Vulnerability Summary for the Week of September 30, 2024
Released
Oct 07, 2024
Document ID
SB24-281
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| n/a--n/a | An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication. | 2024-09-30 | 10 | CVE-2024-42017 cve@mitre.org cve@mitre.org |
| Cisco--Cisco Data Center Network Manager | A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted commands to an affected REST API endpoint or through the web UI. A successful exploit could allow the attacker to execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network-admin privileges. Note: This vulnerability does not affect Cisco NDFC when it is configured for storage area network (SAN) controller deployment. | 2024-10-02 | 9.9 | CVE-2024-20432 ykramarz@cisco.com |
| n/a--n/a | The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges. | 2024-10-01 | 9 | CVE-2024-25660 cve@mitre.org |
| Schneider Elektronik--Series 700 | An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS. | 2024-10-02 | 9.1 | CVE-2024-35293 info@cert.vde.com |
| n/a--n/a | A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their email for authorization after entering their login credentials. However, the request limiting mechanism can be easily bypassed, enabling attackers to perform a brute force attack to guess the correct PIN and gain unauthorized access to the application. | 2024-10-01 | 9.8 | CVE-2024-41276 cve@mitre.org cve@mitre.org |
| Optigo Networks--ONS-S8 Spectra Aggregation Switch | The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code. | 2024-10-03 | 9.8 | CVE-2024-41925 ics-cert@hq.dhs.gov |
| n/a--n/a | A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session. | 2024-10-01 | 9.1 | CVE-2024-42514 cve@mitre.org cve@mitre.org cve@mitre.org |
| Delta Electronics--DIAEnergie | Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product. | 2024-10-03 | 9.8 | CVE-2024-43699 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
| Vmaxstudio--Vmax Project Manager | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vmaxstudio Vmax Project Manager allows PHP Local File Inclusion, Code Injection.This issue affects Vmax Project Manager: from n/a through 1.0. | 2024-10-05 | 9.6 | CVE-2024-44014 audit@patchstack.com |
| Google--Android | According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server." | 2024-10-02 | 9.8 | CVE-2024-44097 dsap-vuln-management@google.com |
| n/a--n/a | FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials. | 2024-10-02 | 9.8 | CVE-2024-45186 cve@mitre.org |
| Cavok--Cavok | Cavok - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 2024-10-06 | 9.8 | CVE-2024-45249 cna@cyber.gov.il |
| Elsight--Halo version 11.7.1.5 | Elsight - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 2024-10-06 | 9.8 | CVE-2024-45251 cna@cyber.gov.il |
| Elsight--Halo version 11.7.1.5 | Elsight - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 2024-10-06 | 9.8 | CVE-2024-45252 cna@cyber.gov.il |
| Optigo Networks--ONS-S8 Spectra Aggregation Switch | The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password. | 2024-10-03 | 9.1 | CVE-2024-45367 ics-cert@hq.dhs.gov |
| zimbra -- collaboration | The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. | 2024-10-02 | 9.8 | CVE-2024-45519 cve@mitre.org cve@mitre.org |
| n/a--n/a | Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether the user is logged in as an admin or even check for a session token at all. | 2024-09-30 | 9.8 | CVE-2024-46293 cve@mitre.org |
| YITH--YITH WooCommerce Ajax Search | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Ajax Search allows SQL Injection.This issue affects YITH WooCommerce Ajax Search: from n/a through 2.8.0. | 2024-10-06 | 9.3 | CVE-2024-47350 audit@patchstack.com |
| planet -- gs-4210-24p2s_firmware | Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges. | 2024-09-30 | 9.8 | CVE-2024-8450 twcert@cert.org.tw twcert@cert.org.tw |
| planet -- gs-4210-24p2s_firmware | Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices. | 2024-09-30 | 9.8 | CVE-2024-8456 twcert@cert.org.tw twcert@cert.org.tw |
| xunhuweb--Wechat Social login QQ | The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. This is due to insufficient verification on the user being supplied during the social login. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This is only exploitable if the app secret is not set, so it has a default empty value. | 2024-10-01 | 9.8 | CVE-2024-9106 security@wordfence.com security@wordfence.com |
| xunhuweb--Wechat Social login QQ | The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convert_remoteimage_to_local' function in versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-10-01 | 9.8 | CVE-2024-9108 security@wordfence.com security@wordfence.com |
| CodeRevolution--Echo RSS Feed Post Generator | The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echo_check_post_header_sent() function. This makes it possible for unauthenticated attackers to register as an administrator. | 2024-10-01 | 9.8 | CVE-2024-9265 security@wordfence.com security@wordfence.com |
| RedefiningTheWeb--WordPress & WooCommerce Affiliate Program | The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callback() function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated attackers to log in as any user, including administrators, granted they have access to the administrator's email. | 2024-10-01 | 9.8 | CVE-2024-9289 security@wordfence.com security@wordfence.com |
| code-projects -- restaurant_reservation_system | A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-01 | 9.8 | CVE-2024-9359 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects -- restaurant_reservation_system | A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-01 | 9.8 | CVE-2024-9360 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Mozilla--Firefox | A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. | 2024-10-01 | 9.8 | CVE-2024-9392 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| Mozilla--Firefox | Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. | 2024-10-01 | 9.8 | CVE-2024-9401 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| Mozilla--Firefox | Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | 2024-10-01 | 9.8 | CVE-2024-9402 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| Linear--eMerge e3-Series | The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP. | 2024-10-02 | 9.8 | CVE-2024-9441 disclosure@vulncheck.com disclosure@vulncheck.com |
| Cisco--Cisco Small Business RV Series Router Firmware | A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin. | 2024-10-02 | 8.8 | CVE-2024-20393 ykramarz@cisco.com |
| Cisco--Cisco Data Center Network Manager | A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary code in a specific container with the privileges of root. | 2024-10-02 | 8.8 | CVE-2024-20449 ykramarz@cisco.com |
| Cisco--Cisco Meraki MX Firmware | Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. | 2024-10-02 | 8.6 | CVE-2024-20498 ykramarz@cisco.com |
| Cisco--Cisco Meraki MX Firmware | Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. | 2024-10-02 | 8.6 | CVE-2024-20499 ykramarz@cisco.com |
| Cisco--Cisco Meraki MX Firmware | Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. | 2024-10-02 | 8.6 | CVE-2024-20501 ykramarz@cisco.com |
| n/a--uplot | Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype. | 2024-10-01 | 8.2 | CVE-2024-21489 report@snyk.io report@snyk.io report@snyk.io |
| elabftw--elabftw | eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The vulnerability allows a regular user to become administrator of a team where they are a member, under a reasonable configuration. Additionally, in eLabFTW versions subsequent to v5.0.0, the vulnerability may allow an initially unauthenticated user to gain administrative privileges over an arbitrary team. The vulnerability does not affect system administrator status. Users should upgrade to version 5.1.0. System administrators are advised to turn off local user registration, saml_team_create and not allow administrators to import users into teams, unless strictly required. | 2024-10-01 | 8.6 | CVE-2024-25632 security-advisories@github.com |
| n/a--n/a | An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials. | 2024-09-30 | 8.8 | CVE-2024-28809 cve@mitre.org |
| n/a--n/a | An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management network interface) with hardcoded credentials allows attackers to access the appliance operating system (with highest privileges) via an SSH connection. | 2024-09-30 | 8.8 | CVE-2024-28812 cve@mitre.org |
| n/a--n/a | An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpected network interface. | 2024-09-30 | 8.4 | CVE-2024-28813 cve@mitre.org |
| Foxit--Foxit Reader | A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | 2024-10-02 | 8.8 | CVE-2024-28888 talos-cna@cisco.com talos-cna@cisco.com |
| GNOME Project--G Structured File Library (libgsf) | An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2024-10-03 | 8.4 | CVE-2024-36474 talos-cna@cisco.com talos-cna@cisco.com |
| n/a--n/a | FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component. | 2024-10-02 | 8.1 | CVE-2024-41290 cve@mitre.org |
| n/a--n/a | A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component. | 2024-10-03 | 8 | CVE-2024-41586 cve@mitre.org cve@mitre.org |
| n/a--n/a | DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests. | 2024-10-03 | 8.8 | CVE-2024-41589 cve@mitre.org cve@mitre.org |
| n/a--n/a | DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. | 2024-10-03 | 8 | CVE-2024-41592 cve@mitre.org cve@mitre.org |
| n/a--n/a | DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations. | 2024-10-03 | 8 | CVE-2024-41595 cve@mitre.org cve@mitre.org |
| n/a--n/a | Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. | 2024-10-03 | 8 | CVE-2024-41596 cve@mitre.org cve@mitre.org |
| GNOME Project--G Structured File Library (libgsf) | An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2024-10-03 | 8.4 | CVE-2024-42415 talos-cna@cisco.com talos-cna@cisco.com |
| Delta Electronics--DIAEnergie | Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product. | 2024-10-03 | 8.8 | CVE-2024-42417 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
| ABCApp Creator--ABCApp Creator | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABCApp Creator allows PHP Local File Inclusion.This issue affects ABCApp Creator: from n/a through 1.1.2. | 2024-10-05 | 8.1 | CVE-2024-44023 audit@patchstack.com |
| Apple--iTunes for Windows | A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges. | 2024-10-02 | 8.4 | CVE-2024-44193 product-security@apple.com |
| apache -- lucene | Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. Java serialization filters (such as -Djdk.serialFilter='!*' on the commandline) can mitigate the issue on vulnerable versions without impacting functionality. | 2024-09-30 | 8 | CVE-2024-45772 security@apache.org |
| n/a--n/a | Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. | 2024-10-01 | 8 | CVE-2024-46080 cve@mitre.org |
| n/a--n/a | Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. | 2024-10-01 | 8 | CVE-2024-46084 cve@mitre.org cve@mitre.org |
| n/a--n/a | PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them. | 2024-09-30 | 8.8 | CVE-2024-46280 cve@mitre.org |
| n/a--n/a | TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm. | 2024-09-30 | 8 | CVE-2024-46313 cve@mitre.org |
| n/a--n/a | OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload. | 2024-10-02 | 8.8 | CVE-2024-46626 cve@mitre.org |
| parse-community--parse-server | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquires privileges of a specific role. This vulnerability is fixed in 6.5.9 and 7.3.0. | 2024-10-04 | 8.1 | CVE-2024-47183 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| SEIKO EPSON CORPORATION--Web Config | Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References]. | 2024-10-01 | 8.1 | CVE-2024-47295 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| Bit Apps--Bit Form Contact Form Plugin | Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form - Contact Form Plugin allows Code Injection.This issue affects Bit Form - Contact Form Plugin: from n/a through 2.13.10. | 2024-10-05 | 8 | CVE-2024-47319 audit@patchstack.com |
| Ex-Themes--WP Timeline Vertical and Horizontal timeline plugin | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ex-Themes WP Timeline - Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline - Vertical and Horizontal timeline plugin: from n/a through 3.6.7. | 2024-10-05 | 8.1 | CVE-2024-47323 audit@patchstack.com |
| NuGet--NuGetGallery | NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser. | 2024-10-01 | 8.2 | CVE-2024-47604 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| Jenkins Project--Jenkins OpenId Connect Authentication Plugin | Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. | 2024-10-02 | 8.1 | CVE-2024-47806 jenkinsci-cert@googlegroups.com |
| Jenkins Project--Jenkins OpenId Connect Authentication Plugin | Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. | 2024-10-02 | 8.1 | CVE-2024-47807 jenkinsci-cert@googlegroups.com |
| ultrapressorg--Unseen Blog | The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-10-01 | 8.8 | CVE-2024-7432 security@wordfence.com security@wordfence.com |
| ultrapressorg--Empowerment | The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-10-01 | 8.8 | CVE-2024-7433 security@wordfence.com security@wordfence.com |
| ultrapressorg--UltraPress | The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-10-01 | 8.8 | CVE-2024-7434 security@wordfence.com security@wordfence.com |
| Canonical Ltd.--Juju | JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm. | 2024-10-02 | 8.7 | CVE-2024-7558 security@ubuntu.com security@ubuntu.com |
| thimpress--WP Hotel Booking | The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-10-02 | 8.8 | CVE-2024-7855 security@wordfence.com security@wordfence.com security@wordfence.com |
| planet -- gs-4210-24p2s_firmware | Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell. | 2024-09-30 | 8.8 | CVE-2024-8448 twcert@cert.org.tw twcert@cert.org.tw |
| planet -- gs-4210-24p2s_firmware | Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malicious website, allowing the attacker to impersonate the user and perform actions on their behalf, such as creating accounts. | 2024-09-30 | 8.8 | CVE-2024-8458 twcert@cert.org.tw twcert@cert.org.tw |
| cagdasdag--KB Support WordPress Help Desk and Knowledge Base | The KB Support - WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in all versions up to, and including, 1.6.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple administrative actions, such as replying to arbitrary tickets, updating the status of any post, deleting any post, adding notes to tickets, flagging or unflagging tickets, and adding or removing ticket participants. | 2024-10-01 | 8.1 | CVE-2024-8548 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| HP, Inc.--HP One Agent Software | A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. | 2024-10-02 | 8 | CVE-2024-8733 hp-security-alert@hp.com |
