Source URL: https://www.cisa.gov/news-events/bulletins/sb24-281
Source: Bulletins
Title: Vulnerability Summary for the Week of September 30, 2024
Feedly Summary:
High Vulnerabilities
PrimaryVendor — Product
Description
Published
CVSS Score
Source & Patch Info
n/a–n/a
An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication.
2024-09-30
10
CVE-2024-42017cve@mitre.orgcve@mitre.org
Cisco–Cisco Data Center Network Manager
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted commands to an affected REST API endpoint or through the web UI. A successful exploit could allow the attacker to execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network-admin privileges. Note: This vulnerability does not affect Cisco NDFC when it is configured for storage area network (SAN) controller deployment.
2024-10-02
9.9
CVE-2024-20432ykramarz@cisco.com
n/a–n/a
The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges.
2024-10-01
9
CVE-2024-25660cve@mitre.org
Schneider Elektronik–Series 700
An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.
2024-10-02
9.1
CVE-2024-35293info@cert.vde.com
n/a–n/a
A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their email for authorization after entering their login credentials. However, the request limiting mechanism can be easily bypassed, enabling attackers to perform a brute force attack to guess the correct PIN and gain unauthorized access to the application.
2024-10-01
9.8
CVE-2024-41276cve@mitre.orgcve@mitre.org
Optigo Networks–ONS-S8 Spectra Aggregation Switch
The web service for ONS-S8 – Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code.
2024-10-03
9.8
CVE-2024-41925ics-cert@hq.dhs.gov
n/a–n/a
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session.
2024-10-01
9.1
CVE-2024-42514cve@mitre.orgcve@mitre.orgcve@mitre.org
Delta Electronics–DIAEnergie
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.
2024-10-03
9.8
CVE-2024-43699ics-cert@hq.dhs.govics-cert@hq.dhs.gov
Vmaxstudio–Vmax Project Manager
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Vmaxstudio Vmax Project Manager allows PHP Local File Inclusion, Code Injection.This issue affects Vmax Project Manager: from n/a through 1.0.
2024-10-05
9.6
CVE-2024-44014audit@patchstack.com
Google–Android
According to the researcher: “The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server."
2024-10-02
9.8
CVE-2024-44097dsap-vuln-management@google.com
n/a–n/a
FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials.
2024-10-02
9.8
CVE-2024-45186cve@mitre.org
Cavok–Cavok
Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
2024-10-06
9.8
CVE-2024-45249cna@cyber.gov.il
Elsight–Halo version 11.7.1.5
Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
2024-10-06
9.8
CVE-2024-45251cna@cyber.gov.il
Elsight–Halo version 11.7.1.5
Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
2024-10-06
9.8
CVE-2024-45252cna@cyber.gov.il
Optigo Networks–ONS-S8 Spectra Aggregation Switch
The web server for ONS-S8 – Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password.
2024-10-03
9.1
CVE-2024-45367ics-cert@hq.dhs.gov
zimbra — collaboration
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
2024-10-02
9.8
CVE-2024-45519cve@mitre.orgcve@mitre.org
n/a–n/a
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether the user is logged in as an admin or even check for a session token at all.
2024-09-30
9.8
CVE-2024-46293cve@mitre.org
YITH–YITH WooCommerce Ajax Search
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in YITH YITH WooCommerce Ajax Search allows SQL Injection.This issue affects YITH WooCommerce Ajax Search: from n/a through 2.8.0.
2024-10-06
9.3
CVE-2024-47350audit@patchstack.com
planet — gs-4210-24p2s_firmware
Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges.
2024-09-30
9.8
CVE-2024-8450twcert@cert.org.twtwcert@cert.org.tw
planet — gs-4210-24p2s_firmware
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices.
2024-09-30
9.8
CVE-2024-8456twcert@cert.org.twtwcert@cert.org.tw
xunhuweb–Wechat Social login QQ
The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. This is due to insufficient verification on the user being supplied during the social login. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This is only exploitable if the app secret is not set, so it has a default empty value.
2024-10-01
9.8
CVE-2024-9106security@wordfence.comsecurity@wordfence.com
xunhuweb–Wechat Social login QQ
The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘convert_remoteimage_to_local’ function in versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.
2024-10-01
9.8
CVE-2024-9108security@wordfence.comsecurity@wordfence.com
CodeRevolution–Echo RSS Feed Post Generator
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echo_check_post_header_sent() function. This makes it possible for unauthenticated attackers to register as an administrator.
2024-10-01
9.8
CVE-2024-9265security@wordfence.comsecurity@wordfence.com
RedefiningTheWeb–WordPress & WooCommerce Affiliate Program
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callback() function not properly validating a user’s identity prior to authenticating them to the site. This makes it possible for unauthenticated attackers to log in as any user, including administrators, granted they have access to the administrator’s email.
2024-10-01
9.8
CVE-2024-9289security@wordfence.comsecurity@wordfence.com
code-projects — restaurant_reservation_system
A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2024-10-01
9.8
CVE-2024-9359cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
code-projects — restaurant_reservation_system
A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2024-10-01
9.8
CVE-2024-9360cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
Mozilla–Firefox
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
2024-10-01
9.8
CVE-2024-9392security@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.org
Mozilla--Firefox
Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
2024-10-01
9.8
CVE-2024-9401security@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.org
Mozilla--Firefox
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
2024-10-01
9.8
CVE-2024-9402security@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.org
Linear--eMerge e3-Series
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.
2024-10-02
9.8
CVE-2024-9441disclosure@vulncheck.comdisclosure@vulncheck.com
Cisco--Cisco Small Business RV Series Router Firmware
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin.
2024-10-02
8.8
CVE-2024-20393ykramarz@cisco.com
Cisco--Cisco Data Center Network Manager
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary code in a specific container with the privileges of root.
2024-10-02
8.8
CVE-2024-20449ykramarz@cisco.com
Cisco--Cisco Meraki MX Firmware
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
2024-10-02
8.6
CVE-2024-20498ykramarz@cisco.com
Cisco--Cisco Meraki MX Firmware
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
2024-10-02
8.6
CVE-2024-20499ykramarz@cisco.com
Cisco--Cisco Meraki MX Firmware
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
2024-10-02
8.6
CVE-2024-20501ykramarz@cisco.com
n/a--uplot
Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.
2024-10-01
8.2
CVE-2024-21489report@snyk.ioreport@snyk.ioreport@snyk.io
elabftw--elabftw
eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The vulnerability allows a regular user to become administrator of a team where they are a member, under a reasonable configuration. Additionally, in eLabFTW versions subsequent to v5.0.0, the vulnerability may allow an initially unauthenticated user to gain administrative privileges over an arbitrary team. The vulnerability does not affect system administrator status. Users should upgrade to version 5.1.0. System administrators are advised to turn off local user registration, saml_team_create and not allow administrators to import users into teams, unless strictly required.
2024-10-01
8.6
CVE-2024-25632security-advisories@github.com
n/a--n/a
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials.
2024-09-30
8.8
CVE-2024-28809cve@mitre.org
n/a--n/a
An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management network interface) with hardcoded credentials allows attackers to access the appliance operating system (with highest privileges) via an SSH connection.
2024-09-30
8.8
CVE-2024-28812cve@mitre.org
n/a--n/a
An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpected network interface.
2024-09-30
8.4
CVE-2024-28813cve@mitre.org
Foxit--Foxit Reader
A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
2024-10-02
8.8
CVE-2024-28888talos-cna@cisco.comtalos-cna@cisco.com
GNOME Project--G Structured File Library (libgsf)
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
2024-10-03
8.4
CVE-2024-36474talos-cna@cisco.comtalos-cna@cisco.com
n/a--n/a
FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component.
2024-10-02
8.1
CVE-2024-41290cve@mitre.org
n/a--n/a
A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component.
2024-10-03
8
CVE-2024-41586cve@mitre.orgcve@mitre.org
n/a--n/a
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests.
2024-10-03
8.8
CVE-2024-41589cve@mitre.orgcve@mitre.org
n/a--n/a
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.
2024-10-03
8
CVE-2024-41592cve@mitre.orgcve@mitre.org
n/a--n/a
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations.
2024-10-03
8
CVE-2024-41595cve@mitre.orgcve@mitre.org
n/a--n/a
Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.
2024-10-03
8
CVE-2024-41596cve@mitre.orgcve@mitre.org
GNOME Project--G Structured File Library (libgsf)
An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
2024-10-03
8.4
CVE-2024-42415talos-cna@cisco.comtalos-cna@cisco.com
Delta Electronics--DIAEnergie
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.
2024-10-03
8.8
CVE-2024-42417ics-cert@hq.dhs.govics-cert@hq.dhs.gov
ABCApp Creator--ABCApp Creator
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABCApp Creator allows PHP Local File Inclusion.This issue affects ABCApp Creator: from n/a through 1.1.2.
2024-10-05
8.1
CVE-2024-44023audit@patchstack.com
Apple--iTunes for Windows
A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges.
2024-10-02
8.4
CVE-2024-44193product-security@apple.com
apache -- lucene
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. Java serialization filters (such as -Djdk.serialFilter='!*' on the commandline) can mitigate the issue on vulnerable versions without impacting functionality.
2024-09-30
8
CVE-2024-45772security@apache.org
n/a--n/a
Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function.
2024-10-01
8
CVE-2024-46080cve@mitre.org
n/a--n/a
Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function.
2024-10-01
8
CVE-2024-46084cve@mitre.orgcve@mitre.org
n/a--n/a
PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them.
2024-09-30
8.8
CVE-2024-46280cve@mitre.org
n/a--n/a
TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm.
2024-09-30
8
CVE-2024-46313cve@mitre.org
n/a--n/a
OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload.
2024-10-02
8.8
CVE-2024-46626cve@mitre.org
parse-community--parse-server
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquires privileges of a specific role. This vulnerability is fixed in 6.5.9 and 7.3.0.
2024-10-04
8.1
CVE-2024-47183security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com
SEIKO EPSON CORPORATION--Web Config
Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].
2024-10-01
8.1
CVE-2024-47295vultures@jpcert.or.jpvultures@jpcert.or.jp
Bit Apps--Bit Form Contact Form Plugin
Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form - Contact Form Plugin allows Code Injection.This issue affects Bit Form - Contact Form Plugin: from n/a through 2.13.10.
2024-10-05
8
CVE-2024-47319audit@patchstack.com
Ex-Themes--WP Timeline Vertical and Horizontal timeline plugin
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ex-Themes WP Timeline - Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline - Vertical and Horizontal timeline plugin: from n/a through 3.6.7.
2024-10-05
8.1
CVE-2024-47323audit@patchstack.com
NuGet--NuGetGallery
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser.
2024-10-01
8.2
CVE-2024-47604security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com
Jenkins Project--Jenkins OpenId Connect Authentication Plugin
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.
2024-10-02
8.1
CVE-2024-47806jenkinsci-cert@googlegroups.com
Jenkins Project--Jenkins OpenId Connect Authentication Plugin
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.
2024-10-02
8.1
CVE-2024-47807jenkinsci-cert@googlegroups.com
ultrapressorg--Unseen Blog
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
2024-10-01
8.8
CVE-2024-7432security@wordfence.comsecurity@wordfence.com
ultrapressorg--Empowerment
The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
2024-10-01
8.8
CVE-2024-7433security@wordfence.comsecurity@wordfence.com
ultrapressorg--UltraPress
The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
2024-10-01
8.8
CVE-2024-7434security@wordfence.comsecurity@wordfence.com
Canonical Ltd.--Juju
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.
2024-10-02
8.7
CVE-2024-7558security@ubuntu.comsecurity@ubuntu.com
thimpress--WP Hotel Booking
The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
2024-10-02
8.8
CVE-2024-7855security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
planet -- gs-4210-24p2s_firmware
Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell.
2024-09-30
8.8
CVE-2024-8448twcert@cert.org.twtwcert@cert.org.tw
planet -- gs-4210-24p2s_firmware
Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malicious website, allowing the attacker to impersonate the user and perform actions on their behalf, such as creating accounts.
2024-09-30
8.8
CVE-2024-8458twcert@cert.org.twtwcert@cert.org.tw
cagdasdag--KB Support WordPress Help Desk and Knowledge Base
The KB Support - WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in all versions up to, and including, 1.6.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple administrative actions, such as replying to arbitrary tickets, updating the status of any post, deleting any post, adding notes to tickets, flagging or unflagging tickets, and adding or removing ticket participants.
2024-10-01
8.1
CVE-2024-8548security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
HP, Inc.--HP One Agent Software
A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.
2024-10-02
8
CVE-2024-8733hp-security-alert@hp.com
Sophos--Sophos Intercept X
A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files.
