CISA Bulletins - Vulnerability Summary for the Week of April 8, 2024

  • Welcome to ITBible, we're your #1 resource for enterprise or homelab IT problems (or just a place to show off your stuff).
C

CISA

Guest

High Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- adobe_commerce
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high.​
2024-04-10​
9
CVE-2024-20758
[email protected]
adobe -- adobe_commerce
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact.​
2024-04-10​
8.1
CVE-2024-20759
[email protected]
adobe -- animate
Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-04-11​
7.8
CVE-2024-20795
[email protected]
adobe -- animate
Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-04-11​
7.8
CVE-2024-20797
[email protected]
adobe -- illustrator
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-04-11​
7.8
CVE-2024-30271
[email protected]
adobe -- illustrator
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-04-11​
7.8
CVE-2024-30272
[email protected]
adobe -- illustrator
Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-04-11​
7.8
CVE-2024-30273
[email protected]
adobe -- media_encoder
Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-04-10​
7.8
CVE-2024-20772
[email protected]
andy_moyle -- church_admin
Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.​
2024-04-07​
9.9
CVE-2024-31280
[email protected]
binary-husky -- gpt_academic
GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.​
2024-04-08​
9.8
CVE-2024-31224
[email protected]
[email protected]
[email protected]
bitdefender -- gravityzone_control_center_(on_premises)
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1​
2024-04-09​
8.1
CVE-2024-2223
[email protected]
bitdefender -- gravityzone_control_center_(on_premises)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1​
2024-04-09​
8.1
CVE-2024-2224
[email protected]
britner -- gutenberg_blocks_by_kadence_blocks_-_page_builder_features
The Gutenberg Blocks by Kadence Blocks - Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.​
2024-04-09​
8.5
CVE-2023-6964
[email protected]
[email protected]
campcodes -- church_management_system
A vulnerability, which was classified as critical, has been found in Campcodes Church Management System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259904.​
2024-04-10​
7.3
CVE-2024-3534
[email protected]
[email protected]
[email protected]
[email protected]
campcodes -- church_management_system
A vulnerability, which was classified as critical, was found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259905 was assigned to this vulnerability.​
2024-04-10​
7.3
CVE-2024-3535
[email protected]
[email protected]
[email protected]
[email protected]
cbutlerjr -- wp-members_membership_plugin
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page which is the edit users page. This vulnerability was partially patched in version 3.4.9.2, and was fully patched in 3.4.9.3.​
2024-04-09​
7.2
CVE-2024-1852
[email protected]
[email protected]
[email protected]
[email protected]
codeisawesome -- aikit
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeIsAwesome AIKit.This issue affects AIKit: from n/a through 4.14.1.​
2024-04-09​
8.5
CVE-2024-31370
[email protected]
contao -- contao
Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages.​
2024-04-09​
8.3
CVE-2024-28235
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
conveythis -- language_translate_widget_for_wordpress_conveythis
The Language Translate Widget for WordPress - ConveyThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in all versions up to, and including, 223 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-11​
7.2
CVE-2023-6811
[email protected]
[email protected]
croixhaug -- appointment_booking_calendar_-_simply_schedule_appointments_booking_plugin
The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-04-09​
8.8
CVE-2024-2341
[email protected]
[email protected]
croixhaug -- appointment_booking_calendar_-_simply_schedule_appointments_booking_plugin
The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customer_id parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-04-09​
8.8
CVE-2024-2342
[email protected]
[email protected]
customily -- customily_product_personalizer
The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. We unfortunately could not get in touch with the vendor through various means to disclose this issue.​
2024-04-09​
7.2
CVE-2024-1774
[email protected]
[email protected]
cym1102 -- nginxwebui
A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability.​
2024-04-13​
7.3
CVE-2024-3738
[email protected]
[email protected]
[email protected]
[email protected]
datafeedrcom -- woocommerce_cloak_affiliate_links
The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalink_settings_save' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the affiliate permalink base, driving traffic to malicious sites via the plugin's affiliate links.​
2024-04-09​
7.5
CVE-2024-1308
[email protected]
[email protected]
[email protected]
dattateccom -- envÂalosimple:_email_marketing_y_newsletters
The EnvÃaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated attackers to upload malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
2024-04-09​
8.8
CVE-2024-2125
[email protected]
[email protected]
dell -- alienware_command_center_(awcc)
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise.​
2024-04-10​
7.4
CVE-2024-22450
[email protected]
devitemsllc -- ht_mega_-_absolute_addons_for_elementor
The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files on the server, which can contain sensitive information.​
2024-04-09​
8.8
CVE-2024-1974
[email protected]
[email protected]
[email protected]
diracgrid -- dirac
DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process (e.g., when using dirac-proxy-init), it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a short period of time (sub-millsecond) during the generation process. Version 8.0.41 contains a patch for the issue. As a workaround, setting the X509_USER_PROXY environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written, it can be safely copied to the standard location (/tmp/x509up_uNNNN).​
2024-04-09​
8.1
CVE-2024-29905
[email protected]
[email protected]
eclipse_foundation -- kura
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs. This issue affects org.eclipse.kura:eek:rg.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1]​
2024-04-09​
7.5
CVE-2024-3046
[email protected]
elextensions -- elex_woocommerce_dynamic_pricing_and_discounts
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts allows Reflected XSS.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2.​
2024-04-07​
7.1
CVE-2024-31255
[email protected]
esphome -- esphome
ESPHome is a system to control microcontrollers remotely through Home Automation systems. API endpoints in dashboard component of ESPHome version 2023.12.9 (command line installation) are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to carry out attacks against a logged user of the dashboard to perform operations on configuration files (create, edit, delete). It is possible for a malicious actor to create a specifically crafted web page that triggers a cross site request against ESPHome, this allows bypassing the authentication for API calls on the platform. This vulnerability allows bypassing authentication on API calls accessing configuration file operations on the behalf of a logged user. In order to trigger the vulnerability, the victim must visit a weaponized page. In addition to this, it is possible to chain this vulnerability with GHSA-9p43-hj5j-96h5/ CVE-2024-27287 to obtain a complete takeover of the user account. Version 2024.3.0 contains a patch for this issue.​
2024-04-11​
8.1
CVE-2024-29019
[email protected]
[email protected]
fastify -- fastify-secure-session
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is destroyed. When an encrypted cookie with matching session name is provided with subsequent requests, it will decrypt the ciphertext to get the data. The plugin then creates a new session with the data in the ciphertext. Thus theoretically the web instance is still accessing the data from a server-side session, but technically that session is generated solely from a user provided cookie (which is assumed to be non-craftable because it is encrypted with a secret key not known to the user). The issue exists in the session removal process. In the delete function of the code, when the session is deleted, it is marked for deletion. However, if an attacker could gain access to the cookie, they could keep using it forever. Version 7.3.0 contains a patch for the issue. As a workaround, one may include a "last update" field in the session, and treat "old sessions" as expired.​
2024-04-10​
7.4
CVE-2024-31999
[email protected]
[email protected]
flipped-aurora -- gin-vue-admin
gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System -> Plugin Template feature, an attacker can perform directory traversal by manipulating the plugName parameter. They can create specific folders such as api, config, global, model, router, service, and main.go function within the specified traversal directory. Moreover, the Go files within these folders can have arbitrary code inserted based on a specific PoC parameter. The main reason for the existence of this vulnerability is the controllability of the PlugName field within the struct. Pseudoversion 0.0.0-20240409100909-b1b7427c6ea6, corresponding to commit b1b7427c6ea6c7a027fa188c6be557f3795e732b, contains a patch for the issue. As a workaround, one may manually use a filtering method available in the GitHub Security Advisory to rectify the directory traversal problem.​
2024-04-09​
7.7
CVE-2024-31457
[email protected]
[email protected]
[email protected]
fortinet -- forticlientlinux
An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website​
2024-04-09​
9.6
CVE-2023-45590
[email protected]
fortinet -- forticlientmac
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.​
2024-04-10​
8.2
CVE-2024-31492
[email protected]
fortinet -- fortios
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack​
2024-04-09​
7.5
CVE-2023-41677
[email protected]
fortinet -- fortisandbox
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..​
2024-04-09​
8.8
CVE-2024-21755
[email protected]
fortinet -- fortisandbox
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..​
2024-04-09​
8.8
CVE-2024-21756
[email protected]
fortinet -- fortisandbox
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests.​
2024-04-09​
8.1
CVE-2024-23671
[email protected]
funnelkit -- funnelkit_checkout
Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.​
2024-04-11​
7.5
CVE-2023-51672
[email protected]
gitlab -- gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.​
2024-04-12​
8.7
CVE-2024-2279
[email protected]
[email protected]
gitlab -- gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims.​
2024-04-12​
8.7
CVE-2024-3092
[email protected]
[email protected]
gowebsmarty -- wp_encryption_-one_click_free_ssl_certificate&ssl/_https_redirect_to_force_https,_security+
The WP Encryption - One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to extract sensitive data including TLS Certificate Private Keys​
2024-04-09​
7.5
CVE-2023-7046
[email protected]
[email protected]
honeywell -- c300
C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.​
2024-04-11​
7.5
CVE-2023-5392
[email protected]
honeywell -- experion_server
Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.​
2024-04-11​
7.4
CVE-2023-5393
[email protected]
honeywell -- experion_server
Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.​
2024-04-11​
7.4
CVE-2023-5394
[email protected]
ibm -- security_verify_access_appliance
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306.​
2024-04-10​
7.5
CVE-2024-31871
[email protected]
[email protected]
ibm -- security_verify_access_appliance
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316.​
2024-04-10​
7.5
CVE-2024-31872
[email protected]
[email protected]
ibm -- security_verify_access_appliance
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317.​
2024-04-10​
7.5
CVE-2024-31873
[email protected]
[email protected]
infotheme -- wp_poll_maker
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1.​
2024-04-10​
7.7
CVE-2024-31240
[email protected]
iosix -- io-1020_micro_eld
IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code.​
2024-04-12​
9.6
CVE-2024-28878
[email protected]
iosix -- io-1020_micro_eld
IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.​
2024-04-12​
7.4
CVE-2024-30210
[email protected]
iosix -- io-1020_micro_eld
IO-1020 Micro ELD web server uses a default password for authentication.​
2024-04-12​
7.4
CVE-2024-31069
[email protected]
irontec -- sngrep
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.​
2024-04-10​
9
CVE-2024-3119
41c37e40-543d-43a2-b660-2fee83ea851a
41c37e40-543d-43a2-b660-2fee83ea851a
41c37e40-543d-43a2-b660-2fee83ea851a
irontec -- sngrep
A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages.​
2024-04-10​
9
CVE-2024-3120
41c37e40-543d-43a2-b660-2fee83ea851a
41c37e40-543d-43a2-b660-2fee83ea851a
41c37e40-543d-43a2-b660-2fee83ea851a
j.n._breetvelt_a.k.a._opajaap -- wp_photo_album_plus
Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005.​
2024-04-07​
9.9
CVE-2024-31286
[email protected]
jokr -- network_summary
The Network Summary plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter in all versions up to, and including, 2.0.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-04-09​
9.8
CVE-2024-2804
[email protected]
[email protected]
jordy_meow -- ai_engine:_chatgpt_chatbot
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.​
2024-04-12​
10
CVE-2023-51409
[email protected]
jtsternberg -- cmb2
The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the text_datetime_timestamp_timezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Please note that the plugin is a developer toolkit. For the vulnerability to become exploitable, the presence of a metabox activation in your code (via functions.php for example) is required.​
2024-04-09​
7.5
CVE-2024-1792
[email protected]
[email protected]
juniper_networks -- junos_os
