High - CVE-2024-5996 - The notification emails sent by Soar Cloud HR...
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the...
NA - CVE-2024-3966 - The Pray For Me WordPress plugin through 1.0.4...
The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin...
NA - CVE-2024-27159 - All the Toshiba printers contain a shell script...
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed...
NA - CVE-2024-21988 - StorageGRID (formerly StorageGRID Webscale)...
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the...
NA - CVE-2023-51516 - Missing Authorization vulnerability in Business...
Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9.
NA - CVE-2024-4271 - The SVGator WordPress plugin through 1.2.6...
The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
NA - CVE-2024-36499 - Vulnerability of unauthorized screenshot...
Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.