2024-10-02
8.8
CVE-2024-8885security-alert@sophos.com
hahncgdev--WP Easy Gallery WordPress Gallery Plugin
The WP Easy Gallery - WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'key' parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2024-10-01
8.8
CVE-2024-9018security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
Tenable--Nessus Network Monitor
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.
2024-09-30
8.4
CVE-2024-9158vulnreport@tenable.com
Canonical Ltd.--Authd
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.
2024-10-03
8.8
CVE-2024-9313security@ubuntu.comsecurity@ubuntu.com
Mozilla--Firefox
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
2024-10-01
8.8
CVE-2024-9396security@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.org
Mozilla--Firefox
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
2024-10-01
8.8
CVE-2024-9400security@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.org
D-Link--DIR-605L
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-10-04
8.8
CVE-2024-9514cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. This affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2024-10-04
8.8
CVE-2024-9515cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-10-05
8.8
CVE-2024-9532cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-10-05
8.8
CVE-2024-9533cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2024-10-05
8.8
CVE-2024-9534cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2024-10-05
8.8
CVE-2024-9535cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-10-06
8.8
CVE-2024-9549cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2024-10-06
8.8
CVE-2024-9550cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formSetWanL2TP of the file /goform/formSetWanL2TP. The manipulation of the argument webpage leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2024-10-06
8.8
CVE-2024-9551cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been rated as critical. Affected by this issue is the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipulation of the argument webpage leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2024-10-06
8.8
CVE-2024-9552cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2024-10-06
8.8
CVE-2024-9553cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasy_Wizard of the file /goform/formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2024-10-06
8.8
CVE-2024-9555cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2024-10-06
8.8
CVE-2024-9556cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formSetWanPPPoE of the file /goform/formSetWanPPPoE. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-10-06
8.8
CVE-2024-9557cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formSetWanPPTP of the file /goform/formSetWanPPTP. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-10-06
8.8
CVE-2024-9558cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2024-10-06
8.8
CVE-2024-9559cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2024-10-06
8.8
CVE-2024-9561cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
D-Link--DIR-605L
A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-10-06
8.8
CVE-2024-9562cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
PowerDNS--Recursor
An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service.
2024-10-03
7.5
CVE-2024-25590security@open-xchange.com
n/a--n/a
In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory.
2024-10-01
7.2
CVE-2024-25659cve@mitre.org
n/a--n/a
In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application.
2024-10-01
7.7
CVE-2024-25661cve@mitre.org
Esri--Portal
There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2. 11.1, 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files.
2024-10-04
7.5
CVE-2024-38040psirt@esri.com
Veertu--Anka Build
A privilege escalation vulnerability exists in the Veertu Anka Build 1.42.0. The vulnerability occurs during Anka node agent update. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.
2024-10-03
7.8
CVE-2024-39755talos-cna@cisco.com
Veertu--Anka Build
A directory traversal vulnerability exists in the archive download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of arbitrary files. An attacker can make an unauthenticated HTTP request to exploit this vulnerability.
2024-10-03
7.5
CVE-2024-41163talos-cna@cisco.com
decidim--decidim
Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8.
2024-10-01
7.1
CVE-2024-41673security-advisories@github.comsecurity-advisories@github.com
Veertu--Anka Build
A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can result in a disclosure of arbitrary files. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
2024-10-03
7.5
CVE-2024-41922talos-cna@cisco.com
WP Ticket Ultra--WP Ticket Ultra Help Desk & Support Plugin
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Ticket Ultra WP Ticket Ultra Help Desk & Support Plugin allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from n/a through 1.0.5.
2024-10-05
7.5
CVE-2024-44011audit@patchstack.com
wpdev33--WP Newsletter Subscription
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpdev33 WP Newsletter Subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through 1.1.
2024-10-05
7.5
CVE-2024-44012audit@patchstack.com
Innate Images LLC--VR Calendar
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Innate Images LLC VR Calendar allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through 2.4.0.
2024-10-05
7.5
CVE-2024-44013audit@patchstack.com
Users Control--Users Control
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Users Control allows PHP Local File Inclusion.This issue affects Users Control: from n/a through 1.0.16.
2024-10-05
7.5
CVE-2024-44015audit@patchstack.com
Mark Steadman--Podiant
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mark Steadman Podiant allows PHP Local File Inclusion.This issue affects Podiant: from n/a through 1.1.
2024-10-05
7.5
CVE-2024-44016audit@patchstack.com
MinHyeong Lim--MH Board
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MinHyeong Lim MH Board allows PHP Local File Inclusion.This issue affects MH Board: from n/a through 1.3.2.1.
2024-10-02
7.5
CVE-2024-44017audit@patchstack.com
Istmo Plugins--Instant Chat Floating Button for WordPress Websites
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Istmo Plugins Instant Chat Floating Button for WordPress Websites allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress Websites: from n/a through 1.0.5.
2024-10-05
7.5
CVE-2024-44018audit@patchstack.com
Nicejob--NiceJob
Cross-Site Request Forgery (CSRF) vulnerability in Nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a before 3.6.5.
2024-10-06
7.1
CVE-2024-44028audit@patchstack.com
David Garlitz--viala
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in David Garlitz viala allows Reflected XSS.This issue affects viala: from n/a through 1.3.1.
2024-10-06
7.1
CVE-2024-44029audit@patchstack.com
Mestres do WP--Checkout Mestres WP
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mestres do WP Checkout Mestres WP allows PHP Local File Inclusion.This issue affects Checkout Mestres WP: from n/a through 8.6.
2024-10-02
7.2
CVE-2024-44030audit@patchstack.com
Martin Greenwood--WPSPX
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Martin Greenwood WPSPX allows PHP Local File Inclusion.This issue affects WPSPX: from n/a through 1.0.2.
2024-10-05
7.5
CVE-2024-44034audit@patchstack.com
Diebold Nixdorf--Vynamic View prior
Diebold Nixdorf - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
2024-10-06
7.8
CVE-2024-45245cna@cyber.gov.il
Diebold Nixdorf--Vynamic View prior to v5.9.5
Diebold Nixdorf - CWE-427: Uncontrolled Search Path Element
2024-10-06
7.3
CVE-2024-45246cna@cyber.gov.il
Multi-DNC--Multi-DNC
Multi-DNC - CWE-35: Path Traversal: '.../...//'
2024-10-06
7.5
CVE-2024-45248cna@cyber.gov.il
elabftw--elabftw
eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something disabled by default), this extends to anyone. Users are advised to upgrade to at least version 5.1.0. System administrators can disable anonymous access in the System configuration panel.
2024-10-01
7.5
CVE-2024-45408security-advisories@github.com
Unlimited Elements--Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121.
2024-10-06
7.1
CVE-2024-45454audit@patchstack.com
randygaul -- cute_png
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function at cute_png.h.
2024-10-01
7.8
CVE-2024-46258cve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.org
randygaul -- cute_png
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_unfilter() function at cute_png.h.
2024-10-01
7.8
CVE-2024-46259cve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.org
randygaul -- cute_png
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_make32() function at cute_png.h.
2024-10-01
7.8
CVE-2024-46261cve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.org
randygaul -- cute_png
cute_png v1.05 was discovered to contain a stack overflow via the cp_dynamic() function at cute_png.h.
2024-10-01
7.8
CVE-2024-46263cve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.org
randygaul -- cute_png
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_find() function at cute_png.h.
2024-10-01
7.8
CVE-2024-46264cve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.org
randygaul -- cute_png
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_block() function at cute_png.h.
2024-10-01
7.8
CVE-2024-46267cve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.org
randygaul -- cute_png
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_stored() function at cute_png.h.
2024-10-01
7.8
CVE-2024-46274cve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.org
randygaul -- cute_png
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_chunk() function at cute_png.h.
2024-10-01
7.8
CVE-2024-46276cve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.org
n/a--n/a
An issue in the _readFileSync function of Simple-Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal.
2024-09-30
7.5
CVE-2024-46503cve@mitre.orgcve@mitre.org
n/a--n/a
ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface
2024-09-30
7.6
CVE-2024-46510cve@mitre.org
n/a--n/a
LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrary code via the LogicLoadEc2DeployLambda and CredsGenFunction function.
2024-09-30
7.5
CVE-2024-46511cve@mitre.org
n/a--n/a
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users.
2024-09-30
7.6
CVE-2024-46549cve@mitre.org
JTEKT ELECTRONICS CORPORATION--Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)
Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
2024-10-03
7.8
CVE-2024-47134vultures@jpcert.or.jpvultures@jpcert.or.jpvultures@jpcert.or.jp
JTEKT ELECTRONICS CORPORATION--Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)
Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
2024-10-03
7.8
CVE-2024-47135vultures@jpcert.or.jpvultures@jpcert.or.jpvultures@jpcert.or.jp
JTEKT ELECTRONICS CORPORATION--Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)
Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
2024-10-03
7.8
CVE-2024-47136vultures@jpcert.or.jpvultures@jpcert.or.jpvultures@jpcert.or.jp
CodePeople--CP Polls
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople CP Polls allows Reflected XSS.This issue affects CP Polls: from n/a through 1.0.74.
2024-10-06
7.1
CVE-2024-47297audit@patchstack.com
CubeWP--CubeWP Forms All-in-One Form Builder
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CubeWP CubeWP Forms - All-in-One Form Builder allows Stored XSS.This issue affects CubeWP Forms - All-in-One Form Builder: from n/a through 1.1.1.
2024-10-06
7.1
CVE-2024-47300audit@patchstack.com
Bit Form--Bit Form Contact Form Plugin
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bit Form Bit Form - Contact Form Plugin allows Stored XSS.This issue affects Bit Form - Contact Form Plugin: from n/a through 2.13.10.
2024-10-06
7.1
CVE-2024-47301audit@patchstack.com
Copy Content Protection Team--Secure Copy Content Protection and Content Locking
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.2.3.
2024-10-06
7.1
CVE-2024-47306audit@patchstack.com
WS Form--WS Form LITE
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WS Form WS Form LITE allows Stored XSS.This issue affects WS Form LITE: from n/a through 1.9.238.
2024-10-06
7.1
CVE-2024-47320audit@patchstack.com
Ex-Themes--WP Timeline Vertical and Horizontal timeline plugin
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ex-Themes WP Timeline - Vertical and Horizontal timeline plugin allows Reflected XSS.This issue affects WP Timeline - Vertical and Horizontal timeline plugin: from n/a through 3.6.7.
2024-10-06
7.1
CVE-2024-47322audit@patchstack.com
Ex-Themes--WP Timeline Vertical and Horizontal timeline plugin
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ex-Themes WP Timeline - Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline - Vertical and Horizontal timeline plugin: from n/a through 3.6.7.
2024-10-05
7.5
CVE-2024-47324audit@patchstack.com
ILLID--Share This Image
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Share This Image allows Reflected XSS.This issue affects Share This Image: from n/a through 2.01.
2024-10-06
7.1
CVE-2024-47326audit@patchstack.com
Eyal Fitoussi--GEO my WordPress
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eyal Fitoussi GEO my WordPress allows Reflected XSS.This issue affects GEO my WordPress: from n/a through 4.5.0.3.
2024-10-06
7.1
CVE-2024-47327audit@patchstack.com
Team Tangible--Loops & Logic
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Tangible Loops & Logic allows Reflected XSS.This issue affects Loops & Logic: from n/a through 4.1.4.
2024-10-06
7.1
CVE-2024-47333audit@patchstack.com
WPExpertsio--WPExperts Square For GiveWP
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExpertsio WPExperts Square For GiveWP allows SQL Injection.This issue affects WPExperts Square For GiveWP: from n/a through 1.3.
2024-10-06
7.6
CVE-2024-47338audit@patchstack.com
James Ward--WP Mail Catcher
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in James Ward WP Mail Catcher allows Reflected XSS.This issue affects WP Mail Catcher: from n/a through 2.1.9.
2024-10-06
7.1
CVE-2024-47339audit@patchstack.com
Lester GaMerZ Chan--WP-DownloadManager
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester 'GaMerZ' Chan WP-DownloadManager allows Reflected XSS.This issue affects WP-DownloadManager: from n/a through 1.68.8.
2024-10-06
7.1
CVE-2024-47341audit@patchstack.com
Tribulant--Newsletters
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.9.1.
2024-10-06
7.1
CVE-2024-47346audit@patchstack.com
Chart Builder Team--Chartify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Chart Builder Team Chartify allows Reflected XSS.This issue affects Chartify: from n/a through 2.7.6.
2024-10-06
7.1
CVE-2024-47347audit@patchstack.com
WaspThemes--YellowPencil Visual CSS Style Editor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6.4.