An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects Juniper Networks Junos OS: * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2; Junos OS Evolved: * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO; * 21.2-EVO versions earlier than 21.2R3-S7-EVO; * 21.3-EVO versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S3-EVO; * 22.3-EVO versions earlier than 22.3R3-S1-EVO; * 22.4-EVO versions earlier than 22.4R3-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO; This issue does not affect Juniper Networks * Junos OS versions earlier than 20.4R1; * Junos OS Evolved versions earlier than 20.4R1-EVO. This is a related but separate issue than the one described in JSA79095.​
2024-04-12​
7.5
CVE-2024-21598
[email protected]
[email protected]
juniper_networks -- junos_os
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS). This issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below). This issue affects: Junos OS: * all versions before 20.4R3-S10, * from 21.2 before 21.2R3-S8, * from 21.3 before 21.3R3, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2; Junos OS Evolved: * all versions before 21.2R3-S8-EVO, * from 21.3 before 21.3R3-EVO, * from 21.4 before 21.4R3-EVO, * from 22.1 before 22.1R2-EVO.​
2024-04-12​
7.5
CVE-2024-30382
[email protected]
[email protected]
juniper_networks -- junos_os
A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S6, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S3, * from 22.2 before 22.2R3-S1, * from 22.3 before 22.3R2-S2, 22.3R3, * from 22.4 before 22.4R2-S1, 22.4R3.​
2024-04-12​
7.5
CVE-2024-30392
[email protected]
[email protected]
juniper_networks -- junos_os
A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received via BGP, rpd crashes and restarts. Continuous receipt of this specific route will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * all versions before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S2-EVO, * from 22.3-EVO before 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.​
2024-04-12​
7.5
CVE-2024-30394
[email protected]
[email protected]
juniper_networks -- junos_os
An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R1-S2, 23.2R2. Junos OS Evolved: * all versions before 21.2R3-S7-EVO, * from 21.3-EVO before 21.3R3-S5-EVO, * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO. This is a related but separate issue than the one described in JSA75739​
2024-04-12​
7.5
CVE-2024-30395
[email protected]
[email protected]
juniper_networks -- junos_os
An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail. This CPU utilization of pkid can be checked using this command: root@srx> show system processes extensive | match pkid xxxxx  root  103  0  846M  136M  CPU1  1 569:00 100.00% pkid This issue affects: Juniper Networks Junos OS All versions prior to 20.4R3-S10; 21.2 versions prior to 21.2R3-S7; 21.4 versions prior to 21.4R3-S5; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S3; 22.3 versions prior to 22.3R3-S1; 22.4 versions prior to 22.4R3; 23.2 versions prior to 23.2R1-S2, 23.2R2.​
2024-04-12​
7.5
CVE-2024-30397
[email protected]
[email protected]
juniper_networks -- junos_os
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a high amount of specific traffic is received on a SRX4600 device, due to an error in internal packet handling, a consistent rise in CPU memory utilization occurs. This results in packet drops in the traffic and eventually the PFE crashes. A manual reboot of the PFE will be required to restore the device to original state. This issue affects Junos OS: 21.2 before 21.2R3-S7, 21.4 before 21.4R3-S6, 22.1 before 22.1R3-S5, 22.2 before 22.2R3-S3, 22.3 before 22.3R3-S2, 22.4 before 22.4R3, 23.2 before 23.2R1-S2, 23.2R2.​
2024-04-12​
7.5
CVE-2024-30398
[email protected]
[email protected]
juniper_networks -- junos_os
An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. This issue affects: Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled. * All versions earlier than 21.2R3-S7; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2.​
2024-04-12​
7.5
CVE-2024-30405
[email protected]
[email protected]
juniper_networks -- paragon_active_assurance
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The "netrounds-probe-login" daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center. This issue affects Paragon Active Assurance: 4.1.0, 4.2.0.​
2024-04-12​
8.4
CVE-2024-30381
[email protected]
[email protected]
juniper_networks_inc. -- crpd
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected. This issue affects Juniper Networks JCNR: * All versions before 23.4. This issue affects Juniper Networks cRPD: * All versions before 23.4R1.​
2024-04-12​
8.1
CVE-2024-30407
[email protected]
[email protected]
[email protected]
levelfourstorefront -- shopping_cart_&_ecommerce_store
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-04-12​
8.8
CVE-2024-3211
[email protected]
[email protected]
lg -- webos
A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB * webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA​
2024-04-09​
9.1
CVE-2023-6318
[email protected]
lg -- webos
A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. * webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB * webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA​
2024-04-09​
9.1
CVE-2023-6319
[email protected]
lg -- webos
A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB​
2024-04-09​
9.1
CVE-2023-6320
[email protected]
lg -- webos
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA​
2024-04-09​
7.2
CVE-2023-6317
[email protected]
link_whisper -- link_whisper_free
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Whisper Link Whisper Free allows Reflected XSS.This issue affects Link Whisper Free: from n/a through 0.6.8.​
2024-04-11​
7.1
CVE-2024-27992
[email protected]
linkwhspr -- link_whisper_free
The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.​
2024-04-09​
8.8
CVE-2024-2693
[email protected]
[email protected]
makeplane -- plane
Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. The impact of this vulnerability includes, but is not limited to, unauthorized access to internal services accessible from the server, potential leakage of sensitive information from internal services, manipulation of internal systems by interacting with internal APIs. Version 0.17-dev contains a patch for this issue. Those who are unable to update immediately may mitigate the issue by restricting outgoing network connections from servers hosting the application to essential services only and/or implementing strict input validation on URLs or parameters that are used to generate server-side requests.​
2024-04-10​
9.1
CVE-2024-31461
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
mervb1 -- easy_property_listings
The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the 'property_status' shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-04-09​
8.8
CVE-2024-1893
[email protected]
[email protected]
[email protected]
metagauss -- registrationmagic_-_custom_registration_forms_user_registration_payment,_and_user_login​
The RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator​
2024-04-09​
8.8
CVE-2024-1991
[email protected]
[email protected]
[email protected]
metagauss -- registrationmagic_-_custom_registration_forms_user_registration_payment,_and_user_login
The RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-04-09​
8.8
CVE-2024-1990
[email protected]
[email protected]
[email protected]
microsoft -- azure_ai_search
Azure AI Search Information Disclosure Vulnerability​
2024-04-09​
7.3
CVE-2024-29063
[email protected]
microsoft -- azure_cyclecloud_8.6.0
Azure CycleCloud Elevation of Privilege Vulnerability​
2024-04-09​
8.8
CVE-2024-29993
[email protected]
microsoft -- azure_kubernetes_service
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability​
2024-04-09​
9
CVE-2024-29990
[email protected]
microsoft -- azure_monitor
Azure Monitor Agent Elevation of Privilege Vulnerability​
2024-04-09​
8.4
CVE-2024-29989
[email protected]
microsoft -- microsoft_365_apps_for_enterprise
Microsoft Excel Remote Code Execution Vulnerability​
2024-04-09​
7.8
CVE-2024-26257
[email protected]
microsoft -- microsoft_defender_for_iot
Microsoft Defender for IoT Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-21323
[email protected]
microsoft -- microsoft_defender_for_iot
Microsoft Defender for IoT Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-29053
[email protected]
microsoft -- microsoft_defender_for_iot
Microsoft Defender for IoT Remote Code Execution Vulnerability​
2024-04-09​
7.2
CVE-2024-21322
[email protected]
microsoft -- microsoft_defender_for_iot
Microsoft Defender for IoT Elevation of Privilege Vulnerability​
2024-04-09​
7.2
CVE-2024-21324
[email protected]
microsoft -- microsoft_defender_for_iot
Microsoft Defender for IoT Elevation of Privilege Vulnerability​
2024-04-09​
7.2
CVE-2024-29054
[email protected]
microsoft -- microsoft_defender_for_iot
Microsoft Defender for IoT Elevation of Privilege Vulnerability​
2024-04-09​
7.2
CVE-2024-29055
[email protected]
microsoft -- microsoft_sql_server_2019_(cu_25)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28908
[email protected]
microsoft -- microsoft_sql_server_2019_(cu_25)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28910
[email protected]
microsoft -- microsoft_sql_server_2019_(cu_25)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28911
[email protected]
microsoft -- microsoft_sql_server_2019_(cu_25)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28913
[email protected]
microsoft -- microsoft_sql_server_2019_(cu_25)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28915
[email protected]
microsoft -- microsoft_sql_server_2019_(cu_25)
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28929
[email protected]
microsoft -- microsoft_sql_server_2019_(cu_25)
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28930
[email protected]
microsoft -- microsoft_sql_server_2019_(cu_25)
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28935
[email protected]
microsoft -- microsoft_sql_server_2019_(cu_25)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28939
[email protected]
microsoft -- microsoft_sql_server_2019_(cu_25)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-29044
[email protected]
microsoft -- microsoft_sql_server_2019_(cu_25)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-29047
[email protected]
microsoft -- microsoft_sql_server_2019_(cu_25)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-29048
[email protected]
microsoft -- microsoft_sql_server_2019_(cu_25)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-29982
[email protected]
microsoft -- microsoft_sql_server_2019_(cu_25)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-29983
[email protected]
microsoft -- microsoft_sql_server_2019_(cu_25)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
7.5
CVE-2024-29045
[email protected]
microsoft -- microsoft_sql_server_2019_(gdr)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28927
[email protected]
microsoft -- microsoft_sql_server_2019_(gdr)
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28937
[email protected]
microsoft -- microsoft_sql_server_2019_(gdr)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28940
[email protected]
microsoft -- microsoft_sql_server_2019_(gdr)
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28941
[email protected]
microsoft -- microsoft_sql_server_2019_(gdr)
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28943
[email protected]
microsoft -- microsoft_sql_server_2019_(gdr)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28944
[email protected]
microsoft -- microsoft_sql_server_2019_(gdr)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28945
[email protected]
microsoft -- microsoft_sql_server_2019_(gdr)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-29046
[email protected]
microsoft -- microsoft_sql_server_2019_(gdr)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-29984
[email protected]
microsoft -- microsoft_sql_server_2019_(gdr)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-29985
[email protected]
microsoft -- microsoft_sql_server_2022_for_(cu_12)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28906
[email protected]
microsoft -- microsoft_sql_server_2022_for_(cu_12)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28909
[email protected]
microsoft -- microsoft_sql_server_2022_for_(cu_12)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28912
[email protected]
microsoft -- microsoft_sql_server_2022_for_(cu_12)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28914
[email protected]
microsoft -- microsoft_sql_server_2022_for_(cu_12)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28926
[email protected]
microsoft -- microsoft_sql_server_2022_for_(cu_12)
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28931
[email protected]
microsoft -- microsoft_sql_server_2022_for_(cu_12)
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28932
[email protected]
microsoft -- microsoft_sql_server_2022_for_(cu_12)
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28934
[email protected]
microsoft -- microsoft_sql_server_2022_for_(cu_12)
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28936
[email protected]
microsoft -- microsoft_sql_server_2022_for_(cu_12)
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28938
[email protected]
microsoft -- microsoft_sql_server_2022_for_(cu_12)
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28942
[email protected]
microsoft -- microsoft_sql_server_2022_for_(cu_12)
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-29043
[email protected]
microsoft -- microsoft_visual_studio_2019_version_16.11_(includes_16.0_-_16.10)
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-28933
[email protected]
microsoft -- microsoft_visual_studio_2022_version_17.9
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability​
2024-04-09​
7.3
CVE-2024-21409
[email protected]
microsoft -- outlook_for_windows
Outlook for Windows Spoofing Vulnerability​
2024-04-09​
8.1
CVE-2024-20670
[email protected]
microsoft -- windows_10_version_1809
Remote Procedure Call Runtime Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-20678
[email protected]
microsoft -- windows_10_version_1809
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-26179
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
8
CVE-2024-26180
