Vulnerability Summary for the Week of April 22, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
abdul_hakeem -- build_app_online | Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. | 2024-04-25 | 9.8 | CVE-2023-51478 audit@patchstack.com |
algolplus -- advanced_order_export_for_woocommerce | Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4. | 2024-04-25 | 9.1 | CVE-2024-31266 audit@patchstack.com |
andondesign -- udesign | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign allows Reflected XSS.This issue affects UDesign: from n/a through 4.7.3. | 2024-04-25 | 7.1 | CVE-2024-4077 audit@patchstack.com |
ant-media -- ant-media-server | Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James. Any unprivileged operating system user can connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. This allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the `antmedia` service account on the system. Version 2.9.0 contains a patch for the issue. As a workaround, one may remove certain parameters from the `antmedia.service` file. | 2024-04-22 | 7.8 | CVE-2024-32656 security-advisories@github.com security-advisories@github.com |
bdthemes -- prime_slider_-_addons_for_elementor | Missing Authorization vulnerability in BdThemes Prime Slider - Addons For Elementor.This issue affects Prime Slider - Addons For Elementor: from n/a through 3.13.2. | 2024-04-22 | 7.1 | CVE-2024-32682 audit@patchstack.com |
bigbluebutton -- greenlight | Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue. | 2024-04-25 | 9.1 | CVE-2022-36028 security-advisories@github.com security-advisories@github.com |
bigbluebutton -- greenlight | Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue. | 2024-04-25 | 9.1 | CVE-2022-36029 security-advisories@github.com security-advisories@github.com |
bloompixel -- max_addons_pro_for_bricks | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BloomPixel Max Addons Pro for Bricks allows Reflected XSS.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1. | 2024-04-24 | 7.1 | CVE-2024-32952 audit@patchstack.com |
brocade -- brocade_sannav | In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information. | 2024-04-25 | 8.6 | CVE-2024-4161 sirt@brocade.com |
brocade -- brocade_sannav | A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav. | 2024-04-25 | 7.6 | CVE-2024-4173 sirt@brocade.com |
buddyboss_dmcc -- buddyboss_theme | Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60. | 2024-04-24 | 9.8 | CVE-2023-51477 audit@patchstack.com |
cisco -- adaptive_security_appliance_software | A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads. | 2024-04-24 | 8.6 | CVE-2024-20353 ykramarz@cisco.com |
cisco -- cisco_ios_xe_software | A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | 2024-04-24 | 7.4 | CVE-2024-20313 ykramarz@cisco.com |
cisco -- cisco_unified_computing_system_(standalone) | A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | 2024-04-24 | 8.8 | CVE-2024-20295 ykramarz@cisco.com |
cisco -- cisco_unified_computing_system_(standalone) | A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root. | 2024-04-24 | 8.7 | CVE-2024-20356 ykramarz@cisco.com |
coderevolution -- wp_setup_wizard | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1. | 2024-04-25 | 8.8 | CVE-2024-25917 audit@patchstack.com |
creative_interactive_media -- 3d_flipbook,_pdf_viewer,_pdf_embedder_-_real_3d_flipbook_wordpress_plugin | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder - Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder - Real 3D FlipBook WordPress Plugin: from n/a through 3.62. | 2024-04-22 | 7.1 | CVE-2024-32694 audit@patchstack.com |
crushftp -- crushftp | A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | 2024-04-22 | 10 | CVE-2024-4040 430a6cef-dc26-47e3-9fa8-52fb7f19644e 430a6cef-dc26-47e3-9fa8-52fb7f19644e 430a6cef-dc26-47e3-9fa8-52fb7f19644e 430a6cef-dc26-47e3-9fa8-52fb7f19644e 430a6cef-dc26-47e3-9fa8-52fb7f19644e 430a6cef-dc26-47e3-9fa8-52fb7f19644e 430a6cef-dc26-47e3-9fa8-52fb7f19644e |
danswer-ai -- danswer | Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal Slack access. This issue was patched in version 3.63. | 2024-04-26 | 9.8 | CVE-2024-32881 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
debaat -- wp_media_category_management | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeBAAT WP Media Category Management allows Reflected XSS.This issue affects WP Media Category Management: from n/a through 2.2. | 2024-04-24 | 7.1 | CVE-2024-32950 audit@patchstack.com |
dell -- dell_repository_manager_(drm) | Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the running web application. | 2024-04-24 | 8.8 | CVE-2024-28976 security_alert@emc.com |
dgtlmoon -- changedetection.io | changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced). | 2024-04-26 | 10 | CVE-2024-32651 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
eazyplugins -- eazy_plugin_manager | Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2. | 2024-04-25 | 9.9 | CVE-2023-51482 audit@patchstack.com |
eclipse_foundation -- eclipse_target_management | Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03 | 2024-04-26 | 9.8 | CVE-2024-0740 emo@eclipse.org emo@eclipse.org |
edmundhung -- conform | Conform, a type-safe form validation library, allows the parsing of nested objects in the form of `object.property`. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to `parseWith...` functions. Applications that use conform for server-side validation of form data or URL parameters are affected by this vulnerability. Version 1.1.1 contains a patch for the issue. | 2024-04-23 | 8.6 | CVE-2024-32866 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
elementor -- elementor_website_builder | Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4. | 2024-04-24 | 7.5 | CVE-2023-47504 audit@patchstack.com |
eli_scheetz -- anti-malware_security_and_brute-force_firewall | Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96. | 2024-04-25 | 9 | CVE-2024-22144 audit@patchstack.com audit@patchstack.com audit@patchstack.com |
freerdp -- freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default). | 2024-04-22 | 9.8 | CVE-2024-32039 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
freerdp -- freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead. | 2024-04-22 | 9.8 | CVE-2024-32041 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
freerdp -- freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support). | 2024-04-22 | 9.8 | CVE-2024-32458 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
freerdp -- freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available. | 2024-04-22 | 9.8 | CVE-2024-32459 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
freerdp -- freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | 2024-04-23 | 9.8 | CVE-2024-32658 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
freerdp -- freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | 2024-04-23 | 9.8 | CVE-2024-32659 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
freerdp -- freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`). | 2024-04-22 | 8.1 | CVE-2024-32040 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
freerdp -- freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support. | 2024-04-22 | 8.1 | CVE-2024-32460 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
freerdp -- freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | 2024-04-23 | 7.5 | CVE-2024-32660 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
freerdp -- freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | 2024-04-23 | 7.5 | CVE-2024-32661 security-advisories@github.com security-advisories@github.com |
freerdp -- freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | 2024-04-23 | 7.5 | CVE-2024-32662 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
ggerganov -- llama.cpp | Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in gguf_init_from_file, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be possible to control this uninitialized value and cause arbitrary address free problems. This may further lead to be exploited. Causes llama.cpp to crash (DoS) and may even lead to arbitrary code execution (RCE). This vulnerability has been patched in commit b2740. | 2024-04-26 | 7.1 | CVE-2024-32878 security-advisories@github.com security-advisories@github.com |
giorgos_sarigiannidis -- slash_admin | Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannidis Slash Admin allows Cross-Site Scripting (XSS).This issue affects Slash Admin: from n/a through 3.8.1. | 2024-04-24 | 7.1 | CVE-2024-32958 audit@patchstack.com |
gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read. | 2024-04-25 | 8.5 | CVE-2024-2434 cve@gitlab.com cve@gitlab.com |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service. | 2024-04-25 | 7.5 | CVE-2024-2829 cve@gitlab.com cve@gitlab.com |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user's Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab. | 2024-04-25 | 7.3 | CVE-2024-4024 cve@gitlab.com |
glpi-project -- glpi-agent | The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy task is installed, a local malicious user can trigger privilege escalation configuring a malicious server providing its own deploy task payload. GLPI-Agent 1.7.2 contains a patch for this issue. As a workaround, edit GLPI-Agent related key under `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` and add `SystemComponent` DWORD value setting it to `1` to hide GLPI-Agent from installed applications. | 2024-04-25 | 7.3 | CVE-2024-28240 security-advisories@github.com security-advisories@github.com |
glpi-project -- glpi-agent | The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which involves installed folder is automatically secured by the system. | 2024-04-25 | 7.3 | CVE-2024-28241 security-advisories@github.com security-advisories@github.com |
grassroot_dicom -- grassroot_dicom | An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | 2024-04-25 | 8.1 | CVE-2024-22373 talos-cna@cisco.com |
grassroot_dicom -- grassroot_dicom | A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 2024-04-25 | 7.7 | CVE-2024-22391 talos-cna@cisco.com |
hanwha_vision_co._ltd. -- hrx-1620 | Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | 2024-04-26 | 8.9 | CVE-2023-6095 fc9afe74-3f80-4fb7-a313-e6f036a89882 |
hanwha_vision_co._ltd. -- hrx-1620 | Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | 2024-04-26 | 8.9 | CVE-2023-6116 fc9afe74-3f80-4fb7-a313-e6f036a89882 |
hanwha_vision_co._ltd. -- hrx-1620 | Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | 2024-04-26 | 7.4 | CVE-2023-6096 fc9afe74-3f80-4fb7-a313-e6f036a89882 |
hitachi -- hitachi_ops_center_analyzer | Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.1-00. | 2024-04-23 | 7.5 | CVE-2024-2493 hirt@hitachi.co.jp |
ibm -- mq_appliance | IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137. | 2024-04-27 | 7.5 | CVE-2024-25048 psirt@us.ibm.com psirt@us.ibm.com |
jack-kitterhing -- wp_smtp | The WP SMTP plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in versions 1.2 to 1.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-26 | 7.2 | CVE-2024-1789 security@wordfence.com security@wordfence.com |
jacques_malgrange -- rencontre_-_dating_site | Improper Privilege Management vulnerability in Jacques Malgrange Rencontre - Dating Site allows Privilege Escalation.This issue affects Rencontre - Dating Site: from n/a through 3.10.1. | 2024-04-24 | 9.8 | CVE-2023-51425 audit@patchstack.com |
jetmonsters -- timetable_and_event_schedule_by_motopress | The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-27 | 9.9 | CVE-2024-3342 security@wordfence.com security@wordfence.com |
librenms -- librenms | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability. | 2024-04-22 | 7.1 | CVE-2024-32461 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
librenms -- librenms | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability. | 2024-04-22 | 7.1 | CVE-2024-32479 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
librenms -- librenms | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue. | 2024-04-22 | 7.2 | CVE-2024-32480 security-advisories@github.com security-advisories@github.com |
m-files_corporation -- m-files_server | Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources. | 2024-04-26 | 7.5 | CVE-2024-4056 security@m-files.com |
marco_gasi -- language_switcher_for_transposh | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marco Gasi Language Switcher for Transposh allows Reflected XSS.This issue affects Language Switcher for Transposh: from n/a through 1.5.9. | 2024-04-22 | 7.1 | CVE-2024-32695 audit@patchstack.com |
mcu-tools -- mcuboot | MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV (tag-length-value) structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part of the image signature to avoid tampering. However, the code does not distinguish which TLV entries should be protected or not, so it is possible for an attacker to add unprotected TLV entries that should be protected. Currently, the primary protected TLV entries should be the dependency indication, and the boot record. An injected dependency value would primarily result in an otherwise acceptable image being rejected. A boot record injection could allow fields in a later attestation record to include data not intended, which could cause an image to appear to have properties that it should not have. As a workaround, disable the boot record functionality. | 2024-04-26 | 7.7 | CVE-2024-32883 security-advisories@github.com |
mestres_do_wp -- checkout_mestres_wp | Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. | 2024-04-24 | 9.8 | CVE-2023-51472 audit@patchstack.com |
mestres_do_wp -- checkout_mestres_wp | Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. | 2024-04-24 | 8.2 | CVE-2023-51471 audit@patchstack.com |
metagauss -- registrationmagic | Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2. | 2024-04-24 | 7.5 | CVE-2023-23976 audit@patchstack.com |
mongodb_inc -- mongodb_compass | MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0. | 2024-04-24 | 7.1 | CVE-2024-3371 cna@mongodb.com |
n/a -- mysql2 | Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function. | 2024-04-23 | 9.8 | CVE-2024-21511 report@snyk.io report@snyk.io report@snyk.io report@snyk.io |
n/a -- newsletters | Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through 4.9.5. | 2024-04-24 | 7.5 | CVE-2024-32953 audit@patchstack.com |
offis -- dcmtk | An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2024-04-23 | 7.5 | CVE-2024-28130 talos-cna@cisco.com |
patrick_posner -- simply_static | Insertion of Sensitive Information into Log File vulnerability in Patrick Posner Simply Static.This issue affects Simply Static: from n/a through 3.1.3. | 2024-04-24 | 7.5 | CVE-2024-32825 audit@patchstack.com |
pickplugins -- post_grid | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78. | 2024-04-24 | 7.5 | CVE-2024-32816 audit@patchstack.com |
plechev_andrey -- wp-recall | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | 2024-04-24 | 9.3 | CVE-2024-32709 audit@patchstack.com |
plechev_andrey -- wp-recall | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | 2024-04-24 | 8.5 | CVE-2024-32710 audit@patchstack.com |
powerdns -- recursor | A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected. | 2024-04-25 | 7.5 | CVE-2024-25583 security@open-xchange.com |
pyload -- pyload | pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication. | 2024-04-26 | 9.1 | CVE-2024-32880 security-advisories@github.com |
qnap_systems_inc. -- media_streaming_add-on_ | An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later | 2024-04-26 | 9.6 | CVE-2023-47222 security@qnapsecurity.com.tw |
qnap_systems_inc. -- myqnapcloud_link | A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud Link 2.4.51 and later | 2024-04-26 | 9.9 | CVE-2024-32764 security@qnapsecurity.com.tw |
qnap_systems_inc. -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-04-26 | 10 | CVE-2024-32766 security@qnapsecurity.com.tw |
qnap_systems_inc. -- qts | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-04-26 | 8.7 | CVE-2023-51364 security@qnapsecurity.com.tw |
qnap_systems_inc. -- qts | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-04-26 | 8.7 | CVE-2023-51365 security@qnapsecurity.com.tw |
qnap_systems_inc. -- qts | An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | 2024-04-26 | 7.4 | CVE-2023-50363 security@qnapsecurity.com.tw |
qnap_systems_inc. -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-04-26 | 7.5 | CVE-2024-27124 security@qnapsecurity.com.tw |
red_hat -- mirror_registry_for_red_hat_openshift | A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a malicious actor to craft session cookies and as a consequence, it may lead to gaining access to the affected Quay instance. | 2024-04-25 | 8.8 | CVE-2024-3622 secalert@redhat.com secalert@redhat.com |
red_hat -- mirror_registry_for_red_hat_openshift | A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database. | 2024-04-25 | 8.1 | CVE-2024-3623 secalert@redhat.com secalert@redhat.com |