2024-10-06
7.1
CVE-2024-47348audit@patchstack.com
WPMobile.App--WPMobile.App
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMobile.App allows Reflected XSS.This issue affects WPMobile.App: from n/a through 11.50.
2024-10-06
7.1
CVE-2024-47349audit@patchstack.com
Xylus Themes--WP Bulk Delete
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xylus Themes WP Bulk Delete allows Reflected XSS.This issue affects WP Bulk Delete: from n/a through 1.3.1.
2024-10-06
7.1
CVE-2024-47352audit@patchstack.com
Booking Algorithms--BA Book Everything
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Booking Algorithms BA Book Everything allows Reflected XSS.This issue affects BA Book Everything: from n/a through 1.6.20.
2024-10-06
7.1
CVE-2024-47360audit@patchstack.com
YITH--YITH WooCommerce Product Add-Ons
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.13.0.
2024-10-06
7.1
CVE-2024-47367audit@patchstack.com
WPWeb--Social Auto Poster
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPWeb Social Auto Poster allows Reflected XSS.This issue affects Social Auto Poster: from n/a through 5.3.15.
2024-10-05
7.1
CVE-2024-47369audit@patchstack.com
LiteSpeed Technologies--LiteSpeed Cache
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2.
2024-10-05
7.1
CVE-2024-47374audit@patchstack.com
WPCOM--WPCOM Member
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4.
2024-10-05
7.1
CVE-2024-47378audit@patchstack.com
Sale php scripts--Web Directory Free
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sale php scripts Web Directory Free allows Reflected XSS.This issue affects Web Directory Free: from n/a through 1.7.3.
2024-10-05
7.1
CVE-2024-47379audit@patchstack.com
WP Lab--WP-Lister Lite for eBay
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.3.
2024-10-05
7.1
CVE-2024-47380audit@patchstack.com
WP Compress--WP Compress Image Optimizer [All-In-One]
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Compress WP Compress - Image Optimizer [All-In-One] allows Reflected XSS.This issue affects WP Compress - Image Optimizer [All-In-One]: from n/a through 6.20.13.
2024-10-05
7.1
CVE-2024-47384audit@patchstack.com
WP Extended--The Ultimate WordPress Toolkit WP Extended
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit - WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit - WP Extended: from n/a through 3.0.8.
2024-10-05
7.1
CVE-2024-47386audit@patchstack.com
SliceWP--SliceWP
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SliceWP allows Reflected XSS.This issue affects SliceWP: from n/a through 1.1.18.
2024-10-05
7.1
CVE-2024-47388audit@patchstack.com
Basix--NEX-Forms Ultimate Form Builder
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms - Ultimate Form Builder allows Reflected XSS.This issue affects NEX-Forms - Ultimate Form Builder: from n/a through 8.7.3.
2024-10-05
7.1
CVE-2024-47389audit@patchstack.com
eyecix--JobSearch
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in eyecix JobSearch allows Reflected XSS.This issue affects JobSearch: from n/a through 2.5.9.
2024-10-05
7.1
CVE-2024-47394audit@patchstack.com
Robokassa--Robokassa payment gateway for Woocommerce
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Robokassa Robokassa payment gateway for Woocommerce allows Reflected XSS.This issue affects Robokassa payment gateway for Woocommerce: from n/a through 1.6.1.
2024-10-05
7.1
CVE-2024-47395audit@patchstack.com
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section (which contains multiple fields depending on which transport is selected at that moment). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.
2024-10-01
7.5
CVE-2024-47523security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of the Device Groups, its will be trigger. This vulnerability is fixed in 24.9.0.
2024-10-01
7.2
CVE-2024-47524security-advisories@github.comsecurity-advisories@github.com
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.
2024-10-01
7.5
CVE-2024-47525security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.
2024-10-01
7.5
CVE-2024-47527security-advisories@github.comsecurity-advisories@github.com
Apache Software Foundation--Apache Avro Java SDK
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.
2024-10-03
7.3
CVE-2024-47561security@apache.org
async-graphql--async-graphql
async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10.
2024-10-03
7.5
CVE-2024-47614security-advisories@github.comsecurity-advisories@github.com
BannerSky--BSK Forms Blacklist
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8.1.
2024-10-05
7.1
CVE-2024-47624audit@patchstack.com
vCita--Online Booking & Scheduling Calendar for WordPress by vcita
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.6.
2024-10-05
7.1
CVE-2024-47638audit@patchstack.com
Copyscape / Indigo Stream Technologies--Copyscape Premium
Cross-Site Request Forgery (CSRF) vulnerability in Copyscape / Indigo Stream Technologies Copyscape Premium allows Stored XSS.This issue affects Copyscape Premium: from n/a through 1.3.6.
2024-10-05
7.1
CVE-2024-47644audit@patchstack.com
idurar--idurar-erp-crm
IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath location.
2024-10-04
7.5
CVE-2024-47769security-advisories@github.comsecurity-advisories@github.com
n/a--n/a
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
2024-10-04
7.5
CVE-2024-47850cve@mitre.orgcve@mitre.org
AVG/Avast--Antivirus
The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is disabled.
2024-10-03
7.5
CVE-2024-5803security@nortonlifelock.com
Unknown--Migration, Backup, Staging
The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups.
2024-10-02
7.5
CVE-2024-7315contact@wpscan.com
Autodesk--Navisworks Freedom
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
2024-09-30
7.8
CVE-2024-7670psirt@autodesk.com
Autodesk--Navisworks Freedom
A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
2024-09-30
7.8
CVE-2024-7671psirt@autodesk.com
Autodesk--Navisworks Freedom
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
2024-09-30
7.8
CVE-2024-7672psirt@autodesk.com
Autodesk--Navisworks Freedom
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
2024-09-30
7.8
CVE-2024-7673psirt@autodesk.com
Autodesk--Navisworks Freedom
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
2024-09-30
7.8
CVE-2024-7674psirt@autodesk.com
Autodesk--Navisworks Freedom
A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
2024-09-30
7.8
CVE-2024-7675psirt@autodesk.com
123.chat--123.chat - Video Chat
The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-10-01
7.2
CVE-2024-7869security@wordfence.comsecurity@wordfence.com
Canonical Ltd.--Juju
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.
2024-10-02
7.9
CVE-2024-8038security@ubuntu.comsecurity@ubuntu.com
dejanmarkovic--Social Web Suite Social Media Auto Post, Social Media Auto Publish
The Social Web Suite - Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
2024-10-03
7.5
CVE-2024-8352security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
Unknown--Cost Calculator Builder
The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
2024-09-30
7.2
CVE-2024-8379contact@wpscan.com
planet -- gs-4210-24p2s_firmware
Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakness to occupy connection slots and prevent legitimate users from accessing the SSH service.
2024-09-30
7.5
CVE-2024-8451twcert@cert.org.twtwcert@cert.org.tw
planet -- gs-4210-24p2s_firmware
Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially.
2024-09-30
7.5
CVE-2024-8452twcert@cert.org.twtwcert@cert.org.tw
planet -- gs-4210-24p2s_firmware
The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service.
2024-09-30
7.5
CVE-2024-8454twcert@cert.org.twtwcert@cert.org.tw
wpmudev--Broken Link Checker
The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-01
7.1
CVE-2024-8981security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
rankmath--Rank Math SEO AI SEO Tools to Dominate SEO Rankings
The Rank Math SEO - AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'set_redirections' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
2024-10-05
7.2
CVE-2024-9314security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
Mozilla--Firefox
Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131.
2024-10-01
7.3
CVE-2024-9403security@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.org
Codezips--Online Shopping Portal
A vulnerability was found in Codezips Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2024-10-03
7.3
CVE-2024-9460cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
Back to top
Medium Vulnerabilities
PrimaryVendor -- Product
Description
Published
CVSS Score
Source & Patch Info
GitLab--GitLab
An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.
2024-10-01
6.6
CVE-2023-3441cve@gitlab.comcve@gitlab.comcve@gitlab.comcve@gitlab.com
Kiteworks--OwnCloud
Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim.
2024-10-01
6.8
CVE-2023-7273a341c0d1-ebf7-493f-a84e-38cf86618674a341c0d1-ebf7-493f-a84e-38cf86618674
Cisco--Cisco Unified Computing System (Managed)
A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exploit could allow the attacker to elevate privileges to root.
2024-10-02
6.5
CVE-2024-20365ykramarz@cisco.com
Cisco--Cisco Data Center Network Manager
A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files. Note: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.
2024-10-02
6.3
CVE-2024-20438ykramarz@cisco.com
Cisco--Cisco Data Center Network Manager
A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within config only and full backup files. An attacker could exploit this vulnerability by parsing the contents of a backup file that is generated from an affected device. A successful exploit could allow the attacker to access sensitive information, including NDFC-connected device credentials, the NDFC site manager private key, and the scheduled backup file encryption key.
2024-10-02
6.3
CVE-2024-20448ykramarz@cisco.com
Cisco--Cisco Small Business RV Series Router Firmware
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.
2024-10-02
6.5
CVE-2024-20470ykramarz@cisco.com
Cisco--Cisco Data Center Network Manager
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.
2024-10-02
6.3
CVE-2024-20490ykramarz@cisco.com
Cisco--Cisco Nexus Dashboard Insights
A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.
2024-10-02
6.3
CVE-2024-20491ykramarz@cisco.com
Cisco--Cisco TelePresence Video Communication Server (VCS) Expressway
A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.
2024-10-02
6
CVE-2024-20492ykramarz@cisco.com
Cisco--Cisco Identity Services Engine Software
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. An attacker with Read-Only Administrator privileges could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to view device credentials that are normally not visible to Read-Only Administrators.
2024-10-02
6.5
CVE-2024-20515ykramarz@cisco.com
Cisco--Cisco Small Business RV Series Router Firmware
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.
2024-10-02
6.8
CVE-2024-20516ykramarz@cisco.com
Cisco--Cisco Small Business RV Series Router Firmware
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.
2024-10-02
6.8
CVE-2024-20517ykramarz@cisco.com
Cisco--Cisco Small Business RV Series Router Firmware
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
2024-10-02
6.5
CVE-2024-20518ykramarz@cisco.com
Cisco--Cisco Small Business RV Series Router Firmware
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
2024-10-02
6.5
CVE-2024-20519ykramarz@cisco.com
Cisco--Cisco Small Business RV Series Router Firmware
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
2024-10-02
6.5
CVE-2024-20520ykramarz@cisco.com
Cisco--Cisco Small Business RV Series Router Firmware
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
2024-10-02
6.5
CVE-2024-20521ykramarz@cisco.com
Cisco--Cisco Small Business RV Series Router Firmware
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.
2024-10-02
6.5
CVE-2024-20522ykramarz@cisco.com
Cisco--Cisco Small Business RV Series Router Firmware
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.
2024-10-02
6.8
CVE-2024-20523ykramarz@cisco.com
Cisco--Cisco Small Business RV Series Router Firmware
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.
2024-10-02
6.8
CVE-2024-20524ykramarz@cisco.com
Esri--Portal
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1, 10.9.1 and 10.8.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim's browser.
2024-10-04
6.1
CVE-2024-25691psirt@esri.com
n/a--n/a
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain various users' passwords by accessing memory dumps of the desktop application.
2024-09-30
6.5
CVE-2024-28807cve@mitre.org
n/a--n/a
An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing these files.
2024-09-30
6.6
CVE-2024-28810cve@mitre.org
Schneider Elektronik--Series 700
An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.
2024-10-02
6.5
CVE-2024-35294info@cert.vde.com
Esri--Portal
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
2024-10-04
6.1
CVE-2024-38037psirt@esri.com
Esri--Portal
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim's browser.
2024-10-04
6.1
CVE-2024-38038psirt@esri.com
TECHNO SUPPORT COMPANY--Smart-tab Android app
Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. If this vulnerability is exploited, an attacker with physical access to the device may exploit the debug function to gain access to the OS functions, escalate the privilege, change the device's settings, or spoof devices in other rooms.
2024-09-30
6.8
CVE-2024-41999vultures@jpcert.or.jpvultures@jpcert.or.jp
Trustmary--Review & testimonial widgets
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Trustmary Review & testimonial widgets allows Stored XSS.This issue affects Review & testimonial widgets: from n/a through 1.0.5.
2024-10-06
6.5
CVE-2024-44022audit@patchstack.com
NicheAddons--Medical Addon for Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Medical Addon for Elementor allows Stored XSS.This issue affects Medical Addon for Elementor: from n/a through 1.4.
2024-10-06
6.5
CVE-2024-44024audit@patchstack.com
Nicejob--NiceJob
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a before 3.6.5.