| Sophos--Sophos Intercept X | A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files. | 2024-10-02 | 8.8 | CVE-2024-8885 security-alert@sophos.com |
| hahncgdev--WP Easy Gallery WordPress Gallery Plugin | The WP Easy Gallery - WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'key' parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-10-01 | 8.8 | CVE-2024-9018 security@wordfence.com security@wordfence.com security@wordfence.com |
| Tenable--Nessus Network Monitor | A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI. | 2024-09-30 | 8.4 | CVE-2024-9158 vulnreport@tenable.com |
| Canonical Ltd.--Authd | Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. | 2024-10-03 | 8.8 | CVE-2024-9313 security@ubuntu.com security@ubuntu.com |
| Mozilla--Firefox | It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | 2024-10-01 | 8.8 | CVE-2024-9396 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| Mozilla--Firefox | A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | 2024-10-01 | 8.8 | CVE-2024-9400 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| D-Link--DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-04 | 8.8 | CVE-2024-9514 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. This affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-04 | 8.8 | CVE-2024-9515 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-05 | 8.8 | CVE-2024-9532 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-05 | 8.8 | CVE-2024-9533 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-05 | 8.8 | CVE-2024-9534 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-05 | 8.8 | CVE-2024-9535 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-06 | 8.8 | CVE-2024-9549 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-06 | 8.8 | CVE-2024-9550 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formSetWanL2TP of the file /goform/formSetWanL2TP. The manipulation of the argument webpage leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-06 | 8.8 | CVE-2024-9551 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been rated as critical. Affected by this issue is the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipulation of the argument webpage leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-06 | 8.8 | CVE-2024-9552 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-06 | 8.8 | CVE-2024-9553 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasy_Wizard of the file /goform/formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-06 | 8.8 | CVE-2024-9555 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-06 | 8.8 | CVE-2024-9556 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formSetWanPPPoE of the file /goform/formSetWanPPPoE. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-06 | 8.8 | CVE-2024-9557 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formSetWanPPTP of the file /goform/formSetWanPPTP. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-06 | 8.8 | CVE-2024-9558 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-06 | 8.8 | CVE-2024-9559 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-06 | 8.8 | CVE-2024-9561 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link--DIR-605L | A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-06 | 8.8 | CVE-2024-9562 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| PowerDNS--Recursor | An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. | 2024-10-03 | 7.5 | CVE-2024-25590 security@open-xchange.com |
| n/a--n/a | In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory. | 2024-10-01 | 7.2 | CVE-2024-25659 cve@mitre.org |
| n/a--n/a | In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application. | 2024-10-01 | 7.7 | CVE-2024-25661 cve@mitre.org |
| Esri--Portal | There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2. 11.1, 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files. | 2024-10-04 | 7.5 | CVE-2024-38040 psirt@esri.com |
| Veertu--Anka Build | A privilege escalation vulnerability exists in the Veertu Anka Build 1.42.0. The vulnerability occurs during Anka node agent update. A low privilege user can trigger the update action which can result in unexpected elevation of privilege. | 2024-10-03 | 7.8 | CVE-2024-39755 talos-cna@cisco.com |
| Veertu--Anka Build | A directory traversal vulnerability exists in the archive download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of arbitrary files. An attacker can make an unauthenticated HTTP request to exploit this vulnerability. | 2024-10-03 | 7.5 | CVE-2024-41163 talos-cna@cisco.com |
| decidim--decidim | Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8. | 2024-10-01 | 7.1 | CVE-2024-41673 security-advisories@github.com security-advisories@github.com |
| Veertu--Anka Build | A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can result in a disclosure of arbitrary files. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | 2024-10-03 | 7.5 | CVE-2024-41922 talos-cna@cisco.com |
| WP Ticket Ultra--WP Ticket Ultra Help Desk & Support Plugin | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Ticket Ultra WP Ticket Ultra Help Desk & Support Plugin allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from n/a through 1.0.5. | 2024-10-05 | 7.5 | CVE-2024-44011 audit@patchstack.com |
| wpdev33--WP Newsletter Subscription | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpdev33 WP Newsletter Subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through 1.1. | 2024-10-05 | 7.5 | CVE-2024-44012 audit@patchstack.com |
| Innate Images LLC--VR Calendar | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Innate Images LLC VR Calendar allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through 2.4.0. | 2024-10-05 | 7.5 | CVE-2024-44013 audit@patchstack.com |
| Users Control--Users Control | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Users Control allows PHP Local File Inclusion.This issue affects Users Control: from n/a through 1.0.16. | 2024-10-05 | 7.5 | CVE-2024-44015 audit@patchstack.com |
| Mark Steadman--Podiant | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mark Steadman Podiant allows PHP Local File Inclusion.This issue affects Podiant: from n/a through 1.1. | 2024-10-05 | 7.5 | CVE-2024-44016 audit@patchstack.com |
| MinHyeong Lim--MH Board | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MinHyeong Lim MH Board allows PHP Local File Inclusion.This issue affects MH Board: from n/a through 1.3.2.1. | 2024-10-02 | 7.5 | CVE-2024-44017 audit@patchstack.com |
| Istmo Plugins--Instant Chat Floating Button for WordPress Websites | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Istmo Plugins Instant Chat Floating Button for WordPress Websites allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress Websites: from n/a through 1.0.5. | 2024-10-05 | 7.5 | CVE-2024-44018 audit@patchstack.com |
| Nicejob--NiceJob | Cross-Site Request Forgery (CSRF) vulnerability in Nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a before 3.6.5. | 2024-10-06 | 7.1 | CVE-2024-44028 audit@patchstack.com |
| David Garlitz--viala | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in David Garlitz viala allows Reflected XSS.This issue affects viala: from n/a through 1.3.1. | 2024-10-06 | 7.1 | CVE-2024-44029 audit@patchstack.com |
| Mestres do WP--Checkout Mestres WP | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mestres do WP Checkout Mestres WP allows PHP Local File Inclusion.This issue affects Checkout Mestres WP: from n/a through 8.6. | 2024-10-02 | 7.2 | CVE-2024-44030 audit@patchstack.com |
| Martin Greenwood--WPSPX | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Martin Greenwood WPSPX allows PHP Local File Inclusion.This issue affects WPSPX: from n/a through 1.0.2. | 2024-10-05 | 7.5 | CVE-2024-44034 audit@patchstack.com |
| Diebold Nixdorf--Vynamic View prior | Diebold Nixdorf - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 2024-10-06 | 7.8 | CVE-2024-45245 cna@cyber.gov.il |
| Diebold Nixdorf--Vynamic View prior to v5.9.5 | Diebold Nixdorf - CWE-427: Uncontrolled Search Path Element | 2024-10-06 | 7.3 | CVE-2024-45246 cna@cyber.gov.il |
| Multi-DNC--Multi-DNC | Multi-DNC - CWE-35: Path Traversal: '.../...//' | 2024-10-06 | 7.5 | CVE-2024-45248 cna@cyber.gov.il |
| elabftw--elabftw | eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something disabled by default), this extends to anyone. Users are advised to upgrade to at least version 5.1.0. System administrators can disable anonymous access in the System configuration panel. | 2024-10-01 | 7.5 | CVE-2024-45408 security-advisories@github.com |
| Unlimited Elements--Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121. | 2024-10-06 | 7.1 | CVE-2024-45454 audit@patchstack.com |
| randygaul -- cute_png | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function at cute_png.h. | 2024-10-01 | 7.8 | CVE-2024-46258 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| randygaul -- cute_png | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_unfilter() function at cute_png.h. | 2024-10-01 | 7.8 | CVE-2024-46259 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| randygaul -- cute_png | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_make32() function at cute_png.h. | 2024-10-01 | 7.8 | CVE-2024-46261 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| randygaul -- cute_png | cute_png v1.05 was discovered to contain a stack overflow via the cp_dynamic() function at cute_png.h. | 2024-10-01 | 7.8 | CVE-2024-46263 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| randygaul -- cute_png | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_find() function at cute_png.h. | 2024-10-01 | 7.8 | CVE-2024-46264 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| randygaul -- cute_png | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_block() function at cute_png.h. | 2024-10-01 | 7.8 | CVE-2024-46267 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| randygaul -- cute_png | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_stored() function at cute_png.h. | 2024-10-01 | 7.8 | CVE-2024-46274 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| randygaul -- cute_png | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_chunk() function at cute_png.h. | 2024-10-01 | 7.8 | CVE-2024-46276 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a--n/a | An issue in the _readFileSync function of Simple-Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal. | 2024-09-30 | 7.5 | CVE-2024-46503 cve@mitre.org cve@mitre.org |
| n/a--n/a | ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface | 2024-09-30 | 7.6 | CVE-2024-46510 cve@mitre.org |
| n/a--n/a | LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrary code via the LogicLoadEc2DeployLambda and CredsGenFunction function. | 2024-09-30 | 7.5 | CVE-2024-46511 cve@mitre.org |
| n/a--n/a | An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users. | 2024-09-30 | 7.6 | CVE-2024-46549 cve@mitre.org |
| JTEKT ELECTRONICS CORPORATION--Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) | Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. | 2024-10-03 | 7.8 | CVE-2024-47134 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
| JTEKT ELECTRONICS CORPORATION--Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) | Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. | 2024-10-03 | 7.8 | CVE-2024-47135 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
| JTEKT ELECTRONICS CORPORATION--Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) | Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. | 2024-10-03 | 7.8 | CVE-2024-47136 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
| CodePeople--CP Polls | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople CP Polls allows Reflected XSS.This issue affects CP Polls: from n/a through 1.0.74. | 2024-10-06 | 7.1 | CVE-2024-47297 audit@patchstack.com |
| CubeWP--CubeWP Forms All-in-One Form Builder | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CubeWP CubeWP Forms - All-in-One Form Builder allows Stored XSS.This issue affects CubeWP Forms - All-in-One Form Builder: from n/a through 1.1.1. | 2024-10-06 | 7.1 | CVE-2024-47300 audit@patchstack.com |
| Bit Form--Bit Form Contact Form Plugin | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bit Form Bit Form - Contact Form Plugin allows Stored XSS.This issue affects Bit Form - Contact Form Plugin: from n/a through 2.13.10. | 2024-10-06 | 7.1 | CVE-2024-47301 audit@patchstack.com |
| Copy Content Protection Team--Secure Copy Content Protection and Content Locking | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.2.3. | 2024-10-06 | 7.1 | CVE-2024-47306 audit@patchstack.com |
| WS Form--WS Form LITE | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WS Form WS Form LITE allows Stored XSS.This issue affects WS Form LITE: from n/a through 1.9.238. | 2024-10-06 | 7.1 | CVE-2024-47320 audit@patchstack.com |
| Ex-Themes--WP Timeline Vertical and Horizontal timeline plugin | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ex-Themes WP Timeline - Vertical and Horizontal timeline plugin allows Reflected XSS.This issue affects WP Timeline - Vertical and Horizontal timeline plugin: from n/a through 3.6.7. | 2024-10-06 | 7.1 | CVE-2024-47322 audit@patchstack.com |
| Ex-Themes--WP Timeline Vertical and Horizontal timeline plugin | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ex-Themes WP Timeline - Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline - Vertical and Horizontal timeline plugin: from n/a through 3.6.7. | 2024-10-05 | 7.5 | CVE-2024-47324 audit@patchstack.com |
| ILLID--Share This Image | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Share This Image allows Reflected XSS.This issue affects Share This Image: from n/a through 2.01. | 2024-10-06 | 7.1 | CVE-2024-47326 audit@patchstack.com |
| Eyal Fitoussi--GEO my WordPress | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eyal Fitoussi GEO my WordPress allows Reflected XSS.This issue affects GEO my WordPress: from n/a through 4.5.0.3. | 2024-10-06 | 7.1 | CVE-2024-47327 audit@patchstack.com |
| Team Tangible--Loops & Logic | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Tangible Loops & Logic allows Reflected XSS.This issue affects Loops & Logic: from n/a through 4.1.4. | 2024-10-06 | 7.1 | CVE-2024-47333 audit@patchstack.com |
| WPExpertsio--WPExperts Square For GiveWP | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExpertsio WPExperts Square For GiveWP allows SQL Injection.This issue affects WPExperts Square For GiveWP: from n/a through 1.3. | 2024-10-06 | 7.6 | CVE-2024-47338 audit@patchstack.com |
| James Ward--WP Mail Catcher | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in James Ward WP Mail Catcher allows Reflected XSS.This issue affects WP Mail Catcher: from n/a through 2.1.9. | 2024-10-06 | 7.1 | CVE-2024-47339 audit@patchstack.com |
| Lester GaMerZ Chan--WP-DownloadManager | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester 'GaMerZ' Chan WP-DownloadManager allows Reflected XSS.This issue affects WP-DownloadManager: from n/a through 1.68.8. | 2024-10-06 | 7.1 | CVE-2024-47341 audit@patchstack.com |
| Tribulant--Newsletters | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.9.1. | 2024-10-06 | 7.1 | CVE-2024-47346 audit@patchstack.com |