red_hat -- mirror_registry_for_red_hat_openshift | A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database. | 2024-04-25 | 7.3 | CVE-2024-3624 secalert@redhat.com secalert@redhat.com |
red_hat -- mirror_registry_for_red_hat_openshift | A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance. | 2024-04-25 | 7.3 | CVE-2024-3625 secalert@redhat.com secalert@redhat.com |
red_hat -- red_hat_ansible_automation_platform_2.4_for_rhel_8 | A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system. | 2024-04-25 | 8.1 | CVE-2024-1657 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- red_hat_openshift_container_platform_3.11 | A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system. | 2024-04-26 | 7.2 | CVE-2024-3154 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- red_hat_openshift_container_platform_4.11 | An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers. | 2024-04-25 | 7.5 | CVE-2023-6596 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- red_hat_openshift_container_platform_4.15 | A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret. | 2024-04-25 | 7.7 | CVE-2024-1139 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
repute_info_systems -- arforms | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4. | 2024-04-24 | 8.5 | CVE-2024-32706 audit@patchstack.com |
repute_info_systems -- arforms | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute info systems ARForms allows Reflected XSS.This issue affects ARForms: from n/a through 6.4. | 2024-04-24 | 7.1 | CVE-2024-32702 audit@patchstack.com |
repute_infosystems -- armember | Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28. | 2024-04-24 | 9.1 | CVE-2024-32948 audit@patchstack.com |
rtcamp -- rtmedia_for_wordpress,_buddypress_and_bbpress | The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-23 | 8.8 | CVE-2024-3293 security@wordfence.com security@wordfence.com |
seers -- seers | Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through 8.1.0. | 2024-04-24 | 7.1 | CVE-2024-32789 audit@patchstack.com |
silabs.com -- z/ip_gateway_sdk | Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time. | 2024-04-26 | 7.5 | CVE-2024-3051 product-security@silabs.com |
silabs.com -- z/ip_gateway_sdk | Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway. | 2024-04-26 | 7.5 | CVE-2024-3052 product-security@silabs.com |
skylab -- iiot_gateway_(igx) | The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exec and download functions. By replacing the /etc/passwd file with a new root user entry, the attacker was able to breakout from the limited shell and login to a unrestricted shell with root access. With the root access, the attacker will be able take full control of the IIoT Gateway. | 2024-04-26 | 8 | CVE-2024-4163 cve_disclosure@tech.gov.sg |
teamnewpipe -- newpipe | NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in Arbitrary Code Execution. This is because backups are serialized/deserialized using Java's Object Serialization Stream Protocol, which can allow constructing any class in the app, unless properly restricted. To exploit this vulnerability, an attacker would need to build a backup file containing the exploit, and then persuade a user into importing it. During the import process, the malicious code would be executed, possibly crashing the app, stealing user data from the NewPipe app, performing nasty actions through Android APIs, and attempting Android JVM/Sandbox escapes through vulnerabilities in the Android OS. The attack can take place only if the user imports a malicious backup file, so an attacker would need to trick a user into importing a backup file from a source they can control. The implementation details of the malicious backup file can be independent of the attacked user or the device they are being run on, and do not require additional privileges. All NewPipe versions from 0.13.4 to 0.26.1 are vulnerable. NewPipe version 0.27.0 fixes the issue by doing the following: Restrict the classes that can be deserialized when calling Java's Object Serialization Stream Protocol, by adding a whitelist with only innocuous data-only classes that can't lead to Arbitrary Code Execution; deprecate backups serialized with Java's Object Serialization Stream Protocol; use JSON serialization for all newly created backups (but still include an alternative file serialized with Java's Object Serialization Stream Protocol in the backup zip for backwards compatibility); show a warning to the user when attempting to import a backup where the only available serialization mode is Java's Object Serialization Stream Protocol (note that in the future this serialization mode will be removed completely). | 2024-04-24 | 8.5 | CVE-2024-32876 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
tenda -- 4g300 | A vulnerability has been found in Tenda 4G300 1.01.42 and classified as critical. Affected by this vulnerability is the function sub_41E858. The manipulation of the argument GO/page leads to stack-based buffer overflow. The attack can be launched remotely. The identifier VDB-261985 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-25 | 8.8 | CVE-2024-4166 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- 4g300 | A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Affected by this issue is the function sub_422AA4. The manipulation of the argument year/month/day/hour/minute/second leads to stack-based buffer overflow. The attack may be launched remotely. VDB-261986 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-25 | 8.8 | CVE-2024-4167 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- 4g300 | A vulnerability was found in Tenda 4G300 1.01.42. It has been classified as critical. This affects the function sub_4260F0. The manipulation of the argument upfilen leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-261987. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-25 | 8.8 | CVE-2024-4168 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- 4g300 | A vulnerability was found in Tenda 4G300 1.01.42. It has been declared as critical. This vulnerability affects the function sub_42775C/sub_4279CC. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The identifier of this vulnerability is VDB-261988. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-25 | 8.8 | CVE-2024-4169 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- 4g300 | A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as critical. This issue affects the function sub_429A30. The manipulation of the argument list1 leads to stack-based buffer overflow. The attack may be initiated remotely. The identifier VDB-261989 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-25 | 8.8 | CVE-2024-4170 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- a301 | A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262223. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-27 | 8.8 | CVE-2024-4291 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- ac8 | A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. This vulnerability affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-23 | 8.8 | CVE-2024-4064 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- ac8 | A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated as critical. This issue affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-23 | 8.8 | CVE-2024-4065 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- ac8 | A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. Affected is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation of the argument wanMTU/wanSpeed/cloneType/mac/serviceName/serverName leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-23 | 8.8 | CVE-2024-4066 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- ax1803 | A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-26 | 8.8 | CVE-2024-4236 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- ax1803 | A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-26 | 8.8 | CVE-2024-4237 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- ax1803 | A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-26 | 8.8 | CVE-2024-4238 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- ax1803 | A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-26 | 8.8 | CVE-2024-4239 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- g3 | A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.17(9502). This issue affects the function formModifyPppAuthWhiteMac of the file /goform/ModifyPppAuthWhiteMac. The manipulation of the argument pppoeServerWhiteMacIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261983. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-25 | 8.8 | CVE-2024-4164 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- g3 | A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.17(9502). Affected is the function modifyDhcpRule of the file /goform/modifyDhcpRule. The manipulation of the argument bindDhcpIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261984. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-25 | 8.8 | CVE-2024-4165 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- i21 | A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). Affected by this issue is the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The identifier of this vulnerability is VDB-262136. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-27 | 8.8 | CVE-2024-4245 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- i21 | A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). This affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The identifier VDB-262137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-27 | 8.8 | CVE-2024-4246 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- i21 | A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as critical. This vulnerability affects the function formQosManage_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. VDB-262138 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-27 | 8.8 | CVE-2024-4247 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- i21 | A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical. This issue affects the function formQosManage_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-262139. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-27 | 8.8 | CVE-2024-4248 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- i21 | A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been classified as critical. Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-27 | 8.8 | CVE-2024-4249 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- i21 | A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as critical. Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262141 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-27 | 8.8 | CVE-2024-4250 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- i21 | A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been rated as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSe. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262142 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-27 | 8.8 | CVE-2024-4251 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- i21 | A vulnerability classified as critical has been found in Tenda i22 1.0.0.3(4687). This affects the function formSetUrlFilterRule. The manipulation of the argument groupIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-262143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-27 | 8.8 | CVE-2024-4252 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- tx9 | A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated as critical. Affected by this issue is the function sub_42BD7C of the file /goform/SetLEDCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4111 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- tx9 | A vulnerability classified as critical has been found in Tenda TX9 22.03.02.10. This affects the function sub_42CB94 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4112 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- tx9 | A vulnerability classified as critical was found in Tenda TX9 22.03.02.10. This vulnerability affects the function sub_42D4DC of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4113 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- tx9 | A vulnerability, which was classified as critical, has been found in Tenda TX9 22.03.02.10. This issue affects the function sub_42C014 of the file /goform/PowerSaveSet. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4114 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w15e | A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is the function formAddDnsForward of the file /goform/AddDnsForward. The manipulation of the argument DnsForwardRule leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4115 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w15e | A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this vulnerability is the function formDelDhcpRule of the file /goform/DelDhcpRule. The manipulation of the argument delDhcpIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4116 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w15e | A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this issue is the function formDelPortMapping of the file /goform/DelPortMapping. The manipulation of the argument portMappingIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4117 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w15e | A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. This affects the function formIPMacBindAdd of the file /goform/addIpMacBind. The manipulation of the argument IPMacBindRule leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4118 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w15e | A vulnerability was found in Tenda W15E 15.11.0.14. It has been declared as critical. This vulnerability affects the function formIPMacBindDel of the file /goform/delIpMacBind. The manipulation of the argument IPMacBindIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4119 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w15e | A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critical. This issue affects the function formIPMacBindModify of the file /goform/modifyIpMacBind. The manipulation of the argument IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4120 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w15e | A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Affected is the function formQOSRuleDel. The manipulation of the argument qosIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-261864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4121 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w15e | A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Affected by this vulnerability is the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4122 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w15e | A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Affected by this issue is the function formSetPortMapping of the file /goform/SetPortMapping. The manipulation of the argument portMappingServer/portMappingProtocol/portMappingWan/porMappingtInternal/portMappingExternal leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4123 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w15e | A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. This affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4124 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w15e | A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. This vulnerability affects the function formSetStaticRoute of the file /goform/setStaticRoute. The manipulation of the argument staticRouteIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261868. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4125 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w15e | A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261869 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4126 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w15e | A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-24 | 8.8 | CVE-2024-4127 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w30e | A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the file /goform/WizardHandle. The manipulation of the argument PPW leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-25 | 8.8 | CVE-2024-4171 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w9 | A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. This affects the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-262131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-26 | 8.8 | CVE-2024-4240 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w9 | A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. This vulnerability affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The identifier of this vulnerability is VDB-262132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-26 | 8.8 | CVE-2024-4241 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w9 | A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. This issue affects the function formwrlSSIDget of the file /goform/wifiSSIDget. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-26 | 8.8 | CVE-2024-4242 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w9 | A vulnerability classified as critical has been found in Tenda W9 1.0.0.7(4456). Affected is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-262134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-26 | 8.8 | CVE-2024-4243 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- w9 | A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4456). Affected by this vulnerability is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-26 | 8.8 | CVE-2024-4244 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