2024-10-06
6.5
CVE-2024-44025audit@patchstack.com
NicheAddons--Charity Addon for Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Charity Addon for Elementor allows Stored XSS.This issue affects Charity Addon for Elementor: from n/a through 1.3.0.
2024-10-06
6.5
CVE-2024-44026audit@patchstack.com
TemeGUM--Gum Elementor Addon
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.6.
2024-10-06
6.5
CVE-2024-44027audit@patchstack.com
NicheAddons--Restaurant & Cafe Addon for Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.5.
2024-10-06
6.5
CVE-2024-44032audit@patchstack.com
NicheAddons--Primary Addon for Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.7.
2024-10-06
6.5
CVE-2024-44033audit@patchstack.com
TemeGUM--Gum Elementor Addon
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.7.
2024-10-06
6.5
CVE-2024-44035audit@patchstack.com
n/a--n/a
In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. The victim is not required to join a game session with an attacker. The victim must open the "Wireless Play" (or "LAN Play") menu from the game's title screen, and an attacker nearby (LDN) or on the same LAN network as the victim can send a crafted reply packet to the victim's console. This enables a remote attacker to obtain complete denial-of-service on the game's process, or potentially, remote code execution on the victim's console. The issue is caused by incorrect use of the Nintendo Pia library,
2024-09-30
6.3
CVE-2024-45200cve@mitre.orgcve@mitre.org
Sonarr--Sonarr
Sonarr - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
2024-10-06
6.1
CVE-2024-45247cna@cyber.gov.il
n/a--n/a
Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file.
2024-10-03
6.5
CVE-2024-45870cve@mitre.org
n/a--n/a
Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS).
2024-10-03
6.3
CVE-2024-45871cve@mitre.org
n/a--n/a
Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files.
2024-10-03
6.3
CVE-2024-45872cve@mitre.org
n/a--n/a
Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.
2024-09-30
6.5
CVE-2024-45993cve@mitre.orgcve@mitre.org
n/a--n/a
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter.
2024-10-01
6.1
CVE-2024-46079cve@mitre.org
n/a--n/a
A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges.
2024-09-30
6.3
CVE-2024-46540cve@mitre.orgcve@mitre.orgcve@mitre.org
n/a--n/a
TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack.
2024-09-30
6.3
CVE-2024-46548cve@mitre.org
FreePBX--security-reporting
OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4.
2024-10-01
6.8
CVE-2024-47071security-advisories@github.comsecurity-advisories@github.com
BoldThemes--Bold Page Builder
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 5.1.1.
2024-10-06
6.5
CVE-2024-47298audit@patchstack.com
Essential Plugin--Meta slider and carousel with lightbox
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Essential Plugin Meta slider and carousel with lightbox allows Stored XSS.This issue affects Meta slider and carousel with lightbox: from n/a through 2.0.1.
2024-10-06
6.5
CVE-2024-47307audit@patchstack.com
Condless--Cities Shipping Zones for WooCommerce
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Condless Cities Shipping Zones for WooCommerce allows PHP Local File Inclusion.This issue affects Cities Shipping Zones for WooCommerce: from n/a through 1.2.7.
2024-10-05
6.6
CVE-2024-47309audit@patchstack.com
ARI Soft--ARI Fancy Lightbox
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ARI Soft ARI Fancy Lightbox allows Stored XSS.This issue affects ARI Fancy Lightbox: from n/a through 1.3.17.
2024-10-06
6.5
CVE-2024-47310audit@patchstack.com
QuomodoSoft--ElementsReady Addons for Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.0.
2024-10-06
6.5
CVE-2024-47329audit@patchstack.com
wowDevs--Sky Addons for Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through 2.5.11.
2024-10-06
6.5
CVE-2024-47332audit@patchstack.com
PickPlugins--Post Grid and Gutenberg Blocks
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.2.89.
2024-10-06
6.5
CVE-2024-47340audit@patchstack.com
PickPlugins--Accordion
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Accordion accordions allows Stored XSS.This issue affects Accordion: from n/a through 2.2.99.
2024-10-06
6.5
CVE-2024-47342audit@patchstack.com
Kraftplugins--Mega Elements
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.2.4.
2024-10-06
6.5
CVE-2024-47343audit@patchstack.com
CozyThemes--Cozy Blocks
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks allows Stored XSS.This issue affects Cozy Blocks: from n/a through 2.0.11.
2024-10-06
6.5
CVE-2024-47355audit@patchstack.com
Leevio--Happy Addons for Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.12.0.
2024-10-06
6.5
CVE-2024-47357audit@patchstack.com
Blockspare--Blockspare
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.4.
2024-10-06
6.5
CVE-2024-47363audit@patchstack.com
Move addons--Move Addons for Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Move addons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.4.
2024-10-06
6.5
CVE-2024-47364audit@patchstack.com
Atakan Au--Automatically Hierarchic Categories in Menu
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS.This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.5.
2024-10-06
6.5
CVE-2024-47365audit@patchstack.com
WPVibes--Elementor Addon Elements
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.6.
2024-10-06
6.5
CVE-2024-47366audit@patchstack.com
Leap13--Premium Blocks Gutenberg Blocks for WordPress
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Blocks - Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks - Gutenberg Blocks for WordPress: from n/a through 2.1.33.
2024-10-06
6.5
CVE-2024-47368audit@patchstack.com
Paul Bearne--Author Avatars List/Block
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.21.
2024-10-05
6.5
CVE-2024-47370audit@patchstack.com
LiteSpeed Technologies--LiteSpeed Cache
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2.
2024-10-05
6.5
CVE-2024-47373audit@patchstack.com
Ashraf--XLTab Accordions and Tabs for Elementor Page Builder
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ashraf XLTab - Accordions and Tabs for Elementor Page Builder allows Stored XSS.This issue affects XLTab - Accordions and Tabs for Elementor Page Builder: from n/a through 1.3.
2024-10-05
6.5
CVE-2024-47375audit@patchstack.com
Webvitaly--Page-list
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly Page-list allows Stored XSS.This issue affects Page-list: from n/a through 5.6.
2024-10-05
6.5
CVE-2024-47382audit@patchstack.com
WPDeveloper--Essential Blocks for Gutenberg
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.4.
2024-10-05
6.5
CVE-2024-47385audit@patchstack.com
Jegtheme--Jeg Elementor Kit
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.8.
2024-10-05
6.5
CVE-2024-47390audit@patchstack.com
BoldThemes--Bold Page Builder
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a before 5.1.1.
2024-10-05
6.5
CVE-2024-47391audit@patchstack.com
BdThemes--Element Pack Elementor Addons
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.7.5.
2024-10-05
6.5
CVE-2024-47392audit@patchstack.com
Quillforms--Quill Forms
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Quillforms Quill Forms allows Stored XSS.This issue affects Quill Forms: from n/a through 3.7.0.
2024-10-05
6.5
CVE-2024-47393audit@patchstack.com
moveaddons--Move Addons for Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.3.
2024-10-01
6.5
CVE-2024-47396audit@patchstack.com
pomerium--pomerium
Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token (JWT) signed by a key known by all Pomerium services in the same deployment. However, incomplete validation of this JWT meant that some service account access tokens would incorrectly be treated as valid for the purpose of databroker API authorization. Improper access to the databroker API could allow exfiltration of user info, spoofing of user sessions, or tampering with Pomerium routes, policies, and other settings. A Pomerium deployment is susceptible to this issue if all of the following conditions are met, you have issued a service account access token using Pomerium Zero or Pomerium Enterprise, the access token has an explicit expiration date in the future, and the core Pomerium databroker gRPC API is not otherwise secured by network access controls. This vulnerability is fixed in 0.27.1.
2024-10-02
6.8
CVE-2024-47616security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com
sulu--sulu
Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website's content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21.
2024-10-03
6.1
CVE-2024-47617security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com
Katie Seaborn--Zotpress
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Katie Seaborn Zotpress allows Stored XSS.This issue affects Zotpress: from n/a through 7.3.10.
2024-10-05
6.5
CVE-2024-47621audit@patchstack.com
ILLID--Advanced Woo Labels
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Stored XSS.This issue affects Advanced Woo Labels: from n/a through 2.01.
2024-10-05
6.5
CVE-2024-47622audit@patchstack.com
ThemeLooks--Enter Addons
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.8.
2024-10-05
6.5
CVE-2024-47625audit@patchstack.com
Rometheme--RomethemeKit For Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.5.0.
2024-10-05
6.5
CVE-2024-47626audit@patchstack.com
WP Travel--WP Travel Gutenberg Blocks
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Stored XSS.This issue affects WP Travel Gutenberg Blocks: from n/a through 3.6.0.
2024-10-05
6.5
CVE-2024-47627audit@patchstack.com
LA-Studio--LA-Studio Element Kit for Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.9.3.
2024-10-05
6.5
CVE-2024-47628audit@patchstack.com
BdThemes--Ultimate Store Kit Elementor Addons
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.5.
2024-10-05
6.5
CVE-2024-47629audit@patchstack.com
ElementInvader--ElementInvader Addons for Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.7.
2024-10-05
6.5
CVE-2024-47630audit@patchstack.com
bPlugins LLC--Logo Carousel Clients logo carousel for WP
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins LLC Logo Carousel - Clients logo carousel for WP allows Stored XSS.This issue affects Logo Carousel - Clients logo carousel for WP: from n/a through 1.2.
2024-10-05
6.5
CVE-2024-47631audit@patchstack.com
deTheme--DethemeKit For Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.7.
2024-10-05
6.5
CVE-2024-47632audit@patchstack.com
Zoho Forms--Zoho Forms
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho Forms allows Stored XSS.This issue affects Zoho Forms: from n/a through 4.0.
2024-10-05
6.5
CVE-2024-47633audit@patchstack.com
VdoCipher--VdoCipher
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VdoCipher allows Stored XSS.This issue affects VdoCipher: from n/a through 1.29.
2024-10-05
6.5
CVE-2024-47639audit@patchstack.com
WPDeveloperr--Confetti Fall Animation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloperr Confetti Fall Animation allows Stored XSS.This issue affects Confetti Fall Animation: from n/a through 1.3.0.
2024-09-30
6.5
CVE-2024-47641audit@patchstack.com
Keap--Keap Official Opt-in Forms
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 2.0.1.
2024-10-05
6.5
CVE-2024-47642audit@patchstack.com
Alexander Bhm--Include Fussball.de Widgets
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Alexander Böhm Include Fussball.De Widgets allows Stored XSS.This issue affects Include Fussball.De Widgets: from n/a through 4.0.0.
2024-10-05
6.5
CVE-2024-47643audit@patchstack.com
Axton--WP-WebAuthn
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axton WP-WebAuthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through 1.3.1.
2024-10-06
6.5
CVE-2024-47650audit@patchstack.com
n/a--n/a
An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user.
2024-10-04
6.1
CVE-2024-47854cve@mitre.org
n/a--n/a
In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands.
2024-10-04
6.7
CVE-2024-47911cve@mitre.org
zephyrproject-rtos--Zephyr
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.
2024-10-04
6.3
CVE-2024-6442vulnerabilities@zephyrproject.org
zephyrproject-rtos--Zephyr
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
2024-10-04
6.3
CVE-2024-6443vulnerabilities@zephyrproject.org
zephyrproject-rtos--Zephyr
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
2024-10-04
6.3
CVE-2024-6444vulnerabilities@zephyrproject.org
Canonical Ltd.--Juju
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.
2024-10-02
6.5
CVE-2024-8037security@ubuntu.comsecurity@ubuntu.com
Revolution Slider--Slider Revolution
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to use and configure Slider Revolution can be extended to authors.
2024-10-01
6.4
CVE-2024-8107security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
Esri--Portal
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 10.8.1 - 11.2 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
2024-10-04
6.1
CVE-2024-8148psirt@esri.com
Faronics--DeepFreeze
Deep Freeze 9.00.020.5760 is vulnerable to an out-of-bounds read vulnerability by triggering the 0x70014 IOCTL code of the FarDisk.sys driver.
2024-10-03
6.4
CVE-2024-8159help@fluidattacks.comhelp@fluidattacks.com
vowelweb--Ibtana WordPress Website Builder
The Ibtana - WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-10-02
6.4
CVE-2024-8282security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
adreastrian--Guten Post Layout An Advanced Post Grid Collection for WordPress Gutenberg
The Guten Post Layout - An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the 'wp:guten-post-layout/post-grid' Gutenberg block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-10-01
6.4
CVE-2024-8288security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
ishitaka--XO Slider
The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_slider' function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-10-01
6.4
CVE-2024-8324security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
planet -- gs-4210-24p2s_firmware
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password.