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
8
CVE-2024-26189
[email protected]
microsoft -- windows_10_version_1809
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-26200
[email protected]
microsoft -- windows_10_version_1809
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-26205
[email protected]
microsoft -- windows_10_version_1809
Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-26210
[email protected]
microsoft -- windows_10_version_1809
Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-26214
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
8
CVE-2024-26240
[email protected]
microsoft -- windows_10_version_1809
Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability​
2024-04-09​
8.8
CVE-2024-26244
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
8
CVE-2024-28925
[email protected]
microsoft -- windows_10_version_1809
Windows Cryptographic Services Remote Code Execution Vulnerability​
2024-04-09​
8.4
CVE-2024-29050
[email protected]
microsoft -- windows_10_version_1809
SmartScreen Prompt Security Feature Bypass Vulnerability​
2024-04-09​
8.8
CVE-2024-29988
[email protected]
microsoft -- windows_10_version_1809
Windows Kernel Elevation of Privilege Vulnerability​
2024-04-09​
7.8
CVE-2024-20693
[email protected]
microsoft -- windows_10_version_1809
Microsoft Install Service Elevation of Privilege Vulnerability​
2024-04-09​
7.8
CVE-2024-26158
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
7.8
CVE-2024-26175
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
7.4
CVE-2024-26194
[email protected]
microsoft -- windows_10_version_1809
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability​
2024-04-09​
7.2
CVE-2024-26208
[email protected]
microsoft -- windows_10_version_1809
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability​
2024-04-09​
7.8
CVE-2024-26211
[email protected]
microsoft -- windows_10_version_1809
Windows Kernel Elevation of Privilege Vulnerability​
2024-04-09​
7.8
CVE-2024-26218
[email protected]
microsoft -- windows_10_version_1809
HTTP.sys Denial of Service Vulnerability​
2024-04-09​
7.5
CVE-2024-26219
[email protected]
microsoft -- windows_10_version_1809
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability​
2024-04-09​
7.3
CVE-2024-26232
[email protected]
microsoft -- windows_10_version_1809
Windows Defender Credential Guard Elevation of Privilege Vulnerability​
2024-04-09​
7.8
CVE-2024-26237
[email protected]
microsoft -- windows_10_version_1809
Windows Telephony Server Elevation of Privilege Vulnerability​
2024-04-09​
7.8
CVE-2024-26239
[email protected]
microsoft -- windows_10_version_1809
Win32k Elevation of Privilege Vulnerability​
2024-04-09​
7.8
CVE-2024-26241
[email protected]
microsoft -- windows_10_version_1809
Windows Telephony Server Elevation of Privilege Vulnerability​
2024-04-09​
7
CVE-2024-26242
[email protected]
microsoft -- windows_10_version_1809
Windows SMB Elevation of Privilege Vulnerability​
2024-04-09​
7.8
CVE-2024-26245
[email protected]
microsoft -- windows_10_version_1809
Windows Kerberos Elevation of Privilege Vulnerability​
2024-04-09​
7.5
CVE-2024-26248
[email protected]
microsoft -- windows_10_version_1809
Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability​
2024-04-09​
7.5
CVE-2024-26254
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
7.5
CVE-2024-28896
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
7.8
CVE-2024-28920
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
7.8
CVE-2024-29061
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
7.1
CVE-2024-29062
[email protected]
microsoft -- windows_11_version_22h2
libarchive Remote Code Execution Vulnerability​
2024-04-09​
7.8
CVE-2024-26256
[email protected]
microsoft -- windows_server_2012
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
7.1
CVE-2024-20688
[email protected]
microsoft -- windows_server_2012
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
7.1
CVE-2024-20689
[email protected]
microsoft -- windows_server_2019
DHCP Server Service Remote Code Execution Vulnerability​
2024-04-09​
7.2
CVE-2024-26195
[email protected]
microsoft -- windows_server_2019
DHCP Server Service Remote Code Execution Vulnerability​
2024-04-09​
7.2
CVE-2024-26202
[email protected]
microsoft -- windows_server_2019
DHCP Server Service Denial of Service Vulnerability​
2024-04-09​
7.5
CVE-2024-26212
[email protected]
microsoft -- windows_server_2019
DHCP Server Service Denial of Service Vulnerability​
2024-04-09​
7.5
CVE-2024-26215
[email protected]
microsoft -- windows_server_2019
Windows File Server Resource Management Service Elevation of Privilege Vulnerability​
2024-04-09​
7.3
CVE-2024-26216
[email protected]
microsoft -- windows_server_2019
Windows DNS Server Remote Code Execution Vulnerability​
2024-04-09​
7.2
CVE-2024-26221
[email protected]
microsoft -- windows_server_2019
Windows DNS Server Remote Code Execution Vulnerability​
2024-04-09​
7.2
CVE-2024-26222
[email protected]
microsoft -- windows_server_2019
Windows DNS Server Remote Code Execution Vulnerability​
2024-04-09​
7.2
CVE-2024-26223
[email protected]
microsoft -- windows_server_2019
Windows DNS Server Remote Code Execution Vulnerability​
2024-04-09​
7.2
CVE-2024-26224
[email protected]
microsoft -- windows_server_2019
Windows DNS Server Remote Code Execution Vulnerability​
2024-04-09​
7.2
CVE-2024-26227
[email protected]
microsoft -- windows_server_2019
Windows Cryptographic Services Security Feature Bypass Vulnerability​
2024-04-09​
7.8
CVE-2024-26228
[email protected]
microsoft -- windows_server_2019
Windows CSC Service Elevation of Privilege Vulnerability​
2024-04-09​
7.8
CVE-2024-26229
[email protected]
microsoft -- windows_server_2019
Windows Telephony Server Elevation of Privilege Vulnerability​
2024-04-09​
7.8
CVE-2024-26230
[email protected]
microsoft -- windows_server_2019
Windows DNS Server Remote Code Execution Vulnerability​
2024-04-09​
7.2
CVE-2024-26231
[email protected]
microsoft -- windows_server_2019
Windows DNS Server Remote Code Execution Vulnerability​
2024-04-09​
7.2
CVE-2024-26233
[email protected]
microsoft -- windows_server_2019
Windows Distributed File System (DFS) Remote Code Execution Vulnerability​
2024-04-09​
7.2
CVE-2024-29066
[email protected]
microsoft -- windows_server_2022,23h2_edition(server_core_installation)
Microsoft Brokering File System Elevation of Privilege Vulnerability​
2024-04-09​
7
CVE-2024-26213
[email protected]
microsoft -- windows_server_2022,23h2_edition(server_core_installation)
Windows Update Stack Elevation of Privilege Vulnerability​
2024-04-09​
7.8
CVE-2024-26235
[email protected]
microsoft -- windows_server_2022,23h2_edition(server_core_installation)
Windows Update Stack Elevation of Privilege Vulnerability​
2024-04-09​
7
CVE-2024-26236
[email protected]
microsoft -- windows_server_2022,23h2_edition(server_core_installation)
Microsoft Brokering File System Elevation of Privilege Vulnerability​
2024-04-09​
7.8
CVE-2024-28904
[email protected]
microsoft -- windows_server_2022,23h2_edition(server_core_installation)
Microsoft Brokering File System Elevation of Privilege Vulnerability​
2024-04-09​
7.8
CVE-2024-28905
[email protected]
microsoft -- windows_server_2022,23h2_edition(server_core_installation)
Microsoft Brokering File System Elevation of Privilege Vulnerability​
2024-04-09​
7.8
CVE-2024-28907
[email protected]
microsoft -- windows_server_2022
Windows Authentication Elevation of Privilege Vulnerability​
2024-04-09​
7.8
CVE-2024-21447
[email protected]
microsoft -- windows_server_2022
Windows USB Print Driver Elevation of Privilege Vulnerability​
2024-04-09​
7
CVE-2024-26243
[email protected]
microsoft -- windows_server_2022
Windows Storage Elevation of Privilege Vulnerability​
2024-04-09​
7.8
CVE-2024-29052
[email protected]
moove_agency -- import_xml_and_rss_feeds
Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5.​
2024-04-07​
7.2
CVE-2024-31292
[email protected]
n/a -- csmock
A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.​
2024-04-10​
7.6
CVE-2024-2243
[email protected]
[email protected]
n/a -- eap
A flaw was found in JBoss EAP. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in OidcSessionTokenStore when determining if a cached token should be used or not. This logic needs to be updated to take into account the new "provider-url" option in addition to the "realm" option.​
2024-04-10​
7.3
CVE-2023-6236
[email protected]
[email protected]
n/a -- eap
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.​
2024-04-09​
7.3
CVE-2024-1233
[email protected]
[email protected]
n/a -- mysql2
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.​
2024-04-11​
9.8
CVE-2024-21508
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
n/a -- ofono
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver().​
2024-04-10​
8.1
CVE-2023-2794
[email protected]
n/a -- qemu
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.​
2024-04-09​
8.2
CVE-2024-3446
[email protected]
[email protected]
[email protected]
nerdpressteam -- hubbub_lite_-_fast_reliable_social_sharing_buttons
The Hubbub Lite - Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the 'dpsp_maybe_unserialize' function. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.​
2024-04-09​
7.5
CVE-2024-2501
[email protected]
[email protected]
[email protected]
[email protected]
netdata -- netdata
Netdata is an open source observability tool. In affected versions the ndsudo tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The ndsudo tool is packaged as a root-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the PATH environment variable. This allows an attacker to control where ndsudo looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-04-12​
8.8
CVE-2024-32019
[email protected]
[email protected]
nozomi_networks -- guardian
Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation.​
2024-04-10​
7.2
CVE-2023-6916
[email protected]
nozomi_networks -- guardian
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets. Network traffic may not be analyzed until the IDS module is restarted.​
2024-04-10​
7.5
CVE-2024-0218
[email protected]
nvidia -- chatrtx
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering​
2024-04-08​
8.2
CVE-2024-0082
[email protected]
octopus_deploy -- octopus_server
A race condition was identified through which privilege escalation was possible in certain configurations.​
2024-04-09​
8.8
CVE-2024-2975
[email protected]
opengnsys -- opengnsys
SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database.​
2024-04-12​
9.8
CVE-2024-3704
[email protected]
opengnsys -- opengnsys
Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/M_Icons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell injection.​
2024-04-12​
8.8
CVE-2024-3705
[email protected]
opentext -- arcsight_management_center
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.​
2024-04-08​
8.7
CVE-2024-2834
[email protected]
palo_alto_networks -- pan-os
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.​
2024-04-12​
10
CVE-2024-3400
[email protected]
[email protected]
[email protected]
palo_alto_networks -- pan-os
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.​
2024-04-10​
7.5
CVE-2024-3382
[email protected]
palo_alto_networks -- pan-os
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.​
2024-04-10​
7.4
CVE-2024-3383
[email protected]
palo_alto_networks -- pan-os
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.​
2024-04-10​
7.5
CVE-2024-3384
[email protected]
palo_alto_networks -- pan-os
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls​
2024-04-10​
7.5
CVE-2024-3385
[email protected]
pencidesign -- soledad
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.​
2024-04-09​
7.1
CVE-2024-31367
[email protected]
phpgurukul -- small_crm
A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260480.​
2024-04-12​
7.3
CVE-2024-3691
[email protected]
[email protected]
[email protected]
[email protected]
pickplugins -- product_designer
Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32.​
2024-04-07​
8.7
CVE-2024-31277
[email protected]
planet -- igs-4215-16t2s
Information exposure vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to access some administrative resources due to lack of proper management of the Switch web interface.​
2024-04-11​
7.7
CVE-2024-2740
[email protected]
planet -- igs-4215-16t2s

Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to trick some authenticated users into performing actions in their session, such as adding or updating accounts through the Switch web interface.​
2024-04-11​
7.1
CVE-2024-2741
[email protected]
presstigers -- simple_job_board
The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the job_board_applicant_list_columns_value function. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code when a submitted job application is viewed.​
2024-04-09​
9.8
CVE-2024-1813
[email protected]
[email protected]
rapidload -- rapidload_power-up_for_autoptimize
Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize.This issue affects RapidLoad Power-Up for Autoptimize: from n/a through 2.2.11.​
2024-04-07​
7.2
CVE-2024-31288
[email protected]
redisbloom -- redisbloom
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted CF.LOADCHUNK commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.​
2024-04-09​
7
CVE-2024-25115
[email protected]
[email protected]
redon-tech -- redon-hub
Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is /products admin clear as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch.​
2024-04-08​
8.8
CVE-2024-31442
[email protected]
[email protected]
reservation_diary -- redi_restaurant_reservation
Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Cross-Site Scripting (XSS).This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.​
2024-04-10​
7.1
CVE-2024-31299
[email protected]
rust-lang -- rust
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the bat and cmd extensions) on Windows using the Command. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected. The Command::arg and Command::args APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument. On Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted. One exception though is cmd.exe (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution. Due to the complexity of cmd.exe, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the Command API to return an InvalidInput error when it cannot safely escape an argument. This error will be emitted when spawning the process. The fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the CommandExt::raw_arg method to bypass the standard library's escaping logic.​