themehigh -- email_customizer_for_woocommerce | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0. | 2024-04-24 | 7.5 | CVE-2024-32781 audit@patchstack.com |
themeisle -- product_addons_&_fields_for_woocommerce | The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires the PPOM Pro plugin to be installed along with a WooCommerce product that contains a file upload field to retrieve the correct nonce. | 2024-04-26 | 9.8 | CVE-2024-3962 security@wordfence.com security@wordfence.com security@wordfence.com |
tribulant -- newsletters | Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5. | 2024-04-24 | 9.1 | CVE-2024-32954 audit@patchstack.com |
unlimited_elements -- unlimited_elements_for_elementor_(free_widgets_addons_templates) | Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.60. | 2024-04-24 | 9.9 | CVE-2023-31090 audit@patchstack.com |
valvepress -- automatic | Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0. | 2024-04-22 | 7.6 | CVE-2024-32693 audit@patchstack.com |
vinoth06. -- frontend_dashboard | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in vinoth06. Frontend Dashboard.This issue affects Frontend Dashboard: from n/a through 2.2.2. | 2024-04-24 | 7.5 | CVE-2024-32726 audit@patchstack.com |
webangon -- the_pack_elementor_addons | Cross-Site Request Forgery (CSRF) vulnerability in Webangon The Pack Elementor addons allows Cross-Site Scripting (XSS).This issue affects The Pack Elementor addons: from n/a through 2.0.8.3. | 2024-04-24 | 7.1 | CVE-2024-32785 audit@patchstack.com |
webkul_software -- uvdesk_community | Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3. | 2024-04-25 | 10 | CVE-2024-0916 41c37e40-543d-43a2-b660-2fee83ea851a 41c37e40-543d-43a2-b660-2fee83ea851a |
wp -- dx-watermark | Cross-Site Request Forgery (CSRF) vulnerability in ??WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4. | 2024-04-25 | 9.6 | CVE-2024-30560 audit@patchstack.com |
wp-buy -- login_as_user_or_customer_(user_switching) | Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8. | 2024-04-25 | 9.8 | CVE-2023-51484 audit@patchstack.com |
wp_lab -- wp-lister_lite_for_ebay | Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.11. | 2024-04-24 | 9.1 | CVE-2024-32836 audit@patchstack.com |
N/A -- N/A | An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user. | 2024-04-27 | 8.4 | CVE-2022-48684 cve@mitre.org |
N/A -- N/A | An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation. | 2024-04-27 | 7.7 | CVE-2022-48685 cve@mitre.org |
N/A -- N/A | An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files. | 2024-04-26 | 7.7 | CVE-2024-33671 cve@mitre.org |
N/A -- N/A | An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files. | 2024-04-26 | 7.7 | CVE-2024-33672 cve@mitre.org |
N/A -- N/A | An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path. | 2024-04-26 | 7.8 | CVE-2024-33673 cve@mitre.org |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
10web -- form_maker_by_10web_-_mobile-friendly_drag_&_drop_contact_form_builder | The Form Maker by 10Web - Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-27 | 4.4 | CVE-2024-2258 security@wordfence.com security@wordfence.com |
2day.sk,_webikon -- superfaktura_woocommerce | Server-Side Request Forgery (SSRF) vulnerability in 2day.Sk, Webikon SuperFaktura WooCommerce.This issue affects SuperFaktura WooCommerce: from n/a through 1.40.3. | 2024-04-24 | 6.4 | CVE-2024-32803 audit@patchstack.com |
aazztech -- post_slider | Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7. | 2024-04-26 | 5.4 | CVE-2022-40975 audit@patchstack.com |
accessally -- popupally | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1. | 2024-04-26 | 5.9 | CVE-2024-33639 audit@patchstack.com |
advancedcoding -- comments_-_wpdiscuz | The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-23 | 6.4 | CVE-2024-2477 security@wordfence.com security@wordfence.com |
alumnionline_web_services_llc -- wp_ada_compliance_check_basic | Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through 3.1.3. | 2024-04-24 | 4.3 | CVE-2024-32947 audit@patchstack.com |
amd -- amd_software:_adrenalin_edition_ | An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. | 2024-04-23 | 5.3 | CVE-2024-21972 psirt@amd.com |
amd -- amd_software:_adrenalin_edition_ | An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. | 2024-04-23 | 5.3 | CVE-2024-21979 psirt@amd.com |
automattic -- jetpack | Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7. | 2024-04-24 | 5.4 | CVE-2023-47774 audit@patchstack.com |
bdthemes -- prime_slider_-_addons_for_elementor | Missing Authorization vulnerability in BdThemes Prime Slider - Addons For Elementor.This issue affects Prime Slider - Addons For Elementor: from n/a through 3.13.2. | 2024-04-22 | 4.3 | CVE-2024-32681 audit@patchstack.com |
bkav_corporation -- bkav_home | Bkav Home v7816, build 2403161130 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x222240 IOCTL code of the BkavSDFlt.sys driver. | 2024-04-23 | 5.5 | CVE-2024-2760 help@fluidattacks.com help@fluidattacks.com |
bloompixel -- max_addons_pro_for_bricks | Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1. | 2024-04-24 | 6.5 | CVE-2024-32951 audit@patchstack.com |
bluenet_technology -- clinical_browsing_system | A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262149 was assigned to this vulnerability. | 2024-04-27 | 6.3 | CVE-2024-4257 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
brijesh_kothari -- smart_maintenance_mode | Cross-Site Request Forgery (CSRF) vulnerability in Brijesh Kothari Smart Maintenance Mode.This issue affects Smart Maintenance Mode: from n/a through 1.4.4. | 2024-04-26 | 5.4 | CVE-2024-33638 audit@patchstack.com |
broadstreet_xpress -- wordpress_ad_widget | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet XPRESS WordPress Ad Widget allows Stored XSS.This issue affects WordPress Ad Widget: from n/a through 2.20.0. | 2024-04-26 | 5.9 | CVE-2024-33696 audit@patchstack.com |
brocade -- brocade_sannav | By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account. | 2024-04-27 | 6.8 | CVE-2024-2859 sirt@brocade.com |
brocade -- brocade_sannav | Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information. | 2024-04-25 | 4.3 | CVE-2024-4159 sirt@brocade.com |
byron -- gitoxide | gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs. This is related to the patched vulnerability GHSA-rrjw-j4m2-mf34, but appears less severe due to a greater attack complexity. This issue has been patched in versions 0.35.0, 0.42.0 and 0.62.0. | 2024-04-26 | 6.4 | CVE-2024-32884 security-advisories@github.com security-advisories@github.com |
cbutlerjr -- wp-members_membership_plugin | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible for unauthenticated attackers to view files uploaded by other users which may contain sensitive information. | 2024-04-26 | 5.3 | CVE-2024-2920 security@wordfence.com security@wordfence.com |
checkmk_gmbh -- checkmk | Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing. | 2024-04-24 | 5.9 | CVE-2024-28825 security@checkmk.com |
cisco -- cisco_adaptive_security_appliance_(asa)_software | A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root. | 2024-04-24 | 6 | CVE-2024-20358 ykramarz@cisco.com |
cisco -- cisco_adaptive_security_appliance_(asa)_software | A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. | 2024-04-24 | 6 | CVE-2024-20359 ykramarz@cisco.com |
cisco -- cisco_telepresence_management_suite_(tms) | A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2024-04-24 | 5.4 | CVE-2023-20249 ykramarz@cisco.com |
clickcease -- clickcease_click_fraud_protection | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212. | 2024-04-24 | 4.1 | CVE-2024-32078 audit@patchstack.com |
clickcease -- clickcease_click_fraud_protection | Cross-Site Request Forgery (CSRF) vulnerability in ClickCease ClickCease Click Fraud Protection.This issue affects ClickCease Click Fraud Protection: from n/a through 3.2.4. | 2024-04-26 | 4.3 | CVE-2024-33678 audit@patchstack.com |
code_tides -- advanced_floating_content | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Tides Advanced Floating Content allows Stored XSS.This issue affects Advanced Floating Content: from n/a through 1.2.5. | 2024-04-24 | 5.9 | CVE-2024-32723 audit@patchstack.com |
contemporary_controls -- basrouter_bacnet_basrt-b | A vulnerability classified as critical has been found in Contemporary Controls BASrouter BACnet BASRT-B 2.7.2. Affected is an unknown function of the component Device-Communication-Control Service. The manipulation with the input 55ff0500370015f30104025506110afb7519035d0841e4bece257b6acfc71f leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262224. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-27 | 6.5 | CVE-2024-4292 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
cookie_information_a/s -- wp_gdpr_compliance | Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through 2.0.23. | 2024-04-26 | 5.4 | CVE-2024-33682 audit@patchstack.com |
coschedule -- headline_analyzer | Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule Headline Analyzer.This issue affects Headline Analyzer: from n/a through 1.3.3. | 2024-04-24 | 4.3 | CVE-2024-32806 audit@patchstack.com |
cozmoslabs -- paid_member_subscriptions | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0. | 2024-04-24 | 4.3 | CVE-2024-32728 audit@patchstack.com |
creative_themes_hq -- blocksy | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes HQ Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.33. | 2024-04-25 | 6.5 | CVE-2024-32961 audit@patchstack.com |
crocoblock -- jetformbuilder | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4. | 2024-04-24 | 5.3 | CVE-2023-48763 audit@patchstack.com |
cryout_creations -- serious_slider | Cross-Site Request Forgery (CSRF) vulnerability in Cryout Creations Serious Slider.This issue affects Serious Slider: from n/a through 1.2.4. | 2024-04-26 | 4.3 | CVE-2024-33650 audit@patchstack.com |
culqi -- culqi | Server-Side Request Forgery (SSRF) vulnerability in Culqi.This issue affects Culqi: from n/a through 3.0.14. | 2024-04-24 | 4.9 | CVE-2024-32819 audit@patchstack.com |
cyanomiko -- dcnnt-py | A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has been classified as critical. Affected is the function main of the file dcnnt/plugins/notifications.py of the component Notification Handler. The manipulation leads to command injection. It is possible to launch the attack remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is identified as b4021d784a97e25151a5353aa763a741e9a148f5. It is recommended to upgrade the affected component. VDB-262230 is the identifier assigned to this vulnerability. | 2024-04-27 | 6.3 | CVE-2023-1000 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
daniel_powney -- multi_rating | Missing Authorization vulnerability in Daniel Powney Multi Rating allows Functionality Misuse.This issue affects Multi Rating: from n/a through 5.0.6. | 2024-04-24 | 5.3 | CVE-2023-32127 audit@patchstack.com |
dell -- wyse_proprietary_os_(modern_thinos) | Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information. | 2024-04-24 | 6.2 | CVE-2024-28963 security_alert@emc.com |
dfir-iris -- iris-web | Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web` is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability can lead to an arbitrary Remote Code Execution. An authenticated administrator has to upload a crafted report template containing the payload. Upon generation of a report based on the weaponized report, any user can trigger the vulnerability. The vulnerability is patched in IRIS v2.4.6. No workaround is available. It is recommended to update as soon as possible. Until patching, review the report templates and keep the administrative privileges that include the upload of report templates limited to dedicated users. | 2024-04-25 | 6.8 | CVE-2024-25624 security-advisories@github.com |
e4j_s.r.l. -- vikrentcar | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in E4J s.R.L. VikRentCar.This issue affects VikRentCar: from n/a through 1.3.2. | 2024-04-24 | 5.9 | CVE-2024-32780 audit@patchstack.com |
ekojr -- advanced_post_list | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EkoJR Advanced Post List allows Stored XSS.This issue affects Advanced Post List: from n/a through 0.5.6.1. | 2024-04-26 | 5.9 | CVE-2024-33642 audit@patchstack.com |
element-hq -- synapse | Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. Server administrators should upgrade to 1.105.1 or later. Some workarounds are available. One can ban the malicious users or ACL block servers from the rooms and/or leave the room and purge the room using the admin API. | 2024-04-23 | 6.5 | CVE-2024-31208 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
elespare -- elespare_-_blog_magazine_and_newspaper_addons_for_elementor_with_templates_widgets_kits,_and_header/footer_builder._one_click_import:_no_coding_required | The Elespare - Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_create_post() function hooked via AJAX in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary posts. | 2024-04-23 | 4.3 | CVE-2024-0900 security@wordfence.com security@wordfence.com |
essential_addons -- essential_addons_for_elementor_pro | The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on user supplied attributes such as 'title_html_tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-22 | 6.4 | CVE-2024-3645 security@wordfence.com security@wordfence.com |
extend_themes -- teluro | Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31. | 2024-04-26 | 4.3 | CVE-2024-33688 audit@patchstack.com |
fahad_mahmood -- rss_feed_widget | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood RSS Feed Widget allows Stored XSS.This issue affects RSS Feed Widget: from n/a through 2.9.7. | 2024-04-22 | 5.9 | CVE-2024-32690 audit@patchstack.com |
famethemes -- fametheme_demo_importer | Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.This issue affects FameTheme Demo Importer: from n/a through 1.1.5. | 2024-04-26 | 4.3 | CVE-2024-33679 audit@patchstack.com |
feedbackwp -- rate_my_post_-_wp_rating_system | Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post - WP Rating System.This issue affects Rate my Post - WP Rating System: from n/a through 3.4.4. | 2024-04-24 | 5.3 | CVE-2024-32823 audit@patchstack.com |
foliovision -- fv_flowplayer_video_player | Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.43.7212. | 2024-04-24 | 4.9 | CVE-2024-32955 audit@patchstack.com |
formassembly_/_drew_buschhorn -- wp-formassembly | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5. | 2024-04-24 | 6.5 | CVE-2022-45852 audit@patchstack.com |
fr-d-ric_gilles -- fg_joomla_to_wordpress | Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2. | 2024-04-24 | 5.3 | CVE-2024-32788 audit@patchstack.com |
ghozylab -- image_slider_widget | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Image Slider Widget allows Stored XSS.This issue affects Image Slider Widget: from n/a through 1.1.125. | 2024-04-24 | 5.9 | CVE-2024-32707 audit@patchstack.com |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group. | 2024-04-25 | 4.3 | CVE-2024-1347 cve@gitlab.com cve@gitlab.com |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions | 2024-04-25 | 4.3 | CVE-2024-4006 cve@gitlab.com |
gohugoio -- hugo | Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The issue is patched in v0.125.3. As a workaround, replace the templates with user defined templates or disable the internal templates. | 2024-04-23 | 6.1 | CVE-2024-32875 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
grassroot_dicom -- grassroot_dicom | An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability. | 2024-04-25 | 6.5 | CVE-2024-25569 talos-cna@cisco.com |
gt3themes -- photo_gallery_-_gt3_image_gallery_&_gutenberg_block_gallery | The Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.7.7.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-25 | 6.4 | CVE-2024-4035 security@wordfence.com security@wordfence.com |
hasthemes -- ht_mega | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HasThemes HT Mega.This issue affects HT Mega: from n/a through 2.4.7. | 2024-04-24 | 4.3 | CVE-2024-32782 audit@patchstack.com |
helloasso -- helloasso | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.5. | 2024-04-22 | 6.5 | CVE-2024-32697 audit@patchstack.com |
hinjiriyo -- quick_featured_images | The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the set_thumbnail and delete_thumbnail functions in all versions up to, and including, 13.7.0. This makes it possible for authenticated attackers, with contributor-level access and above, to delete thumbnails and add thumbnails to posts they did not author. | 2024-04-23 | 4.3 | CVE-2024-3664 security@wordfence.com security@wordfence.com |