2024-09-30
6.8
CVE-2024-8449twcert@cert.org.twtwcert@cert.org.tw
averta--Shortcodes and extra features for Phlox theme
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-10-05
6.4
CVE-2024-8486security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
connekthq--WordPress Infinite Scroll Ajax Load More
The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_label' parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-10-02
6.4
CVE-2024-8505security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
ultimatemember--Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'um_loggedin' shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-10-04
6.4
CVE-2024-8519security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
cagdasdag--KB Support WordPress Help Desk and Knowledge Base
The KB Support - WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to read replies of any ticket, and mark any reply as read.
2024-10-01
6.5
CVE-2024-8632security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
daveshine--Gravity Forms Toolbar
The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-01
6.1
CVE-2024-8718security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
rumbletalk--RumbleTalk Live Group Chat HTML5
The RumbleTalk Live Group Chat - HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rumbletalk-admin-button' shortcode in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-10-01
6.4
CVE-2024-8720security@wordfence.comsecurity@wordfence.com
torstenbulk--DK PDF
The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-01
6.1
CVE-2024-8727security@wordfence.comsecurity@wordfence.com
brianbrey--Easy Load More
The Easy Load More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-01
6.1
CVE-2024-8728security@wordfence.comsecurity@wordfence.com
bitpressadmin--Bit File Manager 100% Free & Open Source File Manager and Code Editor for WordPress
The Bit File Manager - 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting.
2024-10-05
6.8
CVE-2024-8743security@wordfence.comsecurity@wordfence.com
brochris--Auto Featured Image from Title
The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-01
6.1
CVE-2024-8786security@wordfence.comsecurity@wordfence.com
jkohlbach--Store Exporter for WooCommerce Export Products, Export Orders, Export Subscriptions, and More
The Store Exporter for WooCommerce - Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-01
6.1
CVE-2024-8793security@wordfence.comsecurity@wordfence.com
ghuger--Custom Banners
The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-01
6.1
CVE-2024-8799security@wordfence.comsecurity@wordfence.com
sanrl--RabbitLoader Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more
The RabbitLoader - Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.21.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-02
6.1
CVE-2024-8800security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
cliogrow--Clio Grow
The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-04
6.1
CVE-2024-8802security@wordfence.comsecurity@wordfence.com
dartiss--Code Embed
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-10-04
6.4
CVE-2024-8804security@wordfence.comsecurity@wordfence.com
iworks--PWA easy way to Progressive Web App
The PWA - easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-10-02
6.4
CVE-2024-8967security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
galdub--Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews Stars Testimonials
The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews - Stars Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stars_testimonials shortcode in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-10-01
6.4
CVE-2024-8989security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
cyberhobo--Geo Mashup
The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-10-01
6.4
CVE-2024-8990security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
grandplugins--AVIF Uploader
The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-10-01
6.4
CVE-2024-9060security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
sigmadevs--Easy Demo Importer A Modern One-Click Demo Import Solution
The Easy Demo Importer - A Modern One-Click Demo Import Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-10-04
6.4
CVE-2024-9071security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
ManageEngine--Analytics Plus
Zohocorp ManageEngine Analytics Plus versions before 5410 and Zoho Analytics On-Premise versions before 5410 are vulnerable to Path traversal.
2024-10-03
6.5
CVE-2024-91000fc0942c-577d-436f-ae8e-945763c79b020fc0942c-577d-436f-ae8e-945763c79b02
quomodosoft--QS Dark Mode Plugin
The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-10-01
6.4
CVE-2024-9118security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
automatic-rock--SVG Complete
The SVG Complete plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-10-01
6.4
CVE-2024-9119security@wordfence.comsecurity@wordfence.com
rankmath--Rank Math SEO AI SEO Tools to Dominate SEO Rankings
The Rank Math SEO - AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.
2024-10-05
6.5
CVE-2024-9161security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
kraftplugins--Demo Importer Plus
The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-10-02
6.4
CVE-2024-9172security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
nerdpressteam--Smart Custom 404 Error Page
The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER['REQUEST_URI'] in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-04
6.1
CVE-2024-9204security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
cornelraiu-1--WP Search Analytics
The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-01
6.1
CVE-2024-9209security@wordfence.comsecurity@wordfence.com
dvankooten--MC4WP: Mailchimp Top Bar
The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-02
6.1
CVE-2024-9210security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
wpblockart--Magazine Blocks Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid
The Magazine Blocks - Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.14. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-02
6.1
CVE-2024-9218security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
shawfactor--LH Copy Media File
The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-01
6.1
CVE-2024-9220security@wordfence.comsecurity@wordfence.com
madalinungureanu--Paid Membership Subscriptions Effortless Memberships, Recurring Payments & Content Restriction
The Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-02
6.1
CVE-2024-9222security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
kau-boy--Hello World
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
2024-10-01
6.5
CVE-2024-9224security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
rainbowgeek--SEOPress On-site SEO
The SEOPress - On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 8.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-02
6.1
CVE-2024-9225security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
joelcj91--Loggedin Limit Active Logins
The Loggedin - Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when the leave a review notice is present.
2024-10-01
6.1
CVE-2024-9228security@wordfence.comsecurity@wordfence.com
wpcentrics--Fish and Ships Most flexible shipping table rate. A WooCommerce shipping rate
The Fish and Ships - Most flexible shipping table rate. A WooCommerce shipping rate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-04
6.1
CVE-2024-9237security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
fishpie--PDF Image Generator
The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-01
6.1
CVE-2024-9241security@wordfence.comsecurity@wordfence.com
memberful--Memberful Membership Plugin
The Memberful - Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all versions up to, and including, 1.73.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-10-04
6.4
CVE-2024-9242security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
optinhound--Easy WordPress Subscribe Optin Hound
The Easy WordPress Subscribe - Optin Hound plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-01
6.1
CVE-2024-9267security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
cconover--Relogo
The Relogo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-10-01
6.4
CVE-2024-9269security@wordfence.comsecurity@wordfence.com
remydcf--Re:WP
The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-10-04
6.4
CVE-2024-9271security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
mascotdevelopers--R Animated Icon Plugin
The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-10-01
6.4
CVE-2024-9272security@wordfence.comsecurity@wordfence.com
azexo--Elastik Page Builder
The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-10-01
6.4
CVE-2024-9274security@wordfence.comsecurity@wordfence.com
dgamoni--LocateAndFilter
The LocateAndFilter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-10-01
6.4
CVE-2024-9304security@wordfence.comsecurity@wordfence.com
thevisionofhamza--BerqWP Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript
The BerqWP - Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-02
6.1
CVE-2024-9344security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
tychesoftwares--Product Delivery Date for WooCommerce Lite
The Product Delivery Date for WooCommerce - Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when notices are present.
2024-10-04
6.1
CVE-2024-9345security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
miunosoft--Auto Amazon Links Amazon Associates Affiliate Plugin
The Auto Amazon Links - Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-04
6.1
CVE-2024-9349security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
themes4wp--Popularis Extra
The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-04
6.1
CVE-2024-9353security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
Red Hat--Red Hat Enterprise Linux 8
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
2024-10-01
6.5
CVE-2024-9355secalert@redhat.comsecalert@redhat.comsecalert@redhat.comsecalert@redhat.com
migumello--Aggregator Advanced Settings
The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-10-04
6.4
CVE-2024-9368security@wordfence.comsecurity@wordfence.com
wpblockshub--WP Blocks Hub
The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-10-04
6.4
CVE-2024-9372security@wordfence.comsecurity@wordfence.com
contact-banker--WordPress Captcha Plugin by Captcha Bank
The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-04
6.1
CVE-2024-9375security@wordfence.comsecurity@wordfence.com
icopydoc--YML for Yandex Market
The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-02
6.1
CVE-2024-9378security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
algoritmika--Quantity Dynamic Pricing & Bulk Discounts for WooCommerce
The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-04
6.1
CVE-2024-9384security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
themifyme--Themify Builder
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-05
6.1
CVE-2024-9385security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
hashthemes--Hash Form Drag & Drop Form Builder
The Hash Form - Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are excluded from both the 'allowedExtensions' and 'unallowed_extensions' arrays on the affected site's server, including files that may contain cross-site scripting.
2024-10-05
6.1
CVE-2024-9417security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
prontotools--Login Logout Shortcode
The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-10-04
6.4
CVE-2024-9421security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
code-projects--Restaurant Reservation System
A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter2.php. The manipulation of the argument from/to leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "from" to be affected. But it must be assumed that parameter "to" is affected as well.
2024-10-02
6.3
CVE-2024-9429cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
plainware--ShiftController Employee Shift Scheduling
The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-04
6.1
CVE-2024-9435security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
acekyd--Display Medium Posts
The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_medium_posts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-10-04
6.4
CVE-2024-9445security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
guillaume-lostweb--WP Cleanup and Basic Functions
The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-10-05
6.4
CVE-2024-9455security@wordfence.comsecurity@wordfence.com
ESAFENET--CDG
A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /MultiServerBackService?path=1. The manipulation of the argument fileId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-10-05
6.3
CVE-2024-9536cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
ESAFENET--CDG
A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2024-10-06
6.3
CVE-2024-9560cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
Cisco--Cisco Nexus Dashboard Orchestrator
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device. This vulnerability exists because the Cisco NDO Validate Peer Certificate site management feature validates the certificates for Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud Network Controller (CNC), and Cisco Nexus Dashboard only when a new site is added or an existing one is reregistered. An attacker could exploit this vulnerability by using machine-in-the-middle techniques to intercept the traffic between the affected device and Cisco NDO and then using a crafted certificate to impersonate the affected device. A successful exploit could allow the attacker to learn sensitive information during communications between these devices.
2024-10-02
5.9
CVE-2024-20385ykramarz@cisco.com
Cisco--Cisco Data Center Network Manager
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to download config only or full backup files and learn sensitive configuration information. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface.
2024-10-02
5.7
CVE-2024-20441ykramarz@cisco.com
Cisco--Cisco Nexus Dashboard
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web UI, generating config only or full backup files, and deleting tech support files. This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.
2024-10-02
5.4
CVE-2024-20442ykramarz@cisco.com
Cisco--Cisco Data Center Network Manager
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition.
2024-10-02
5.5
CVE-2024-20444ykramarz@cisco.com
Cisco--Cisco Data Center Network Manager
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to upload files into a specific container or delete files from a specific folder within that container. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface.
2024-10-02
5.4
CVE-2024-20477ykramarz@cisco.com
Cisco--Cisco Meraki MX Firmware
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
2024-10-02
5.8
CVE-2024-20500ykramarz@cisco.com
Cisco--Cisco Meraki MX Firmware
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
2024-10-02
5.8
CVE-2024-20502ykramarz@cisco.com
Cisco--Cisco Meraki MX Firmware
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device. This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device.
2024-10-02
5.8
CVE-2024-20509ykramarz@cisco.com
Cisco--Cisco Meraki MX Firmware
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate.
2024-10-02
5.8
CVE-2024-20513ykramarz@cisco.com
n/a--git-shallow-clone
All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function.
2024-10-01
5.3
CVE-2024-21531report@snyk.ioreport@snyk.io
n/a--n/a
A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users.
2024-10-02
5.4
CVE-2024-33210cve@mitre.org
Esri--Portal
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim's browser (no stateful change made or customer data rendered).
2024-10-04
5.4
CVE-2024-38039psirt@esri.com
draytek -- vigor3910_firmware
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
2024-10-03
5.4
CVE-2024-41587cve@mitre.orgcve@mitre.org
Catch Themes--Full frame
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Full frame allows Stored XSS.This issue affects Full frame: from n/a through 2.7.2.
2024-10-06
5.1
CVE-2024-44010audit@patchstack.com
Pierre Lebedel--Kodex Posts likes
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pierre Lebedel Kodex Posts likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0.
2024-10-06
5.9
CVE-2024-44036audit@patchstack.com
MagePeople Team--Multipurpose Ticket Booking Manager
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Multipurpose Ticket Booking Manager allows Stored XSS.This issue affects Multipurpose Ticket Booking Manager: from n/a through 4.2.2.
2024-10-06
5.9
CVE-2024-44037audit@patchstack.com
WP Travel--WP Travel
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel allows Stored XSS.This issue affects WP Travel: from n/a through 9.3.1.
2024-10-06
5.9
CVE-2024-44039audit@patchstack.com
Plainware--ShiftController Employee Shift Scheduling
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Plainware ShiftController Employee Shift Scheduling allows Stored XSS.This issue affects ShiftController Employee Shift Scheduling: from n/a through 4.9.64.
2024-10-06
5.9
CVE-2024-44040audit@patchstack.com
Martin Gibson--IdeaPush
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.66.