2024-04-09​
10
CVE-2024-24576
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
saleswonder.biz -- 5_stars_rating_funnel
Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating Funnel.This issue affects 5 Stars Rating Funnel: from n/a through 1.2.67.​
2024-04-10​
7.5
CVE-2024-31358
[email protected]
sap_se -- sap_asset_accounting
SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.​
2024-04-09​
7.2
CVE-2024-27901
[email protected]
[email protected]
sap_se -- sap_businessobjects_web_intelligence
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.​
2024-04-09​
7.7
CVE-2024-25646
[email protected]
[email protected]
sap_se -- sap_netweaver_as_java_user_management_engine
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.​
2024-04-09​
8.8
CVE-2024-27899
[email protected]
[email protected]
sc0ttkclark -- pods_-_custom_content_types_and_fields
The Pods - Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-04-09​
8.8
CVE-2023-6967
[email protected]
[email protected]
[email protected]
sc0ttkclark -- pods_-_custom_content_types_and_fields
The Pods - Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access or higher, to execute code on the server.​
2024-04-09​
8.8
CVE-2023-6999
[email protected]
[email protected]
[email protected]
searchiq -- searchiq
Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5.​
2024-04-10​
7.5
CVE-2024-31259
[email protected]
shapedplugin -- carousel,slider_gallery_by_wp_carousel-image_carousel&photo_gallery_post_carousel&post_grid_product_carousel&_product_grid_for_woocommerce
The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.​
2024-04-10​
7.2
CVE-2024-3020
[email protected]
[email protected]
siemens -- parasolid_v35.1
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.​
2024-04-09​
7.8
CVE-2024-26275
[email protected]
siemens -- scalance_w1748-1_m12
A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0). This CVE refers to Scenario 3 "Override client's security context" of CVE-2022-47522. Affected devices can be tricked into associating a newly negotiated, attacker-controlled, security context with frames belonging to a victim. This could allow a physically proximate attacker to decrypt frames meant for the victim.​
2024-04-09​
8.4
CVE-2024-30191
[email protected]
siemens -- sinec_nms
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system.​
2024-04-09​
7.6
CVE-2024-31978
[email protected]
sizam -- rehub_framework
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sizam REHub Framework.This issue affects REHub Framework: from n/a before 19.6.2.​
2024-04-07​
8.5
CVE-2024-31234
[email protected]
sizam -- rehub

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sizam Rehub.This issue affects Rehub: from n/a through 19.6.1.​
2024-04-07​
8.5
CVE-2024-31233
[email protected]
skymoonlabs -- moveto
Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.​
2024-04-11​
9.8
CVE-2024-25912
[email protected]
smartersite -- wp_compress_-image_optimizer[all-in-one]
The WP Compress - Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset the CDN region and set a malicious URL to deliver images.​
2024-04-09​
7.5
CVE-2024-1934
[email protected]
[email protected]
[email protected]
solwin_infotech -- user_activity_log
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log.This issue affects User Activity Log: from n/a through 1.8.​
2024-04-10​
7.6
CVE-2024-31356
[email protected]
sonaar_music -- mp3_audio_player_for_music_radio_&_podcast_by_sonaar
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1.​
2024-04-10​
7.5
CVE-2024-31343
[email protected]
sourcecodester -- prison_management_system
A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /Admin/login.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259691.​
2024-04-08​
7.3
CVE-2024-3438
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- prison_management_system
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Account/login.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259692.​
2024-04-08​
7.3
CVE-2024-3439
[email protected]
[email protected]
[email protected]
[email protected]
specialk -- simple_ajax_chat_-_add_a_fast,_secure_chat_box
The Simple Ajax Chat - Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field in all versions up to, and including, 20240216 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
7.2
CVE-2024-2957
[email protected]
[email protected]
stylemix -- masterstudy_lms_wordpress_plugin_-_for_online_courses_and_education
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.​
2024-04-09​
9.8
CVE-2024-3136
[email protected]
[email protected]
[email protected]
subnet_solutions -- powersystem_server
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server 2021.​
2024-04-09​
8.4
CVE-2024-3313
[email protected]
sukhchain_singh -- auto_poster
Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2.​
2024-04-07​
9.1
CVE-2024-31345
[email protected]
techlabpro1 -- classified_listing_-classified_ads&_business_directory_plugin
The Classified Listing - Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtcl_update_user_account' function. This makes it possible for unauthenticated attackers to change the administrator user's password and email address via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This locks the administrator out of the site and prevents them from resetting their password, while granting the attacker access to their account.​
2024-04-09​
8.8
CVE-2024-1315
[email protected]
[email protected]
[email protected]
themefusion -- avada_|website_builder_for_wordpress&_woocommerce
The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticted attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-04-09​
7.2
CVE-2024-2344
[email protected]
[email protected]
[email protected]
themify -- post_type_builder_(ptb)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a through 2.0.8.​
2024-04-09​
7.1
CVE-2024-31365
[email protected]
themify -- post_type_builder_(ptb)
Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8.​
2024-04-09​
7.1
CVE-2024-31366
[email protected]
thimpress -- learnpress_export_import
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3.​
2024-04-07​
7.6
CVE-2024-31241
[email protected]
tooltip -- wordpress_tooltips
Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3.​
2024-04-11​
7.1
CVE-2024-31285
[email protected]
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts uclited on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point.​
2024-04-09​
8.1
CVE-2023-49133
[email protected]
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts uclited on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.​
2024-04-09​
8.1
CVE-2023-49134
[email protected]
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.​
2024-04-09​
7.5
CVE-2023-48724
[email protected]
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.​
2024-04-09​
7.4
CVE-2023-49074
[email protected]
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the ssid parameter at offset 0x0045ab7c of the httpd_portal binary shipped with v5.1.0 Build 20220926 of the EAP225.​
2024-04-09​
7.2
CVE-2023-49906
[email protected]
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the band parameter at offset 0x0045aad8 of the httpd_portal binary shipped with v5.1.0 Build 20220926 of the EAP225.​
2024-04-09​
7.2
CVE-2023-49907
[email protected]
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the profile parameter at offset 0x0045abc8 of the httpd_portal binary shipped with v5.1.0 Build 20220926 of the EAP225.​
2024-04-09​
7.2
CVE-2023-49908
[email protected]
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the action parameter at offset 0x0045ab38 of the httpd_portal binary shipped with v5.1.0 Build 20220926 of the EAP225.​
2024-04-09​
7.2
CVE-2023-49909
[email protected]
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the ssid parameter at offset 0x42247c of the httpd binary shipped with v5.0.4 Build 20220216 of the EAP115.​
2024-04-09​
7.2
CVE-2023-49910
[email protected]
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the band parameter at offset 0x422420 of the httpd binary shipped with v5.0.4 Build 20220216 of the EAP115.​
2024-04-09​
7.2
CVE-2023-49911
[email protected]
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the profile parameter at offset 0x4224b0 of the httpd binary shipped with v5.0.4 Build 20220216 of the EAP115.​
2024-04-09​
7.2
CVE-2023-49912
[email protected]
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the action parameter at offset 0x422448 of the httpd binary shipped with v5.0.4 Build 20220216 of the EAP115.​
2024-04-09​
7.2
CVE-2023-49913
[email protected]
traccar -- traccar
Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file extension, and partial control over the file name. While it's not for an attacker to overwrite an existing file, an attacker can create new files with certain names and attacker-controlled extensions anywhere on the file system. This can potentially lead to remote code execution, XSS, DOS, etc. The default install of Traccar makes this vulnerability more severe. Self-registration is enabled by default, allowing anyone to create an account to exploit this vulnerability. Traccar also runs by default with root/system privileges, allowing files to be placed anywhere on the file system. Version 6.0 contains a fix for the issue. One may also turn off self-registration by default, as that would make most vulnerabilities in the application much harder to exploit by default and reduce the severity considerably.​
2024-04-10​
9.6
CVE-2024-31214
[email protected]
[email protected]
[email protected]
[email protected]
traccar -- traccar
Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vulnerability to upload files with the prefix device. under any folder. Attackers can use this vulnerability for phishing, cross-site scripting attacks, and potentially execute arbitrary commands on the server. Version 6.0 contains a patch for the issue.​
2024-04-10​
8.5
CVE-2024-24809
[email protected]
[email protected]
traefik -- traefik
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.​
2024-04-12​
7.5
CVE-2024-28869
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
tribulant -- slideshow_gallery
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.​
2024-04-10​
8.5
CVE-2024-31355
[email protected]
undsgn -- uncode_core
Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8.​
2024-04-12​
8.8
CVE-2023-51515
[email protected]
webinarpress -- webinarpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebinarPress allows Reflected XSS.This issue affects WebinarPress: from n/a through 1.33.9.​
2024-04-07​
7.1
CVE-2024-31256
[email protected]
wedevs -- wp_erp_|complete_hr_solution_with_recruitment&job_listings|woocommerce_crm&_accounting
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with accounting manager or admin privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-04-09​
7.2
CVE-2024-0952
[email protected]
[email protected]
welotec -- tk515l
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.​
2024-04-09​
9.8
CVE-2023-1083
[email protected]
welotec -- tk515l
An remote attacker with low privileges can perform a command injection which can lead to root access.​
2024-04-09​
8.8
CVE-2023-1082
[email protected]
wintercms -- wn-dusk-plugin
wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk browser testing into Winter CMS. The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment (such as headless Chrome) to act as a user in the Backend or User plugin without having to go through authentication. This route is [[URL]]/_dusk/login/[[USER ID]]/[[MANAGER]] - where [[URL]] is the base URL of the site, [[USER ID]] is the ID of the user account and [[MANAGER]] is the authentication manager (either backend for Backend, or user for the User plugin). If a configuration of a site using the Dusk plugin is set up in such a way that the Dusk plugin is available publicly and the test cases in Dusk are run with live data, this route may potentially be used to gain access to any user account in either the Backend or User plugin without authentication. As indicated in the README, this plugin should only be used in development and should NOT be used in a production instance. It is specifically recommended that the plugin be installed as a development dependency only in Composer. In order to remediate this issue, the special routes used above will now no longer be registered unless the APP_ENV environment variable is specifically set to dusk. Since Winter by default does not use this environment variable and it is not populated by default, it will only exist if Dusk's automatic configuration is used (which won't exhibit this vulnerability) or if a developer manually specifies it in their configuration. The automatic configuration performed by the Dusk plugin has also been hardened by default to use sane defaults and not allow external environment variables to leak into this configuration. This will only affect users in which the Winter CMS installation meets ALL the following criteria: 1. The Dusk plugin is installed in the Winter CMS instance. 2. The application is in production mode (ie. the debug config value is set to true in config/app.php). 3. The Dusk plugin's automatic configuration has been overridden, either by providing a custom .env.dusk file or by providing custom configuration in the config/dusk folder, or by providing configuration environment variables externally. 4. The environment has been configured to use production data in the database for testing, and not the temporary SQLite database that Dusk uses by default. 5. The application is connectable via the web. This issue has been fixed in version 2.1.0. Users are advised to upgrade.​
2024-04-12​
8.8
CVE-2024-32003
[email protected]
[email protected]
wisdmlabs -- edwiser_bridge
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.2.​
2024-04-07​
7.6
CVE-2024-31260
[email protected]
wpeverest -- everest_forms_-build_contact_forms_surveys_polls_quizzes_newsletter&_application_forms_and_many_more_with_ease!