hitachi -- hitachi_ops_center_administrator | Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 11.0.1. | 2024-04-23 | 4.4 | CVE-2023-6833 hirt@hitachi.co.jp |
holded -- holded | Cross-Site Scripting (XSS) vulnerability in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within all editable parameters within the 'General' and 'Team ID' functionalities, which could result in a session takeover. | 2024-04-22 | 4.6 | CVE-2024-4026 cve-coordination@incibe.es |
honojs -- hono | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where `main.ts` is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for the issue. | 2024-04-23 | 5.3 | CVE-2024-32869 security-advisories@github.com security-advisories@github.com |
hyperion -- hyperion_web_server | Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affecting version 2.0.15. This vulnerability could allow an attacker to execute malicious Javascript code on the client by injecting that code into the URL. | 2024-04-25 | 5.4 | CVE-2024-4174 cve-coordination@incibe.es |
hyperion -- hyperion_web_server | Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an attacker to send a malicious payload with Unicode characters that will be replaced by ASCII characters. | 2024-04-25 | 5.4 | CVE-2024-4175 cve-coordination@incibe.es |
ibm -- qradar_suite_software | IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 272203. | 2024-04-23 | 5.4 | CVE-2023-47731 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- websphere_application_server | IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516. | 2024-04-25 | 5.9 | CVE-2024-25026 psirt@us.ibm.com psirt@us.ibm.com |
implecode -- reviews_plus | Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through 1.3.4. | 2024-04-26 | 4.3 | CVE-2024-32822 audit@patchstack.com |
jegstudio -- financio | Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio.This issue affects Financio: from n/a through 1.1.3. | 2024-04-26 | 4.3 | CVE-2024-33690 audit@patchstack.com |
jegtheme -- jeg_elementor_kit | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.3. | 2024-04-24 | 6.5 | CVE-2024-32721 audit@patchstack.com |
jeroen_peters -- all-in-one_like_widget | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Peters All-in-one Like Widget allows Stored XSS.This issue affects All-in-one Like Widget: from n/a through 2.2.7. | 2024-04-24 | 5.9 | CVE-2024-32815 audit@patchstack.com |
kashipara -- online_furniture_shopping_ecommerce_website | A vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file search.php. The manipulation of the argument txtSearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261795. | 2024-04-23 | 6.3 | CVE-2024-4069 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- online_furniture_shopping_ecommerce_website | A vulnerability has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file prodList.php. The manipulation of the argument prodType leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261796. | 2024-04-23 | 6.3 | CVE-2024-4070 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- online_furniture_shopping_ecommerce_website | A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261797 was assigned to this vulnerability. | 2024-04-23 | 6.3 | CVE-2024-4071 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
keenetic -- kn-1010 | A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /ndmComponents.js of the component Configuration Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261673 was assigned to this vulnerability. NOTE: The vendor is aware of this issue and plans to fix it by the end of 2024. | 2024-04-21 | 5.3 | CVE-2024-4021 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
keenetic -- kn-1010 | A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /version.js of the component Version Data Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261674 is the identifier assigned to this vulnerability. NOTE: The vendor is aware of this issue and plans to fix it by the end of 2024. | 2024-04-21 | 5.3 | CVE-2024-4022 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
leap13 -- premium_addons_for_elementor | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.25. | 2024-04-24 | 6.5 | CVE-2024-32791 audit@patchstack.com |
leevio -- happy_addons_for_elementor | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.4. | 2024-04-22 | 6.5 | CVE-2024-32698 audit@patchstack.com |
live_composer_team -- page_builder:_live_composer | Missing Authorization vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.38. | 2024-04-26 | 4.7 | CVE-2024-32957 audit@patchstack.com |
loginpress -- loginpress_pro | Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0. | 2024-04-24 | 6.5 | CVE-2024-32677 audit@patchstack.com |
loginpress -- loginpress_pro | Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0. | 2024-04-25 | 5.3 | CVE-2024-32676 audit@patchstack.com |
logitech -- mevo_webcam_app | Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code. | 2024-04-23 | 4.4 | CVE-2024-4031 cve-coordination@logitech.com |
long_watch_studio -- myrewards | Missing Authorization vulnerability in Long Watch Studio MyRewards.This issue affects MyRewards: from n/a through 5.3.0. | 2024-04-22 | 6.5 | CVE-2024-32688 audit@patchstack.com |
magazine3 -- schema_&_structured_data_for_wp_&_amp | The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-23 | 6.4 | CVE-2024-3491 security@wordfence.com security@wordfence.com |
mainwp -- mainwp_child_reports | Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1. | 2024-04-26 | 5.4 | CVE-2024-33680 audit@patchstack.com |
mattermost -- mattermost | Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored | 2024-04-26 | 4.3 | CVE-2024-32046 responsibledisclosure@mattermost.com |
mattermost -- mattermost | Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash other users' web clients via a malformed custom status. | 2024-04-26 | 4.3 | CVE-2024-4182 responsibledisclosure@mattermost.com |
mattermost -- mattermost | Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table. | 2024-04-26 | 4.3 | CVE-2024-4183 responsibledisclosure@mattermost.com |
matthew_fries -- mf_gig_calendar_ | Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1. | 2024-04-26 | 5.4 | CVE-2024-33651 audit@patchstack.com |
meks -- meks_smart_social_widget | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks Smart Social Widget allows Stored XSS.This issue affects Meks Smart Social Widget: from n/a through 1.6.4. | 2024-04-26 | 5.9 | CVE-2024-33693 audit@patchstack.com |
meks -- meks_themeforest_smart_widget | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5. | 2024-04-26 | 5.9 | CVE-2024-33694 audit@patchstack.com |
metagauss -- profilegrid_ | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. | 2024-04-24 | 5.4 | CVE-2024-32808 audit@patchstack.com |
metagauss -- profilegrid_ | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. | 2024-04-24 | 4.3 | CVE-2024-32772 audit@patchstack.com |
metagauss -- registrationmagic | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.1.9.2. | 2024-04-24 | 5.3 | CVE-2023-23989 audit@patchstack.com |
metersphere -- metersphere | MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue. | 2024-04-25 | 5.7 | CVE-2024-32467 security-advisories@github.com |
monsterinsights -- google_analytics_by_monster_insights | Missing Authorization vulnerability in MonsterInsights Google Analytics by Monster Insights.This issue affects Google Analytics by Monster Insights: from n/a through 8.21.0. | 2024-04-25 | 4.3 | CVE-2023-52220 audit@patchstack.com |
mra13 -- simple_membership | The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-25 | 5.4 | CVE-2024-3730 security@wordfence.com security@wordfence.com |
mycred -- mycred | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a through 2.6.3. | 2024-04-24 | 6.5 | CVE-2024-32711 audit@patchstack.com |
n/a -- coupon_&_discount_code_reveal_button | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coupon & Discount Code Reveal Button allows Stored XSS.This issue affects Coupon & Discount Code Reveal Button: from n/a through 1.2.5. | 2024-04-24 | 5.9 | CVE-2024-32722 audit@patchstack.com |
n/a -- idccms | A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261991. | 2024-04-25 | 4.3 | CVE-2024-4172 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
n/a -- import_and_export_users_and_customers | Deserialization of Untrusted Data vulnerability in Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.26.2. | 2024-04-24 | 4.4 | CVE-2024-32817 audit@patchstack.com |
nick_halsey -- list_custom_taxonomy_widget | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Halsey List Custom Taxonomy Widget allows Stored XSS.This issue affects List Custom Taxonomy Widget: from n/a through 4.1. | 2024-04-24 | 5.9 | CVE-2024-32833 audit@patchstack.com |
nixos -- hydra | Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is serving NixOS `.iso` files. The issue is only with html files served by Hydra. The issue has been patched on https://hydra.nixos.org around 2024-04-21 14:30 UTC. The nixpkgs package were fixed in unstable and 23.11. Users with custom Hydra packages can apply the fix commit to their local installations. The vulnerability is only triggered when opening HTML build artifacts, so not opening them until the vulnerability is fixed works around the issue. | 2024-04-22 | 4.6 | CVE-2024-32657 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
octolize -- flexible_shipping | Missing Authorization vulnerability in Octolize Flexible Shipping.This issue affects Flexible Shipping: from n/a through 4.24.15. | 2024-04-26 | 4.3 | CVE-2024-32828 audit@patchstack.com |
optinmonster_popup_builder_team -- optinmonster | Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3. | 2024-04-26 | 4.3 | CVE-2024-33691 audit@patchstack.com |
ovic_team -- ovic_addon_toolkit | Missing Authorization vulnerability in Ovic Team Ovic Addon Toolkit.This issue affects Ovic Addon Toolkit: from n/a through 2.6.1. | 2024-04-24 | 4.3 | CVE-2024-32432 audit@patchstack.com |
paid_memberships_pro -- paid_memberships_pro | Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. | 2024-04-24 | 5.4 | CVE-2024-32793 audit@patchstack.com |
paid_memberships_pro -- paid_memberships_pro | Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. | 2024-04-24 | 4.3 | CVE-2024-32794 audit@patchstack.com |
paoltaia -- geodirectory_-_wordpress_business_directory_plugin_or_classified_directory | The GeoDirectory - WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gd_single_tabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-23 | 6.4 | CVE-2024-3732 security@wordfence.com security@wordfence.com |
pavex -- embed_google_photos_album | Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9. | 2024-04-24 | 4.9 | CVE-2024-32775 audit@patchstack.com |
phpgurukul -- doctor_appointment_management_system | A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulation of the argument editid leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262226 is the identifier assigned to this vulnerability. | 2024-04-27 | 6.3 | CVE-2024-4294 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
podlove -- podlove_podcast_publisher | Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11. | 2024-04-24 | 5.4 | CVE-2024-32812 audit@patchstack.com |
pr-gateway -- blog2social:_social_media_auto_post_&_scheduler | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts. | 2024-04-26 | 5.3 | CVE-2024-3678 security@wordfence.com security@wordfence.com security@wordfence.com |
pt-guy -- content_views_-_post_grid_&_filter,_recent_posts,_category_posts,_&_more_(gutenberg_blocks_and_shortcode) | The Content Views - Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Widget Post Overlay block in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-25 | 6.4 | CVE-2024-3929 security@wordfence.com security@wordfence.com |
python-social-auth -- social-app-django | Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field. | 2024-04-24 | 4.9 | CVE-2024-32879 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
qnap_systems_inc. -- qts | An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later | 2024-04-26 | 6.5 | CVE-2024-21905 security@qnapsecurity.com.tw |
qnap_systems_inc. -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | 2024-04-26 | 5 | CVE-2023-50361 security@qnapsecurity.com.tw |
qnap_systems_inc. -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | 2024-04-26 | 5 | CVE-2023-50362 security@qnapsecurity.com.tw |
qnap_systems_inc. -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | 2024-04-26 | 5.5 | CVE-2023-50364 security@qnapsecurity.com.tw |
qnap_systems_inc. -- qufirewall | A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: QuFirewall 2.4.1 ( 2024/02/01 ) and later | 2024-04-26 | 5.5 | CVE-2023-41291 security@qnapsecurity.com.tw |
qnap_systems_inc. -- qufirewall | A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: QuFirewall 2.4.1 ( 2024/02/01 ) and later | 2024-04-26 | 4.1 | CVE-2023-41290 security@qnapsecurity.com.tw |
qodeinteractive -- qi_addons_for_elementor | The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-27 | 6.4 | CVE-2024-3309 security@wordfence.com security@wordfence.com |
quantumcloud -- infographic_maker_-_ilist | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Infographic Maker - iList allows Stored XSS.This issue affects Infographic Maker - iList: from n/a through 4.6.6. | 2024-04-22 | 6.5 | CVE-2024-32696 audit@patchstack.com |
rankmath -- rank_math_seo_with_ai_best_seo_tools | The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-23 | 6.4 | CVE-2024-3665 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
rapid7 -- insight_agent | A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This was fixed in the Rapid7 platform starting 3 April 2024 via the introduction of a restricted role and the removal of automatic API key generation on installation of an agent. | 2024-04-23 | 6.8 | CVE-2024-3185 cve@rapid7.com |
realmag777 -- active_products_tables_for_woocommerce | Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.2. | 2024-04-22 | 5.3 | CVE-2024-32691 audit@patchstack.com |
red_hat -- logging_subsystem_for_red_hat_openshift | A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching. | 2024-04-25 | 5.3 | CVE-2024-0874 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- red_hat_build_of_keycloak | A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection. | 2024-04-25 | 6.5 | CVE-2024-1102 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- red_hat_build_of_keycloak_22 | A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance. | 2024-04-25 | 6 | CVE-2023-6717 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- red_hat_build_of_keycloak_22 | A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt=login," prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting "Restart login," an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session. | 2024-04-25 | 6.5 | CVE-2023-6787 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- red_hat_build_of_keycloak_22 | A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication. | 2024-04-25 | 5 | CVE-2023-3597 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- red_hat_build_of_keycloak_22 | A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity. | 2024-04-25 | 5.3 | CVE-2023-6484 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- red_hat_build_of_keycloak_22 | A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized. | 2024-04-25 | 5.4 | CVE-2023-6544 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- red_hat_build_of_quarkus_2.13.9.final | A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties. | 2024-04-25 | 6.5 | CVE-2023-5675 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- red_hat_build_of_quarkus_3.2.11.final | A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service. | 2024-04-25 | 5.3 | CVE-2024-1726 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- red_hat_enterprise_linux_6 | A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode. | 2024-04-25 | 5.9 | CVE-2024-2467 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- red_hat_enterprise_linux_8 | A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access. | 2024-04-25 | 6.2 | CVE-2024-2905 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- red_hat_trusted_profile_analyzer | A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed. | 2024-04-25 | 4.3 | CVE-2024-3508 secalert@redhat.com secalert@redhat.com |
renehermi -- wp_staging_wordpress_backup_plugin_-_migration_backup_restore | The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract sensitive data from a log file, including system information and (in the Pro version) license keys. Successful exploitation requires an administrator to have used the 'Contact Us' functionality along with the "Enable this option to automatically submit the log files." option. | 2024-04-26 | 5.3 | CVE-2024-3682 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
renzo_johnson -- contact_form_7_extension_for_mailchimp | Cross-Site Request Forgery (CSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70. | 2024-04-26 | 4.3 | CVE-2024-33677 audit@patchstack.com |