2024-10-06
5.9
CVE-2024-44041audit@patchstack.com
Fahad Mahmood--WP Datepicker
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Datepicker allows Stored XSS.This issue affects WP Datepicker: from n/a through 2.1.1.
2024-10-06
5.9
CVE-2024-44042audit@patchstack.com
10Web--Photo Gallery by 10Web
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27.
2024-10-06
5.9
CVE-2024-44043audit@patchstack.com
Kevon Adonis--WP Abstracts
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.6.5.
2024-10-06
5.9
CVE-2024-44045audit@patchstack.com
Themify--Themify WooCommerce Product Filter
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify - WooCommerce Product Filter allows Stored XSS.This issue affects Themify - WooCommerce Product Filter: from n/a through 1.5.1.
2024-10-06
5.9
CVE-2024-44046audit@patchstack.com
apple -- ipados
A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. A user's saved passwords may be read aloud by VoiceOver.
2024-10-04
5.5
CVE-2024-44204product-security@apple.com
n/a--n/a
PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php.
2024-10-01
5.6
CVE-2024-44610cve@mitre.orgcve@mitre.org
n/a--n/a
An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be altered by non-admin users.
2024-10-01
5.7
CVE-2024-44744cve@mitre.orgcve@mitre.org
n/a--n/a
A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in "Intrest" feature.
2024-09-30
5.4
CVE-2024-45920cve@mitre.org
n/a--n/a
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the platform.
2024-10-01
5.4
CVE-2024-46081cve@mitre.org
n/a--n/a
Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters.
2024-10-01
5.4
CVE-2024-46082cve@mitre.orgcve@mitre.org
n/a--n/a
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular users can trigger actions for administrator users.
2024-10-01
5.4
CVE-2024-46083cve@mitre.org
cvat-ai--cvat
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue.
2024-09-30
5.4
CVE-2024-47172security-advisories@github.comsecurity-advisories@github.com
SeedProd--Coming Soon Page, Under Construction & Maintenance Mode by SeedProd
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Stored XSS.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.17.4.
2024-10-06
5.9
CVE-2024-47299audit@patchstack.com
Catch Themes--Catch Base
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Catch Base allows Stored XSS.This issue affects Catch Base: from n/a through 3.4.6.
2024-10-06
5.1
CVE-2024-47313audit@patchstack.com
Vladimir Statsenko--Terms descriptions
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vladimir Statsenko Terms descriptions allows Stored XSS.This issue affects Terms descriptions: from n/a through 3.4.6.
2024-10-06
5.9
CVE-2024-47336audit@patchstack.com
Brainstorm Force--Starter Templates
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Starter Templates allows Stored XSS.This issue affects Starter Templates: from n/a through 4.4.0.
2024-10-06
5.9
CVE-2024-47345audit@patchstack.com
Catch Themes--Create
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1.
2024-10-06
5.1
CVE-2024-47356audit@patchstack.com
Walter Pinem--WP MyLinks
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Walter Pinem WP MyLinks allows Stored XSS.This issue affects WP MyLinks: from n/a through 1.0.6.
2024-10-05
5.9
CVE-2024-47371audit@patchstack.com
ThemeNcode LLC--TNC PDF viewer
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 3.1.0.
2024-10-05
5.9
CVE-2024-47372audit@patchstack.com
Tribulant--Slideshow Gallery
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Slideshow Gallery allows Stored XSS.This issue affects Slideshow Gallery: from n/a through 1.8.3.
2024-10-05
5.9
CVE-2024-47376audit@patchstack.com
ThemeKraft--BuddyForms
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Stored XSS.This issue affects BuddyForms: from n/a through 2.8.12.
2024-10-05
5.9
CVE-2024-47377audit@patchstack.com
Averta--Depicter Slider
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.2.2.
2024-10-05
5.9
CVE-2024-47381audit@patchstack.com
Webangon--The Pack Elementor addons
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webangon The Pack Elementor addons allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through 2.0.8.8.
2024-10-05
5.9
CVE-2024-47383audit@patchstack.com
LinkGraph--Search Atlas SEO
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LinkGraph Search Atlas SEO allows Stored XSS.This issue affects Search Atlas SEO: from n/a through 1.8.2.
2024-10-05
5.9
CVE-2024-47387audit@patchstack.com
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0.
2024-10-01
5.4
CVE-2024-47528security-advisories@github.comsecurity-advisories@github.com
Clinical-Genomics--scout
Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89.
2024-09-30
5.4
CVE-2024-47530security-advisories@github.comsecurity-advisories@github.com
GhozyLab, Inc.--Gallery Lightbox
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Gallery Lightbox allows Stored XSS.This issue affects Gallery Lightbox: from n/a through 1.0.0.39.
2024-10-05
5.9
CVE-2024-47623audit@patchstack.com
TinyPNG--TinyPNG
Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG.This issue affects TinyPNG: from n/a through 3.4.3.
2024-10-05
5.4
CVE-2024-47635audit@patchstack.com
HelpieWP--Accordion & FAQ Helpie WordPress Accordion FAQ Plugin
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelpieWP Accordion & FAQ - Helpie WordPress Accordion FAQ Plugin allows Stored XSS.This issue affects Accordion & FAQ - Helpie WordPress Accordion FAQ Plugin: from n/a through 1.27.
2024-10-05
5.9
CVE-2024-47647audit@patchstack.com
backstage--backstage
Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema specified that they should have backend or secret visibility. This was an intended feature of the APP_CONFIG_* way of supplying configuration, but now clearly goes against the expected behavior of the configuration system. This behavior leads to a risk of potentially exposing sensitive configuration details intended to remain private or restricted to backend processes. The issue has been resolved in version 0.3.75 of the @backstage/plugin-app-backend package. As a temporary measure, avoid supplying secrets using the APP_CONFIG_ configuration pattern. Consider alternative methods for setting secrets, such as the environment substitution available for Backstage configuration.
2024-10-03
5.8
CVE-2024-47762security-advisories@github.comsecurity-advisories@github.com
Unknown--Starbox
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks.
2024-09-30
5.4
CVE-2024-8239contact@wpscan.com
icegram--Email Subscribers by Icegram Express Email Marketing, Newsletters, Automation for WordPress & WooCommerce
The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
2024-10-02
5.4
CVE-2024-8254security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
spicethemes--Spice Starter Sites
The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to import demo content.
2024-10-01
5.3
CVE-2024-8430security@wordfence.comsecurity@wordfence.com
planet -- gs-4210-24p2s_firmware
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.
2024-09-30
5.9
CVE-2024-8455twcert@cert.org.twtwcert@cert.org.tw
NLnet Labs--Unbound
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.
2024-10-03
5.3
CVE-2024-8508sep@nlnetlabs.nl
ultimatemember--Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the admin_init or user_action_hook function. This makes it possible for unauthenticated attackers to modify a users membership status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2024-10-04
5.3
CVE-2024-8520security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
dotcamp -- ultimate_blocks
The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
2024-09-30
5.4
CVE-2024-8536contact@wpscan.com
Red Hat--Red Hat Enterprise Linux 8
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.
2024-10-01
5.4
CVE-2024-9341secalert@redhat.comsecalert@redhat.comsecalert@redhat.comsecalert@redhat.com
n/a--ThingsBoard
A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation leads to resource consumption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.7.1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed on 2024-07-24 about this vulnerability and announced the release of 3.7.1 for the second half of September 2024.
2024-10-01
5.3
CVE-2024-9358cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
Pluck CMS--Pluck CMS
An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module, but not from recursive directories.
2024-10-01
5.3
CVE-2024-9405cve-coordination@incibe.es
Ada Support--Ada.cx Sentry Component
Ada.cx's Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint.
2024-10-04
5.3
CVE-2024-9410vulnreport@tenable.com
HP Inc.--Certain HP LaserJet Printers
Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a "JPEG Unsupported" message which may not clear, potentially blocking queued print jobs.
2024-10-02
5.3
CVE-2024-9423hp-security-alert@hp.com
brian_voelker--slim_select
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption(), the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate lists using unsanitized user-provided input may be vulnerable to cross-site scripting, resulting in attacker executed JavaScript. At this time, no patch is available.
2024-10-02
5.4
CVE-2024-9440disclosure@vulncheck.comdisclosure@vulncheck.comdisclosure@vulncheck.com
AVG/Avast--Antivirus
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing.
2024-10-04
5.1
CVE-2024-9481security@nortonlifelock.com
AVG/Avast--Antivirus
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing.
2024-10-04
5.1
CVE-2024-9482security@nortonlifelock.com
AVG/Avast--Antivirus
A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing.
2024-10-04
5.1
CVE-2024-9483security@nortonlifelock.com
AVG/Avast--Antivirus
An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing.
2024-10-04
5.1
CVE-2024-9484security@nortonlifelock.com
NVIDIA--Triton Inference Server
NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service.
2024-10-01
4.9
CVE-2024-0116psirt@nvidia.com
n/a--cocoon
Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. **Note:** The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng.
2024-10-02
4.5
CVE-2024-21530report@snyk.ioreport@snyk.ioreport@snyk.ioreport@snyk.ioreport@snyk.io
Esri--Enterprise Web App Builder
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 10.8.1 - 10.9.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the Layer Showcase application configuration which when clicked could potentially execute arbitrary JavaScript code in the victim's browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.
2024-10-04
4.8
CVE-2024-25694psirt@esri.com
Esri--Portal for ArcGIS Enterprise Experience Builder
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 10.8.1 - 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the Experience Builder Embed widget which when loaded could potentially execute arbitrary JavaScript code in the victim's browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.
2024-10-04
4.8
CVE-2024-25701psirt@esri.com
Esri--ArcGIS Enterprise Web App Builder
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 - 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victim's browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.
2024-10-04
4.8
CVE-2024-25702psirt@esri.com
Esri--Portal
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code.
2024-10-04
4.8
CVE-2024-25707psirt@esri.com
radiustheme -- the_post_grid
The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
2024-09-30
4.8
CVE-2024-3635contact@wpscan.com
Esri--Portal for ArcGIS Enterprise Experience Builder
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim's browser.
2024-10-04
4.6
CVE-2024-38036psirt@esri.com
n/a--n/a
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name.
2024-10-03
4.7
CVE-2024-41583cve@mitre.orgcve@mitre.org
n/a--n/a
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter.
2024-10-03
4.7
CVE-2024-41584cve@mitre.orgcve@mitre.org
Hewlett Packard Enterprise--HPE IceWall Agent products
A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a Cross-Site Request Forgery (CSRF) in the login flow.
2024-10-03
4.3
CVE-2024-42504security-alert@hpe.com
apple -- ipados
This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated.
2024-10-04
4.3
CVE-2024-44207product-security@apple.com
IBM--WebSphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2024-09-30
4.8
CVE-2024-45073psirt@us.ibm.com
ZKteco--iClock v3.1-168
ZKteco - CWE 200 Exposure of Sensitive Information to an Unauthorized Actor
2024-10-06
4.3
CVE-2024-45250cna@cyber.gov.il
n/a--n/a
Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.
2024-10-02
4.8
CVE-2024-45960cve@mitre.org
n/a--n/a
October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target.
2024-10-02
4.7
CVE-2024-45962cve@mitre.org
n/a--n/a
Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field.
2024-10-02
4.8
CVE-2024-45964cve@mitre.org
n/a--n/a
Contao 5.4.1 allows an authenticated admin account to upload a SVG file containing malicious javascript code into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted javascript to the target.
2024-10-02
4.7
CVE-2024-45965cve@mitre.org
n/a--n/a
Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget.
2024-10-01
4.7
CVE-2024-45967cve@mitre.org
n/a--n/a
A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
2024-09-30
4.8
CVE-2024-46475cve@mitre.org
Salon Booking System--Salon booking system
Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.9.
2024-10-05
4.3
CVE-2024-47316audit@patchstack.com
Clinical-Genomics--scout
Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users' devices or data. This vulnerability is fixed in 4.89.
2024-09-30
4.6
CVE-2024-47531security-advisories@github.comsecurity-advisories@github.com
Payflex--Payflex Payment Gateway
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payflex Payflex Payment Gateway.This issue affects Payflex Payment Gateway: from n/a through 2.6.1.
2024-10-05
4.7
CVE-2024-47646audit@patchstack.com
Esri--Portal
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim's browser.
2024-10-04
4.6
CVE-2024-8149psirt@esri.com
Unknown--Slider by 10Web
The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
2024-09-30
4.8
CVE-2024-8283contact@wpscan.com
planet -- gs-4210-24p2s_firmware
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.