The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.​
2024-04-09​
7.2
CVE-2024-1812
[email protected]
[email protected]
wpexperts -- wholesale_for_woocommerce
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.​
2024-04-10​
7.5
CVE-2024-31297
[email protected]
wpmudev -- forminator_-contact_form,_payment_form&_custom_form_builder
The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
7.2
CVE-2024-1794
[email protected]
[email protected]
wpvividplugins -- migration_backup_staging_-_wpvivid
WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This is due to the plugin not providing sufficient path validation on the tree_node[node][id] parameter. This makes it possible for authenticated attackers, with admin-level access and above, to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.​
2024-04-12​
7.2
CVE-2024-3054
[email protected]
[email protected]
wpwhitesecurity -- wp_activity_log_premium
The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. One demonstrated attack included the injection of a PHP Object.​
2024-04-09​
8.8
CVE-2024-2018
[email protected]
[email protected]
xibosignage -- xibo-cms
Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request headers are not correctly sanitised when stored in the session and display tables. These headers can be used to inject a malicious script into the session page to exfiltrate session IDs and User Agents. These session IDs / User Agents can subsequently be used to hijack active sessions. A malicious script can be injected into the display grid to exfiltrate information related to displays. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Upgrading to a fixed version is necessary to remediate. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this issue.​
2024-04-12​
8.8
CVE-2024-29022
[email protected]
[email protected]
[email protected]
[email protected]
xibosignage -- xibo-cms
Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session. Users must be granted access to the session page, or be a super admin. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this vulnerability.​
2024-04-12​
7.2
CVE-2024-29023
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
xwiki -- xwiki-commons
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape {, which, when used in certain places, allows XWiki syntax injection and thereby remote code execution. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9 RC1. Apart from upgrading, there is no generic workaround. However, replacing $escapetool.html by $escapetool.xml in XWiki documents fixes the vulnerability. In a standard XWiki installation, the maintainers are only aware of the document Panels.PanelLayoutUpdate that exposes this vulnerability, patching this document is thus a workaround. Any extension could expose this vulnerability and might thus require patching, too.​
2024-04-10​
10
CVE-2024-31996
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
xwiki -- xwiki-platform
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page Main.DatabaseSearch. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki.​
2024-04-10​
10
CVE-2024-31982
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
xwiki -- xwiki-platform
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type XWiki.SearchSuggestSourceClass to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the document XWiki.SearchSuggestSourceSheet.​
2024-04-10​
9.9
CVE-2024-31465
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
xwiki -- xwiki-platform
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically used on the instance, an administrator can create the document XWiki.PDFClass and block its edition, after making sure that it does not contain a style attribute. Otherwise, there are no known workarounds aside from upgrading.​
2024-04-10​
9.9
CVE-2024-31981
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
xwiki -- xwiki-platform
XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting in version 4.3-milestone-2 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, this can be exploited for remote code execution if the translation value is not properly escaped where it is used. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may restrict edit rights on documents that contain translations.​
2024-04-10​
9.9
CVE-2024-31983
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
xwiki -- xwiki-platform
XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the Main.SolrSpaceFacet page.​
2024-04-10​
9.9
CVE-2024-31984
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
xwiki -- xwiki-platform
XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an XWiki.SchedulerJobClass XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the Scheduler.WebHome page.​
2024-04-10​
9
CVE-2024-31986
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
xwiki -- xwiki-platform
XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote code execution. This has been patched in XWiki 14.10.19, 15.5.4 and 15.10RC1. No known workarounds are available except for upgrading.​
2024-04-10​
9.9
CVE-2024-31987
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
xwiki -- xwiki-platform
XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user to either visit a crafted URL or to view an image with this URL that could be in a comment, the attacker can get the admin to execute arbitrary XWiki syntax including scripting macros with Groovy or Python code. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9. As a workaround, one may update RTFrontend.ConvertHTML manually with the patch. This will, however, break some synchronization processes in the realtime editor, so upgrading should be the preferred way on installations where this editor is used.​
2024-04-10​
9.6
CVE-2024-31988
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
xwiki -- xwiki-platform
XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. This allows remote code execution and thereby impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9-RC1. No known workarounds are available.​
2024-04-10​
9.9
CVE-2024-31997
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
yt-dlp -- yt-dlp
yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in --exec, along with this vulnerable behavior, was added to yt-dlp in version 2021.04.11. yt-dlp version 2024.04.09 fixes this issue by properly escaping %. It replaces them with %%cd:~,%, a variable that expands to nothing, leaving only the leading percent. It is recommended to upgrade yt-dlp to version 2024.04.09 as soon as possible. Also, always be careful when using --exec, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade, avoid using any output template expansion in --exec other than {} (filepath); if expansion in --exec is needed, verify the fields you are using do not contain ", | or &; and/or instead of using --exec, write the info json and load the fields from it instead.​
2024-04-09​
8.3
CVE-2024-22423
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
zauberzeug -- nicegui
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /_nicegui/{__version__}/resources/{key}/{path:path} route. As a result any file on the backend filesystem which the web server has access to can be read by an attacker with access to the NiceUI leaflet website. This vulnerability has been addressed in version 1.4.21. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-04-12​
8.2
CVE-2024-32005
[email protected]
[email protected]
[email protected]

Back to top

Medium Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
10web -- form_maker_by_10web_-mobile-friendly_drag&_drop_contact_form_builder
The Form Maker by 10Web - Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive data including user signatures.​
2024-04-09​
5.9
CVE-2024-2112
[email protected]
[email protected]
adobe -- adobe_experience_manager
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.​
2024-04-10​
5.4
CVE-2024-20778
[email protected]
adobe -- adobe_experience_manager
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.​
2024-04-10​
5.4
CVE-2024-20779
[email protected]
adobe -- adobe_experience_manager
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.​
2024-04-10​
5.4
CVE-2024-20780
[email protected]
adobe -- adobe_experience_manager
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.​
2024-04-10​
5.4
CVE-2024-26046
[email protected]
adobe -- adobe_experience_manager
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.​
2024-04-10​
5.4
CVE-2024-26047
[email protected]
adobe -- adobe_experience_manager
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.​
2024-04-10​
5.4
CVE-2024-26076
[email protected]
adobe -- adobe_experience_manager
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.​
2024-04-10​
5.4
CVE-2024-26079
[email protected]
adobe -- adobe_experience_manager
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.​
2024-04-10​
5.4
CVE-2024-26084
[email protected]
adobe -- adobe_experience_manager
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.​
2024-04-10​
5.4
CVE-2024-26087
[email protected]
adobe -- adobe_experience_manager
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.​
2024-04-10​
5.4
CVE-2024-26097
[email protected]
adobe -- adobe_experience_manager
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.​
2024-04-10​
5.4
CVE-2024-26098
[email protected]
adobe -- adobe_experience_manager
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.​
2024-04-10​
5.4
CVE-2024-26122
[email protected]
adobe -- after_effects
After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-04-10​
5.5
CVE-2024-20737
[email protected]
adobe -- animate
Animate versions 23.0.4, 24.0.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause a system crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-04-11​
5.5
CVE-2024-20794
[email protected]
adobe -- animate
Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-04-11​
5.5
CVE-2024-20796
[email protected]
adobe -- bridge
Bridge versions 13.0.6, 14.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-04-11​
5.5
CVE-2024-20771
[email protected]
adobe -- illustrator
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-04-11​
5.5
CVE-2024-20798
[email protected]
adobe -- indesign_desktop
InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-04-10​
5.5
CVE-2024-20766
[email protected]
adobe -- photoshop_desktop
Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-04-10​
5.5
CVE-2024-20770
[email protected]
aerin -- loan_repayment_calculator_and_application_form
Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4.​
2024-04-12​
5.4
CVE-2024-31263
[email protected]
alex_tselegidis -- easy!appointments
Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.2.​
2024-04-11​
6.3
CVE-2023-32295
[email protected]
aminur_islam -- wp_login_and_logout_redirect
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aminur Islam WP Login and Logout Redirect allows Stored XSS.This issue affects WP Login and Logout Redirect: from n/a through 1.2.​
2024-04-11​
5.9
CVE-2024-31927
[email protected]
appcheap.io -- app_builder
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7.​
2024-04-10​
4.7
CVE-2024-31282
[email protected]
apppresser_team -- apppresser
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.​
2024-04-12​
4.3
CVE-2024-31268
[email protected]
arnan_de_gans -- no-bot_registration
Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1.​
2024-04-12​
4.3
CVE-2024-31372
[email protected]
athemes -- sydney_toolbox
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-3208
[email protected]
[email protected]
automatic1111 -- stable-diffusion-webui
stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access.​
2024-04-12​
6.3
CVE-2024-31462
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
automattic -- woocommerce
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2.​
2024-04-07​
4.3
CVE-2024-22155
[email protected]
automattic -- wp_job_manager
Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0.​
2024-04-12​
5.3
CVE-2023-52211
[email protected]
ayecode_ltd -- userswp
Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6.​
2024-04-11​
5.4
CVE-2024-31936
[email protected]
bdthemes -- element_pack_elementor_addons_(header_footer,template_library,_dynamic_grid&_carousel,_remote_arrows)
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the element_pack_ajax_search function. This makes it possible for unauthenticated attackers to extract sensitive data including password protected post details.​
2024-04-11​
5.3
CVE-2024-2966
[email protected]
[email protected]
bdthemes -- prime_slider_-_addons_for_elementor
Missing Authorization vulnerability in BdThemes Prime Slider - Addons For Elementor.This issue affects Prime Slider - Addons For Elementor: from n/a through 3.11.10.​
2024-04-11​
4.3
CVE-2024-24883
[email protected]
bdthemes -- ultimate_store_kit_elementor_addons
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.5.2.​
2024-04-08​
6.5
CVE-2024-31357
[email protected]
beaver_builder -- beaver_themer
The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2023-6694
[email protected]
[email protected]
beaver_builder -- beaver_themer
The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary user_meta values.​
2024-04-09​
6.5
CVE-2023-6695
[email protected]
[email protected]
bestwebsoft -- contact_form_by_bestwebsoft_-_advanced_contact_us_form_builder_for_wordpress​
The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'cntctfrm_contact_subject' parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-04-09​
6.1
CVE-2024-2200
[email protected]
[email protected]
bestwebsoft -- contact_form_by_bestwebsoft_-_advanced_contact_us_form_builder_for_wordpress
The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'cntctfrm_contact_address' parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-04-09​
6.1
CVE-2024-2198
[email protected]
[email protected]
bfintal -- stackable_-_page_builder_gutenberg_blocks
The Stackable - Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2039
[email protected]
[email protected]
blazethemes -- newsmatic
The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post content.​
2024-04-09​
5.3
CVE-2024-1587
[email protected]
[email protected]
blocksmarket -- gradient_text_widget_for_elementor
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksmarket Gradient Text Widget for Elementor allows Stored XSS.This issue affects Gradient Text Widget for Elementor: from n/a through 1.0.1.​
2024-04-07​
6.5
CVE-2024-31346
[email protected]
bogdanfix -- wp_sendfox
Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0.​
2024-04-11​
5.4
CVE-2024-27970
[email protected]
boldthemes -- bold_page_builder
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-10​
6.4
CVE-2024-2734
[email protected]
[email protected]
boldthemes -- bold_page_builder
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Price List' element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-10​
6.4
CVE-2024-2735
[email protected]
[email protected]
boldthemes -- bold_page_builder
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-10​
6.4
CVE-2024-2736
[email protected]
[email protected]
boldthemes -- bold_page_builder
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-3266
[email protected]
[email protected]
boldthemes -- bold_page_builder
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-3267
[email protected]
[email protected]
boldthemes -- bold_page_builder
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Separator" element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-10​
5.4
CVE-2024-2733
[email protected]
[email protected]
bosch -- ams
A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user.​
2024-04-11​
4.6
CVE-2023-32228
[email protected]
bracketspace -- advanced_cron_manager_-debug&_control
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BracketSpace Advanced Cron Manager - debug & control allows Stored XSS.This issue affects Advanced Cron Manager - debug & control: from n/a through 2.5.2.​
2024-04-11​
5.9
CVE-2024-31926
[email protected]
bracketspace -- simple_post_notes
Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6.​
2024-04-11​
4.3
CVE-2024-31935
[email protected]