repute_infosystems -- bookingpress | Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BookingPress: from n/a through 1.0.74. | 2024-04-24 | 5.3 | CVE-2023-51405 audit@patchstack.com |
revmakx -- wpcal.io_-_easy_meeting_scheduler | Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io - Easy Meeting Scheduler.This issue affects WPCal.Io - Easy Meeting Scheduler: from n/a through 0.9.5.8. | 2024-04-24 | 4.3 | CVE-2024-32795 audit@patchstack.com |
rimes_gold -- cf7_file_download_-_file_download_for_cf7 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rimes Gold CF7 File Download - File Download for CF7 allows Stored XSS.This issue affects CF7 File Download - File Download for CF7: from n/a through 2.0. | 2024-04-26 | 5.9 | CVE-2024-33697 audit@patchstack.com |
rometheme -- romethemekit_for_elementor | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1. | 2024-04-24 | 6.5 | CVE-2024-32956 audit@patchstack.com |
ruijie -- rg-uac | A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240419. This issue affects some unknown processing of the file /view/network Config/GRE/gre_edit_commit.php. The manipulation of the argument name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262145 was assigned to this vulnerability. | 2024-04-27 | 4.7 | CVE-2024-4255 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
satrya -- smart_recent_posts_widget | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Satrya Smart Recent Posts Widget allows Stored XSS.This issue affects Smart Recent Posts Widget: from n/a through 1.0.3. | 2024-04-26 | 5.9 | CVE-2024-33692 audit@patchstack.com |
sayful_islam -- filterable_portfolio | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayful Islam Filterable Portfolio allows Stored XSS.This issue affects Filterable Portfolio: from n/a through 1.6.4. | 2024-04-26 | 5.9 | CVE-2024-4234 audit@patchstack.com |
shaonsina -- sina_extension_for_elementor_(slider_gallery_form_modal_data_table_tab_particle_free_elementor_widgets_&_elementor_templates) | The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Fancy Text Widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-25 | 6.4 | CVE-2024-3988 security@wordfence.com security@wordfence.com security@wordfence.com |
shapedplugin -- widget_post_slider | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin Widget Post Slider allows Stored XSS.This issue affects Widget Post Slider: from n/a through 1.3.5. | 2024-04-24 | 5.9 | CVE-2024-32801 audit@patchstack.com |
shared_files_pro -- shared_files | Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through 1.7.16. | 2024-04-23 | 5.3 | CVE-2024-32679 audit@patchstack.com |
shoaib_saleem -- wp_post_rating | Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5. | 2024-04-24 | 5.3 | CVE-2023-25785 audit@patchstack.com |
sidekiq -- sidekiq | Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the application. An attacker could exploit it to target users of the Sidekiq Web UI. Moreover, if other applications are deployed on the same domain or website as Sidekiq, users of those applications could also be affected, leading to a broader scope of compromise. Potentially compromising their accounts, forcing the users to perform sensitive actions, stealing sensitive data, performing CORS attacks, defacement of the web application, etc. This issue has been patched in version 7.2.4. | 2024-04-26 | 5.5 | CVE-2024-32887 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
skylot -- jadx | jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability. | 2024-04-22 | 6.1 | CVE-2024-32653 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
softlab -- radio_player | Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. | 2024-04-25 | 5.4 | CVE-2024-33592 audit@patchstack.com |
sourcecodester -- simple_subscription_website | A vulnerability, which was classified as critical, was found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file view_application.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261822 is the identifier assigned to this vulnerability. | 2024-04-24 | 6.3 | CVE-2024-4093 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
streamweasels -- streamweasels_twitch_integration | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StreamWeasels StreamWeasels Twitch Integration.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.8. | 2024-04-24 | 5.3 | CVE-2024-32716 audit@patchstack.com |
supsystic -- data_tables_generator_by_supsystic | Missing Authorization vulnerability in Supsystic Data Tables Generator by Supsystic.This issue affects Data Tables Generator by Supsystic: from n/a through 1.10.31. | 2024-04-26 | 4.3 | CVE-2024-32829 audit@patchstack.com |
techlabpro1 -- classified_listing_-_classified_ads_&_business_directory_plugin | The Classified Listing - Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachements. | 2024-04-25 | 5.3 | CVE-2024-3893 security@wordfence.com security@wordfence.com |
thehappymonster -- happy_addons_for_elementor | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-26 | 6.4 | CVE-2024-3890 security@wordfence.com security@wordfence.com |
themencode -- fan_page_widget_by_themencode | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode Fan Page Widget by ThemeNcode allows Stored XSS.This issue affects Fan Page Widget by ThemeNcode: from n/a through 2.0. | 2024-04-26 | 5.9 | CVE-2024-33695 audit@patchstack.com |
themeum -- tutor_lms_-_elearning_and_online_course_solution | The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutor_instructor_list' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-25 | 5.4 | CVE-2024-3994 security@wordfence.com security@wordfence.com |
tony_zeoli,_tony_hayes -- radio_station | Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Hayes Radio Station.This issue affects Radio Station: from n/a through 2.5.7. | 2024-04-26 | 4.3 | CVE-2024-33689 audit@patchstack.com |
trackship -- trackship_for_woocommerce | Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.This issue affects TrackShip for WooCommerce: from n/a through 1.7.5. | 2024-04-24 | 5.3 | CVE-2024-32678 audit@patchstack.com |
twinpictures -- annual_archive | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0. | 2024-04-26 | 5.9 | CVE-2024-33598 audit@patchstack.com |
umbraco -- umbraco.workflow.issues | Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6, 13.0.6, as well as Umbraco Plumber version 10.1.2, contain a patch for this issue. | 2024-04-24 | 5.5 | CVE-2024-32872 security-advisories@github.com |
vektor,inc. -- vk_block_patterns | Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through 1.31.0. | 2024-04-26 | 5.3 | CVE-2024-32826 audit@patchstack.com |
very_good_plugins -- wp_fusion_lite | Insertion of Sensitive Information into Log File vulnerability in Very Good Plugins WP Fusion Lite.This issue affects WP Fusion Lite: from n/a through 3.42.10. | 2024-04-24 | 4.3 | CVE-2024-32796 audit@patchstack.com |
vyperlang -- vyper | Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a `range` of the form `range(start, start + N)`, if `start` is negative, the execution will always revert. This issue is caused by an incorrect assertion inserted by the code generation of the range `stmt.parse_For_range()`. The issue arises when `start` is signed, instead of using `sle`, `le` is used and `start` is interpreted as an unsigned integer for the comparison. If it is a negative number, its 255th bit is set to `1` and is hence interpreted as a very large unsigned integer making the assertion always fail. Any contract having a `range(start, start + N)` where `start` is a signed integer with the possibility for `start` to be negative is affected. If a call goes through the loop while supplying a negative `start` the execution will revert. Version 0.4.0b1 fixes the issue. | 2024-04-25 | 5.3 | CVE-2024-32481 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
vyperlang -- vyper | Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available. | 2024-04-25 | 5.3 | CVE-2024-32645 security-advisories@github.com |
vyperlang -- vyper | Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double eval vulnerability when the buffer argument is either `msg.data`, `self.code` or `<address>.code` and either the `start` or `length` arguments have side-effects. It can be easily triggered only with the versions `<0.3.4` as `0.3.4` introduced the unique symbol fence. No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available. | 2024-04-25 | 5.3 | CVE-2024-32646 security-advisories@github.com |
vyperlang -- vyper | Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `create_from_blueprint` builtin can result in a double eval vulnerability when `raw_args=True` and the `args` argument has side-effects. It can be seen that the `_build_create_IR` function of the `create_from_blueprint` builtin doesn't cache the mentioned `args` argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions exist. | 2024-04-25 | 5.3 | CVE-2024-32647 security-advisories@github.com security-advisories@github.com |
vyperlang -- vyper | Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0, default functions don't respect nonreentrancy keys and the lock isn't emitted. No vulnerable production contracts were found. Additionally, using a lock on a `default` function is a very sparsely used pattern. As such, the impact is low. Version 0.3.0 contains a patch for the issue. | 2024-04-25 | 5.3 | CVE-2024-32648 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
vyperlang -- vyper | Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the `build_IR` function of the `sqrt` builtin doesn't cache the argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available. | 2024-04-25 | 5.3 | CVE-2024-32649 security-advisories@github.com |
watchdog -- watchdog_antivirus | Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002014 IOCTL code of the wsdk-driver.sys driver. | 2024-04-23 | 5.5 | CVE-2024-1241 help@fluidattacks.com help@fluidattacks.com |
webangon -- the_pack_elementor_addons | Server-Side Request Forgery (SSRF) vulnerability in Webangon The Pack Elementor.This issue affects The Pack Elementor addons: from n/a through 2.0.8.2. | 2024-04-24 | 4.9 | CVE-2024-32718 audit@patchstack.com |
webtoffee -- import_export_wordpress_users | Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3. | 2024-04-24 | 5.4 | CVE-2024-32835 audit@patchstack.com |
webtoffee -- woocommerce_shipping_label | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce Shipping Label allows Stored XSS.This issue affects WooCommerce Shipping Label: from n/a through 2.3.8. | 2024-04-24 | 5.9 | CVE-2024-32834 audit@patchstack.com |
welotec -- smart_ems | An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames. | 2024-04-23 | 6.5 | CVE-2024-3911 info@cert.vde.com |
wp_republic -- hide_dashboard_notifications | Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Dashboard Notifications.This issue affects Hide Dashboard Notifications: from n/a through 1.2.3. | 2024-04-26 | 4.3 | CVE-2024-33683 audit@patchstack.com |
wp_royal -- royal_elementor_kit | Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Royal Elementor Kit.This issue affects Royal Elementor Kit: from n/a through 1.0.116. | 2024-04-24 | 4.3 | CVE-2024-32773 audit@patchstack.com |
wpclever -- wpc_composite_products_for_woocommerce | The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooco_components[0][name]' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing authorization on the ajax_save_components function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-27 | 6.4 | CVE-2024-2838 security@wordfence.com security@wordfence.com |
wpclever -- wpc_frequently_bought_together_for_woocommerce | Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.0.3. | 2024-04-22 | 4.3 | CVE-2024-32687 audit@patchstack.com |
wpdevteam -- essential_addons_for_elementor_-_best_elementor_templates,_widgets,_kits_&_woocommerce_builders | The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and ajax_eael_product_gallery() functions. This makes it possible for unauthenticated attackers to extract posts that may be in private or draft status. | 2024-04-25 | 5.3 | CVE-2024-3733 security@wordfence.com security@wordfence.com |
wpmet -- wp_ultimate_review | Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5. | 2024-04-22 | 5.3 | CVE-2024-32684 audit@patchstack.com |
wproyal -- royal_elementor_addons_and_templates | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget containers in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-23 | 6.5 | CVE-2024-2798 security@wordfence.com security@wordfence.com |
wproyal -- royal_elementor_addons_and_templates | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including, 1.3.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-23 | 6.4 | CVE-2024-2799 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wproyal -- royal_elementor_addons_and_templates | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Accordion widget in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes like 'accordion_title_tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-23 | 6.4 | CVE-2024-3889 security@wordfence.com security@wordfence.com |
xfinity_soft -- order_limit_for_woocommerce | Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.This issue affects Order Limit for WooCommerce: from n/a through 2.0.0. | 2024-04-24 | 6.5 | CVE-2024-32675 audit@patchstack.com |
xtemos -- woodmart | Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4. | 2024-04-24 | 5.3 | CVE-2023-25790 audit@patchstack.com |
yith -- yith_woocommerce_compare | Cross-Site Request Forgery (CSRF) vulnerability in YITH YITH WooCommerce Compare.This issue affects YITH WooCommerce Compare: from n/a through 2.37.0. | 2024-04-24 | 4.3 | CVE-2024-32699 audit@patchstack.com |
zitadel -- zitadel | ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a `Lockout Policy` with a maximum amount of failed password check attempts, there was no such mechanism for (T)OTP checks. This issue has been patched in version 2.50.0. | 2024-04-26 | 6.5 | CVE-2024-32868 security-advisories@github.com security-advisories@github.com |
N/A -- N/A | In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink. | 2024-04-26 | 6 | CVE-2022-48682 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
N/A -- N/A | An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS queries to the Pwned Password API to more easily brute force passwords that are manually typed by the user. | 2024-04-26 | 6.1 | CVE-2024-33669 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
N/A -- N/A | Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact the appearance and user interaction of the page. | 2024-04-26 | 4.3 | CVE-2024-33670 cve@mitre.org cve@mitre.org cve@mitre.org |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
dell -- dell_repository_manager_(drm) | Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with the privileges of the running web application. | 2024-04-24 | 3.3 | CVE-2024-28977 security_alert@emc.com |
ezviz -- cs-c6-21wfr-8 | A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as problematic. This affects an unknown part of the component Davinci Application. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-261789 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-23 | 3.7 | CVE-2024-4063 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
hualai_xiaofang -- isc5 | A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-261788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-23 | 3.7 | CVE-2024-4062 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- online_furniture_shopping_ecommerce_website | A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been classified as problematic. Affected is an unknown function of the file search.php. The manipulation of the argument txtSearch leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261798 is the identifier assigned to this vulnerability. | 2024-04-23 | 3.5 | CVE-2024-4072 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- online_furniture_shopping_ecommerce_website | A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file prodList.php. The manipulation of the argument prodType leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261799. | 2024-04-23 | 3.5 | CVE-2024-4073 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- online_furniture_shopping_ecommerce_website | A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file prodInfo.php. The manipulation of the argument prodId leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261800. | 2024-04-23 | 3.5 | CVE-2024-4074 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- online_furniture_shopping_ecommerce_website | A vulnerability classified as problematic has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file login.php. The manipulation of the argument txtAddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261801 was assigned to this vulnerability. | 2024-04-23 | 3.5 | CVE-2024-4075 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kubernetes -- kubernetes | A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account's secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated. | 2024-04-22 | 2.7 | CVE-2024-3177 jordan@liggitt.net jordan@liggitt.net jordan@liggitt.net jordan@liggitt.net |
