Total
27423 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21394 | 1 Microsoft | 1 Dynamics 365 | 2024-05-29 | N/A | 7.6 HIGH |
| Dynamics 365 Field Service Spoofing Vulnerability | |||||
| CVE-2024-21393 | 1 Microsoft | 1 Dynamics 365 | 2024-05-29 | N/A | 7.6 HIGH |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2024-21389 | 1 Microsoft | 1 Dynamics 365 | 2024-05-29 | N/A | 7.6 HIGH |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2024-21328 | 1 Microsoft | 1 Dynamics 365 | 2024-05-29 | N/A | 7.6 HIGH |
| Dynamics 365 Sales Spoofing Vulnerability | |||||
| CVE-2024-21327 | 1 Microsoft | 1 Dynamics 365 | 2024-05-29 | N/A | 7.6 HIGH |
| Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | |||||
| CVE-2024-20679 | 1 Microsoft | 1 Azure Stack Hub | 2024-05-29 | N/A | 6.5 MEDIUM |
| Azure Stack Hub Spoofing Vulnerability | |||||
| CVE-2024-29049 | 2024-05-28 | N/A | 4.1 MEDIUM | ||
| Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | |||||
| CVE-2021-41372 | 1 Microsoft | 1 Power Bi Report Server | 2024-05-28 | 6.8 MEDIUM | 7.6 HIGH |
| A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim. Combining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges when the victim access one of the HTML files present in the malicious Power BI template uploaded. The security update addresses the vulnerability by helping to ensure that Power BI Report Server properly sanitize file uploads. | |||||
| CVE-2024-5415 | 2024-05-28 | N/A | 7.1 HIGH | ||
| A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/backup.php, 'comments' and 'db' parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details. | |||||
| CVE-2024-5413 | 2024-05-28 | N/A | 7.1 HIGH | ||
| A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details. | |||||
| CVE-2024-5414 | 2024-05-28 | N/A | 7.1 HIGH | ||
| A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/get_file.php, 'view' parameter. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details. | |||||
| CVE-2023-22843 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-05-28 | N/A | 4.8 MEDIUM |
| An authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule. An attacker may be able to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible in the content for Yara rules, while limited HTML injection has been proven for packet and STYX rules. The injected code will be executed in the context of the authenticated victim's session. | |||||
| CVE-2024-35236 | 2024-05-28 | N/A | 4.8 MEDIUM | ||
| Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on Windows, but an arbitrary file write is powerful enough as is and should easily lead to RCE on Linux, too. Version 2.10.0 contains a patch for the vulnerability. | |||||
| CVE-2023-37411 | 2024-05-28 | N/A | 4.8 MEDIUM | ||
| IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139. | |||||
| CVE-2024-5383 | 2024-05-28 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic has been found in lakernote EasyAdmin up to 20240324. This affects an unknown part of the file /sys/file/upload. The manipulation of the argument file leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 9c8a836ace17a93c45e5ad52a2340788b7795030. It is recommended to apply a patch to fix this issue. The identifier VDB-266301 was assigned to this vulnerability. | |||||
| CVE-2024-5409 | 2024-05-28 | N/A | 7.1 HIGH | ||
| RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details. | |||||
| CVE-2024-5385 | 2024-05-28 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name with the input <script>confirm (document.cookie)</script> leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-266303. | |||||
| CVE-2024-5374 | 2024-05-28 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability, which was classified as problematic, was found in Kashipara College Management System 1.0. Affected is an unknown function of the file submit_new_faculty.php. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266286 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-5405 | 2024-05-28 | N/A | 6.3 MEDIUM | ||
| A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via /tools/redis.php page in the k, hash, key and p parameters. This vulnerability could allow a remote user to submit a specially crafted JavaScript payload for an authenticated user to retrieve their session details. | |||||
| CVE-2024-5372 | 2024-05-28 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic was found in Kashipara College Management System 1.0. This vulnerability affects unknown code of the file submit_extracurricular_activity.php. The manipulation of the argument activity_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266284. | |||||