| Chart Builder Team--Chartify | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Chart Builder Team Chartify allows Reflected XSS.This issue affects Chartify: from n/a through 2.7.6. | 2024-10-06 | 7.1 | CVE-2024-47347 audit@patchstack.com |
| WaspThemes--YellowPencil Visual CSS Style Editor | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6.4. | 2024-10-06 | 7.1 | CVE-2024-47348 audit@patchstack.com |
| WPMobile.App--WPMobile.App | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMobile.App allows Reflected XSS.This issue affects WPMobile.App: from n/a through 11.50. | 2024-10-06 | 7.1 | CVE-2024-47349 audit@patchstack.com |
| Xylus Themes--WP Bulk Delete | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xylus Themes WP Bulk Delete allows Reflected XSS.This issue affects WP Bulk Delete: from n/a through 1.3.1. | 2024-10-06 | 7.1 | CVE-2024-47352 audit@patchstack.com |
| Booking Algorithms--BA Book Everything | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Booking Algorithms BA Book Everything allows Reflected XSS.This issue affects BA Book Everything: from n/a through 1.6.20. | 2024-10-06 | 7.1 | CVE-2024-47360 audit@patchstack.com |
| YITH--YITH WooCommerce Product Add-Ons | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.13.0. | 2024-10-06 | 7.1 | CVE-2024-47367 audit@patchstack.com |
| WPWeb--Social Auto Poster | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPWeb Social Auto Poster allows Reflected XSS.This issue affects Social Auto Poster: from n/a through 5.3.15. | 2024-10-05 | 7.1 | CVE-2024-47369 audit@patchstack.com |
| LiteSpeed Technologies--LiteSpeed Cache | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2. | 2024-10-05 | 7.1 | CVE-2024-47374 audit@patchstack.com |
| WPCOM--WPCOM Member | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4. | 2024-10-05 | 7.1 | CVE-2024-47378 audit@patchstack.com |
| Sale php scripts--Web Directory Free | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sale php scripts Web Directory Free allows Reflected XSS.This issue affects Web Directory Free: from n/a through 1.7.3. | 2024-10-05 | 7.1 | CVE-2024-47379 audit@patchstack.com |
| WP Lab--WP-Lister Lite for eBay | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.3. | 2024-10-05 | 7.1 | CVE-2024-47380 audit@patchstack.com |
| WP Compress--WP Compress Image Optimizer [All-In-One] | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Compress WP Compress - Image Optimizer [All-In-One] allows Reflected XSS.This issue affects WP Compress - Image Optimizer [All-In-One]: from n/a through 6.20.13. | 2024-10-05 | 7.1 | CVE-2024-47384 audit@patchstack.com |
| WP Extended--The Ultimate WordPress Toolkit WP Extended | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit - WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit - WP Extended: from n/a through 3.0.8. | 2024-10-05 | 7.1 | CVE-2024-47386 audit@patchstack.com |
| SliceWP--SliceWP | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SliceWP allows Reflected XSS.This issue affects SliceWP: from n/a through 1.1.18. | 2024-10-05 | 7.1 | CVE-2024-47388 audit@patchstack.com |
| Basix--NEX-Forms Ultimate Form Builder | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms - Ultimate Form Builder allows Reflected XSS.This issue affects NEX-Forms - Ultimate Form Builder: from n/a through 8.7.3. | 2024-10-05 | 7.1 | CVE-2024-47389 audit@patchstack.com |
| eyecix--JobSearch | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in eyecix JobSearch allows Reflected XSS.This issue affects JobSearch: from n/a through 2.5.9. | 2024-10-05 | 7.1 | CVE-2024-47394 audit@patchstack.com |
| Robokassa--Robokassa payment gateway for Woocommerce | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Robokassa Robokassa payment gateway for Woocommerce allows Reflected XSS.This issue affects Robokassa payment gateway for Woocommerce: from n/a through 1.6.1. | 2024-10-05 | 7.1 | CVE-2024-47395 audit@patchstack.com |
| librenms--librenms | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section (which contains multiple fields depending on which transport is selected at that moment). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0. | 2024-10-01 | 7.5 | CVE-2024-47523 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| librenms--librenms | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of the Device Groups, its will be trigger. This vulnerability is fixed in 24.9.0. | 2024-10-01 | 7.2 | CVE-2024-47524 security-advisories@github.com security-advisories@github.com |
| librenms--librenms | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0. | 2024-10-01 | 7.5 | CVE-2024-47525 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| librenms--librenms | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0. | 2024-10-01 | 7.5 | CVE-2024-47527 security-advisories@github.com security-advisories@github.com |
| Apache Software Foundation--Apache Avro Java SDK | Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue. | 2024-10-03 | 7.3 | CVE-2024-47561 security@apache.org |
| async-graphql--async-graphql | async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10. | 2024-10-03 | 7.5 | CVE-2024-47614 security-advisories@github.com security-advisories@github.com |
| BannerSky--BSK Forms Blacklist | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8.1. | 2024-10-05 | 7.1 | CVE-2024-47624 audit@patchstack.com |
| vCita--Online Booking & Scheduling Calendar for WordPress by vcita | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.6. | 2024-10-05 | 7.1 | CVE-2024-47638 audit@patchstack.com |
| Copyscape / Indigo Stream Technologies--Copyscape Premium | Cross-Site Request Forgery (CSRF) vulnerability in Copyscape / Indigo Stream Technologies Copyscape Premium allows Stored XSS.This issue affects Copyscape Premium: from n/a through 1.3.6. | 2024-10-05 | 7.1 | CVE-2024-47644 audit@patchstack.com |
| idurar--idurar-erp-crm | IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath location. | 2024-10-04 | 7.5 | CVE-2024-47769 security-advisories@github.com security-advisories@github.com |
| n/a--n/a | CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.) | 2024-10-04 | 7.5 | CVE-2024-47850 cve@mitre.org cve@mitre.org |
| AVG/Avast--Antivirus | The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is disabled. | 2024-10-03 | 7.5 | CVE-2024-5803 security@nortonlifelock.com |
| Unknown--Migration, Backup, Staging | The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups. | 2024-10-02 | 7.5 | CVE-2024-7315 contact@wpscan.com |
| Autodesk--Navisworks Freedom | A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2024-09-30 | 7.8 | CVE-2024-7670 psirt@autodesk.com |
| Autodesk--Navisworks Freedom | A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-09-30 | 7.8 | CVE-2024-7671 psirt@autodesk.com |
| Autodesk--Navisworks Freedom | A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-09-30 | 7.8 | CVE-2024-7672 psirt@autodesk.com |
| Autodesk--Navisworks Freedom | A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process. | 2024-09-30 | 7.8 | CVE-2024-7673 psirt@autodesk.com |
| Autodesk--Navisworks Freedom | A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process. | 2024-09-30 | 7.8 | CVE-2024-7674 psirt@autodesk.com |
| Autodesk--Navisworks Freedom | A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process. | 2024-09-30 | 7.8 | CVE-2024-7675 psirt@autodesk.com |
| 123.chat--123.chat - Video Chat | The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-01 | 7.2 | CVE-2024-7869 security@wordfence.com security@wordfence.com |
| Canonical Ltd.--Juju | Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks. | 2024-10-02 | 7.9 | CVE-2024-8038 security@ubuntu.com security@ubuntu.com |
| dejanmarkovic--Social Web Suite Social Media Auto Post, Social Media Auto Publish | The Social Web Suite - Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | 2024-10-03 | 7.5 | CVE-2024-8352 security@wordfence.com security@wordfence.com security@wordfence.com |
| Unknown--Cost Calculator Builder | The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. | 2024-09-30 | 7.2 | CVE-2024-8379 contact@wpscan.com |
| planet -- gs-4210-24p2s_firmware | Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakness to occupy connection slots and prevent legitimate users from accessing the SSH service. | 2024-09-30 | 7.5 | CVE-2024-8451 twcert@cert.org.tw twcert@cert.org.tw |
| planet -- gs-4210-24p2s_firmware | Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially. | 2024-09-30 | 7.5 | CVE-2024-8452 twcert@cert.org.tw twcert@cert.org.tw |
| planet -- gs-4210-24p2s_firmware | The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service. | 2024-09-30 | 7.5 | CVE-2024-8454 twcert@cert.org.tw twcert@cert.org.tw |
| wpmudev--Broken Link Checker | The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-01 | 7.1 | CVE-2024-8981 security@wordfence.com security@wordfence.com security@wordfence.com |
| rankmath--Rank Math SEO AI SEO Tools to Dominate SEO Rankings | The Rank Math SEO - AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'set_redirections' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-10-05 | 7.2 | CVE-2024-9314 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Mozilla--Firefox | Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131. | 2024-10-01 | 7.3 | CVE-2024-9403 security@mozilla.org security@mozilla.org security@mozilla.org |
| Codezips--Online Shopping Portal | A vulnerability was found in Codezips Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-03 | 7.3 | CVE-2024-9460 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| GitLab--GitLab | An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches. | 2024-10-01 | 6.6 | CVE-2023-3441 cve@gitlab.com cve@gitlab.com cve@gitlab.com cve@gitlab.com |
| Kiteworks--OwnCloud | Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim. | 2024-10-01 | 6.8 | CVE-2023-7273 a341c0d1-ebf7-493f-a84e-38cf86618674 a341c0d1-ebf7-493f-a84e-38cf86618674 |
| Cisco--Cisco Unified Computing System (Managed) | A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exploit could allow the attacker to elevate privileges to root. | 2024-10-02 | 6.5 | CVE-2024-20365 ykramarz@cisco.com |
| Cisco--Cisco Data Center Network Manager | A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files. Note: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface. | 2024-10-02 | 6.3 | CVE-2024-20438 ykramarz@cisco.com |
| Cisco--Cisco Data Center Network Manager | A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within config only and full backup files. An attacker could exploit this vulnerability by parsing the contents of a backup file that is generated from an affected device. A successful exploit could allow the attacker to access sensitive information, including NDFC-connected device credentials, the NDFC site manager private key, and the scheduled backup file encryption key. | 2024-10-02 | 6.3 | CVE-2024-20448 ykramarz@cisco.com |
| Cisco--Cisco Small Business RV Series Router Firmware | A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. | 2024-10-02 | 6.5 | CVE-2024-20470 ykramarz@cisco.com |
| Cisco--Cisco Data Center Network Manager | A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information. | 2024-10-02 | 6.3 | CVE-2024-20490 ykramarz@cisco.com |
| Cisco--Cisco Nexus Dashboard Insights | A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information. | 2024-10-02 | 6.3 | CVE-2024-20491 ykramarz@cisco.com |
| Cisco--Cisco TelePresence Video Communication Server (VCS) Expressway | A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. | 2024-10-02 | 6 | CVE-2024-20492 ykramarz@cisco.com |
| Cisco--Cisco Identity Services Engine Software | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. An attacker with Read-Only Administrator privileges could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to view device credentials that are normally not visible to Read-Only Administrators. | 2024-10-02 | 6.5 | CVE-2024-20515 ykramarz@cisco.com |
| Cisco--Cisco Small Business RV Series Router Firmware | A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. | 2024-10-02 | 6.8 | CVE-2024-20516 ykramarz@cisco.com |
| Cisco--Cisco Small Business RV Series Router Firmware | A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. | 2024-10-02 | 6.8 | CVE-2024-20517 ykramarz@cisco.com |
| Cisco--Cisco Small Business RV Series Router Firmware | A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. | 2024-10-02 | 6.5 | CVE-2024-20518 ykramarz@cisco.com |
| Cisco--Cisco Small Business RV Series Router Firmware | A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. | 2024-10-02 | 6.5 | CVE-2024-20519 ykramarz@cisco.com |
| Cisco--Cisco Small Business RV Series Router Firmware | A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. | 2024-10-02 | 6.5 | CVE-2024-20520 ykramarz@cisco.com |
| Cisco--Cisco Small Business RV Series Router Firmware | A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. | 2024-10-02 | 6.5 | CVE-2024-20521 ykramarz@cisco.com |
| Cisco--Cisco Small Business RV Series Router Firmware | A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. | 2024-10-02 | 6.5 | CVE-2024-20522 ykramarz@cisco.com |
| Cisco--Cisco Small Business RV Series Router Firmware | A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. | 2024-10-02 | 6.8 | CVE-2024-20523 ykramarz@cisco.com |
| Cisco--Cisco Small Business RV Series Router Firmware | A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. | 2024-10-02 | 6.8 | CVE-2024-20524 ykramarz@cisco.com |
| Esri--Portal | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1, 10.9.1 and 10.8.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim's browser. | 2024-10-04 | 6.1 | CVE-2024-25691 psirt@esri.com |
| n/a--n/a | An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain various users' passwords by accessing memory dumps of the desktop application. | 2024-09-30 | 6.5 | CVE-2024-28807 cve@mitre.org |
| n/a--n/a | An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing these files. | 2024-09-30 | 6.6 | CVE-2024-28810 cve@mitre.org |
| Schneider Elektronik--Series 700 | An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials. | 2024-10-02 | 6.5 | CVE-2024-35294 info@cert.vde.com |
| Esri--Portal | There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | 2024-10-04 | 6.1 | CVE-2024-38037 psirt@esri.com |
| Esri--Portal | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim's browser. | 2024-10-04 | 6.1 | CVE-2024-38038 psirt@esri.com |
| TECHNO SUPPORT COMPANY--Smart-tab Android app | Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. If this vulnerability is exploited, an attacker with physical access to the device may exploit the debug function to gain access to the OS functions, escalate the privilege, change the device's settings, or spoof devices in other rooms. | 2024-09-30 | 6.8 | CVE-2024-41999 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| Trustmary--Review & testimonial widgets | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Trustmary Review & testimonial widgets allows Stored XSS.This issue affects Review & testimonial widgets: from n/a through 1.0.5. | 2024-10-06 | 6.5 | CVE-2024-44022 audit@patchstack.com |