l2c2technologies -- koha | A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2"><TEST> leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 950fc8e101886821879066b33e389a47fb0a9782. It is recommended to upgrade the affected component. The identifier VDB-261677 was assigned to this vulnerability. | 2024-04-22 | 3.5 | CVE-2018-25101 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
mattermost -- mattermost | Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 and 8.1.x <= 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request paths | 2024-04-26 | 3.1 | CVE-2024-22091 responsibledisclosure@mattermost.com |
mattermost -- mattermost | Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests. | 2024-04-26 | 2.7 | CVE-2024-4195 responsibledisclosure@mattermost.com |
mattermost -- mattermost | Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests. | 2024-04-26 | 2.7 | CVE-2024-4198 responsibledisclosure@mattermost.com |
netgear -- dg834gv5 | A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-26 | 2.7 | CVE-2024-4235 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- doctor_appointment_management_system | A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262225 was assigned to this vulnerability. | 2024-04-27 | 3.5 | CVE-2024-4293 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
quiz_maker_team -- quiz_maker | Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4. | 2024-04-24 | 3.7 | CVE-2023-23985 audit@patchstack.com |
techkshetra_info_solutions -- savsoft_quiz | A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /public/index.php/Qbank/editCategory of the component Category Page. The manipulation of the argument category_name with the input ><script>alert('XSS')</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-27 | 2.4 | CVE-2024-4256 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
thimo_grauerholz -- wp-spreadplugin | A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulation of the argument Spreadplugin leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.8.6.6 is able to address this issue. The name of the patch is a9b9afc641854698e80aa5dd9ababfc8e0e57d69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-261676. | 2024-04-21 | 3.5 | CVE-2015-10132 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tillitis -- tkey-device-signer | The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey's data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications integrating tkey-device-signer should upgrade to version 1.0.0 to receive a fix. No known workarounds are available. | 2024-04-23 | 2.2 | CVE-2024-32482 security-advisories@github.com security-advisories@github.com |
willmot -- backupwordpress | The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse directories outside of the context in which the plugin should allow. | 2024-04-27 | 2.7 | CVE-2024-3034 security@wordfence.com security@wordfence.com |
xpdf -- xpdf | Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. | 2024-04-24 | 2.9 | CVE-2024-4141 xpdf@xpdfreader.com |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache_software_foundation -- apache_airflow_ftp_provider | Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.create_default_context() during FTP_TLS instantiation is used as mitigation to validate the certificates properly. This issue affects Apache Airflow FTP Provider: before 3.7.0. Users are recommended to upgrade to version 3.7.0, which fixes the issue. | 2024-04-21 | not yet calculated | CVE-2024-29733 security@apache.org security@apache.org security@apache.org security@apache.org |
apache_software_foundation -- apache_answer | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue. | 2024-04-21 | not yet calculated | CVE-2024-29217 security@apache.org |
apache_software_foundation -- apache_hugegraph-hubble | Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue. | 2024-04-22 | not yet calculated | CVE-2024-27347 security@apache.org |
apache_software_foundation -- apache_hugegraph-hubble | RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. | 2024-04-22 | not yet calculated | CVE-2024-27348 security@apache.org security@apache.org |
apache_software_foundation -- apache_hugegraph-hubble | Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue. | 2024-04-22 | not yet calculated | CVE-2024-27349 security@apache.org |
apple -- ios_and_ipados | This issue was addressed through improved state management. This issue is fixed in iOS 17.3 and iPadOS 17.3. Locked Notes content may have been unexpectedly unlocked. | 2024-04-24 | not yet calculated | CVE-2024-23228 product-security@apple.com |
apple -- ios_and_ipados | A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior. | 2024-04-24 | not yet calculated | CVE-2024-23271 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- itunes_for_windows | A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. | 2024-04-26 | not yet calculated | CVE-2022-48611 product-security@apple.com |
apple -- macos | The issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, tvOS 17.3, macOS Ventura 13.6.4, iOS 16.7.5 and iPadOS 16.7.5, macOS Monterey 12.7.3, macOS Sonoma 14.3. An app may be able to corrupt coprocessor memory. | 2024-04-24 | not yet calculated | CVE-2024-27791 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
arm -- arm_v8-m_security_extensions_requirements_on_development_tools | Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state. | 2024-04-24 | not yet calculated | CVE-2024-0151 arm-security@arm.com |
cisco -- cisco_telepresence_management_suite_(tms) | A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2024-04-24 | not yet calculated | CVE-2023-20248 ykramarz@cisco.com |
ivanti -- avalanche | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | 2024-04-25 | not yet calculated | CVE-2024-23527 support@hackerone.com |
ivanti -- connect_secure | An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions. | 2024-04-25 | not yet calculated | CVE-2024-29205 support@hackerone.com |
linux -- linux | In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set to NULL. [jmoyer@redhat.com: fix 80 column issue] | 2024-04-26 | not yet calculated | CVE-2023-52646 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
linux -- linux | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place. | 2024-04-23 | not yet calculated | CVE-2024-26922 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
linux -- linux | In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two consecutive passes of scan_children() may see a different set of children. Leading to an incorrectly elevated inflight count, and then a dangling pointer within the gc_inflight_list. sockets are AF_UNIX/SOCK_STREAM S is an unconnected socket L is a listening in-flight socket bound to addr, not in fdtable V's fd will be passed via sendmsg(), gets inflight count bumped connect(S, addr) sendmsg(S, [V]); close(V) __unix_gc() ---------------- ------------------------- ----------- NS = unix_create1() skb1 = sock_wmalloc(NS) L = unix_find_other(addr) unix_state_lock(L) unix_peer(S) = NS // V count=1 inflight=0 NS = unix_peer(S) skb2 = sock_alloc() skb_queue_tail(NS, skb2[V]) // V became in-flight // V count=2 inflight=1 close(V) // V count=1 inflight=1 // GC candidate condition met for u in gc_inflight_list: if (total_refs == inflight_refs) add u to gc_candidates // gc_candidates={L, V} for u in gc_candidates: scan_children(u, dec_inflight) // embryo (skb1) was not // reachable from L yet, so V's // inflight remains unchanged __skb_queue_tail(L, skb1) unix_state_unlock(L) for u in gc_candidates: if (u.inflight) scan_children(u, inc_inflight_move_tail) // V count=1 inflight=2 (!) If there is a GC-candidate listening socket, lock/unlock its state. This makes GC wait until the end of any ongoing connect() to that socket. After flipping the lock, a possibly SCM-laden embryo is already enqueued. And if there is another embryo coming, it can not possibly carry SCM_RIGHTS. At this point, unix_inflight() can not happen because unix_gc_lock is already taken. Inflight graph remains unaffected. | 2024-04-25 | not yet calculated | CVE-2024-26923 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
linux -- linux | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... add_elem("0000000X") timeout 100 ms del_elem("0000000X") <---------------- delete one that was just added ... add_elem("00005000") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano) | 2024-04-25 | not yet calculated | CVE-2024-26924 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
linux -- linux | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called. | 2024-04-25 | not yet calculated | CVE-2024-26925 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
linux -- linux | In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. This avoids later complications when unwinding the objects gets harder. It is worth noting this check existed prior to commit 7a67a39320df ("binder: add function to copy binder object from buffer"), likely removed due to redundancy at the time. | 2024-04-25 | not yet calculated | CVE-2024-26926 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
openssl -- openssl | Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL pkey command line application. For that reason that application is also vulnerable if used with the '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. | 2024-04-25 | not yet calculated | CVE-2023-6237 openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org |
roamwifi_technology_co._ltd. -- roamwifi_r10 | Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized operations. | 2024-04-24 | not yet calculated | CVE-2024-31406 vultures@jpcert.or.jp vultures@jpcert.or.jp |
roamwifi_technology_co._ltd. -- roamwifi_r10 | Insertion of sensitive information into log file issue exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may obtain sensitive information. | 2024-04-24 | not yet calculated | CVE-2024-32051 vultures@jpcert.or.jp vultures@jpcert.or.jp |
unknown -- advanced_search | The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations. | 2024-04-25 | not yet calculated | CVE-2024-3265 contact@wpscan.com |
unknown -- agca_ | The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-04-25 | not yet calculated | CVE-2024-2907 contact@wpscan.com |
unknown -- bannerlid | The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators | 2024-04-26 | not yet calculated | CVE-2024-3048 contact@wpscan.com |
unknown -- better_comments | The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-04-24 | not yet calculated | CVE-2024-2402 contact@wpscan.com |
unknown -- better_comments | The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks. | 2024-04-24 | not yet calculated | CVE-2024-2404 contact@wpscan.com |
unknown -- call_now_button_ | The Call Now Button WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-04-26 | not yet calculated | CVE-2024-2908 contact@wpscan.com |
unknown -- enl_newsletter | The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | 2024-04-26 | not yet calculated | CVE-2024-3058 contact@wpscan.com |
unknown -- enl_newsletter | The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack | 2024-04-26 | not yet calculated | CVE-2024-3059 contact@wpscan.com |
unknown -- enl_newsletter | The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks | 2024-04-26 | not yet calculated | CVE-2024-3060 contact@wpscan.com |
unknown -- fancy_product_designer | The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users | 2024-04-26 | not yet calculated | CVE-2024-0905 contact@wpscan.com |
unknown -- floating_chat_widget:_contact_chat_icons_whatsapp_telegram_chat_line_messenger_wechat_email_sms_call_button_ | The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-04-24 | not yet calculated | CVE-2024-2972 contact@wpscan.com |
unknown -- import_wp_ | The Import WP WordPress plugin before 2.13.1 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. | 2024-04-24 | not yet calculated | CVE-2023-7253 contact@wpscan.com |
unknown -- mm-email2image | The MM-email2image WordPress plugin through 0.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2024-04-26 | not yet calculated | CVE-2024-3075 contact@wpscan.com |
unknown -- mm-email2image | The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | 2024-04-26 | not yet calculated | CVE-2024-3076 contact@wpscan.com |
unknown -- salon_booking_system | The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2024-04-26 | not yet calculated | CVE-2024-2429 contact@wpscan.com |
unknown -- salon_booking_system | The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-04-26 | not yet calculated | CVE-2024-2439 contact@wpscan.com |
unknown -- salon_booking_system | The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-04-26 | not yet calculated | CVE-2024-2603 contact@wpscan.com |
unknown -- social_sharing_plugin_ | The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2024-04-26 | not yet calculated | CVE-2024-2159 contact@wpscan.com |
unknown -- strong_testimonials | The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed | 2024-04-24 | not yet calculated | CVE-2024-3261 contact@wpscan.com |
unknown -- tickera_ | The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets. | 2024-04-22 | not yet calculated | CVE-2023-7252 contact@wpscan.com |
unknown -- woocommerce_customers_manager | The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2024-04-24 | not yet calculated | CVE-2024-1743 contact@wpscan.com |
unknown -- woocommerce_customers_manager | The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name | 2024-04-24 | not yet calculated | CVE-2024-1756 contact@wpscan.com |
unknown -- wp_chat_app | The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2024-04-26 | not yet calculated | CVE-2024-2837 contact@wpscan.com |
unknown -- wp_google_review_slider | The WP Google Review Slider WordPress plugin before 13.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-04-26 | not yet calculated | CVE-2024-2310 contact@wpscan.com |
unknown -- wp_shortcodes_plugin_-_shortcodes_ultimate | The WP Shortcodes Plugin - Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2024-04-26 | not yet calculated | CVE-2024-3188 contact@wpscan.com |
wpmu_dev -- forminator | Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition. | 2024-04-23 | not yet calculated | CVE-2024-28890 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
wpmu_dev -- forminator | Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any information in the database and cause a denial-of-service (DoS) condition. | 2024-04-23 | not yet calculated | CVE-2024-31077 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
N/A -- N/A | A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter. | 2024-04-22 | not yet calculated | CVE-2022-34560 cve@mitre.org cve@mitre.org |
N/A -- N/A | A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter. | 2024-04-22 | not yet calculated | CVE-2022-34561 cve@mitre.org cve@mitre.org |
N/A -- N/A | A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box. | 2024-04-22 | not yet calculated | CVE-2022-34562 cve@mitre.org cve@mitre.org |
N/A -- N/A | Improper verification of a user input in Open Source MANO v7-v12 allows an authenticated attacker to execute arbitrary code within the LCM module container via a Virtual Network Function (VNF) descriptor. An attacker may be able execute code to change the normal execution of the OSM components, retrieve confidential information, or gain access other parts of a Telco Operator infrastructure other than OSM itself. | 2024-04-22 | not yet calculated | CVE-2022-35503 cve@mitre.org cve@mitre.org |
N/A -- N/A | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions. | 2024-04-22 | not yet calculated | CVE-2022-46897 cve@mitre.org |
N/A -- N/A | JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory with Insecure Permissions. This allows privilege escalation to SYSTEM via a repair action in the installer. | 2024-04-26 | not yet calculated | CVE-2023-26603 cve@mitre.org cve@mitre.org |
N/A -- N/A | Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc (versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13' ; versionCode='9021203', versionName='9.0212.03') that allows local third-party apps to execute arbitrary shell commands in its context (system user) due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.evenwell.fqc app. No user interaction is required beyond installing and running a third-party app. The vulnerability allows local apps to access sensitive functionality that is generally restricted to pre-installed apps, such as programmatically performing the following actions: granting arbitrary permissions (which can be used to obtain sensitive user data), installing arbitrary apps, video recording the screen, wiping the device (removing the user's apps and data), injecting arbitrary input events, calling emergency phone numbers, disabling apps, accessing notifications, and much more. The software build fingerprints for each confirmed vulnerable device are as follows: BLU View 2 (BLU/B131DL/B130DL:11/RP1A.200720.011/1672046950:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1663816427:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1656476696:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1647856638:user/release-keys) and Sharp Rouvo V (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_460:user/release-keys and SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys). This malicious app starts an exported activity named com.evenwell.fqc/.activity.ClickTest, crashes the com.evenwell.fqc app by sending an empty Intent (i.e., having not extras) to the com.evenwell.fqc/.FQCBroadcastReceiver receiver component, and then it sends command arbitrary shell commands to the com.evenwell.fqc/.FQCService service component which executes them with "system" privileges. | 2024-04-22 | not yet calculated | CVE-2023-38290 cve@mitre.org |