bradvin -- best_wordpress_gallery_plugin_-_foogallery
The Best WordPress Gallery Plugin - FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2081
[email protected]
[email protected]
[email protected]
brainstormforce -- astra
The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2347
[email protected]
[email protected]
brainstormforce -- cards_for_beaver_builder
The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2305
[email protected]
[email protected]
brainstormforce -- spectra_-_wordpress_gutenberg_blocks
The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2023-6486
[email protected]
[email protected]
[email protected]
[email protected]
brechtvds -- wp_recipe_maker
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe dashboard (which is administrator-only by default but can be assigned to arbitrary capabilities), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
4.4
CVE-2024-1571
[email protected]
[email protected]
bricksforge -- bricksforge
Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.​
2024-04-10​
5.3
CVE-2024-31242
[email protected]
britner -- gutenberg_blocks_by_kadence_blocks_-_page_builder_features
The Gutenberg Blocks by Kadence Blocks - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled.​
2024-04-09​
4.4
CVE-2024-0598
[email protected]
[email protected]
[email protected]
britner -- gutenberg_blocks_by_kadence_blocks_page_builder_features
The Gutenberg Blocks by Kadence Blocks - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget's anchor style parameter in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-1999
[email protected]
[email protected]
[email protected]
bunny.net -- bunny.net
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.Net allows Stored XSS.This issue affects bunny.Net: from n/a through 2.0.1.​
2024-04-11​
5.9
CVE-2024-31361
[email protected]
byzoro -- smart_s80_management_platform
A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-04-09​
4.7
CVE-2024-3521
[email protected]
[email protected]
[email protected]
[email protected]
campcodes -- church_management_system
A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/delete_log.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259906 is the identifier assigned to this vulnerability.​
2024-04-10​
6.3
CVE-2024-3536
[email protected]
[email protected]
[email protected]
[email protected]
campcodes -- church_management_system
A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/admin_user.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259907.​
2024-04-10​
6.3
CVE-2024-3537
[email protected]
[email protected]
[email protected]
[email protected]
campcodes -- church_management_system
A vulnerability was found in Campcodes Church Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/addTithes.php. The manipulation of the argument na leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259908.​
2024-04-10​
6.3
CVE-2024-3538
[email protected]
[email protected]
[email protected]
[email protected]
campcodes -- church_management_system
A vulnerability was found in Campcodes Church Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addgiving.php. The manipulation of the argument amount leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259909 was assigned to this vulnerability.​
2024-04-10​
6.3
CVE-2024-3539
[email protected]
[email protected]
[email protected]
[email protected]
campcodes -- church_management_system
A vulnerability was found in Campcodes Church Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_sundaysch.php. The manipulation of the argument Gender leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259910 is the identifier assigned to this vulnerability.​
2024-04-10​
6.3
CVE-2024-3540
[email protected]
[email protected]
[email protected]
[email protected]
campcodes -- house_rental_management_system
A vulnerability was found in Campcodes House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260483.​
2024-04-12​
6.3
CVE-2024-3696
[email protected]
[email protected]
[email protected]
[email protected]
campcodes -- house_rental_management_system
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260484.​
2024-04-12​
6.3
CVE-2024-3697
[email protected]
[email protected]
[email protected]
[email protected]
campcodes -- house_rental_management_system
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_payment.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260485 was assigned to this vulnerability.​
2024-04-12​
6.3
CVE-2024-3698
[email protected]
[email protected]
[email protected]
[email protected]
campcodes -- house_rental_management_system
A vulnerability, which was classified as critical, was found in Campcodes House Rental Management System 1.0. This affects an unknown part of the file ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260571.​
2024-04-13​
6.3
CVE-2024-3719
[email protected]
[email protected]
[email protected]
[email protected]
campcodes -- online_event_management_system
A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0. This affects an unknown part of the file /api/process.php. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259893 was assigned to this vulnerability.​
2024-04-09​
6.3
CVE-2024-3522
[email protected]
[email protected]
[email protected]
[email protected]
campcodes -- online_event_management_system
A vulnerability classified as critical was found in Campcodes Online Event Management System 1.0. This vulnerability affects unknown code of the file /views/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259894 is the identifier assigned to this vulnerability.​
2024-04-09​
6.3
CVE-2024-3523
[email protected]
[email protected]
[email protected]
[email protected]
catch_plugins -- generate_child_theme
Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Generate Child Theme.This issue affects Generate Child Theme: from n/a through 2.0.​
2024-04-12​
5.4
CVE-2024-31279
[email protected]
celomitan -- gum_elementor_addon
The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2348
[email protected]
[email protected]
[email protected]
clavaque -- s2member_-best_membership_plugin_for_all_kinds_of_memberships_content_restriction_paywalls&_member_access_subscriptions
The s2Member - Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This makes it possible for unauthenticated attackers to see the contents of those posts and pages.​
2024-04-09​
5.3
CVE-2024-0899
[email protected]
[email protected]
coded_commerce,_llc -- benchmark_email_lite
Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through 4.1.​
2024-04-12​
4.3
CVE-2024-31360
[email protected]
codepeople -- contact_form_email
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44.​
2024-04-10​
5.3
CVE-2024-31302
[email protected]
collizo4sky -- paid_membership_plugin_ecommerce,user_registration_form,_login_form_user_profile&restrict_content-_profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-10​
6.4
CVE-2024-3210
[email protected]
[email protected]
colorlibplugins -- fancybox_for_wordpress
The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.​
2024-04-09​
4.4
CVE-2024-0662
[email protected]
[email protected]
connekthq -- wordpress_infinite_scroll_-_ajax_load_more
The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. This is limited to Windows instances.​
2024-04-09​
4.9
CVE-2024-1790
[email protected]
[email protected]
[email protected]
[email protected]
contao -- contao
Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files (back end and front end), which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, remove upload fields from frontend forms and disable uploads for untrusted back end users.​
2024-04-09​
5.4
CVE-2024-28190
[email protected]
[email protected]
[email protected]
[email protected]
contao -- contao
Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me token, changing the password would not be enough to reclaim control over the account. Version 4.13.40 contains a fix for the issue. As a workaround, disable "Allow auto login" in the login module.​
2024-04-09​
5.9
CVE-2024-30262
[email protected]
[email protected]
contao -- contao
Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable BBCode for comments.​
2024-04-09​
4.3
CVE-2024-28234
[email protected]
[email protected]
[email protected]
[email protected]
convertkit -- convertkit
Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5.​
2024-04-10​
5.3
CVE-2024-31245
[email protected]
cp_plus -- wi-fi_camera
A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected by this vulnerability is an unknown functionality of the component User Management. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259615. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-04-08​
5.4
CVE-2024-3434
[email protected]
[email protected]
[email protected]
[email protected]
creativeminds -- invitation_code_content_restriction_plugin_from_creativeminds
The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'target_id' parameter in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-04-09​
6.1
CVE-2022-4965
[email protected]
[email protected]
creativethemes -- blocksy_companion
Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28.​
2024-04-11​
5.4
CVE-2024-31932
[email protected]
cssigniterteam -- elements_plus!
The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2335
[email protected]
[email protected]
cym1102 -- nginxwebui
A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260578 is the identifier assigned to this vulnerability.​
2024-04-13​
6.3
CVE-2024-3739
[email protected]
[email protected]
[email protected]
[email protected]
cym1102 -- nginxwebui
A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260579.​
2024-04-13​
6.3
CVE-2024-3740
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
cym1102 -- nginxwebui
A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575.​
2024-04-13​
4.3
CVE-2024-3736
[email protected]
[email protected]
[email protected]
[email protected]
danieliser -- popup_maker_-popup_for_opt-ins_lead_gen&_more
The Popup Maker - Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2336
[email protected]
[email protected]
dataease -- dataease
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.​
2024-04-08​
5.3
CVE-2024-30269
[email protected]
[email protected]
dell -- alienware_command_center_(awcc)
Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system.​
2024-04-10​
6.7
CVE-2024-0159
[email protected]
dell -- cpg_bios
Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.​
2024-04-10​
4.7
CVE-2024-22448
[email protected]
dell -- dell_storage_resource_manager
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.​
2024-04-12​
5.9
CVE-2024-0157
[email protected]
devitemsllc -- shoplentor_-woocommerce_builder_for_elementor&gutenberg+12_modules_-all_in_one_solution(formerly_woolentor)
The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +12 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-1960
[email protected]
[email protected]
[email protected]
[email protected]
devitemsllc -- shoplentor_-woocommerce_builder_for_elementor&gutenberg+12_modules_-all_in_one_solution(formerly_woolentor)
The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +12 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2946
[email protected]
[email protected]
devowl -- real_media_library:media_library_folder&_file_manager
The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its style attributes in all versions up to, and including, 4.22.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2027
[email protected]
[email protected]
dfactory -- post_views_counter
Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counter <= 1.4.4 versions.​
2024-04-12​
4.3
CVE-2024-31264
[email protected]
dglingren -- media_library_assistant
The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-04-09​
6.4
CVE-2024-2871
[email protected]
[email protected]
[email protected]
[email protected]
digitalbazaar -- zcap
@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current date or other date param. This can allow invocations outside of the original intended time period. A zcap still cannot be invoked without being able to use the associated private key material. @digitalbazaar/zcap v9.0.1 fixes expiration checking. As a workaround, one may revoke a zcap at any time.​
2024-04-10​
4.3
CVE-2024-31995
[email protected]
[email protected]
[email protected]
[email protected]
easy_digital_downloads -- easy_digital_downloads
Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6.​
2024-04-12​
4.3
CVE-2024-31293
[email protected]
ecwid -- ecwid_ecommerce_shopping_cart
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2456
[email protected]
[email protected]
elbanyaoui -- woocommerce_clover_payment_gateway
The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid.​
2024-04-09​
5.3
CVE-2024-0626
[email protected]
[email protected]
[email protected]
elementor -- hello_elementor
Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0.​
2024-04-12​
4.3
CVE-2024-31289
[email protected]
elemntor -- elementor_website_builder_-_more_than_just_a_page_builder
The Elementor Website Builder - More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2117
[email protected]
[email protected]
elextensions -- elex_woocommerce_dynamic_pricing_and_discounts
Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2.​
2024-04-12​
4.3
CVE-2024-31364
[email protected]
envato -- template_kit_-_import
The Template Kit - Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2334
[email protected]
[email protected]
[email protected]
exactly_www -- ewww_image_optimizer
Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Image Optimizer.This issue affects EWWW Image Optimizer: from n/a through 7.2.3.​
2024-04-10​
4.3
CVE-2024-31924
[email protected]
expresstech -- quiz_and_survey_master
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2.​
2024-04-11​
5.9
CVE-2024-27966
[email protected]
faktor_vier -- f4_improvements
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FAKTOR VIER F4 Improvements allows Stored XSS.This issue affects F4 Improvements: from n/a through 1.8.0.​
2024-04-11​
5.9
CVE-2024-31925
[email protected]
fetch_designs -- sign-up_sheets
Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets.This issue affects Sign-up Sheets: from n/a through 2.2.11.1.​
2024-04-12​
4.3
CVE-2024-31303
[email protected]
formsite -- formsite_|_embed_online_forms_to_collect_orders_registrations_leads_and_surveys
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Formsite Formsite | Embed online forms to collect orders, registrations, leads, and surveys allows Stored XSS.This issue affects Formsite | Embed online forms to collect orders, registrations, leads, and surveys: from n/a through 1.6.​
2024-04-07​
6.5
CVE-2024-31257
[email protected]
fortinet -- fortimanager
A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates.​
2024-04-09​
6.7
CVE-2023-47542
[email protected]
fortinet -- fortios
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, version 7.0.14 and below, version 6.4.15 and below command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests.​
2024-04-09​
6.7
CVE-2023-48784
[email protected]
fortinet -- fortios
An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests.​
2024-04-09​
5.3
CVE-2024-23662
[email protected]
fortinet -- fortisandbox
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.0.5 through 3.0.7 may allows attacker to execute unauthorized code or commands via CLI.​
2024-04-09​
6.7
CVE-2023-47540
[email protected]
fortinet -- fortisandbox
An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 and 2.3.0 through 2.3.3 and 2.2.0 through 2.2.2 and 2.1.0 through 2.1.3 and 2.0.0 through 2.0.3 allows attacker to execute unauthorized code or commands via CLI.​
2024-04-09​
6.7
CVE-2023-47541
[email protected]
fortinet -- fortisandbox
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests.​
2024-04-09​
5.9
CVE-2024-31487
[email protected]
fr-d-ric_gilles -- fg_drupal_to_wordpress
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3.​
2024-04-10​
5.3
CVE-2024-31247
[email protected]
getbowtied -- shopkeeper_extender
The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_slide' shortcode in all versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-12​