| NicheAddons--Medical Addon for Elementor | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Medical Addon for Elementor allows Stored XSS.This issue affects Medical Addon for Elementor: from n/a through 1.4. | 2024-10-06 | 6.5 | CVE-2024-44024 audit@patchstack.com |
| Nicejob--NiceJob | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a before 3.6.5. | 2024-10-06 | 6.5 | CVE-2024-44025 audit@patchstack.com |
| NicheAddons--Charity Addon for Elementor | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Charity Addon for Elementor allows Stored XSS.This issue affects Charity Addon for Elementor: from n/a through 1.3.0. | 2024-10-06 | 6.5 | CVE-2024-44026 audit@patchstack.com |
| TemeGUM--Gum Elementor Addon | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.6. | 2024-10-06 | 6.5 | CVE-2024-44027 audit@patchstack.com |
| NicheAddons--Restaurant & Cafe Addon for Elementor | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.5. | 2024-10-06 | 6.5 | CVE-2024-44032 audit@patchstack.com |
| NicheAddons--Primary Addon for Elementor | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.7. | 2024-10-06 | 6.5 | CVE-2024-44033 audit@patchstack.com |
| TemeGUM--Gum Elementor Addon | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.7. | 2024-10-06 | 6.5 | CVE-2024-44035 audit@patchstack.com |
| n/a--n/a | In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. The victim is not required to join a game session with an attacker. The victim must open the "Wireless Play" (or "LAN Play") menu from the game's title screen, and an attacker nearby (LDN) or on the same LAN network as the victim can send a crafted reply packet to the victim's console. This enables a remote attacker to obtain complete denial-of-service on the game's process, or potentially, remote code execution on the victim's console. The issue is caused by incorrect use of the Nintendo Pia library, | 2024-09-30 | 6.3 | CVE-2024-45200 cve@mitre.org cve@mitre.org |
| Sonarr--Sonarr | Sonarr - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | 2024-10-06 | 6.1 | CVE-2024-45247 cna@cyber.gov.il |
| n/a--n/a | Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file. | 2024-10-03 | 6.5 | CVE-2024-45870 cve@mitre.org |
| n/a--n/a | Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS). | 2024-10-03 | 6.3 | CVE-2024-45871 cve@mitre.org |
| n/a--n/a | Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files. | 2024-10-03 | 6.3 | CVE-2024-45872 cve@mitre.org |
| n/a--n/a | Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb. | 2024-09-30 | 6.5 | CVE-2024-45993 cve@mitre.org cve@mitre.org |
| n/a--n/a | Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter. | 2024-10-01 | 6.1 | CVE-2024-46079 cve@mitre.org |
| n/a--n/a | A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges. | 2024-09-30 | 6.3 | CVE-2024-46540 cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a--n/a | TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack. | 2024-09-30 | 6.3 | CVE-2024-46548 cve@mitre.org |
| FreePBX--security-reporting | OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4. | 2024-10-01 | 6.8 | CVE-2024-47071 security-advisories@github.com security-advisories@github.com |
| BoldThemes--Bold Page Builder | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 5.1.1. | 2024-10-06 | 6.5 | CVE-2024-47298 audit@patchstack.com |
| Essential Plugin--Meta slider and carousel with lightbox | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Essential Plugin Meta slider and carousel with lightbox allows Stored XSS.This issue affects Meta slider and carousel with lightbox: from n/a through 2.0.1. | 2024-10-06 | 6.5 | CVE-2024-47307 audit@patchstack.com |
| Condless--Cities Shipping Zones for WooCommerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Condless Cities Shipping Zones for WooCommerce allows PHP Local File Inclusion.This issue affects Cities Shipping Zones for WooCommerce: from n/a through 1.2.7. | 2024-10-05 | 6.6 | CVE-2024-47309 audit@patchstack.com |
| ARI Soft--ARI Fancy Lightbox | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ARI Soft ARI Fancy Lightbox allows Stored XSS.This issue affects ARI Fancy Lightbox: from n/a through 1.3.17. | 2024-10-06 | 6.5 | CVE-2024-47310 audit@patchstack.com |
| QuomodoSoft--ElementsReady Addons for Elementor | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.0. | 2024-10-06 | 6.5 | CVE-2024-47329 audit@patchstack.com |
| wowDevs--Sky Addons for Elementor | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through 2.5.11. | 2024-10-06 | 6.5 | CVE-2024-47332 audit@patchstack.com |
| PickPlugins--Post Grid and Gutenberg Blocks | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.2.89. | 2024-10-06 | 6.5 | CVE-2024-47340 audit@patchstack.com |
| PickPlugins--Accordion | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Accordion accordions allows Stored XSS.This issue affects Accordion: from n/a through 2.2.99. | 2024-10-06 | 6.5 | CVE-2024-47342 audit@patchstack.com |
| Kraftplugins--Mega Elements | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.2.4. | 2024-10-06 | 6.5 | CVE-2024-47343 audit@patchstack.com |
| CozyThemes--Cozy Blocks | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks allows Stored XSS.This issue affects Cozy Blocks: from n/a through 2.0.11. | 2024-10-06 | 6.5 | CVE-2024-47355 audit@patchstack.com |
| Leevio--Happy Addons for Elementor | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.12.0. | 2024-10-06 | 6.5 | CVE-2024-47357 audit@patchstack.com |
| Blockspare--Blockspare | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.4. | 2024-10-06 | 6.5 | CVE-2024-47363 audit@patchstack.com |
| Move addons--Move Addons for Elementor | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Move addons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.4. | 2024-10-06 | 6.5 | CVE-2024-47364 audit@patchstack.com |
| Atakan Au--Automatically Hierarchic Categories in Menu | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS.This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.5. | 2024-10-06 | 6.5 | CVE-2024-47365 audit@patchstack.com |
| WPVibes--Elementor Addon Elements | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.6. | 2024-10-06 | 6.5 | CVE-2024-47366 audit@patchstack.com |
| Leap13--Premium Blocks Gutenberg Blocks for WordPress | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Blocks - Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks - Gutenberg Blocks for WordPress: from n/a through 2.1.33. | 2024-10-06 | 6.5 | CVE-2024-47368 audit@patchstack.com |
| Paul Bearne--Author Avatars List/Block | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.21. | 2024-10-05 | 6.5 | CVE-2024-47370 audit@patchstack.com |
| LiteSpeed Technologies--LiteSpeed Cache | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2. | 2024-10-05 | 6.5 | CVE-2024-47373 audit@patchstack.com |
| Ashraf--XLTab Accordions and Tabs for Elementor Page Builder | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ashraf XLTab - Accordions and Tabs for Elementor Page Builder allows Stored XSS.This issue affects XLTab - Accordions and Tabs for Elementor Page Builder: from n/a through 1.3. | 2024-10-05 | 6.5 | CVE-2024-47375 audit@patchstack.com |
| Webvitaly--Page-list | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly Page-list allows Stored XSS.This issue affects Page-list: from n/a through 5.6. | 2024-10-05 | 6.5 | CVE-2024-47382 audit@patchstack.com |
| WPDeveloper--Essential Blocks for Gutenberg | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.4. | 2024-10-05 | 6.5 | CVE-2024-47385 audit@patchstack.com |
| Jegtheme--Jeg Elementor Kit | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.8. | 2024-10-05 | 6.5 | CVE-2024-47390 audit@patchstack.com |
| BoldThemes--Bold Page Builder | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a before 5.1.1. | 2024-10-05 | 6.5 | CVE-2024-47391 audit@patchstack.com |
| BdThemes--Element Pack Elementor Addons | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.7.5. | 2024-10-05 | 6.5 | CVE-2024-47392 audit@patchstack.com |
| Quillforms--Quill Forms | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Quillforms Quill Forms allows Stored XSS.This issue affects Quill Forms: from n/a through 3.7.0. | 2024-10-05 | 6.5 | CVE-2024-47393 audit@patchstack.com |
| moveaddons--Move Addons for Elementor | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.3. | 2024-10-01 | 6.5 | CVE-2024-47396 audit@patchstack.com |
| pomerium--pomerium | Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token (JWT) signed by a key known by all Pomerium services in the same deployment. However, incomplete validation of this JWT meant that some service account access tokens would incorrectly be treated as valid for the purpose of databroker API authorization. Improper access to the databroker API could allow exfiltration of user info, spoofing of user sessions, or tampering with Pomerium routes, policies, and other settings. A Pomerium deployment is susceptible to this issue if all of the following conditions are met, you have issued a service account access token using Pomerium Zero or Pomerium Enterprise, the access token has an explicit expiration date in the future, and the core Pomerium databroker gRPC API is not otherwise secured by network access controls. This vulnerability is fixed in 0.27.1. | 2024-10-02 | 6.8 | CVE-2024-47616 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| sulu--sulu | Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website's content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21. | 2024-10-03 | 6.1 | CVE-2024-47617 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| Katie Seaborn--Zotpress | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Katie Seaborn Zotpress allows Stored XSS.This issue affects Zotpress: from n/a through 7.3.10. | 2024-10-05 | 6.5 | CVE-2024-47621 audit@patchstack.com |
| ILLID--Advanced Woo Labels | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Stored XSS.This issue affects Advanced Woo Labels: from n/a through 2.01. | 2024-10-05 | 6.5 | CVE-2024-47622 audit@patchstack.com |
| ThemeLooks--Enter Addons | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.8. | 2024-10-05 | 6.5 | CVE-2024-47625 audit@patchstack.com |
| Rometheme--RomethemeKit For Elementor | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.5.0. | 2024-10-05 | 6.5 | CVE-2024-47626 audit@patchstack.com |
| WP Travel--WP Travel Gutenberg Blocks | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Stored XSS.This issue affects WP Travel Gutenberg Blocks: from n/a through 3.6.0. | 2024-10-05 | 6.5 | CVE-2024-47627 audit@patchstack.com |
| LA-Studio--LA-Studio Element Kit for Elementor | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.9.3. | 2024-10-05 | 6.5 | CVE-2024-47628 audit@patchstack.com |
| BdThemes--Ultimate Store Kit Elementor Addons | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.5. | 2024-10-05 | 6.5 | CVE-2024-47629 audit@patchstack.com |
| ElementInvader--ElementInvader Addons for Elementor | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.7. | 2024-10-05 | 6.5 | CVE-2024-47630 audit@patchstack.com |
| bPlugins LLC--Logo Carousel Clients logo carousel for WP | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins LLC Logo Carousel - Clients logo carousel for WP allows Stored XSS.This issue affects Logo Carousel - Clients logo carousel for WP: from n/a through 1.2. | 2024-10-05 | 6.5 | CVE-2024-47631 audit@patchstack.com |
| deTheme--DethemeKit For Elementor | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.7. | 2024-10-05 | 6.5 | CVE-2024-47632 audit@patchstack.com |
| Zoho Forms--Zoho Forms | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho Forms allows Stored XSS.This issue affects Zoho Forms: from n/a through 4.0. | 2024-10-05 | 6.5 | CVE-2024-47633 audit@patchstack.com |
| VdoCipher--VdoCipher | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VdoCipher allows Stored XSS.This issue affects VdoCipher: from n/a through 1.29. | 2024-10-05 | 6.5 | CVE-2024-47639 audit@patchstack.com |
| WPDeveloperr--Confetti Fall Animation | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloperr Confetti Fall Animation allows Stored XSS.This issue affects Confetti Fall Animation: from n/a through 1.3.0. | 2024-09-30 | 6.5 | CVE-2024-47641 audit@patchstack.com |
| Keap--Keap Official Opt-in Forms | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 2.0.1. | 2024-10-05 | 6.5 | CVE-2024-47642 audit@patchstack.com |
| Alexander Bhm--Include Fussball.de Widgets | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Alexander Böhm Include Fussball.De Widgets allows Stored XSS.This issue affects Include Fussball.De Widgets: from n/a through 4.0.0. | 2024-10-05 | 6.5 | CVE-2024-47643 audit@patchstack.com |
| Axton--WP-WebAuthn | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axton WP-WebAuthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through 1.3.1. | 2024-10-06 | 6.5 | CVE-2024-47650 audit@patchstack.com |
| n/a--n/a | An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user. | 2024-10-04 | 6.1 | CVE-2024-47854 cve@mitre.org |
| n/a--n/a | In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands. | 2024-10-04 | 6.7 | CVE-2024-47911 cve@mitre.org |
| zephyrproject-rtos--Zephyr | In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow. | 2024-10-04 | 6.3 | CVE-2024-6442 vulnerabilities@zephyrproject.org |
| zephyrproject-rtos--Zephyr | In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty. | 2024-10-04 | 6.3 | CVE-2024-6443 vulnerabilities@zephyrproject.org |
| zephyrproject-rtos--Zephyr | No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | 2024-10-04 | 6.3 | CVE-2024-6444 vulnerabilities@zephyrproject.org |
| Canonical Ltd.--Juju | Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. | 2024-10-02 | 6.5 | CVE-2024-8037 security@ubuntu.com security@ubuntu.com |
| Revolution Slider--Slider Revolution | The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to use and configure Slider Revolution can be extended to authors. | 2024-10-01 | 6.4 | CVE-2024-8107 security@wordfence.com security@wordfence.com security@wordfence.com |
| Esri--Portal | There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 10.8.1 - 11.2 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | 2024-10-04 | 6.1 | CVE-2024-8148 psirt@esri.com |
| Faronics--DeepFreeze | Deep Freeze 9.00.020.5760 is vulnerable to an out-of-bounds read vulnerability by triggering the 0x70014 IOCTL code of the FarDisk.sys driver. | 2024-10-03 | 6.4 | CVE-2024-8159 help@fluidattacks.com help@fluidattacks.com |
| vowelweb--Ibtana WordPress Website Builder | The Ibtana - WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-02 | 6.4 | CVE-2024-8282 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| adreastrian--Guten Post Layout An Advanced Post Grid Collection for WordPress Gutenberg | The Guten Post Layout - An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the 'wp:guten-post-layout/post-grid' Gutenberg block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-01 | 6.4 | CVE-2024-8288 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| ishitaka--XO Slider | The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_slider' function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-01 | 6.4 | CVE-2024-8324 security@wordfence.com security@wordfence.com security@wordfence.com |