N/A -- N/A | An issue was discovered in a third-party component related to ro.boot.wifimacaddr, shipped on devices from multiple device manufacturers. Various software builds for the following TCL devices (30Z and 10L) and Motorola devices (Moto G Pure and Moto G Power) leak the Wi-Fi MAC address to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: TCL A3X (TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAAZ:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB3:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB7:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABA:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABM:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABP:user/release-keys, and TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABS:user/release-keys); TCL 10L (TCL/T770B/T1_LITE:10/QKQ1.200329.002/3CJ0:user/release-keys and TCL/T770B/T1_LITE:11/RKQ1.210107.001/8BIC:user/release-keys); Motorola Moto G Pure (motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-2/74844:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-7/5cde8:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-10/d67faa:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-13/b4a29:user/release-keys, motorola/ellis_trac/ellis:12/S3RH32.20-42-10/1c2540:user/release-keys, motorola/ellis_trac/ellis:12/S3RHS32.20-42-13-2-1/6368dd:user/release-keys, motorola/ellis_a/ellis:11/RRH31.Q3-46-50-2/20fec:user/release-keys, motorola/ellis_vzw/ellis:11/RRH31.Q3-46-138/103bd:user/release-keys, motorola/ellis_vzw/ellis:11/RRHS31.Q3-46-138-2/e5502:user/release-keys, and motorola/ellis_vzw/ellis:12/S3RHS32.20-42-10-14-2/5e0b0:user/release-keys); and Motorola Moto G Power (motorola/tonga_g/tonga:11/RRQ31.Q3-68-16-2/e5877:user/release-keys and motorola/tonga_g/tonga:12/S3RQS32.20-42-10-6/f876d3:user/release-keys). This malicious app reads from the "ro.boot.wifimacaddr" system property to indirectly obtain the Wi-Fi MAC address. | 2024-04-22 | not yet calculated | CVE-2023-38291 cve@mitre.org |
N/A -- N/A | Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy (versionCode='2', versionName='v11.0.1.0.0201.0') that allows local third-party apps to programmatically perform a factory reset due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.tct.gcs.hiddenmenuproxy app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable build are as follows: TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB83-0:user/release-keys. This malicious app sends a broadcast intent to the exported com.tct.gcs.hiddenmenuproxy/.rtn.FactoryResetReceiver receiver component, which initiates a programmatic factory reset. | 2024-04-22 | not yet calculated | CVE-2023-38292 cve@mitre.org |
N/A -- N/A | Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus (versionCode='31', versionName='12') that allows local third-party apps to execute arbitrary AT commands in its context (radio user) via AT command injection due to inadequate access control and inadequate input filtering. No permissions or special privileges are necessary to exploit the vulnerability in the com.tracfone.tfstatus app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable device are as follows: Nokia C200 (Nokia/Drake_02US/DRK:12/SP1A.210812.016/02US_1_080:user/release-keys and Nokia/Drake_02US/DRK:12/SP1A.210812.016/02US_1_040:user/release-keys) and Nokia C100 (Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_270:user/release-keys, Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_190:user/release-keys, Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_130:user/release-keys, Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_110:user/release-keys, Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_080:user/release-keys, and Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_050:user/release-keys). This malicious app sends a broadcast Intent to the receiver component named com.tracfone.tfstatus/.TFStatus. This broadcast receiver extracts a string from the Intent and uses it as an extra when it starts the com.tracfone.tfstatus/.TFStatusActivity activity component which uses the externally controlled string as an input to execute an AT command. There are two different injection techniques to successfully inject arbitrary AT commands to execute. | 2024-04-22 | not yet calculated | CVE-2023-38293 cve@mitre.org |
N/A -- N/A | Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory (versionCode='7', versionName='1.8.0(220310_1027)') that allows local third-party apps to execute arbitrary shell commands in its context (system user) due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.transsion.autotest.factory app. No user interaction is required beyond installing and running a third-party app. The vulnerability allows local apps to access sensitive functionality that is generally restricted to pre-installed apps, such as programmatically performing the following actions: granting arbitrary permissions (which can be used to obtain sensitive user data), installing arbitrary apps, video recording the screen, wiping the device (removing the user's apps and data), injecting arbitrary input events, calling emergency phone numbers, disabling apps, accessing notifications, and much more. The confirmed vulnerable software build fingerprints for the Itel Vision 3 Turbo device are as follows: Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V92-20230105:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V86-20221118:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V78-20221101:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V64-20220803:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V61-20220721:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V58-20220712:user/release-keys, and Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V051-20220613:user/release-keys. This malicious app sends a broadcast Intent to the receiver component named com.transsion.autotest.factory/.broadcast.CommandReceiver with the path to a shell script that it creates in its scoped storage directory. Then the com.transsion.autotest.factory app will execute the shell script with "system" privileges. | 2024-04-22 | not yet calculated | CVE-2023-38294 cve@mitre.org cve@mitre.org |
N/A -- N/A | Certain software builds for the TCL 30Z and TCL 10 Android devices contain a vulnerable, pre-installed app that relies on a missing permission that provides no protection at runtime. The missing permission is required as an access permission by components in various pre-installed apps. On the TCL 30Z device, the vulnerable app has a package name of com.tcl.screenrecorder (versionCode='1221092802', versionName='v5.2120.02.12008.1.T' ; versionCode='1221092805', versionName='v5.2120.02.12008.2.T'). On the TCL 10L device, the vulnerable app has a package name of com.tcl.sos (versionCode='2020102827', versionName='v3.2014.12.1012.B'). When a third-party app declares and requests the missing permission, it can interact with certain service components in the aforementioned apps (that execute with "system" privileges) to perform arbitrary files reads/writes in its context. An app exploiting this vulnerability only needs to declare and request the single missing permission and no user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable device are as follows: TCL 10L (TCL/T770B/T1_LITE:11/RKQ1.210107.001/8BIC:user/release-keys) and TCL 30Z (TCL/4188R/Jetta_ATT:12/SP1A.210812.016/LV8E:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU5P:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU61:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU66:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU68:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6P:user/release-keys, and TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6X:user/release-keys). This malicious app declares the missing permission named com.tct.smart.switchphone.permission.SWITCH_DATA as a normal permission, requests the missing permission, and uses it to interact with the com.tct.smart.switchdata.DataService service component that is declared in vulnerable apps that execute with "system" privileges to perform arbitrary file reads/writes. | 2024-04-22 | not yet calculated | CVE-2023-38295 cve@mitre.org |
N/A -- N/A | Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: TCL 30Z (TCL/4188R/Jetta_ATT:12/SP1A.210812.016/LV8E:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU5P:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU61:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU66:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU68:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6P:user/release-keys, and TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6X:user/release-keys) and TCL A3X (TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAAZ:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB3:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB7:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABA:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABM:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABP:user/release-keys, and TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABS:user/release-keys). This malicious app reads from the "persist.sys.tctPowerIccid" system property to indirectly obtain the ICCID. | 2024-04-22 | not yet calculated | CVE-2023-38296 cve@mitre.org |
N/A -- N/A | An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of com.factory.mmigroup (versionCode='3', versionName='2.1) that allows local third-party apps to perform various actions, due to inadequate access control, in its context (system user), but the functionalities exposed depend on the specific device. The following capabilities are exposed to zero-permission, third-party apps on the following devices: arbitrary AT command execution via AT command injection (T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, and Boost Mobile Celero 5G); programmatic factory reset (Samsung Galaxy A03S, T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, Boost Mobile Celero, Realme C25Y, and Lenovo Tab M8 HD), leaking IMEI (Samsung Galaxy A03S, T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, Boost Mobile Celero, and Realme C25Y); leaking serial number (Samsung Galaxy A03s, T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, Boost Mobile Celero, Realme C25Y, and Lenovo Tab M8 HD); powering off the device (Realme C25Y, Samsung Galaxy A03S, and T-Mobile Revvl 6 Pro 5G); and programmatically enabling/disabling airplane mode (Samsung Galaxy A03S, T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, Boost Mobile Celero, and Realme C25Y); and enabling Wi-Fi, Bluetooth, and GPS (Samsung Galaxy A03S, T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, Boost Mobile Celero, and Realme C25Y). No permissions or special privileges are necessary to exploit the vulnerabilities in the com.factory.mmigroup app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable device are as follows: Boost Mobile Celero 5G (Celero5G/Jupiter/Jupiter:11/RP1A.200720.011/SW_S98119AA1_V067:user/release-keys, Celero5G/Jupiter/Jupiter:11/RP1A.200720.011/SW_S98119AA1_V064:user/release-keys, Celero5G/Jupiter/Jupiter:11/RP1A.200720.011/SW_S98119AA1_V061:user/release-keys, and Celero5G/Jupiter/Jupiter:11/RP1A.200720.011/SW_S98119AA1_V052:user/release-keys); Samsung Galaxy A03S (samsung/a03sutfn/a03su:13/TP1A.220624.014/S134DLUDU6CWB6:user/release-keys and samsung/a03sutfn/a03su:12/SP1A.210812.016/S134DLUDS5BWA1:user/release-keys); Lenovo Tab M8 HD (Lenovo/LenovoTB-8505F/8505F:10/QP1A.190711.020/S300637_220706_BMP:user/release-keys and Lenovo/LenovoTB-8505F/8505F:10/QP1A.190711.020/S300448_220114_BMP:user/release-keys); T-Mobile Revvl 6 Pro 5G (T-Mobile/Augusta/Augusta:12/SP1A.210812.016/SW_S98121AA1_V070:user/release-keys and T-Mobile/Augusta/Augusta:12/SP1A.210812.016/SW_S98121AA1_V066:user/release-keys); T-Mobile Revvl V+ 5G (T-Mobile/Sprout/Sprout:11/RP1A.200720.011/SW_S98115AA1_V077:user/release-keys and T-Mobile/Sprout/Sprout:11/RP1A.200720.011/SW_S98115AA1_V060:user/release-keys); and Realme C25Y (realme/RMX3269/RED8F6:11/RP1A.201005.001/1675861640000:user/release-keys, realme/RMX3269/RED8F6:11/RP1A.201005.001/1664031768000:user/release-keys, realme/RMX3269/RED8F6:11/RP1A.201005.001/1652814687000:user/release-keys, and realme/RMX3269/RED8F6:11/RP1A.201005.001/1635785712000:user/release-keys). This malicious app sends a broadcast Intent to com.factory.mmigroup/.MMIGroupReceiver. This causes the com.factory.mmigroup app to dynamically register for various action strings. The malicious app can then send these strings, allowing it to perform various behaviors that the com.factory.mmigroup app exposes. The actual behaviors exposed by the com.factory.mmigroup app depend on device model and chipset. The com.factory.mmigroup app executes as the "system" user, allowing it to interact with the baseband processor and perform various other sensitive actions. | 2024-04-22 | not yet calculated | CVE-2023-38297 cve@mitre.org |
N/A -- N/A | Various software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: TCL 30Z (TCL/4188R/Jetta_ATT:12/SP1A.210812.016/LV8E:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU5P:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU61:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU66:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU68:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6P:user/release-keys, and TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6X:user/release-keys); TCL A3X (TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAAZ:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB3:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB7:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABA:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABM:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABP:user/release-keys, and TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABS:user/release-keys); TCL 20XE (TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB83-0:user/release-keys); and TCL 10L (TCL/T770B/T1_LITE:10/QKQ1.200329.002/3CJ0:user/release-keys and TCL/T770B/T1_LITE:11/RKQ1.210107.001/8BIC:user/release-keys). This malicious app reads from the "gsm.device.imei0" system property to indirectly obtain the device IMEI. | 2024-04-22 | not yet calculated | CVE-2023-38298 cve@mitre.org |
N/A -- N/A | Various software builds for the AT&T Calypso, Nokia C100, Nokia C200, and BLU View 3 devices leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: AT&T Calypso (ATT/U318AA/U318AA:10/QP1A.190711.020/1632369780:user/release-keys); Nokia C100 (Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_190:user/release-keys and Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_270:user/release-keys); Nokia C200 (Nokia/Drake_02US/DRK:12/SP1A.210812.016/02US_1_080:user/release-keys); and BLU View 3 (BLU/B140DL/B140DL:11/RP1A.200720.011/1628014629:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1632535579:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1637325978:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1650073052:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1657087912:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1666316280:user/release-keys, and BLU/B140DL/B140DL:11/RP1A.200720.011/1672371162:user/release-keys). This malicious app reads from the "persist.sys.imei1" system property to indirectly obtain the device IMEI. | 2024-04-22 | not yet calculated | CVE-2023-38299 cve@mitre.org |
N/A -- N/A | A certain software build for the Orbic Maui device (Orbic/RC545L/RC545L:10/ORB545L_V1.4.2_BVZPP/230106:user/release-keys) leaks the IMEI and the ICCID to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in this instance they are leaked by a high-privilege process and can be obtained indirectly. This malicious app reads from the "persist.sys.verizon_test_plan_imei" system property to indirectly obtain the IMEI and reads the "persist.sys.verizon_test_plan_iccid" system property to obtain the ICCID. | 2024-04-22 | not yet calculated | CVE-2023-38300 cve@mitre.org |
