Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3681 :
No results found.
Remaining NVD entries (unprocessed / no code available): ~242717 :
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2024-04-25 | CVE-2024-1347 | An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group. | N/A | N/A | |
| 2024-04-25 | CVE-2024-32676 | Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0. | N/A | N/A | |
| 2024-04-25 | CVE-2024-2434 | An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read. | N/A | N/A | |
| 2024-04-25 | CVE-2024-2829 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service. | N/A | N/A | |
| 2024-04-25 | CVE-2024-4164 | A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.17(9502). This issue affects the function formModifyPppAuthWhiteMac of the file /goform/ModifyPppAuthWhiteMac. The manipulation of the argument pppoeServerWhiteMacIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261983. NOTE: The vendor was contacted early... | N/A | N/A | |
| 2024-04-25 | CVE-2024-3730 | The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | N/A | N/A | |
| 2024-04-25 | CVE-2023-52220 | Missing Authorization vulnerability in MonsterInsights Google Analytics by Monster Insights.This issue affects Google Analytics by Monster Insights: from n/a through 8.21.0. | N/A | N/A |