allows Stored XSS.This issue affects Team Members: from n/a through 5.3.3.
CVE-2024-38671 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson WP GoToWebinar allows Stored XSS.This issue affects WP GoToWebinar: from n/a through 15.7.
CVE-2024-38672 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in namithjawahar AdPush allows Reflected XSS.This issue affects AdPush: from n/a through 1.50.
CVE-2024-38673 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Obtain Infotech Multisite Content Copier/Updater allows Reflected XSS.This issue affects Multisite Content Copier/Updater: from n/a through 1.5.0.
CVE-2024-38674 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 2.1.
CVE-2024-38675 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.22.1.
CVE-2024-38676 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Booking Ultra Pro allows Stored XSS.This issue affects Booking Ultra Pro: from n/a through 1.1.13.
CVE-2024-38677 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Reviews.Co.Uk REVIEWS.Io allows Stored XSS.This issue affects REVIEWS.Io: from n/a through 1.2.7.
CVE-2024-38678 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Calendar.Online Calendar.Online / Kalender.Digital allows Stored XSS.This issue affects Calendar.Online / Kalender.Digital: from n/a through 1.0.8
CVE-2024-38679 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yongki Agustinus Animated Typed JS Shortcode allows Stored XSS.This issue affects Animated Typed JS Shortcode: from n/a through 2.0.
CVE-2024-38680 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Appmaker Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps allows Reflected XSS.This issue affects Appmaker – Convert WooCommerce
CVE-2024-38681 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.41.
CVE-2024-38682 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Techeshta Post Layouts for Gutenberg allows Stored XSS.This issue affects Post Layouts for Gutenberg: from n/a through 1.2.7.
CVE-2024-38683 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iThemelandCo WooCommerce Report allows Reflected XSS.This issue affects WooCommerce Report: from n/a through 1.4.5.
CVE-2024-38684 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FunnelKit SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) allows Stored XSS.This issue affects SlingBlocks – Gutenberg Blocks by
CVE-2024-38685 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SubscriptionPro WP Announcement allows Stored XSS.This issue affects WP Announcement: from n/a through 2.0.8.
CVE-2024-38686 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pluginic FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor allows Stored XSS.This issue affects
CVE-2024-38687 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Techfyd Sky Addons for Elementor allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through 2.5.5.
CVE-2024-38689 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Garrett Grimm Simple Popup allows Stored XSS.This issue affects Simple Popup: from n/a through 4.4.
CVE-2024-38694 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Moloni allows Reflected XSS.This issue affects Moloni: from n/a through 4.7.4.
CVE-2024-38696 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho CRM Zoho CRM Lead Magnet allows Reflected XSS.This issue affects Zoho CRM Lead Magnet: from n/a through 1.7.8.8.
CVE-2024-38697 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali Rahimi Goftino allows Stored XSS.This issue affects Goftino: from n/a through 1.6.
CVE-2024-38698 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Skill Bar allows Stored XSS.This issue affects SKT Skill Bar: from n/a through 2.0.
CVE-2024-38703 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator allows Stored XSS.This issue affects WP Event Aggregator: from n/a through 1.7.9.
CVE-2024-38705 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.
CVE-2024-38710 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.6.2.
CVE-2024-38711 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.7.1.
CVE-2024-38712 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Qode Interactive Qi Blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through 1.3.
CVE-2024-38713 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.02.002.
CVE-2024-38718 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in clicklabs® Medienagentur Download Button for Elementor allows Stored XSS.This issue affects Download Button for Elementor: from n/a through 1.2.1.
CVE-2024-38720 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EazyDocs eazydocs allows Stored XSS.This issue affects EazyDocs: from n/a through 2.5.0.
CVE-2024-38722 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Job Board Manager allows Stored XSS.This issue affects Job Board Manager: from n/a through 2.1.57.
CVE-2024-38725 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webstix Admin Dashboard RSS Feed allows Stored XSS.This issue affects Admin Dashboard RSS Feed: from n/a through 3.1.
CVE-2024-38738 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marian Kadanka Change From Email allows Stored XSS.This issue affects Change From Email: from n/a through 1.2.1.
CVE-2024-38739 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FameThemes OnePress allows Stored XSS.This issue affects OnePress: from n/a through 2.3.8.
CVE-2024-38741 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor-E-Alam Amazing Hover Effects allows Stored XSS.This issue affects Amazing Hover Effects: from n/a through 2.4.9.
CVE-2024-38750 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in digontoahsan Advanced post slider.This issue affects Advanced post slider: from n/a through 3.0.0.
CVE-2024-38757 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Typebot allows Stored XSS.This issue affects Typebot: from n/a through 3.6.0.
CVE-2024-38758 -- Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4.
CVE-2024-38767 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky.Com BSK PDF Manager allows Stored XSS.This issue affects BSK PDF Manager: from n/a through 3.6.
CVE-2024-3934 -- The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above,
CVE-2024-40347 -- A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid.
CVE-2024-40348 -- An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal.
CVE-2024-5804 -- The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13. This is due to missing or incorrect nonce validation on the wpcf7cf_admin_init function. This makes it pos
CVE-2024-6281 -- A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and po
CVE-2024-6489 -- The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_google_api_key function in all versions up to, and including, 2.0.10. This makes it possible for authenticat
CVE-2024-6491 -- The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10. This makes it possible for authe
CVE-2024-6497 -- The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 12.3.19 due to insufficient input sanitization and output escaping. This makes it possible for a
CVE-2024-6560 -- The Addonify – Quick View For WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.16. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it p
CVE-2024-6635 -- The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.3. This is due to insufficient controls in the 'woo_slg_login_email' function. This makes it possible for unauthenticated atta
CVE-2024-6636 -- The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up to, and including, 2.7.3. This makes it possible for unauthen
CVE-2024-6637 -- The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for un
CVE-2024-6694 -- The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for aut
CVE-2024-6848 -- The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping
CVE-2024-6932 -- A vulnerability was found in ClassCMS 4.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/?action=home&do=shop:index&keyword=&kind=all. The manipulation of the argument order leads to cro