N/A -- N/A | An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and T-Mobile Revvl V+ 5G devices leak the device serial number to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: BLU View 2 (BLU/B131DL/B130DL:11/RP1A.200720.011/1672046950:user/release-keys); Boost Mobile Celero 5G (Celero5G/Jupiter/Jupiter:11/RP1A.200720.011/SW_S98119AA1_V067:user/release-keys); Sharp Rouvo V (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys); Motorola Moto G Pure (motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-2/74844:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-7/5cde8:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-10/d67faa:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-13/b4a29:user/release-keys, motorola/ellis_trac/ellis:12/S3RH32.20-42-10/1c2540:user/release-keys, motorola/ellis_trac/ellis:12/S3RHS32.20-42-13-2-1/6368dd:user/release-keys, motorola/ellis_a/ellis:11/RRH31.Q3-46-50-2/20fec:user/release-keys, motorola/ellis_vzw/ellis:11/RRH31.Q3-46-138/103bd:user/release-keys, motorola/ellis_vzw/ellis:11/RRHS31.Q3-46-138-2/e5502:user/release-keys, and motorola/ellis_vzw/ellis:12/S3RHS32.20-42-10-14-2/5e0b0:user/release-keys); Motorola Moto G Power (motorola/tonga_g/tonga:11/RRQ31.Q3-68-16-2/e5877:user/release-keys and motorola/tonga_g/tonga:12/S3RQS32.20-42-10-6/f876d3:user/release-keys); T-Mobile Revvl 6 Pro 5G (T-Mobile/Augusta/Augusta:12/SP1A.210812.016/SW_S98121AA1_V070:user/release-keys); and T-Mobile Revvl V+ 5G (T-Mobile/Sprout/Sprout:11/RP1A.200720.011/SW_S98115AA1_V077:user/release-keys). This malicious app reads from the "vendor.gsm.serial" system property to indirectly obtain the device serial number. | 2024-04-22 | not yet calculated | CVE-2023-38301 cve@mitre.org |
N/A -- N/A | A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys) leaks the Wi-Fi MAC address and the Bluetooth MAC address to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in this instance they are leaked by a high-privilege process and can be obtained indirectly. This malicious app reads from the "ro.boot.wifi_mac" system property to indirectly obtain the Wi-Fi MAC address and reads the "ro.boot.bt_mac" system property to obtain the Bluetooth MAC address. | 2024-04-22 | not yet calculated | CVE-2023-38302 cve@mitre.org |
N/A -- N/A | An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could lead to possible circumstances where the data immediately following the command buffer could be destroyed with a fixed value. This is fixed in kernel 5.2 v05.28.45, kernel 5.3 v05.37.45, kernel 5.4 v05.45.45, kernel 5.5 v05.53.45, and kernel 5.6 v05.60.45. | 2024-04-26 | not yet calculated | CVE-2023-47252 cve@mitre.org |
N/A -- N/A | QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval. | 2024-04-23 | not yet calculated | CVE-2023-48183 cve@mitre.org cve@mitre.org |
N/A -- N/A | QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures. | 2024-04-23 | not yet calculated | CVE-2023-48184 cve@mitre.org |
N/A -- N/A | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. | 2024-04-26 | not yet calculated | CVE-2023-51794 cve@mitre.org |
N/A -- N/A | Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hmsg parameter. This vulnerability is triggered via a crafted POST request. | 2024-04-26 | not yet calculated | CVE-2024-22632 cve@mitre.org |
N/A -- N/A | Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request. | 2024-04-26 | not yet calculated | CVE-2024-22633 cve@mitre.org |
N/A -- N/A | An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption. | 2024-04-22 | not yet calculated | CVE-2024-22807 cve@mitre.org |
N/A -- N/A | An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the card's name in the device memory. | 2024-04-22 | not yet calculated | CVE-2024-22808 cve@mitre.org |
N/A -- N/A | Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code's shared folder and view sensitive information. | 2024-04-22 | not yet calculated | CVE-2024-22809 cve@mitre.org |
N/A -- N/A | An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the Hostmot2 configuration cookie in the device memory. | 2024-04-22 | not yet calculated | CVE-2024-22811 cve@mitre.org |
N/A -- N/A | An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to overwrite the hardcoded IP address in the device memory, disrupting network connectivity between the router and the controller. | 2024-04-22 | not yet calculated | CVE-2024-22813 cve@mitre.org |
N/A -- N/A | An issue in the communication protocol of Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) via crafted commands. | 2024-04-22 | not yet calculated | CVE-2024-22815 cve@mitre.org |
N/A -- N/A | A SQL injection vulnerability via the Save Favorite Search function in Axefinance Axe Credit Portal >= v.3.0 allows authenticated attackers to execute unintended queries and disclose sensitive information from DB tables via crafted requests. | 2024-04-22 | not yet calculated | CVE-2024-22856 cve@mitre.org |
N/A -- N/A | Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords. | 2024-04-26 | not yet calculated | CVE-2024-25343 cve@mitre.org cve@mitre.org |
N/A -- N/A | SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters. | 2024-04-22 | not yet calculated | CVE-2024-27574 cve@mitre.org |
N/A -- N/A | SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a crafted POST request. | 2024-04-26 | not yet calculated | CVE-2024-28322 cve@mitre.org cve@mitre.org |
N/A -- N/A | Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings. | 2024-04-26 | not yet calculated | CVE-2024-28325 cve@mitre.org cve@mitre.org |
N/A -- N/A | Incorrect Access Control in Asus RT-N12+ B1 routers allows local attackers to obtain root terminal access via the the UART interface. | 2024-04-26 | not yet calculated | CVE-2024-28326 cve@mitre.org cve@mitre.org |
N/A -- N/A | Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings. | 2024-04-26 | not yet calculated | CVE-2024-28327 cve@mitre.org cve@mitre.org |
N/A -- N/A | CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format. | 2024-04-26 | not yet calculated | CVE-2024-28328 cve@mitre.org cve@mitre.org |
N/A -- N/A | Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2590, DAP-2690, DAP-2695, DAP-3520, DAP-3662 allows a remote attacker to execute arbitrary code via the reload parameter in the session_login.php component. | 2024-04-22 | not yet calculated | CVE-2024-28436 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
N/A -- N/A | SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive information via the task_id parameter of the task-details.php, and edit-task.php component. | 2024-04-24 | not yet calculated | CVE-2024-28613 cve@mitre.org cve@mitre.org |
N/A -- N/A | An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file. | 2024-04-23 | not yet calculated | CVE-2024-28627 cve@mitre.org cve@mitre.org |
N/A -- N/A | A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code via the GString::copy() and ImgOutputDev::ImgOutputDev function. | 2024-04-22 | not yet calculated | CVE-2024-28699 cve@mitre.org cve@mitre.org cve@mitre.org |
N/A -- N/A | An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component. | 2024-04-22 | not yet calculated | CVE-2024-28717 cve@mitre.org cve@mitre.org |
N/A -- N/A | Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint | 2024-04-22 | not yet calculated | CVE-2024-28722 cve@mitre.org cve@mitre.org cve@mitre.org |
N/A -- N/A | An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content. | 2024-04-22 | not yet calculated | CVE-2024-29368 cve@mitre.org |
N/A -- N/A | Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book. | 2024-04-22 | not yet calculated | CVE-2024-29376 cve@mitre.org |
N/A -- N/A | Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component. | 2024-04-25 | not yet calculated | CVE-2024-29660 cve@mitre.org |
N/A -- N/A | A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload. | 2024-04-22 | not yet calculated | CVE-2024-29661 cve@mitre.org |
N/A -- N/A | An issue in PX4 Autopilot v1.14 and before allows a remote attacker to execute arbitrary code and cause a denial of service via the Breach Return Point function. | 2024-04-22 | not yet calculated | CVE-2024-30799 cve@mitre.org |
N/A -- N/A | PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function. | 2024-04-23 | not yet calculated | CVE-2024-30800 cve@mitre.org cve@mitre.org |
N/A -- N/A | An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests. | 2024-04-26 | not yet calculated | CVE-2024-30804 cve@mitre.org |
N/A -- N/A | A stored cross-site scripting (XSS) vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter. | 2024-04-23 | not yet calculated | CVE-2024-30886 cve@mitre.org |
N/A -- N/A | Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacker to obtain sensitive information via the categories.php component. | 2024-04-25 | not yet calculated | CVE-2024-30890 cve@mitre.org |
N/A -- N/A | An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure. | 2024-04-25 | not yet calculated | CVE-2024-30939 cve@mitre.org |
N/A -- N/A | A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams. | 2024-04-22 | not yet calculated | CVE-2024-31036 cve@mitre.org |
N/A -- N/A | An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate privileges via a crafted POST request to /admin/core/new_staff. | 2024-04-26 | not yet calculated | CVE-2024-31502 cve@mitre.org |
N/A -- N/A | Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6. | 2024-04-22 | not yet calculated | CVE-2024-31545 cve@mitre.org |
N/A -- N/A | Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request. | 2024-04-26 | not yet calculated | CVE-2024-31551 cve@mitre.org |
N/A -- N/A | Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted script | 2024-04-25 | not yet calculated | CVE-2024-31574 cve@mitre.org |
N/A -- N/A | An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component. | 2024-04-26 | not yet calculated | CVE-2024-31601 cve@mitre.org |
N/A -- N/A | Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration. | 2024-04-25 | not yet calculated | CVE-2024-31609 cve@mitre.org |
N/A -- N/A | File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file. | 2024-04-25 | not yet calculated | CVE-2024-31610 cve@mitre.org |
N/A -- N/A | ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php. | 2024-04-25 | not yet calculated | CVE-2024-31615 cve@mitre.org |
N/A -- N/A | An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the common_quick_config.lua file. | 2024-04-23 | not yet calculated | CVE-2024-31616 cve@mitre.org |
N/A -- N/A | An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component. | 2024-04-22 | not yet calculated | CVE-2024-31666 cve@mitre.org |
N/A -- N/A | Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login. | 2024-04-26 | not yet calculated | CVE-2024-31741 cve@mitre.org |
N/A -- N/A | cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. | 2024-04-26 | not yet calculated | CVE-2024-31755 cve@mitre.org |
N/A -- N/A | An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component. | 2024-04-23 | not yet calculated | CVE-2024-31804 cve@mitre.org cve@mitre.org cve@mitre.org |
N/A -- N/A | Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the URL. | 2024-04-26 | not yet calculated | CVE-2024-31828 cve@mitre.org |
N/A -- N/A | Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain user information etc. and alter the page contents on the user's web browser. | 2024-04-23 | not yet calculated | CVE-2024-31857 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
N/A -- N/A | An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component. | 2024-04-25 | not yet calculated | CVE-2024-32236 cve@mitre.org |
N/A -- N/A | H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface. | 2024-04-22 | not yet calculated | CVE-2024-32238 cve@mitre.org cve@mitre.org |
N/A -- N/A | The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM. | 2024-04-23 | not yet calculated | CVE-2024-32258 cve@mitre.org cve@mitre.org |
N/A -- N/A | Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc program. | 2024-04-25 | not yet calculated | CVE-2024-32324 cve@mitre.org |
N/A -- N/A | An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function. | 2024-04-25 | not yet calculated | CVE-2024-32358 cve@mitre.org cve@mitre.org |
N/A -- N/A | Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor FW Version 3.0 allows a local attacker to cause a denial of service via the Bluetooth Low Energy (BLE) component. | 2024-04-22 | not yet calculated | CVE-2024-32368 cve@mitre.org cve@mitre.org |
N/A -- N/A | An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 and RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request. | 2024-04-22 | not yet calculated | CVE-2024-32394 cve@mitre.org |
N/A -- N/A | Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component. | 2024-04-22 | not yet calculated | CVE-2024-32399 cve@mitre.org cve@mitre.org |
N/A -- N/A | Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature. | 2024-04-26 | not yet calculated | CVE-2024-32404 cve@mitre.org |
N/A -- N/A | Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function. | 2024-04-22 | not yet calculated | CVE-2024-32405 cve@mitre.org cve@mitre.org |
N/A -- N/A | Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function. | 2024-04-26 | not yet calculated | CVE-2024-32406 cve@mitre.org |
N/A -- N/A | An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. | 2024-04-22 | not yet calculated | CVE-2024-32407 cve@mitre.org cve@mitre.org |
N/A -- N/A | An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component. | 2024-04-22 | not yet calculated | CVE-2024-32418 cve@mitre.org |
N/A -- N/A | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in ip/goform/QuickIndex. | 2024-04-23 | not yet calculated | CVE-2024-33211 cve@mitre.org |
N/A -- N/A | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm. | 2024-04-23 | not yet calculated | CVE-2024-33212 cve@mitre.org |
N/A -- N/A | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic. | 2024-04-23 | not yet calculated | CVE-2024-33213 cve@mitre.org |
N/A -- N/A | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in ip/goform/RouteStatic. | 2024-04-23 | not yet calculated | CVE-2024-33214 cve@mitre.org |
N/A -- N/A | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat. | 2024-04-23 | not yet calculated | CVE-2024-33215 cve@mitre.org |
N/A -- N/A | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat. | 2024-04-23 | not yet calculated | CVE-2024-33217 cve@mitre.org |
N/A -- N/A | Sourcecodester Employee Task Management System v1.0 is vulnerable to SQL Injection via admin-manage-user.php. | 2024-04-25 | not yet calculated | CVE-2024-33247 cve@mitre.org |
N/A -- N/A | Jerryscript commit cefd391 was discovered to contain an Assertion Failure via ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p) in ecma_free_string_list. | 2024-04-26 | not yet calculated | CVE-2024-33255 cve@mitre.org |
N/A -- N/A | Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vm_loop at jerry-core/vm/vm.c. | 2024-04-26 | not yet calculated | CVE-2024-33258 cve@mitre.org |
N/A -- N/A | Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component scanner_seek at jerry-core/parser/js/js-scanner-util.c. | 2024-04-26 | not yet calculated | CVE-2024-33259 cve@mitre.org |
N/A -- N/A | Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c | 2024-04-26 | not yet calculated | CVE-2024-33260 cve@mitre.org |
N/A -- N/A | D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. | 2024-04-26 | not yet calculated | CVE-2024-33342 cve@mitre.org cve@mitre.org |
N/A -- N/A | D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. | 2024-04-26 | not yet calculated | CVE-2024-33343 cve@mitre.org cve@mitre.org |
N/A -- N/A | D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. | 2024-04-26 | not yet calculated | CVE-2024-33344 cve@mitre.org cve@mitre.org |
N/A -- N/A | cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM. | 2024-04-24 | not yet calculated | CVE-2024-33531 cve@mitre.org cve@mitre.org cve@mitre.org |
N/A -- N/A | Portainer before 2.20.0 allows redirects when the target is not index.yaml. | 2024-04-26 | not yet calculated | CVE-2024-33661 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
N/A -- N/A | python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. | 2024-04-26 | not yet calculated | CVE-2024-33663 cve@mitre.org |
N/A -- N/A | python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319. | 2024-04-26 | not yet calculated | CVE-2024-33664 cve@mitre.org cve@mitre.org |
N/A -- N/A | angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks. | 2024-04-26 | not yet calculated | CVE-2024-33665 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
N/A -- N/A | An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to agents. | 2024-04-26 | not yet calculated | CVE-2024-33666 cve@mitre.org |
N/A -- N/A | An issue was discovered in Zammad before 6.3.0. An authenticated agent could perform a remote Denial of Service attack by calling an endpoint that accepts a generic method name, which was not properly sanitized against an allowlist. | 2024-04-26 | not yet calculated | CVE-2024-33667 cve@mitre.org |
N/A -- N/A | An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to. | 2024-04-26 | not yet calculated | CVE-2024-33668 cve@mitre.org |
N/A -- N/A | phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. (This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library.) | 2024-04-27 | not yet calculated | CVE-2024-33851 cve@mitre.org |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.