| planet -- gs-4210-24p2s_firmware | Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password. | 2024-09-30 | 6.8 | CVE-2024-8449 twcert@cert.org.tw twcert@cert.org.tw |
| averta--Shortcodes and extra features for Phlox theme | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-05 | 6.4 | CVE-2024-8486 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| connekthq--WordPress Infinite Scroll Ajax Load More | The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_label' parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-02 | 6.4 | CVE-2024-8505 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| ultimatemember--Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'um_loggedin' shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-04 | 6.4 | CVE-2024-8519 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| cagdasdag--KB Support WordPress Help Desk and Knowledge Base | The KB Support - WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to read replies of any ticket, and mark any reply as read. | 2024-10-01 | 6.5 | CVE-2024-8632 security@wordfence.com security@wordfence.com security@wordfence.com |
| daveshine--Gravity Forms Toolbar | The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-01 | 6.1 | CVE-2024-8718 security@wordfence.com security@wordfence.com security@wordfence.com |
| rumbletalk--RumbleTalk Live Group Chat HTML5 | The RumbleTalk Live Group Chat - HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rumbletalk-admin-button' shortcode in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-01 | 6.4 | CVE-2024-8720 security@wordfence.com security@wordfence.com |
| torstenbulk--DK PDF | The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-01 | 6.1 | CVE-2024-8727 security@wordfence.com security@wordfence.com |
| brianbrey--Easy Load More | The Easy Load More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-01 | 6.1 | CVE-2024-8728 security@wordfence.com security@wordfence.com |
| bitpressadmin--Bit File Manager 100% Free & Open Source File Manager and Code Editor for WordPress | The Bit File Manager - 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting. | 2024-10-05 | 6.8 | CVE-2024-8743 security@wordfence.com security@wordfence.com |
| brochris--Auto Featured Image from Title | The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-01 | 6.1 | CVE-2024-8786 security@wordfence.com security@wordfence.com |
| jkohlbach--Store Exporter for WooCommerce Export Products, Export Orders, Export Subscriptions, and More | The Store Exporter for WooCommerce - Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-01 | 6.1 | CVE-2024-8793 security@wordfence.com security@wordfence.com |
| ghuger--Custom Banners | The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-01 | 6.1 | CVE-2024-8799 security@wordfence.com security@wordfence.com |
| sanrl--RabbitLoader Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more | The RabbitLoader - Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.21.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-02 | 6.1 | CVE-2024-8800 security@wordfence.com security@wordfence.com security@wordfence.com |
| cliogrow--Clio Grow | The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-04 | 6.1 | CVE-2024-8802 security@wordfence.com security@wordfence.com |
| dartiss--Code Embed | The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-04 | 6.4 | CVE-2024-8804 security@wordfence.com security@wordfence.com |
| iworks--PWA easy way to Progressive Web App | The PWA - easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-02 | 6.4 | CVE-2024-8967 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| galdub--Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews Stars Testimonials | The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews - Stars Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stars_testimonials shortcode in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-01 | 6.4 | CVE-2024-8989 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| cyberhobo--Geo Mashup | The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-01 | 6.4 | CVE-2024-8990 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| grandplugins--AVIF Uploader | The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-01 | 6.4 | CVE-2024-9060 security@wordfence.com security@wordfence.com security@wordfence.com |
| sigmadevs--Easy Demo Importer A Modern One-Click Demo Import Solution | The Easy Demo Importer - A Modern One-Click Demo Import Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-04 | 6.4 | CVE-2024-9071 security@wordfence.com security@wordfence.com security@wordfence.com |
| ManageEngine--Analytics Plus | Zohocorp ManageEngine Analytics Plus versions before 5410 and Zoho Analytics On-Premise versions before 5410 are vulnerable to Path traversal. | 2024-10-03 | 6.5 | CVE-2024-9100 0fc0942c-577d-436f-ae8e-945763c79b02 0fc0942c-577d-436f-ae8e-945763c79b02 |
| quomodosoft--QS Dark Mode Plugin | The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-01 | 6.4 | CVE-2024-9118 security@wordfence.com security@wordfence.com security@wordfence.com |
| automatic-rock--SVG Complete | The SVG Complete plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-01 | 6.4 | CVE-2024-9119 security@wordfence.com security@wordfence.com |
| rankmath--Rank Math SEO AI SEO Tools to Dominate SEO Rankings | The Rank Math SEO - AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators. | 2024-10-05 | 6.5 | CVE-2024-9161 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| kraftplugins--Demo Importer Plus | The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-02 | 6.4 | CVE-2024-9172 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| nerdpressteam--Smart Custom 404 Error Page | The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER['REQUEST_URI'] in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-04 | 6.1 | CVE-2024-9204 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| cornelraiu-1--WP Search Analytics | The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-01 | 6.1 | CVE-2024-9209 security@wordfence.com security@wordfence.com |
| dvankooten--MC4WP: Mailchimp Top Bar | The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-02 | 6.1 | CVE-2024-9210 security@wordfence.com security@wordfence.com security@wordfence.com |
| wpblockart--Magazine Blocks Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid | The Magazine Blocks - Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.14. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-02 | 6.1 | CVE-2024-9218 security@wordfence.com security@wordfence.com security@wordfence.com |
| shawfactor--LH Copy Media File | The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-01 | 6.1 | CVE-2024-9220 security@wordfence.com security@wordfence.com |
| madalinungureanu--Paid Membership Subscriptions Effortless Memberships, Recurring Payments & Content Restriction | The Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-02 | 6.1 | CVE-2024-9222 security@wordfence.com security@wordfence.com security@wordfence.com |
| kau-boy--Hello World | The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2024-10-01 | 6.5 | CVE-2024-9224 security@wordfence.com security@wordfence.com security@wordfence.com |
| rainbowgeek--SEOPress On-site SEO | The SEOPress - On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 8.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-02 | 6.1 | CVE-2024-9225 security@wordfence.com security@wordfence.com security@wordfence.com |
| joelcj91--Loggedin Limit Active Logins | The Loggedin - Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when the leave a review notice is present. | 2024-10-01 | 6.1 | CVE-2024-9228 security@wordfence.com security@wordfence.com |
| wpcentrics--Fish and Ships Most flexible shipping table rate. A WooCommerce shipping rate | The Fish and Ships - Most flexible shipping table rate. A WooCommerce shipping rate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-04 | 6.1 | CVE-2024-9237 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| fishpie--PDF Image Generator | The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-01 | 6.1 | CVE-2024-9241 security@wordfence.com security@wordfence.com |
| memberful--Memberful Membership Plugin | The Memberful - Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all versions up to, and including, 1.73.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-04 | 6.4 | CVE-2024-9242 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| optinhound--Easy WordPress Subscribe Optin Hound | The Easy WordPress Subscribe - Optin Hound plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-01 | 6.1 | CVE-2024-9267 security@wordfence.com security@wordfence.com security@wordfence.com |
| cconover--Relogo | The Relogo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-01 | 6.4 | CVE-2024-9269 security@wordfence.com security@wordfence.com |
| remydcf--Re:WP | The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-04 | 6.4 | CVE-2024-9271 security@wordfence.com security@wordfence.com security@wordfence.com |
| mascotdevelopers--R Animated Icon Plugin | The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-01 | 6.4 | CVE-2024-9272 security@wordfence.com security@wordfence.com |
| azexo--Elastik Page Builder | The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-01 | 6.4 | CVE-2024-9274 security@wordfence.com security@wordfence.com |
| dgamoni--LocateAndFilter | The LocateAndFilter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-01 | 6.4 | CVE-2024-9304 security@wordfence.com security@wordfence.com |
| thevisionofhamza--BerqWP Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript | The BerqWP - Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-02 | 6.1 | CVE-2024-9344 security@wordfence.com security@wordfence.com security@wordfence.com |
| tychesoftwares--Product Delivery Date for WooCommerce Lite | The Product Delivery Date for WooCommerce - Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when notices are present. | 2024-10-04 | 6.1 | CVE-2024-9345 security@wordfence.com security@wordfence.com security@wordfence.com |
| miunosoft--Auto Amazon Links Amazon Associates Affiliate Plugin | The Auto Amazon Links - Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-04 | 6.1 | CVE-2024-9349 security@wordfence.com security@wordfence.com security@wordfence.com |
| themes4wp--Popularis Extra | The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-04 | 6.1 | CVE-2024-9353 security@wordfence.com security@wordfence.com security@wordfence.com |
| Red Hat--Red Hat Enterprise Linux 8 | A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack. | 2024-10-01 | 6.5 | CVE-2024-9355 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| migumello--Aggregator Advanced Settings | The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-04 | 6.4 | CVE-2024-9368 security@wordfence.com security@wordfence.com |
| wpblockshub--WP Blocks Hub | The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-04 | 6.4 | CVE-2024-9372 security@wordfence.com security@wordfence.com |
| contact-banker--WordPress Captcha Plugin by Captcha Bank | The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-04 | 6.1 | CVE-2024-9375 security@wordfence.com security@wordfence.com |
| icopydoc--YML for Yandex Market | The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-02 | 6.1 | CVE-2024-9378 security@wordfence.com security@wordfence.com security@wordfence.com |
| algoritmika--Quantity Dynamic Pricing & Bulk Discounts for WooCommerce | The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-04 | 6.1 | CVE-2024-9384 security@wordfence.com security@wordfence.com security@wordfence.com |
| themifyme--Themify Builder | The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-05 | 6.1 | CVE-2024-9385 security@wordfence.com security@wordfence.com security@wordfence.com |
| hashthemes--Hash Form Drag & Drop Form Builder | The Hash Form - Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are excluded from both the 'allowedExtensions' and 'unallowed_extensions' arrays on the affected site's server, including files that may contain cross-site scripting. | 2024-10-05 | 6.1 | CVE-2024-9417 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| prontotools--Login Logout Shortcode | The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-04 | 6.4 | CVE-2024-9421 security@wordfence.com security@wordfence.com security@wordfence.com |
| code-projects--Restaurant Reservation System | A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter2.php. The manipulation of the argument from/to leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "from" to be affected. But it must be assumed that parameter "to" is affected as well. | 2024-10-02 | 6.3 | CVE-2024-9429 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| plainware--ShiftController Employee Shift Scheduling | The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-04 | 6.1 | CVE-2024-9435 security@wordfence.com security@wordfence.com security@wordfence.com |
| acekyd--Display Medium Posts | The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_medium_posts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-04 | 6.4 | CVE-2024-9445 security@wordfence.com security@wordfence.com security@wordfence.com |
| guillaume-lostweb--WP Cleanup and Basic Functions | The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-05 | 6.4 | CVE-2024-9455 security@wordfence.com security@wordfence.com |
| ESAFENET--CDG | A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /MultiServerBackService?path=1. The manipulation of the argument fileId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-05 | 6.3 | CVE-2024-9536 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| ESAFENET--CDG | A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-06 | 6.3 | CVE-2024-9560 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Cisco--Cisco Nexus Dashboard Orchestrator | A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device. This vulnerability exists because the Cisco NDO Validate Peer Certificate site management feature validates the certificates for Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud Network Controller (CNC), and Cisco Nexus Dashboard only when a new site is added or an existing one is reregistered. An attacker could exploit this vulnerability by using machine-in-the-middle techniques to intercept the traffic between the affected device and Cisco NDO and then using a crafted certificate to impersonate the affected device. A successful exploit could allow the attacker to learn sensitive information during communications between these devices. | 2024-10-02 | 5.9 | CVE-2024-20385 ykramarz@cisco.com |
| Cisco--Cisco Data Center Network Manager | A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to download config only or full backup files and learn sensitive configuration information. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface. | 2024-10-02 | 5.7 | CVE-2024-20441 ykramarz@cisco.com |
| Cisco--Cisco Nexus Dashboard | A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web UI, generating config only or full backup files, and deleting tech support files. This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface. | 2024-10-02 | 5.4 | CVE-2024-20442 ykramarz@cisco.com |