6.4
CVE-2024-2801
[email protected]
[email protected]
gitlab -- gitlab
A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature.​
2024-04-12​
4.3
CVE-2023-6489
[email protected]
[email protected]
gitlab -- gitlab
An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file.​
2024-04-12​
4.3
CVE-2023-6678
[email protected]
[email protected]
givewp -- givewp
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1.​
2024-04-12​
5.9
CVE-2022-40211
[email protected]
gn_themes -- wp_shortcodes_plugin_-_shortcodes_ultimate
The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'note_color' shortcode in all versions up to, and including, 7.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-3512
[email protected]
[email protected]
[email protected]
[email protected]
hcl_software -- bigfix_enterprise_suite_asset_discovery
The NMAP Importer service​ may expose data store credentials to authorized users of the Windows Registry.​
2024-04-08​
6.6
CVE-2024-23584
[email protected]
hidekazu_ishikawa -- x-t9
Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet Gridsby, TT Themes HappenStance, Marsian i-excel, Out the Box Panoramic, Modernthemesnet Sensible WP.This issue affects X-T9: from n/a through 1.19.0; Lightning: from n/a through 15.18.0; Default Mag: from n/a through 1.3.5; Namaha: from n/a through 1.0.40; CityLogic: from n/a through 1.1.29; i-max: from n/a through 1.6.2; Emmet Lite: from n/a through 1.7.5; Decode: from n/a through 3.15.3; Sliding Door: from n/a through 3.3; Shopstar!: from n/a through 1.1.33; Gridsby: from n/a through 1.3.0; HappenStance: from n/a through 3.0.1; i-excel: from n/a through 1.7.9; Panoramic: from n/a through 1.1.56; Sensible WP: from n/a through 1.3.1.​
2024-04-10​
4.3
CVE-2024-31386
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
i_thirteen_web_solution -- wp_responsive_tabs_horizontal_vertical_and_accordion_tabs
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs allows Stored XSS.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17.​
2024-04-11​
6.5
CVE-2024-27989
[email protected]
ibm -- qradar_siem
IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706.​
2024-04-11​
5.9
CVE-2023-50949
[email protected]
[email protected]
ibm -- security_verify_access_appliance
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318.​
2024-04-10​
6.2
CVE-2024-31874
[email protected]
[email protected]
ibm -- sterling_b2b_integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273338.​
2024-04-12​
5.4
CVE-2023-50307
[email protected]
[email protected]
ibm -- sterling_b2b_integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280894.​
2024-04-12​
5.4
CVE-2024-22357
[email protected]
[email protected]
ibm -- sterling_b2b_integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 268691.​
2024-04-12​
4.8
CVE-2023-45186
[email protected]
[email protected]
ibm -- sterling_file_gateway
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271531.​
2024-04-12​
4.8
CVE-2023-47714
[email protected]
[email protected]
ibm -- storage_defender
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986.​
2024-04-12​
6.4
CVE-2024-27261
[email protected]
[email protected]
ibm -- urbancode_deploy
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896.​
2024-04-12​
6.3
CVE-2024-22358
[email protected]
[email protected]
ibm -- urbancode_deploy
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897.​
2024-04-12​
6.1
CVE-2024-22359
[email protected]
[email protected]
ibm -- urbancode_deploy
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974.​
2024-04-12​
4.4
CVE-2024-22334
[email protected]
[email protected]
ibm -- urbancode_deploy
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979.​
2024-04-12​
4.3
CVE-2024-22339
[email protected]
[email protected]
ideaboxcreations -- powerpack_addons_for_elementor_(free_widgets_extensions_and_templates)
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2492
[email protected]
[email protected]
ideaboxcreations -- powerpack_lite_for_beaver_builder
The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link in multiple elements in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2289
[email protected]
[email protected]
j_3rk -- video_conferencing_with_zoom
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the get_assign_host_id AJAX action. This makes it possible for authenticated attackers, with subscriber access or higher, to enumerate usernames, emails and IDs of all users on a site.​
2024-04-09​
4.3
CVE-2024-2033
[email protected]
[email protected]
jackdewey -- link_library
The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-04-09​
6.1
CVE-2024-2325
[email protected]
[email protected]
jcodex -- woocommerce_checkout_field_editor_(checkout_manager)
Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8.​
2024-04-12​
5.4
CVE-2024-31262
[email protected]
jetmonsters -- getwid_-_gutenberg_blocks
The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-1948
[email protected]
[email protected]
jetmonsters -- jetwidgets_for_elementor
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2138
[email protected]
[email protected]
jetmonsters -- jetwidgets_for_elementor
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2507
[email protected]
[email protected]
joel_hardi -- user_spam_remover
Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0.​
2024-04-10​
5.3
CVE-2024-31298
[email protected]
joomunited -- wp_media_folder
Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.​
2024-04-11​
5.4
CVE-2024-25907
[email protected]
joomunited -- wp_media_folder
Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.​
2024-04-11​
4.3
CVE-2024-25908
[email protected]
jtermaat -- 360_javascript_viewer
The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with subscriber access or higher, to update plugin settings.​
2024-04-09​
4.3
CVE-2024-1637
[email protected]
[email protected]
[email protected]
julien_berthelot_/_mpembed.com -- wp_matterport_shortcode
Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode.This issue affects WP Matterport Shortcode: from n/a through 2.1.8.​
2024-04-11​
4.3
CVE-2024-32109
[email protected]
juniper_networks -- junos_os_evolved
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps, an Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition. This issue affects Juniper Networks Junos OS Evolved: 23.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.​
2024-04-12​
6.5
CVE-2024-30403
[email protected]
[email protected]
juniper_networks -- junos_os_evolved
An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS). When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO.​
2024-04-12​
5.3
CVE-2024-21590
[email protected]
[email protected]
juniper_networks -- junos_os_evolved
An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited Denial of Service (DoS) to the management plane. When an incoming connection was blocked because it exceeded the connections-per-second rate-limit, the system doesn't consider existing connections anymore for subsequent connection attempts so that the connection limit can be exceeded. This issue affects Junos OS Evolved: All versions before 21.4R3-S4-EVO, 22.1-EVO versions before 22.1R3-S3-EVO, 22.2-EVO versions before 22.2R3-S2-EVO, 22.3-EVO versions before 22.3R2-S1-EVO, 22.3R3-EVO.​
2024-04-12​
5.3
CVE-2024-30390
[email protected]
[email protected]
juniper_networks -- junos_os_evolved
A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO. This issue does not affect releases before 23.1R1-EVO.​
2024-04-12​
5.5
CVE-2024-30406
[email protected]
[email protected]
[email protected]
[email protected]
juniper_networks -- junos_os
An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition. Circuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue. This issue only affects MX Series with MPC10, MPC11, LC9600, and MX304. This issue affects: Juniper Networks Junos OS 21.4 versions from 21.4R3 earlier than 21.4R3-S5; 22.2 versions from 22.2R2 earlier than 22.2R3-S2; 22.3 versions from 22.3R1 earlier than 22.3R2-S2; 22.3 versions from 22.3R3 earlier than 22.3R3-S1 22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3; 23.2 versions earlier than 23.2R1-S1, 23.2R2.​
2024-04-12​
6.5
CVE-2024-21593
[email protected]
[email protected]
juniper_networks -- junos_os
An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). Specific valid link-local traffic is not blocked on ports in STP blocked state but is instead sent to the control plane of the device. This leads to excessive resource consumption and in turn severe impact on all control and management protocols of the device. This issue affects Juniper Networks Junos OS: * 21.2 version 21.2R3-S3 and later versions earlier than 21.2R3-S6; * 22.1 version 22.1R3 and later versions earlier than 22.1R3-S4; * 22.2 version 22.2R2 and later versions earlier than 22.2R3-S2; * 22.3 version 22.3R2 and later versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. This issue does not affect Juniper Networks Junos OS 21.4R1 and later versions of 21.4.​
2024-04-12​
6.5
CVE-2024-21605
[email protected]
[email protected]
juniper_networks -- junos_os
A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS). If specific values for the IPsec parameters local-ip, remote-ip, remote ike-id, and traffic selectors are sent from the peer, a memory leak occurs during every IPsec SA rekey which is carried out with a specific message sequence. This will eventually result in an iked process crash and restart. The iked process memory consumption can be checked using the below command: user@host> show system processes extensive | grep iked PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 56903 root 31 0 4016M 2543M CPU0 0 2:10 10.50% iked This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2.​
2024-04-12​
6.5
CVE-2024-21609
[email protected]
[email protected]
juniper_networks -- junos_os
An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. This issue affects: Junos OS: * from 21.4 before 21.4R3-S4, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R2-S2, 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S2-EVO, * from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. This issue does not affect: * Junos OS versions prior to 21.4R1; * Junos OS Evolved versions prior to 21.4R1-EVO.​
2024-04-12​
6.5
CVE-2024-21618
[email protected]
[email protected]
juniper_networks -- junos_os
A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart. This issue affects Junos OS: All versions before 20.4R3-S9, 21.2 versions before 21.2R3-S5, 21.3 versions before 21.3R3-S5, 21.4 versions before 21.4R3-S4, 22.1 versions before 22.1R3-S2, 22.2 versions before 22.2R3-S2, 22.3 versions before 22.3R2-S2, 22.3R3, 22.4 versions before 22.4R2.​
2024-04-12​
6.5
CVE-2024-30387
[email protected]
[email protected]
juniper_networks -- junos_os
An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss. This issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series: * 20.4 versions from 20.4R3-S4 before 20.4R3-S8, * 21.2 versions from 21.2R3-S2 before 21.2R3-S6, * 21.4 versions from 21.4R2 before 21.4R3-S4, * 22.1 versions from 22.1R2 before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R2-S2, 22.3R3, * 22.4 versions before 22.4R2-S1, 22.4R3.​
2024-04-12​
6.5
CVE-2024-30388
[email protected]
[email protected]
juniper_networks -- junos_os
An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can't be established anymore. A similar behavior will be seen for telnet etc. Stuck mgd processes can be monitored by executing the following command: user@host> show system processes extensive | match mgd | match sbwait This issue affects Juniper Networks Junos OS on MX Series: All versions earlier than 20.4R3-S9; 21.2 versions earlier than 21.2R3-S7; 21.3 versions earlier than 21.3R3-S5; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S2; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2.​
2024-04-12​
5.3
CVE-2024-21610
[email protected]
[email protected]
juniper_networks -- junos_os
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system. On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R1-S2. Junos OS Evolved: * all versions before 21.2R3-S7-EVO, * from 21.3 before 21.3R3-S5-EVO, * from 21.4 before 21.4R3-S5-EVO, * from 22.1 before 22.1R3-S5-EVO, * from 22.2 before 22.2R3-S3-EVO, * from 22.3 before 22.3R3-S2-EVO, * from 22.4 before 22.4R3-EVO, * from 23.2 before 23.2R1-S2.​
2024-04-12​
5
CVE-2024-21615
[email protected]
[email protected]
juniper_networks -- junos_os

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos). If a specific CLI command is issued, a PFE crash will occur. This will cause traffic forwarding to be interrupted until the system self-recovers. This issue affects Junos OS: All versions before 20.4R3-S10, 21.2 versions before 21.2R3-S7, 21.4 versions before 21.4R3-S6.​
2024-04-12​
5.5
CVE-2024-30384
[email protected]
[email protected]
juniper_networks -- junos_os

A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). In an EVPN-VXLAN scenario, when state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control. This issue affects: Junos OS: * All versions before 20.4R3-S8, * 21.2 versions before 21.2R3-S6, * 21.3 versions before 21.3R3-S5, * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R3,, * 22.4 versions before 22.4R2; Junos OS Evolved: * All versions before 20.4R3-S8-EVO, * 21.2-EVO versions before 21.2R3-S6-EVO, * 21.3-EVO versions before 21.3R3-S5-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.1-EVO versions before 22.1R3-S3-EVO, * 22.2-EVO versions before 22.2R3-S1-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R2-EVO.​
2024-04-12​
5.3
CVE-2024-30386
[email protected]
[email protected]
juniper_networks -- junos_os
An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface it doesn't recognize matching packets but permits any traffic. This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6. This issue does not affect Junos OS releases earlier than 21.4R1.​
2024-04-12​
5.8
CVE-2024-30389
[email protected]
[email protected]
juniper_networks -- junos_os
An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC. Through code review, it was determined that the interface definition code for aftman could read beyond a buffer boundary, leading to a stack-based buffer overflow. This issue affects Junos OS on MX Series and EX9200-15C: * from 21.2 before 21.2R3-S1, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2, * from 22.2 before 22.2R2; This issue does not affect: * versions of Junos OS prior to 20.3R1; * any version of Junos OS 20.4.​
2024-04-12​
5.9
CVE-2024-30401
[email protected]
[email protected]
juniper_networks -- junos_os
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition. This issue affects: Junos OS: All versions earlier than 20.4R3-S10; 21.2 versions earlier than 21.2R3-S7; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S1; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2. Junos OS Evolved: All versions earlier than 21.4R3-S5-EVO; 22.1-EVO versions earlier than 22.1R3-S4-EVO; 22.2-EVO versions earlier than 22.2R3-S3-EVO; 22.3-EVO versions earlier than 22.3R3-S1-EVO; 22.4-EVO versions earlier than 22.4R3-EVO; 23.2-EVO versions earlier than 23.2R2-EVO.​
2024-04-12​
5.9
CVE-2024-30402
[email protected]
[email protected]
juniper_networks -- junos_os
An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service. This issue affects Juniper Networks Junos OS: * from 22.1 before 22.1R1-S2, 22.1R2. Junos OS Evolved: * from 22.1 before 22.1R1-S2-EVO, 22.1R2-EVO.​
2024-04-12​
5.3
CVE-2024-30409
[email protected]
[email protected]
juniper_networks -- junos_os
A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed. This issue affects Junos OS: All versions before 20.4R3-S7, 21.1 versions before 21.1R3, 21.2 versions before 21.2R2-S1, 21.2R3, 21.3 versions before 21.3R1-S2, 21.3R2.​
2024-04-12​
4.8
CVE-2024-30391
[email protected]
[email protected]
juniper_networks -- junos_
An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback (lo0) interface. The intended function is that the lo0 firewall filter takes precedence over the revenue interface firewall filter. This issue affects only IPv6 firewall filter. This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS: * All versions before 20.4R3-S10, * from 21.2 before 21.2R3-S7, * from 21.4 before 21.4R3-S6.​