2024-09-30
4.9
CVE-2024-8453twcert@cert.org.twtwcert@cert.org.tw
planet -- gs-4210-24p2s_firmware
Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject arbitrary JavaScript, leading to Stored XSS attack.
2024-09-30
4.8
CVE-2024-8457twcert@cert.org.twtwcert@cert.org.tw
planet -- gs-4210-24p2s_firmware
Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials.
2024-09-30
4.9
CVE-2024-8459twcert@cert.org.twtwcert@cert.org.tw
themehigh--Checkout Field Editor (Checkout Manager) for WooCommerce
The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'render_review_request_notice' function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-10-04
4.7
CVE-2024-8499security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
soumettre--Soumettre.fr
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettre_disconnect_gateway function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the gateway and delete the API key.
2024-10-01
4.3
CVE-2024-8675security@wordfence.comsecurity@wordfence.com
James Low--CSS JS Files
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in James Low CSS JS Files allows Path Traversal.This issue affects CSS JS Files: from n/a through 1.5.0.
2024-10-05
4.9
CVE-2024-9146audit@patchstack.com
Linux and Microsoft Windows--Octopus Server
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766.
2024-09-30
4.3
CVE-2024-9194security@octopus.com
expressjs--express
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.
2024-10-03
4.7
CVE-2024-926636c7be3b-2937-45df-85ea-ca7133ea542c
wpdevelop--WP Booking Calendar
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. In addition, site administrators have the option to grant lower-level users with access to manage the plugin's settings which may extend this vulnerability to those users.
2024-10-04
4.4
CVE-2024-9306security@wordfence.comsecurity@wordfence.com
Red Hat--Red Hat Enterprise Linux 8
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.
2024-10-01
4.7
CVE-2024-9407secalert@redhat.comsecalert@redhat.com
techjewel--Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to edit forms (administrator by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-10-05
4.9
CVE-2024-9528security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com
Back to top
Low Vulnerabilities
PrimaryVendor -- Product
Description
Published
CVSS Score
Source & Patch Info
NVIDIA--CUDA Toolkit
NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.
2024-10-03
3.3
CVE-2024-0123psirt@nvidia.com
NVIDIA--CUDA Toolkit
NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service.
2024-10-03
3.3
CVE-2024-0124psirt@nvidia.com
NVIDIA--CUDA Toolkit
NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service.
2024-10-03
3.3
CVE-2024-0125psirt@nvidia.com
HCL Software--Nomad server on Domino
HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.
2024-10-01
3.7
CVE-2024-30132psirt@hcl.com
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh.
2024-10-01
3.5
CVE-2024-47526security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com
miraheze--DataDump
DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d.
2024-10-02
3.5
CVE-2024-47612security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com
n/a--OFCMS
A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2024-10-01
3.5
CVE-2024-9411cna@vuldb.comcna@vuldb.comcna@vuldb.com
Netadmin Software--NetAdmin IAM
A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument username leads to information exposure through discrepancy. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-10-04
3.7
CVE-2024-9513cna@vuldb.comcna@vuldb.comcna@vuldb.com
Sovell--Smart Canteen System
A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation leads to authorization bypass. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
2024-10-06
3.7
CVE-2024-9554cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com
Back to top
Severity Not Yet Assigned
PrimaryVendor -- Product
Description
Published
CVSS Score
Source & Patch Info
theupdateframework--go-tuf
go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", then the client should trace the delegations in the order "A" then "B" then "C" but it may incorrectly trace the delegations "B"->"C"->"A". This vulnerability is fixed in 2.0.1.
2024-10-01
not yet calculated
CVE-2024-47534security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com
hyperium–tonic
Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that were not covered correctly causing the accept loop to exit. Upgrading to tonic 0.12.3 and above contains the fix.
2024-10-01
not yet calculated
CVE-2024-47609security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com
tukaani-project–xz
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters (for example, filenames) that don’t exist in the current legacy code page, the characters are converted to similar-looking characters with best-fit mapping. Some best-fit mappings result in ASCII characters that change the meaning of the command line, which can be exploited with malicious filenames to do argument injection or directory traversal attacks. This vulnerability is fixed in 5.6.3. Command line tools built for Cygwin or MSYS2 are unaffected. liblzma is unaffected.
2024-10-02
not yet calculated
CVE-2024-47611security-advisories@github.comsecurity-advisories@github.com
Wiz–Wiz Code Visual Studio Code extension
Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder" within Visual Studio Code, and initiates a manual scan of the file.
2024-10-01
not yet calculated
CVE-2024-91459947ef80-c5d5-474a-bbab-97341a59000e9947ef80-c5d5-474a-bbab-97341a59000e9947ef80-c5d5-474a-bbab-97341a59000e
n/a–n/a
Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key with the same X coordinate as the offered public key and by reflection of the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. This is a related issue to CVE-2020-26558.
2024-10-01
not yet calculated
CVE-2021-37577cve@mitre.orgcve@mitre.orgcve@mitre.org
n/a–n/a
TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.
2024-10-04
not yet calculated
CVE-2023-26770cve@mitre.orgcve@mitre.org
n/a–n/a
Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the victim opens the file.
2024-10-04
not yet calculated
CVE-2023-26771cve@mitre.orgcve@mitre.org
n/a–n/a
The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user’s primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user’s primary network. The only requirement of the attack is proximity to the dedicated wireless network.
2024-10-03
not yet calculated
CVE-2023-37822cve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.org
n/a–n/a
An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.
2024-10-02
not yet calculated
CVE-2024-24116cve@mitre.orgcve@mitre.org
n/a–n/a
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component.
2024-10-02
not yet calculated
CVE-2024-24117cve@mitre.orgcve@mitre.org
n/a–n/a
A remote code execution vulnerability in the project management of Wanxing Technology’s Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restart the system, and automatically execute the constructed attack script.
2024-10-02
not yet calculated
CVE-2024-24122cve@mitre.orgcve@mitre.org
n/a–n/a
Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows attackers (with access to the database or exported configuration files) to obtain SNMP users’ usernames and passwords in cleartext.
2024-10-01
not yet calculated
CVE-2024-25658cve@mitre.org
n/a–n/a
An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web applications.
2024-09-30
not yet calculated
CVE-2024-28808cve@mitre.org
n/a–n/a
An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations.
2024-09-30
not yet calculated
CVE-2024-28811cve@mitre.org
n/a–n/a
Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter.
2024-10-01
not yet calculated
CVE-2024-31835cve@mitre.orgcve@mitre.org
n/a–n/a
FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim’s web browser.
2024-10-02
not yet calculated
CVE-2024-33209cve@mitre.org
n/a–n/a
Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.
2024-10-02
not yet calculated
CVE-2024-33662cve@mitre.orgcve@mitre.orgcve@mitre.org
n/a–n/a
In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header.
2024-10-03
not yet calculated
CVE-2024-34535cve@mitre.orgcve@mitre.org
n/a–n/a
An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing network traffic.
2024-09-30
not yet calculated
CVE-2024-35495cve@mitre.org
n/a–n/a
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable.
2024-10-04
not yet calculated
CVE-2024-37868cve@mitre.orgcve@mitre.org
n/a–n/a
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable
2024-10-04
not yet calculated
CVE-2024-37869cve@mitre.orgcve@mitre.org
n/a–n/a
A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter.
2024-10-04
not yet calculated
CVE-2024-41511cve@mitre.org
n/a–n/a
A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter.
2024-10-04
not yet calculated
CVE-2024-41512cve@mitre.orgcve@mitre.orgcve@mitre.org
n/a–n/a
A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter.
2024-10-04
not yet calculated
CVE-2024-41513cve@mitre.orgcve@mitre.orgcve@mitre.org
n/a–n/a
A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter.
2024-10-04
not yet calculated
CVE-2024-41514cve@mitre.orgcve@mitre.orgcve@mitre.org
n/a–n/a
A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "res_url" parameter.
2024-10-04
not yet calculated
CVE-2024-41515cve@mitre.orgcve@mitre.orgcve@mitre.org
n/a–n/a
A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter.
2024-10-04
not yet calculated
CVE-2024-41516cve@mitre.orgcve@mitre.orgcve@mitre.org
n/a–n/a
DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine.
2024-10-03
not yet calculated
CVE-2024-41585cve@mitre.orgcve@mitre.org
n/a–n/a
The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.
2024-10-03
not yet calculated
CVE-2024-41588cve@mitre.orgcve@mitre.org
n/a–n/a
Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.
2024-10-03
not yet calculated
CVE-2024-41590cve@mitre.orgcve@mitre.org
n/a–n/a
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
2024-10-03
not yet calculated
CVE-2024-41591cve@mitre.orgcve@mitre.org
n/a–n/a
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.
2024-10-03
not yet calculated
CVE-2024-41593cve@mitre.orgcve@mitre.org
n/a–n/a
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
2024-10-03
not yet calculated
CVE-2024-41594cve@mitre.orgcve@mitre.org
TEM–Opera Plus FM Family Transmitter
The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
2024-10-03
not yet calculated
CVE-2024-41987ics-cert@hq.dhs.gov
TEM–Opera Plus FM Family Transmitter
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server’s main interfaces and execute arbitrary code.
2024-10-03
not yet calculated
CVE-2024-41988ics-cert@hq.dhs.gov
TECHNO SUPPORT COMPANY–Smart-tab Android app
Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a password. If this vulnerability is exploited, an attacker with physical access to the device may retrieve the credential information and spoof the device to access the related external service.
2024-09-30
not yet calculated
CVE-2024-42496vultures@jpcert.or.jpvultures@jpcert.or.jp
Microchip–TimeProvider 4100
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0.
2024-10-04
not yet calculated
CVE-2024-43683dc3f6da9-85b5-4a73-84a2-2ec90b40fca5dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
Microchip–TimeProvider 4100
Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.
2024-10-04
not yet calculated
CVE-2024-43684dc3f6da9-85b5-4a73-84a2-2ec90b40fca5dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
Microchip–TimeProvider 4100
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
2024-10-04
not yet calculated
CVE-2024-43685dc3f6da9-85b5-4a73-84a2-2ec90b40fca5dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
Microchip–TimeProvider 4100
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
2024-10-04
not yet calculated
CVE-2024-43686dc3f6da9-85b5-4a73-84a2-2ec90b40fca5dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
Microchip–TimeProvider 4100
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
2024-10-04
not yet calculated
CVE-2024-43687dc3f6da9-85b5-4a73-84a2-2ec90b40fca5dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
OpenC3–cosmos
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition.
2024-10-02
not yet calculated
CVE-2024-43795security-advisories@github.comsecurity-advisories@github.com
n/a–n/a
An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port.
2024-10-04
not yet calculated
CVE-2024-44439cve@mitre.orgcve@mitre.org
mantisbt–mantisbt
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users’ personal system profiles. This vulnerability is fixed in 2.26.4.
2024-09-30
not yet calculated
CVE-2024-45792security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com
n/a–n/a
A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically within the get_station_info()function located in the file /application/models/Oqrs_model.php. The vulnerability is exploitable via the station_id parameter.
2024-10-01
not yet calculated
CVE-2024-45999cve@mitre.org
n/a–n/a
itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and state_name parameters in travellers.php.
2024-10-04
not yet calculated
CVE-2024-46077cve@mitre.orgcve@mitre.org
n/a–n/a
itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id.
2024-10-04
not yet calculated
CVE-2024-46078cve@mitre.org
n/a–n/a
A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page.
2024-10-04
not yet calculated
CVE-2024-46409cve@mitre.orgcve@mitre.org
n/a–n/a
TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function.
2024-10-04
not yet calculated
CVE-2024-46486cve@mitre.orgcve@mitre.org
n/a–n/a
An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter.
2024-09-30
not yet calculated
CVE-2024-46635cve@mitre.org
n/a–n/a
Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability.
2024-10-03
not yet calculated
CVE-2024-46658cve@mitre.org
Linux–Linux
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel_pcie: Allocate memory for driver private data Fix driver not allocating memory for struct btintel_data which is used to store internal data.
2024-09-30
not yet calculated
CVE-2024-46869416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67
OpenC3–cosmos
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode’s open_local_file method allows an authenticated user with adequate permissions to download any .txt via the ScreensController#show on the web server COSMOS is running on (depending on the file permissions). This vulnerability is fixed in 5.19.0.
2024-10-02
not yet calculated
CVE-2024-46977security-advisories@github.comsecurity-advisories@github.com
cvat-ai–cvat
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate any API calls on that user’s behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.
2024-09-30
not yet calculated
CVE-2024-47063security-advisories@github.comsecurity-advisories@github.com
cvat-ai–cvat
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user’s behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.