| Cisco--Cisco Data Center Network Manager | A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition. | 2024-10-02 | 5.5 | CVE-2024-20444 ykramarz@cisco.com |
| Cisco--Cisco Data Center Network Manager | A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to upload files into a specific container or delete files from a specific folder within that container. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface. | 2024-10-02 | 5.4 | CVE-2024-20477 ykramarz@cisco.com |
| Cisco--Cisco Meraki MX Firmware | A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. | 2024-10-02 | 5.8 | CVE-2024-20500 ykramarz@cisco.com |
| Cisco--Cisco Meraki MX Firmware | A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. | 2024-10-02 | 5.8 | CVE-2024-20502 ykramarz@cisco.com |
| Cisco--Cisco Meraki MX Firmware | A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device. This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device. | 2024-10-02 | 5.8 | CVE-2024-20509 ykramarz@cisco.com |
| Cisco--Cisco Meraki MX Firmware | A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate. | 2024-10-02 | 5.8 | CVE-2024-20513 ykramarz@cisco.com |
| n/a--git-shallow-clone | All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function. | 2024-10-01 | 5.3 | CVE-2024-21531 report@snyk.io report@snyk.io |
| n/a--n/a | A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. | 2024-10-02 | 5.4 | CVE-2024-33210 cve@mitre.org |
| Esri--Portal | There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim's browser (no stateful change made or customer data rendered). | 2024-10-04 | 5.4 | CVE-2024-38039 psirt@esri.com |
| draytek -- vigor3910_firmware | Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. | 2024-10-03 | 5.4 | CVE-2024-41587 cve@mitre.org cve@mitre.org |
| Catch Themes--Full frame | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Full frame allows Stored XSS.This issue affects Full frame: from n/a through 2.7.2. | 2024-10-06 | 5.1 | CVE-2024-44010 audit@patchstack.com |
| Pierre Lebedel--Kodex Posts likes | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pierre Lebedel Kodex Posts likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0. | 2024-10-06 | 5.9 | CVE-2024-44036 audit@patchstack.com |
| MagePeople Team--Multipurpose Ticket Booking Manager | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Multipurpose Ticket Booking Manager allows Stored XSS.This issue affects Multipurpose Ticket Booking Manager: from n/a through 4.2.2. | 2024-10-06 | 5.9 | CVE-2024-44037 audit@patchstack.com |
| WP Travel--WP Travel | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel allows Stored XSS.This issue affects WP Travel: from n/a through 9.3.1. | 2024-10-06 | 5.9 | CVE-2024-44039 audit@patchstack.com |
| Plainware--ShiftController Employee Shift Scheduling | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Plainware ShiftController Employee Shift Scheduling allows Stored XSS.This issue affects ShiftController Employee Shift Scheduling: from n/a through 4.9.64. | 2024-10-06 | 5.9 | CVE-2024-44040 audit@patchstack.com |
| Martin Gibson--IdeaPush | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.66. | 2024-10-06 | 5.9 | CVE-2024-44041 audit@patchstack.com |
| Fahad Mahmood--WP Datepicker | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Datepicker allows Stored XSS.This issue affects WP Datepicker: from n/a through 2.1.1. | 2024-10-06 | 5.9 | CVE-2024-44042 audit@patchstack.com |
| 10Web--Photo Gallery by 10Web | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27. | 2024-10-06 | 5.9 | CVE-2024-44043 audit@patchstack.com |
| Kevon Adonis--WP Abstracts | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.6.5. | 2024-10-06 | 5.9 | CVE-2024-44045 audit@patchstack.com |
| Themify--Themify WooCommerce Product Filter | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify - WooCommerce Product Filter allows Stored XSS.This issue affects Themify - WooCommerce Product Filter: from n/a through 1.5.1. | 2024-10-06 | 5.9 | CVE-2024-44046 audit@patchstack.com |
| apple -- ipados | A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. A user's saved passwords may be read aloud by VoiceOver. | 2024-10-04 | 5.5 | CVE-2024-44204 product-security@apple.com |
| n/a--n/a | PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php. | 2024-10-01 | 5.6 | CVE-2024-44610 cve@mitre.org cve@mitre.org |
| n/a--n/a | An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be altered by non-admin users. | 2024-10-01 | 5.7 | CVE-2024-44744 cve@mitre.org cve@mitre.org |
| n/a--n/a | A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in "Intrest" feature. | 2024-09-30 | 5.4 | CVE-2024-45920 cve@mitre.org |
| n/a--n/a | Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the platform. | 2024-10-01 | 5.4 | CVE-2024-46081 cve@mitre.org |
| n/a--n/a | Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. | 2024-10-01 | 5.4 | CVE-2024-46082 cve@mitre.org cve@mitre.org |
| n/a--n/a | Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular users can trigger actions for administrator users. | 2024-10-01 | 5.4 | CVE-2024-46083 cve@mitre.org |
| cvat-ai--cvat | Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue. | 2024-09-30 | 5.4 | CVE-2024-47172 security-advisories@github.com security-advisories@github.com |
| SeedProd--Coming Soon Page, Under Construction & Maintenance Mode by SeedProd | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Stored XSS.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.17.4. | 2024-10-06 | 5.9 | CVE-2024-47299 audit@patchstack.com |
| Catch Themes--Catch Base | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Catch Base allows Stored XSS.This issue affects Catch Base: from n/a through 3.4.6. | 2024-10-06 | 5.1 | CVE-2024-47313 audit@patchstack.com |
| Vladimir Statsenko--Terms descriptions | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vladimir Statsenko Terms descriptions allows Stored XSS.This issue affects Terms descriptions: from n/a through 3.4.6. | 2024-10-06 | 5.9 | CVE-2024-47336 audit@patchstack.com |
| Brainstorm Force--Starter Templates | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Starter Templates allows Stored XSS.This issue affects Starter Templates: from n/a through 4.4.0. | 2024-10-06 | 5.9 | CVE-2024-47345 audit@patchstack.com |
| Catch Themes--Create | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1. | 2024-10-06 | 5.1 | CVE-2024-47356 audit@patchstack.com |
| Walter Pinem--WP MyLinks | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Walter Pinem WP MyLinks allows Stored XSS.This issue affects WP MyLinks: from n/a through 1.0.6. | 2024-10-05 | 5.9 | CVE-2024-47371 audit@patchstack.com |
| ThemeNcode LLC--TNC PDF viewer | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 3.1.0. | 2024-10-05 | 5.9 | CVE-2024-47372 audit@patchstack.com |
| Tribulant--Slideshow Gallery | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Slideshow Gallery allows Stored XSS.This issue affects Slideshow Gallery: from n/a through 1.8.3. | 2024-10-05 | 5.9 | CVE-2024-47376 audit@patchstack.com |
| ThemeKraft--BuddyForms | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Stored XSS.This issue affects BuddyForms: from n/a through 2.8.12. | 2024-10-05 | 5.9 | CVE-2024-47377 audit@patchstack.com |
| Averta--Depicter Slider | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.2.2. | 2024-10-05 | 5.9 | CVE-2024-47381 audit@patchstack.com |
| Webangon--The Pack Elementor addons | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webangon The Pack Elementor addons allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through 2.0.8.8. | 2024-10-05 | 5.9 | CVE-2024-47383 audit@patchstack.com |
| LinkGraph--Search Atlas SEO | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LinkGraph Search Atlas SEO allows Stored XSS.This issue affects Search Atlas SEO: from n/a through 1.8.2. | 2024-10-05 | 5.9 | CVE-2024-47387 audit@patchstack.com |
| librenms--librenms | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0. | 2024-10-01 | 5.4 | CVE-2024-47528 security-advisories@github.com security-advisories@github.com |
| Clinical-Genomics--scout | Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89. | 2024-09-30 | 5.4 | CVE-2024-47530 security-advisories@github.com security-advisories@github.com |
| GhozyLab, Inc.--Gallery Lightbox | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Gallery Lightbox allows Stored XSS.This issue affects Gallery Lightbox: from n/a through 1.0.0.39. | 2024-10-05 | 5.9 | CVE-2024-47623 audit@patchstack.com |
| TinyPNG--TinyPNG | Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG.This issue affects TinyPNG: from n/a through 3.4.3. | 2024-10-05 | 5.4 | CVE-2024-47635 audit@patchstack.com |
| HelpieWP--Accordion & FAQ Helpie WordPress Accordion FAQ Plugin | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelpieWP Accordion & FAQ - Helpie WordPress Accordion FAQ Plugin allows Stored XSS.This issue affects Accordion & FAQ - Helpie WordPress Accordion FAQ Plugin: from n/a through 1.27. | 2024-10-05 | 5.9 | CVE-2024-47647 audit@patchstack.com |
| backstage--backstage | Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema specified that they should have backend or secret visibility. This was an intended feature of the APP_CONFIG_* way of supplying configuration, but now clearly goes against the expected behavior of the configuration system. This behavior leads to a risk of potentially exposing sensitive configuration details intended to remain private or restricted to backend processes. The issue has been resolved in version 0.3.75 of the @backstage/plugin-app-backend package. As a temporary measure, avoid supplying secrets using the APP_CONFIG_ configuration pattern. Consider alternative methods for setting secrets, such as the environment substitution available for Backstage configuration. | 2024-10-03 | 5.8 | CVE-2024-47762 security-advisories@github.com security-advisories@github.com |
| Unknown--Starbox | The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks. | 2024-09-30 | 5.4 | CVE-2024-8239 contact@wpscan.com |
| icegram--Email Subscribers by Icegram Express Email Marketing, Newsletters, Automation for WordPress & WooCommerce | The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | 2024-10-02 | 5.4 | CVE-2024-8254 security@wordfence.com security@wordfence.com security@wordfence.com |
| spicethemes--Spice Starter Sites | The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to import demo content. | 2024-10-01 | 5.3 | CVE-2024-8430 security@wordfence.com security@wordfence.com |
| planet -- gs-4210-24p2s_firmware | The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords. | 2024-09-30 | 5.9 | CVE-2024-8455 twcert@cert.org.tw twcert@cert.org.tw |
| NLnet Labs--Unbound | NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic. | 2024-10-03 | 5.3 | CVE-2024-8508 sep@nlnetlabs.nl |
| ultimatemember--Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the admin_init or user_action_hook function. This makes it possible for unauthenticated attackers to modify a users membership status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-10-04 | 5.3 | CVE-2024-8520 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| dotcamp -- ultimate_blocks | The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2024-09-30 | 5.4 | CVE-2024-8536 contact@wpscan.com |
| Red Hat--Red Hat Enterprise Linux 8 | A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. | 2024-10-01 | 5.4 | CVE-2024-9341 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| n/a--ThingsBoard | A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation leads to resource consumption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.7.1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed on 2024-07-24 about this vulnerability and announced the release of 3.7.1 for the second half of September 2024. | 2024-10-01 | 5.3 | CVE-2024-9358 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Pluck CMS--Pluck CMS | An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module, but not from recursive directories. | 2024-10-01 | 5.3 | CVE-2024-9405 cve-coordination@incibe.es |
| Ada Support--Ada.cx Sentry Component | Ada.cx's Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint. | 2024-10-04 | 5.3 | CVE-2024-9410 vulnreport@tenable.com |
| HP Inc.--Certain HP LaserJet Printers | Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a "JPEG Unsupported" message which may not clear, potentially blocking queued print jobs. | 2024-10-02 | 5.3 | CVE-2024-9423 hp-security-alert@hp.com |
| brian_voelker--slim_select | Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption(), the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate lists using unsanitized user-provided input may be vulnerable to cross-site scripting, resulting in attacker executed JavaScript. At this time, no patch is available. | 2024-10-02 | 5.4 | CVE-2024-9440 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
| AVG/Avast--Antivirus | An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing. | 2024-10-04 | 5.1 | CVE-2024-9481 security@nortonlifelock.com |
| AVG/Avast--Antivirus | An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing. | 2024-10-04 | 5.1 | CVE-2024-9482 security@nortonlifelock.com |
| AVG/Avast--Antivirus | A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing. | 2024-10-04 | 5.1 | CVE-2024-9483 security@nortonlifelock.com |
| AVG/Avast--Antivirus | An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing. | 2024-10-04 | 5.1 | CVE-2024-9484 security@nortonlifelock.com |
| NVIDIA--Triton Inference Server | NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service. | 2024-10-01 | 4.9 | CVE-2024-0116 psirt@nvidia.com |
| n/a--cocoon | Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. **Note:** The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng. | 2024-10-02 | 4.5 | CVE-2024-21530 report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io |
| Esri--Enterprise Web App Builder | There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 10.8.1 - 10.9.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the Layer Showcase application configuration which when clicked could potentially execute arbitrary JavaScript code in the victim's browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal. | 2024-10-04 | 4.8 | CVE-2024-25694 psirt@esri.com |
| Esri--Portal for ArcGIS Enterprise Experience Builder | There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 10.8.1 - 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the Experience Builder Embed widget which when loaded could potentially execute arbitrary JavaScript code in the victim's browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal. | 2024-10-04 | 4.8 | CVE-2024-25701 psirt@esri.com |
| Esri--ArcGIS Enterprise Web App Builder | There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 - 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victim's browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal. | 2024-10-04 | 4.8 | CVE-2024-25702 psirt@esri.com |
| Esri--Portal | There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code. | 2024-10-04 | 4.8 | CVE-2024-25707 psirt@esri.com |