2024-09-30
not yet calculated
CVE-2024-47064security-advisories@github.comsecurity-advisories@github.com
alist-org–alist
AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:link_name takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up to HTML tags via XHTML and thus leading to a XSS vulnerability. This vulnerability is fixed in 3.29.0.
2024-09-30
not yet calculated
CVE-2024-47067security-advisories@github.comsecurity-advisories@github.com
expressjs–basic-auth-connect
basic-auth-connect is Connect’s Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.
2024-09-30
not yet calculated
CVE-2024-47178security-advisories@github.comsecurity-advisories@github.com
n/a–n/a
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.
2024-10-04
not yet calculated
CVE-2024-47211cve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.org
OpenC3–cosmos
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128). This vulnerability is fixed in 5.19.0. This only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition.
2024-10-02
not yet calculated
CVE-2024-47529security-advisories@github.comsecurity-advisories@github.com
zopefoundation–RestrictedPython
RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment.
2024-09-30
not yet calculated
CVE-2024-47532security-advisories@github.comsecurity-advisories@github.com
StarCitizenTools–mediawiki-skins-Citizen
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0.
2024-09-30
not yet calculated
CVE-2024-47536security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com
Apache Software Foundation–Apache Commons IO
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
2024-10-03
not yet calculated
CVE-2024-47554security@apache.org
Js Communication Co., Ltd.–RevoWorks Cloud Client
RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client’s local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry.
2024-10-01
not yet calculated
CVE-2024-47560vultures@jpcert.or.jpvultures@jpcert.or.jp
DefinetlyNotAI–Logicytics
Logicytics is designed to harvest and collect data for forensic analysis. Logicytics has a basic vuln affecting compromised devices from shell injections. This vulnerability is fixed in 2.3.2.
2024-10-01
not yet calculated
CVE-2024-47608security-advisories@github.comsecurity-advisories@github.com
sulu–sulu
Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the "Media" section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ (other users including admins) browsers. This issue is fixed in 2.6.5.
2024-10-03
not yet calculated
CVE-2024-47618security-advisories@github.comsecurity-advisories@github.com
Shilpi Computers–Client Dashboard
This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple "userid" parameters in the API request body leading to unauthorized access of sensitive information belonging to other users.
2024-10-04
not yet calculated
CVE-2024-47651vdisclose@cert-in.org.in
Shilpi Computers–Client Dashboard
This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their corresponding mobile number. A remote attacker could exploit this vulnerability by providing mobile number of targeted user, to obtain complete access to the targeted user account.
2024-10-04
not yet calculated
CVE-2024-47652vdisclose@cert-in.org.in
Shilpi Computers–Client Dashboard
This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to unauthorized modification of requests belonging to the other users.
2024-10-04
not yet calculated
CVE-2024-47653vdisclose@cert-in.org.in
Shilpi Computers–Client Dashboard
This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints, which could lead to the OTP bombing on the targeted system.
2024-10-04
not yet calculated
CVE-2024-47654vdisclose@cert-in.org.in
Shilpi Computers–Client Dashboard
This vulnerability exists in the Shilpi Client Dashboard due to improper validation of files being uploaded other than the specified extension. An authenticated remote attacker could exploit this vulnerability by uploading malicious file, which could lead to remote code execution on targeted application.
2024-10-04
not yet calculated
CVE-2024-47655vdisclose@cert-in.org.in
Shilpi Computers–Client Dashboard
This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on password, which could lead to gain unauthorized access to other user accounts.
2024-10-04
not yet calculated
CVE-2024-47656vdisclose@cert-in.org.in
Shilpi Computers–Net Back Office
This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter dfclientid through API request URLs which could lead to unauthorized access to sensitive information belonging to other users.
2024-10-04
not yet calculated
CVE-2024-47657vdisclose@cert-in.org.in
jshttp–cookie
cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain.
2024-10-04
not yet calculated
CVE-2024-47764security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com
jgniecki–MinecraftMotdParser
Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting (XSS) attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of MotdItemCollection to generate a HTML string. An attacker can make malicious inputs to the color and text properties of MotdItem to inject own HTML into a web page during web page generation. For example by sending a malicious MOTD from a Minecraft server under their control that was queried and passed to the HtmlGenerator. This XSS vulnerability exists because the values of these properties are neither filtered nor escaped. This vulnerability is fixed in 1.0.6.
2024-10-04
not yet calculated
CVE-2024-47765security-advisories@github.comsecurity-advisories@github.com
Lif-Platforms–Lif-Auth-Server
Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker knew the email of the target, they could supply the email and immediately prompt the server to update the password without ever needing the code. This issue has been patched in version 1.7.3.
2024-10-04
not yet calculated
CVE-2024-47768security-advisories@github.comsecurity-advisories@github.com
Jenkins Project–Jenkins
Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.
2024-10-02
not yet calculated
CVE-2024-47803jenkinsci-cert@googlegroups.com
Jenkins Project–Jenkins
If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction.
2024-10-02
not yet calculated
CVE-2024-47804jenkinsci-cert@googlegroups.com
Jenkins Project–Jenkins Credentials Plugin
Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `config.xml` via REST API or CLI.
2024-10-02
not yet calculated
CVE-2024-47805jenkinsci-cert@googlegroups.com
The Wikimedia Foundation–Mediawiki – Apex skin
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – Apex skin allows Stored XSS.This issue affects Mediawiki – Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.
2024-10-05
not yet calculated
CVE-2024-47840c4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eacc
The Wikimedia Foundation–Mediawiki – CSS Extension
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in The Wikimedia Foundation Mediawiki – CSS Extension allows Path Traversal.This issue affects Mediawiki – CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9.
2024-10-05
not yet calculated
CVE-2024-47841c4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eacc
The Wikimedia Foundation–Mediawiki – CSS Extension
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki – CSS Extension allows Code Injection.This issue affects Mediawiki – CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.
2024-10-05
not yet calculated
CVE-2024-47845c4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eacc
The Wikimedia Foundation–Mediawiki – Cargo
Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki – Cargo allows Cross Site Request Forgery.This issue affects Mediawiki – Cargo: from 3.6.X before 3.6.1.
2024-10-05
not yet calculated
CVE-2024-47846c4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eacc
The Wikimedia Foundation–Mediawiki – Cargo
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki – Cargo: from 3.6.X before 3.6.1.
2024-10-05
not yet calculated
CVE-2024-47847c4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eacc
The Wikimedia Foundation–Mediawiki – PageTriage
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki – PageTriage allows Authentication Bypass.This issue affects Mediawiki – PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.
2024-10-05
not yet calculated
CVE-2024-47848c4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eacc
The Wikimedia Foundation–Mediawiki – Cargo
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in The Wikimedia Foundation Mediawiki – Cargo allows SQL Injection.This issue affects Mediawiki – Cargo: from 3.6.X before 3.6.1.
2024-10-05
not yet calculated
CVE-2024-47849c4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eaccc4f26cc8-17ff-4c99-b5e2-38fc1793eacc
n/a–n/a
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
2024-10-04
not yet calculated
CVE-2024-47855cve@mitre.orgcve@mitre.org
n/a–n/a
An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.
2024-10-04
not yet calculated
CVE-2024-47910cve@mitre.orgcve@mitre.orgcve@mitre.org
n/a–n/a
An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.
2024-10-04
not yet calculated
CVE-2024-47913cve@mitre.orgcve@mitre.org
Vercom S.A.–Redlink SDK
Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13.
2024-09-30
not yet calculated
CVE-2024-6051cvd@cert.plcvd@cert.pl
OpenText–Vertica
Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X.
2024-10-02
not yet calculated
CVE-2024-6360security@opentext.com
parisneo–parisneo/lollms-webui
A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code.
2024-09-30
not yet calculated
CVE-2024-6394security@huntr.dev
Finrota–Netahsilat
Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03.
2024-10-04
not yet calculated
CVE-2024-6400iletisim@usom.gov.tr
Microchip–TimeProvider 4100
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
2024-10-04
not yet calculated
CVE-2024-7801dc3f6da9-85b5-4a73-84a2-2ec90b40fca5dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
Webroot–SecureAnywhere – Web Shield
Access of Resource Using Incompatible Type (‘Type Confusion’) vulnerability in Webroot SecureAnywhere – Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere – Web Shield: before 2.1.2.3.
2024-10-03
not yet calculated
CVE-2024-7824security@opentext.com
Webroot–SecureAnywhere – Web Shield
Access of Resource Using Incompatible Type (‘Type Confusion’) vulnerability in Webroot SecureAnywhere – Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere – Web Shield: before 2.1.2.3.
2024-10-03
not yet calculated
CVE-2024-7825security@opentext.com
Webroot–SecureAnywhere – Web Shield
Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere – Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere – Web Shield: before 2.1.2.3.
2024-10-03
not yet calculated
CVE-2024-7826security@opentext.com
Microchip–TimeProvider 4100
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
2024-10-04
not yet calculated
CVE-2024-9054dc3f6da9-85b5-4a73-84a2-2ec90b40fca5dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
M-Files Corporation–M-Files Hubshare
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI
2024-10-02
not yet calculated
CVE-2024-9174security@m-files.com
Eclipse Foundation–Glassfish
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is ‘/management/domain’. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
2024-09-30
not yet calculated
CVE-2024-9329emo@eclipse.orgemo@eclipse.org
M-Files Corporation–M-Files Connector for Copilot
Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation
2024-10-02
not yet calculated
CVE-2024-9333security@m-files.com
Mozilla–Firefox
A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. *This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
2024-10-01
not yet calculated
CVE-2024-9391security@mozilla.orgsecurity@mozilla.org
Mozilla–Firefox
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
2024-10-01
not yet calculated
CVE-2024-9393security@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.org
Mozilla–Firefox
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
2024-10-01
not yet calculated
CVE-2024-9394security@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.org
Mozilla–Firefox
A specially crafted filename containing a large number of spaces could obscure the file’s extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
2024-10-01
not yet calculated
CVE-2024-9395security@mozilla.orgsecurity@mozilla.org
Mozilla–Firefox
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
2024-10-01
not yet calculated
CVE-2024-9397security@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.org
Mozilla–Firefox
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
2024-10-01
not yet calculated
CVE-2024-9398security@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.org
Mozilla–Firefox
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
2024-10-01
not yet calculated
CVE-2024-9399security@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.orgsecurity@mozilla.org
Back to top
AI Summary and Description: Yes
Summary: This text contains a comprehensive list of high, medium, and low vulnerabilities associated with various software products and platforms. Each entry is detailed with a description of the vulnerability, its potential impact (such as remote code execution, cross-site scripting, etc.), its CVSS score, and contact or patching information.
Detailed Description:
The provided content is an extensive catalog of vulnerabilities in different software applications, detailing the technical specifications and the impact of these vulnerabilities. For security professionals, this serves as a critical resource for understanding the current threat landscape.
Key points include:
– **Types of Vulnerabilities**: Multiple types of vulnerabilities are listed, including but not limited to:
– Command injection
– Cross-site scripting (XSS)
– SQL injection
– Denial of Service (DoS)
– Path Traversal
– Unauthorized access and privilege escalation
– **Affected Products**: Products affected range from well-known software in enterprise environments (like **Cisco**, **Esri**, **Mozilla Firefox**) to various WordPress plugins.
– **Severity Ratings**: The vulnerabilities are rated with CVSS scores that categorize their severity from low to high, providing a quick reference for the level of risk posed by each vulnerability.
– **Mitigation Steps**: Many entries include details about potential mitigations, including recommended patches and vendor contact information for vulnerability disclosures.
– **Implications for Security Practices**:
– **Awareness**: This list allows organizations to stay informed about vulnerabilities in the software they use.
– **Compliance**: Provides a foundation for ensuring compliance with security policies and standards by identifying vulnerable systems that may need immediate attention.
– **Risk Management**: Helps in assessing risk levels of using certain software products within the organization’s tech stack.
– **Unique Vulnerability Examples**:
– A vulnerability in **Cisco Data Center Network Manager** could allow an authenticated, low-privileged user to upload or delete files, affecting device integrity.
– **Cross-site scripting** in **Mozilla Firefox** could lead to attackers executing arbitrary JavaScript in the context of a user’s session, which poses a risk of data exfiltration or session hijacking.
– The **Rank Math SEO plugin** for WordPress holding vulnerabilities allows potentially effective attacks due to misconfigurations that could allow for unauthorized site modifications.
This compilation of vulnerabilities emphasizes the importance of regular updates and proactive management of software environments to mitigate risks. Security professionals must continuously monitor these vulnerabilities to protect the integrity, confidentiality, and availability of their systems and data.