| radiustheme -- the_post_grid | The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-09-30 | 4.8 | CVE-2024-3635 contact@wpscan.com |
| Esri--Portal for ArcGIS Enterprise Experience Builder | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim's browser. | 2024-10-04 | 4.6 | CVE-2024-38036 psirt@esri.com |
| n/a--n/a | DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name. | 2024-10-03 | 4.7 | CVE-2024-41583 cve@mitre.org cve@mitre.org |
| n/a--n/a | DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter. | 2024-10-03 | 4.7 | CVE-2024-41584 cve@mitre.org cve@mitre.org |
| Hewlett Packard Enterprise--HPE IceWall Agent products | A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a Cross-Site Request Forgery (CSRF) in the login flow. | 2024-10-03 | 4.3 | CVE-2024-42504 security-alert@hpe.com |
| apple -- ipados | This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated. | 2024-10-04 | 4.3 | CVE-2024-44207 product-security@apple.com |
| IBM--WebSphere Application Server | IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2024-09-30 | 4.8 | CVE-2024-45073 psirt@us.ibm.com |
| ZKteco--iClock v3.1-168 | ZKteco - CWE 200 Exposure of Sensitive Information to an Unauthorized Actor | 2024-10-06 | 4.3 | CVE-2024-45250 cna@cyber.gov.il |
| n/a--n/a | Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack. | 2024-10-02 | 4.8 | CVE-2024-45960 cve@mitre.org |
| n/a--n/a | October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target. | 2024-10-02 | 4.7 | CVE-2024-45962 cve@mitre.org |
| n/a--n/a | Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field. | 2024-10-02 | 4.8 | CVE-2024-45964 cve@mitre.org |
| n/a--n/a | Contao 5.4.1 allows an authenticated admin account to upload a SVG file containing malicious javascript code into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted javascript to the target. | 2024-10-02 | 4.7 | CVE-2024-45965 cve@mitre.org |
| n/a--n/a | Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget. | 2024-10-01 | 4.7 | CVE-2024-45967 cve@mitre.org |
| n/a--n/a | A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | 2024-09-30 | 4.8 | CVE-2024-46475 cve@mitre.org |
| Salon Booking System--Salon booking system | Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.9. | 2024-10-05 | 4.3 | CVE-2024-47316 audit@patchstack.com |
| Clinical-Genomics--scout | Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users' devices or data. This vulnerability is fixed in 4.89. | 2024-09-30 | 4.6 | CVE-2024-47531 security-advisories@github.com security-advisories@github.com |
| Payflex--Payflex Payment Gateway | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payflex Payflex Payment Gateway.This issue affects Payflex Payment Gateway: from n/a through 2.6.1. | 2024-10-05 | 4.7 | CVE-2024-47646 audit@patchstack.com |
| Esri--Portal | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim's browser. | 2024-10-04 | 4.6 | CVE-2024-8149 psirt@esri.com |
| Unknown--Slider by 10Web | The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-09-30 | 4.8 | CVE-2024-8283 contact@wpscan.com |
| planet -- gs-4210-24p2s_firmware | Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords. | 2024-09-30 | 4.9 | CVE-2024-8453 twcert@cert.org.tw twcert@cert.org.tw |
| planet -- gs-4210-24p2s_firmware | Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject arbitrary JavaScript, leading to Stored XSS attack. | 2024-09-30 | 4.8 | CVE-2024-8457 twcert@cert.org.tw twcert@cert.org.tw |
| planet -- gs-4210-24p2s_firmware | Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials. | 2024-09-30 | 4.9 | CVE-2024-8459 twcert@cert.org.tw twcert@cert.org.tw |
| themehigh--Checkout Field Editor (Checkout Manager) for WooCommerce | The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'render_review_request_notice' function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-04 | 4.7 | CVE-2024-8499 security@wordfence.com security@wordfence.com security@wordfence.com |
| soumettre--Soumettre.fr | The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettre_disconnect_gateway function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the gateway and delete the API key. | 2024-10-01 | 4.3 | CVE-2024-8675 security@wordfence.com security@wordfence.com |
| James Low--CSS JS Files | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in James Low CSS JS Files allows Path Traversal.This issue affects CSS JS Files: from n/a through 1.5.0. | 2024-10-05 | 4.9 | CVE-2024-9146 audit@patchstack.com |
| Linux and Microsoft Windows--Octopus Server | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766. | 2024-09-30 | 4.3 | CVE-2024-9194 security@octopus.com |
| expressjs--express | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0. | 2024-10-03 | 4.7 | CVE-2024-9266 36c7be3b-2937-45df-85ea-ca7133ea542c |
| wpdevelop--WP Booking Calendar | The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. In addition, site administrators have the option to grant lower-level users with access to manage the plugin's settings which may extend this vulnerability to those users. | 2024-10-04 | 4.4 | CVE-2024-9306 security@wordfence.com security@wordfence.com |
| Red Hat--Red Hat Enterprise Linux 8 | A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. | 2024-10-01 | 4.7 | CVE-2024-9407 secalert@redhat.com secalert@redhat.com |
| techjewel--Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder | The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to edit forms (administrator by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-05 | 4.9 | CVE-2024-9528 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| NVIDIA--CUDA Toolkit | NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service. | 2024-10-03 | 3.3 | CVE-2024-0123 psirt@nvidia.com |
| NVIDIA--CUDA Toolkit | NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service. | 2024-10-03 | 3.3 | CVE-2024-0124 psirt@nvidia.com |
| NVIDIA--CUDA Toolkit | NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service. | 2024-10-03 | 3.3 | CVE-2024-0125 psirt@nvidia.com |
| HCL Software--Nomad server on Domino | HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors. | 2024-10-01 | 3.7 | CVE-2024-30132 psirt@hcl.com |
| librenms--librenms | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh. | 2024-10-01 | 3.5 | CVE-2024-47526 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| miraheze--DataDump | DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d. | 2024-10-02 | 3.5 | CVE-2024-47612 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| n/a--OFCMS | A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-01 | 3.5 | CVE-2024-9411 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Netadmin Software--NetAdmin IAM | A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument username leads to information exposure through discrepancy. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-04 | 3.7 | CVE-2024-9513 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Sovell--Smart Canteen System | A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation leads to authorization bypass. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-06 | 3.7 | CVE-2024-9554 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| theupdateframework--go-tuf | go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", then the client should trace the delegations in the order "A" then "B" then "C" but it may incorrectly trace the delegations "B"->"C"->"A". This vulnerability is fixed in 2.0.1. | 2024-10-01 | not yet calculated | CVE-2024-47534 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| hyperium--tonic | Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that were not covered correctly causing the accept loop to exit. Upgrading to tonic 0.12.3 and above contains the fix. | 2024-10-01 | not yet calculated | CVE-2024-47609 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| tukaani-project--xz | XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters (for example, filenames) that don't exist in the current legacy code page, the characters are converted to similar-looking characters with best-fit mapping. Some best-fit mappings result in ASCII characters that change the meaning of the command line, which can be exploited with malicious filenames to do argument injection or directory traversal attacks. This vulnerability is fixed in 5.6.3. Command line tools built for Cygwin or MSYS2 are unaffected. liblzma is unaffected. | 2024-10-02 | not yet calculated | CVE-2024-47611 security-advisories@github.com security-advisories@github.com |
| Wiz--Wiz Code Visual Studio Code extension | Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder" within Visual Studio Code, and initiates a manual scan of the file. | 2024-10-01 | not yet calculated | CVE-2024-9145 9947ef80-c5d5-474a-bbab-97341a59000e 9947ef80-c5d5-474a-bbab-97341a59000e 9947ef80-c5d5-474a-bbab-97341a59000e |
| n/a--n/a | Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key with the same X coordinate as the offered public key and by reflection of the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. This is a related issue to CVE-2020-26558. | 2024-10-01 | not yet calculated | CVE-2021-37577 cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a--n/a | TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user. | 2024-10-04 | not yet calculated | CVE-2023-26770 cve@mitre.org cve@mitre.org |
| n/a--n/a | Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the victim opens the file. | 2024-10-04 | not yet calculated | CVE-2023-26771 cve@mitre.org cve@mitre.org |
| n/a--n/a | The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user's primary network. The only requirement of the attack is proximity to the dedicated wireless network. | 2024-10-03 | not yet calculated | CVE-2023-37822 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a--n/a | An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm. | 2024-10-02 | not yet calculated | CVE-2024-24116 cve@mitre.org cve@mitre.org |
| n/a--n/a | Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component. | 2024-10-02 | not yet calculated | CVE-2024-24117 cve@mitre.org cve@mitre.org |
| n/a--n/a | A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restart the system, and automatically execute the constructed attack script. | 2024-10-02 | not yet calculated | CVE-2024-24122 cve@mitre.org cve@mitre.org |
| n/a--n/a | Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows attackers (with access to the database or exported configuration files) to obtain SNMP users' usernames and passwords in cleartext. | 2024-10-01 | not yet calculated | CVE-2024-25658 cve@mitre.org |
| n/a--n/a | An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web applications. | 2024-09-30 | not yet calculated | CVE-2024-28808 cve@mitre.org |
| n/a--n/a | An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations. | 2024-09-30 | not yet calculated | CVE-2024-28811 cve@mitre.org |
| n/a--n/a | Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter. | 2024-10-01 | not yet calculated | CVE-2024-31835 cve@mitre.org cve@mitre.org |
| n/a--n/a | FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser. | 2024-10-02 | not yet calculated | CVE-2024-33209 cve@mitre.org |
| n/a--n/a | Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function. | 2024-10-02 | not yet calculated | CVE-2024-33662 cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a--n/a | In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header. | 2024-10-03 | not yet calculated | CVE-2024-34535 cve@mitre.org cve@mitre.org |
| n/a--n/a | An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing network traffic. | 2024-09-30 | not yet calculated | CVE-2024-35495 cve@mitre.org |
| n/a--n/a | File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable. | 2024-10-04 | not yet calculated | CVE-2024-37868 cve@mitre.org cve@mitre.org |
| n/a--n/a | File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable | 2024-10-04 | not yet calculated | CVE-2024-37869 cve@mitre.org cve@mitre.org |
| n/a--n/a | A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter. | 2024-10-04 | not yet calculated | CVE-2024-41511 cve@mitre.org |
| n/a--n/a | A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter. | 2024-10-04 | not yet calculated | CVE-2024-41512 cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a--n/a | A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter. | 2024-10-04 | not yet calculated | CVE-2024-41513 cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a--n/a | A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter. | 2024-10-04 | not yet calculated | CVE-2024-41514 cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a--n/a | A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "res_url" parameter. | 2024-10-04 | not yet calculated | CVE-2024-41515 cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a--n/a | A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter. | 2024-10-04 | not yet calculated | CVE-2024-41516 cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a--n/a | DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine. | 2024-10-03 | not yet calculated | CVE-2024-41585 cve@mitre.org cve@mitre.org |
| n/a--n/a | The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function. | 2024-10-03 | not yet calculated | CVE-2024-41588 cve@mitre.org cve@mitre.org |
| n/a--n/a | Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6. | 2024-10-03 | not yet calculated | CVE-2024-41590 cve@mitre.org cve@mitre.org |
| n/a--n/a | DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. | 2024-10-03 | not yet calculated | CVE-2024-41591 cve@mitre.org cve@mitre.org |
| n/a--n/a | DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. | 2024-10-03 | not yet calculated | CVE-2024-41593 cve@mitre.org cve@mitre.org |
| n/a--n/a | An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL. | 2024-10-03 | not yet calculated | CVE-2024-41594 cve@mitre.org cve@mitre.org |
| TEM--Opera Plus FM Family Transmitter | The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. | 2024-10-03 | not yet calculated | CVE-2024-41987 ics-cert@hq.dhs.gov |
| TEM--Opera Plus FM Family Transmitter | TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code. | 2024-10-03 | not yet calculated | CVE-2024-41988 ics-cert@hq.dhs.gov |
| TECHNO SUPPORT COMPANY--Smart-tab Android app | Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a password. If this vulnerability is exploited, an attacker with physical access to the device may retrieve the credential information and spoof the device to access the related external service. | 2024-09-30 | not yet calculated | CVE-2024-42496 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| Microchip--TimeProvider 4100 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0. | 2024-10-04 | not yet calculated | CVE-2024-43683 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 |
| Microchip--TimeProvider 4100 | Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0. | 2024-10-04 | not yet calculated | CVE-2024-43684 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 |
| Microchip--TimeProvider 4100 | Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | 2024-10-04 | not yet calculated | CVE-2024-43685 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 |
| Microchip--TimeProvider 4100 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | 2024-10-04 | not yet calculated | CVE-2024-43686 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 |
| Microchip--TimeProvider 4100 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | 2024-10-04 | not yet calculated | CVE-2024-43687 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 |
| OpenC3--cosmos | OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition. | 2024-10-02 | not yet calculated | CVE-2024-43795 security-advisories@github.com security-advisories@github.com |
| n/a--n/a | An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port. | 2024-10-04 | not yet calculated | CVE-2024-44439 cve@mitre.org cve@mitre.org |
| mantisbt--mantisbt | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. This vulnerability is fixed in 2.26.4. | 2024-09-30 | not yet calculated | CVE-2024-45792 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| n/a--n/a | A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically within the get_station_info()function located in the file /application/models/Oqrs_model.php. The vulnerability is exploitable via the station_id parameter. | 2024-10-01 | not yet calculated | CVE-2024-45999 cve@mitre.org |
| n/a--n/a | itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and state_name parameters in travellers.php. | 2024-10-04 | not yet calculated | CVE-2024-46077 cve@mitre.org cve@mitre.org |
| n/a--n/a | itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id. | 2024-10-04 | not yet calculated | CVE-2024-46078 cve@mitre.org |
| n/a--n/a | A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page. | 2024-10-04 | not yet calculated | CVE-2024-46409 cve@mitre.org cve@mitre.org |
| n/a--n/a | TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. | 2024-10-04 | not yet calculated | CVE-2024-46486 cve@mitre.org cve@mitre.org |
| n/a--n/a | An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter. | 2024-09-30 | not yet calculated | CVE-2024-46635 cve@mitre.org |
| n/a--n/a | Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability. | 2024-10-03 | not yet calculated | CVE-2024-46658 cve@mitre.org |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel_pcie: Allocate memory for driver private data Fix driver not allocating memory for struct btintel_data which is used to store internal data. | 2024-09-30 | not yet calculated | CVE-2024-46869 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| OpenC3--cosmos | OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method allows an authenticated user with adequate permissions to download any .txt via the ScreensController#show on the web server COSMOS is running on (depending on the file permissions). This vulnerability is fixed in 5.19.0. | 2024-10-02 | not yet calculated | CVE-2024-46977 security-advisories@github.com security-advisories@github.com |
| cvat-ai--cvat | Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue. | 2024-09-30 | not yet calculated | CVE-2024-47063 security-advisories@github.com security-advisories@github.com |
| cvat-ai--cvat | Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue. | 2024-09-30 | not yet calculated | CVE-2024-47064 security-advisories@github.com security-advisories@github.com |
| alist-org--alist | AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:link_name takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up to HTML tags via XHTML and thus leading to a XSS vulnerability. This vulnerability is fixed in 3.29.0. | 2024-09-30 | not yet calculated | CVE-2024-47067 security-advisories@github.com security-advisories@github.com |
| expressjs--basic-auth-connect | basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0. | 2024-09-30 | not yet calculated | CVE-2024-47178 security-advisories@github.com security-advisories@github.com |
| n/a--n/a | In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming. | 2024-10-04 | not yet calculated | CVE-2024-47211 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| OpenC3--cosmos | OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128). This vulnerability is fixed in 5.19.0. This only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition. | 2024-10-02 | not yet calculated | CVE-2024-47529 security-advisories@github.com security-advisories@github.com |
| zopefoundation--RestrictedPython | RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment. | 2024-09-30 | not yet calculated | CVE-2024-47532 security-advisories@github.com security-advisories@github.com |
| StarCitizenTools--mediawiki-skins-Citizen | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0. | 2024-09-30 | not yet calculated | CVE-2024-47536 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| Apache Software Foundation--Apache Commons IO | Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue. | 2024-10-03 | not yet calculated | CVE-2024-47554 security@apache.org |
| Js Communication Co., Ltd.--RevoWorks Cloud Client | RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client's local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry. | 2024-10-01 | not yet calculated | CVE-2024-47560 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| DefinetlyNotAI--Logicytics | Logicytics is designed to harvest and collect data for forensic analysis. Logicytics has a basic vuln affecting compromised devices from shell injections. This vulnerability is fixed in 2.3.2. | 2024-10-01 | not yet calculated | CVE-2024-47608 security-advisories@github.com security-advisories@github.com |
| sulu--sulu | Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the "Media" section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims' (other users including admins) browsers. This issue is fixed in 2.6.5. | 2024-10-03 | not yet calculated | CVE-2024-47618 security-advisories@github.com security-advisories@github.com |
| Shilpi Computers--Client Dashboard | This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple "userid" parameters in the API request body leading to unauthorized access of sensitive information belonging to other users. | 2024-10-04 | not yet calculated | CVE-2024-47651 vdisclose@cert-in.org.in |
| Shilpi Computers--Client Dashboard | This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their corresponding mobile number. A remote attacker could exploit this vulnerability by providing mobile number of targeted user, to obtain complete access to the targeted user account. | 2024-10-04 | not yet calculated | CVE-2024-47652 vdisclose@cert-in.org.in |
| Shilpi Computers--Client Dashboard | This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to unauthorized modification of requests belonging to the other users. | 2024-10-04 | not yet calculated | CVE-2024-47653 vdisclose@cert-in.org.in |
| Shilpi Computers--Client Dashboard | This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints, which could lead to the OTP bombing on the targeted system. | 2024-10-04 | not yet calculated | CVE-2024-47654 vdisclose@cert-in.org.in |
| Shilpi Computers--Client Dashboard | This vulnerability exists in the Shilpi Client Dashboard due to improper validation of files being uploaded other than the specified extension. An authenticated remote attacker could exploit this vulnerability by uploading malicious file, which could lead to remote code execution on targeted application. | 2024-10-04 | not yet calculated | CVE-2024-47655 vdisclose@cert-in.org.in |
| Shilpi Computers--Client Dashboard | This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on password, which could lead to gain unauthorized access to other user accounts. | 2024-10-04 | not yet calculated | CVE-2024-47656 vdisclose@cert-in.org.in |
| Shilpi Computers--Net Back Office | This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter dfclientid through API request URLs which could lead to unauthorized access to sensitive information belonging to other users. | 2024-10-04 | not yet calculated | CVE-2024-47657 vdisclose@cert-in.org.in |
| jshttp--cookie | cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain. | 2024-10-04 | not yet calculated | CVE-2024-47764 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| jgniecki--MinecraftMotdParser | Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting (XSS) attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of MotdItemCollection to generate a HTML string. An attacker can make malicious inputs to the color and text properties of MotdItem to inject own HTML into a web page during web page generation. For example by sending a malicious MOTD from a Minecraft server under their control that was queried and passed to the HtmlGenerator. This XSS vulnerability exists because the values of these properties are neither filtered nor escaped. This vulnerability is fixed in 1.0.6. | 2024-10-04 | not yet calculated | CVE-2024-47765 security-advisories@github.com security-advisories@github.com |
| Lif-Platforms--Lif-Auth-Server | Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker knew the email of the target, they could supply the email and immediately prompt the server to update the password without ever needing the code. This issue has been patched in version 1.7.3. | 2024-10-04 | not yet calculated | CVE-2024-47768 security-advisories@github.com security-advisories@github.com |
| Jenkins Project--Jenkins | Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field. | 2024-10-02 | not yet calculated | CVE-2024-47803 jenkinsci-cert@googlegroups.com |
| Jenkins Project--Jenkins | If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction. | 2024-10-02 | not yet calculated | CVE-2024-47804 jenkinsci-cert@googlegroups.com |
| Jenkins Project--Jenkins Credentials Plugin | Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `config.xml` via REST API or CLI. | 2024-10-02 | not yet calculated | CVE-2024-47805 jenkinsci-cert@googlegroups.com |
| The Wikimedia Foundation--Mediawiki - Apex skin | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue affects Mediawiki - Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | 2024-10-05 | not yet calculated | CVE-2024-47840 c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc |
| The Wikimedia Foundation--Mediawiki - CSS Extension | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9. | 2024-10-05 | not yet calculated | CVE-2024-47841 c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc |
| The Wikimedia Foundation--Mediawiki - CSS Extension | Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | 2024-10-05 | not yet calculated | CVE-2024-47845 c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc |
| The Wikimedia Foundation--Mediawiki - Cargo | Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | 2024-10-05 | not yet calculated | CVE-2024-47846 c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc |
| The Wikimedia Foundation--Mediawiki - Cargo | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | 2024-10-05 | not yet calculated | CVE-2024-47847 c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc |
| The Wikimedia Foundation--Mediawiki - PageTriage | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | 2024-10-05 | not yet calculated | CVE-2024-47848 c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc |
| The Wikimedia Foundation--Mediawiki - Cargo | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | 2024-10-05 | not yet calculated | CVE-2024-47849 c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc c4f26cc8-17ff-4c99-b5e2-38fc1793eacc |
| n/a--n/a | util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. | 2024-10-04 | not yet calculated | CVE-2024-47855 cve@mitre.org cve@mitre.org |
| n/a--n/a | An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT. | 2024-10-04 | not yet calculated | CVE-2024-47910 cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a--n/a | An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter. | 2024-10-04 | not yet calculated | CVE-2024-47913 cve@mitre.org cve@mitre.org |
| Vercom S.A.--Redlink SDK | Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13. | 2024-09-30 | not yet calculated | CVE-2024-6051 cvd@cert.pl cvd@cert.pl |
| OpenText--Vertica | Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X. | 2024-10-02 | not yet calculated | CVE-2024-6360 security@opentext.com |
| parisneo--parisneo/lollms-webui | A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code. | 2024-09-30 | not yet calculated | CVE-2024-6394 security@huntr.dev |
| Finrota--Netahsilat | Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03. | 2024-10-04 | not yet calculated | CVE-2024-6400 iletisim@usom.gov.tr |
| Microchip--TimeProvider 4100 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | 2024-10-04 | not yet calculated | CVE-2024-7801 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 |
| Webroot--SecureAnywhere - Web Shield | Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3. | 2024-10-03 | not yet calculated | CVE-2024-7824 security@opentext.com |
| Webroot--SecureAnywhere - Web Shield | Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3. | 2024-10-03 | not yet calculated | CVE-2024-7825 security@opentext.com |
| Webroot--SecureAnywhere - Web Shield | Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3. | 2024-10-03 | not yet calculated | CVE-2024-7826 security@opentext.com |
| Microchip--TimeProvider 4100 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | 2024-10-04 | not yet calculated | CVE-2024-9054 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 |
| M-Files Corporation--M-Files Hubshare | Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI | 2024-10-02 | not yet calculated | CVE-2024-9174 security@m-files.com |
| Eclipse Foundation--Glassfish | In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | 2024-09-30 | not yet calculated | CVE-2024-9329 emo@eclipse.org emo@eclipse.org |
| M-Files Corporation--M-Files Connector for Copilot | Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation | 2024-10-02 | not yet calculated | CVE-2024-9333 security@m-files.com |
| Mozilla--Firefox | A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. *This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131. | 2024-10-01 | not yet calculated | CVE-2024-9391 security@mozilla.org security@mozilla.org |
| Mozilla--Firefox | An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. | 2024-10-01 | not yet calculated | CVE-2024-9393 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| Mozilla--Firefox | An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. | 2024-10-01 | not yet calculated | CVE-2024-9394 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| Mozilla--Firefox | A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131. | 2024-10-01 | not yet calculated | CVE-2024-9395 security@mozilla.org security@mozilla.org |
| Mozilla--Firefox | A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | 2024-10-01 | not yet calculated | CVE-2024-9397 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| Mozilla--Firefox | By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | 2024-10-01 | not yet calculated | CVE-2024-9398 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| Mozilla--Firefox | A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | 2024-10-01 | not yet calculated | CVE-2024-9399 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.