2024-04-12​
5.8
CVE-2024-30410
[email protected]
[email protected]
junkcoder,_ristoniinemets -- ajax_thumbnail_rebuild
Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13.​
2024-04-11​
4.3
CVE-2022-47604
[email protected]
kekotron -- ai_post_generator_|_autowriter
The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber access or higher, to view all posts generated with this plugin (even in non-published status), create new posts (and publish them), publish unpublished post or perform post deletions.​
2024-04-09​
6.3
CVE-2024-1850
[email protected]
[email protected]
[email protected]
khl32 -- font_farsi
The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.​
2024-04-09​
4.4
CVE-2024-3093
[email protected]
[email protected]
kurudrive -- vk_all_in_one_expansion_unit
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content.​
2024-04-09​
6.5
CVE-2024-2093
[email protected]
[email protected]
[email protected]
kyivstarteam -- react-native-sms-user-consent
A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The manipulation leads to improper export of android application components. Attacking locally is a requirement. Upgrading to version 1.1.5 is able to address this issue. The name of the patch is 5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259508.​
2024-04-07​
5.3
CVE-2021-4438
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
leadinfo -- leadinfo
Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.This issue affects Leadinfo: from n/a through 1.0.​
2024-04-11​
4.3
CVE-2024-32112
[email protected]
leap13 -- premium_addons_for_elementor
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-0376
[email protected]
[email protected]
leap13 -- premium_addons_for_elementor
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-10​
6.4
CVE-2024-2664
[email protected]
[email protected]
leap13 -- premium_addons_for_elementor
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button in all versions up to, and including, 4.10.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-10​
6.5
CVE-2024-2665
[email protected]
[email protected]
leap13 -- premium_addons_for_elementor
The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and attempts to edit the content.​
2024-04-10​
5.4
CVE-2024-2666
[email protected]
[email protected]
leap13 -- premium_addons_for_elementor
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons for Elementor.This issue affects Premium Addons for Elementor: from n/a through 4.10.22.​
2024-04-10​
4.3
CVE-2024-31278
[email protected]
lifterlms -- lifterlms
Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issue affects LifterLMS: from n/a through 7.5.0.​
2024-04-12​
4.3
CVE-2024-31363
[email protected]
link_whisper -- link_whisper_free
Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.9.​
2024-04-11​
4.3
CVE-2024-31934
[email protected]
livemesh -- elementor_addons_by_livemesh
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text_alignment' attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-1458
[email protected]
[email protected]
livemesh -- elementor_addons_by_livemesh
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the Team Members widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-1461
[email protected]
[email protected]
livemesh -- elementor_addons_by_livemesh
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-1464
[email protected]
[email protected]
livemesh -- elementor_addons_by_livemesh
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carousel_skin' attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-1465
[email protected]
[email protected]
livemesh -- elementor_addons_by_livemesh
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slider_style' attribute of the Posts Multislider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-27986 may be a duplicate of this issue.​
2024-04-09​
6.4
CVE-2024-1466
[email protected]
[email protected]
livemesh -- elementor_addons_by_livemesh
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget '_id' attributes in all versions up to, and including, 8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-10​
6.4
CVE-2024-2539
[email protected]
[email protected]
livemesh -- elementor_addons_by_livemesh
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on author display names. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-10​
6.4
CVE-2024-2655
[email protected]
[email protected]
lizardbyte -- sunshine
Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability.​
2024-04-08​
5.9
CVE-2024-31221
[email protected]
[email protected]
[email protected]
[email protected]
mailmunch -- mailmunch_-_grow_your_email_list
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailMunch - Grow your Email List allows Stored XSS.This issue affects MailMunch - Grow your Email List: from n/a through 3.1.6.​
2024-04-07​
6.5
CVE-2024-31349
[email protected]
mark_stockton -- quicksand_post_filter_jquery_plugin
Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1.​
2024-04-11​
5.3
CVE-2024-24850
[email protected]
matrix-org -- matrix-appservice-irc
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don't have access to. As a precondition to the attack, the malicious user needs to know the event ID of the message they want to leak, as well as to be joined to both the Matrix room and the IRC channel it is bridged to. The message reply containing the leaked message content is visible to IRC channel members when this happens. matrix-appservice-irc 2.0.0 checks whether the user has permission to view an event before constructing a reply. Administrators should upgrade to this version. It's possible to limit the amount of information leaked by setting a reply template that doesn't contain the original message. See these lines 601-604 in the configuration file linked.​
2024-04-12​
4.3
CVE-2024-32000
[email protected]
[email protected]
[email protected]
mautic -- mautic
Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available​
2024-04-10​
5.3
CVE-2024-2730
[email protected]
mautic -- mautic
Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available.​
2024-04-10​
5.4
CVE-2024-2731
[email protected]
mautic -- mautic
Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.​
2024-04-10​
5
CVE-2024-3448
[email protected]
max_foundry -- media_library_folders
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.8.​
2024-04-10​
6.5
CVE-2024-31287
[email protected]
mbis -- permalink_manager_lite
The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the 's' parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-04-09​
6.1
CVE-2024-2738
[email protected]
[email protected]
[email protected]
[email protected]
mbis -- permalink_manager_lite
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts.​
2024-04-09​
4.3
CVE-2024-2543
[email protected]
[email protected]
[email protected]
memberpress -- memberpress
The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Note - the issue was partially patched in 1.11.25, but could still potentially be exploited under some circumstances.​
2024-04-09​
6.1
CVE-2024-1412
[email protected]
[email protected]
metagauss -- profilegrid_
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.6.​
2024-04-07​
4.3
CVE-2024-31291
[email protected]
metagauss -- profilegrid_
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.​
2024-04-12​
4.3
CVE-2024-31362
[email protected]
metagauss -- registrationmagic
Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9.​
2024-04-11​
4.3
CVE-2024-25935
[email protected]
metaslider -- slider_gallery_and_carousel_by_metaslider_-_responsive_wordpress_slideshows
The Slider, Gallery, and Carousel by MetaSlider - Responsive WordPress Slideshows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'metaslider' shortcode in all versions up to, and including, 3.70.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-11​
6.4
CVE-2024-3285
[email protected]
[email protected]
michael_leithold -- dsgvo_all_in_one_for_wp
Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3.​
2024-04-11​
4.3
CVE-2024-27967
[email protected]
micro.company -- form_to_chat_app
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.Company Form to Chat App allows Stored XSS.This issue affects Form to Chat App: from n/a through 1.1.6.​
2024-04-07​
6.5
CVE-2024-31258
[email protected]
microsoft -- azure_arc_extension
Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability​
2024-04-09​
6.2
CVE-2024-28917
[email protected]
microsoft -- azure_compute_gallery
Azure Compute Gallery Elevation of Privilege Vulnerability​
2024-04-09​
6.5
CVE-2024-21424
[email protected]
microsoft -- azure_identity_library_for_.net
Azure Identity Library for .NET Information Disclosure Vulnerability​
2024-04-09​
5.5
CVE-2024-29992
[email protected]
microsoft -- azure_migrate
Azure Migrate Remote Code Execution Vulnerability​
2024-04-09​
6.4
CVE-2024-26193
[email protected]
microsoft -- azure_private_5g_core
Azure Private 5G Core Denial of Service Vulnerability​
2024-04-09​
5.9
CVE-2024-20685
[email protected]
microsoft -- microsoft_sharepoint_server_2019
Microsoft SharePoint Server Spoofing Vulnerability​
2024-04-09​
6.8
CVE-2024-26251
[email protected]
microsoft -- windows_10_version_1809
BitLocker Security Feature Bypass Vulnerability​
2024-04-09​
6.1
CVE-2024-20665
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
6.7
CVE-2024-20669
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
6.8
CVE-2024-26168
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
6.7
CVE-2024-26171
[email protected]
microsoft -- windows_10_version_1809
Windows Kerberos Denial of Service Vulnerability​
2024-04-09​
6.5
CVE-2024-26183
[email protected]
microsoft -- windows_10_version_1809
Proxy Driver Spoofing Vulnerability​
2024-04-09​
6.7
CVE-2024-26234
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
6.7
CVE-2024-26250
[email protected]
microsoft -- windows_10_version_1809
Windows rndismp6.sys Remote Code Execution Vulnerability​
2024-04-09​
6.8
CVE-2024-26252
[email protected]
microsoft -- windows_10_version_1809
Windows rndismp6.sys Remote Code Execution Vulnerability​
2024-04-09​
6.8
CVE-2024-26253
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
6.8
CVE-2024-28897
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
6.3
CVE-2024-28898
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
6.7
CVE-2024-28903
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
6.7
CVE-2024-28919
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
6.7
CVE-2024-28921
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
6.4
CVE-2024-28923
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
6.7
CVE-2024-28924
[email protected]
microsoft -- windows_10_version_1809
Windows Hyper-V Denial of Service Vulnerability​
2024-04-09​
6.2
CVE-2024-29064
[email protected]
microsoft -- windows_10_version_1809
Windows DWM Core Library Information Disclosure Vulnerability​
2024-04-09​
5.5
CVE-2024-26172
[email protected]
microsoft -- windows_10_version_1809
Windows Remote Access Connection Manager Information Disclosure Vulnerability​
2024-04-09​
5.5
CVE-2024-26207
[email protected]
microsoft -- windows_10_version_1809
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability​
2024-04-09​
5.5
CVE-2024-26209
[email protected]
microsoft -- windows_10_version_1809
Windows Remote Access Connection Manager Information Disclosure Vulnerability​
2024-04-09​
5.5
CVE-2024-26217
[email protected]
microsoft -- windows_10_version_1809
Windows Mobile Hotspot Information Disclosure Vulnerability​
2024-04-09​
5
CVE-2024-26220
[email protected]
microsoft -- windows_10_version_1809
Windows Remote Access Connection Manager Information Disclosure Vulnerability​
2024-04-09​
5.5
CVE-2024-26255
[email protected]
microsoft -- windows_10_version_1809
Windows Remote Access Connection Manager Information Disclosure Vulnerability​
2024-04-09​
5.5
CVE-2024-28900
[email protected]
microsoft -- windows_10_version_1809
Windows Remote Access Connection Manager Information Disclosure Vulnerability​
2024-04-09​
5.5
CVE-2024-28901
[email protected]
microsoft -- windows_10_version_1809
Windows Remote Access Connection Manager Information Disclosure Vulnerability​
2024-04-09​
5.5
CVE-2024-28902
[email protected]
microsoft -- windows_10_version_1809
Secure Boot Security Feature Bypass Vulnerability​
2024-04-09​
4.1
CVE-2024-28922
[email protected]
microsoft -- windows_server_2019
Windows Distributed File System (DFS) Information Disclosure Vulnerability​
2024-04-09​
6.5
CVE-2024-26226
[email protected]
microsoft -- windows_server_2019
Windows Authentication Elevation of Privilege Vulnerability​
2024-04-09​
4.3
CVE-2024-29056
[email protected]
mndpsingh287 -- file_manager
The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information.​
2024-04-09​
6.8
CVE-2024-2654
[email protected]
[email protected]
[email protected]
n/a -- dedecms
A vulnerability, which was classified as critical, was found in DedeCMS 5.7.112-UTF8. Affected is an unknown function of the file stepselect_main.php. The manipulation of the argument ids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260472. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-04-12​
6.3
CVE-2024-3685
[email protected]
[email protected]
[email protected]
[email protected]
n/a -- dedecms
A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-04-12​
4.3
CVE-2024-3686
[email protected]
[email protected]
[email protected]
[email protected]
n/a -- eyoucms
A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259612. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-04-07​
4.7
CVE-2024-3431
[email protected]
[email protected]
[email protected]
[email protected]
n/a -- freeipa
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.​
2024-04-10​
5.3
CVE-2024-1481
[email protected]
[email protected]
n/a -- mysql2
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon :)) character within a value of the attacker-crafted key.​
2024-04-10​
6.5
CVE-2024-21507
[email protected]
[email protected]
[email protected]
[email protected]
n/a -- mysql2
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.​
2024-04-10​
6.5
CVE-2024-21509
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
n/a -- qemu
A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.​
2024-04-10​
5.5
CVE-2024-3567
[email protected]
[email protected]
[email protected]
n/a -- save_as_image_plugin_by_pdfcrowd
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Save as Image plugin by Pdfcrowd allows Stored XSS.This issue affects Save as Image plugin by Pdfcrowd: from n/a through 3.2.1 .​
2024-04-11​
5.9
CVE-2024-31931
[email protected]
netentsec -- ns-asg_application_security_gateway
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add_postlogin.php. The manipulation of the argument SingleLoginId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259711.​
2024-04-08​
6.3
CVE-2024-3455
[email protected]
[email protected]
[email protected]
[email protected]
netentsec -- ns-asg_application_security_gateway
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/config_Anticrack.php. The manipulation of the argument GroupId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259712.​
2024-04-08​
6.3
CVE-2024-3456
[email protected]
[email protected]
[email protected]
[email protected]
netentsec -- ns-asg_application_security_gateway
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/config_ISCGroupNoCache.php. The manipulation of the argument GroupId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259713 was assigned to this vulnerability.​
2024-04-08​
6.3
CVE-2024-3457
[email protected]
[email protected]
[email protected]
[email protected]
netentsec -- ns-asg_application_security_gateway
A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /admin/add_ikev2.php. The manipulation of the argument TunnelId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259714 is the identifier assigned to this vulnerability.​
2024-04-08​
6.3
CVE-2024-3458
[email protected]
[email protected]
[email protected]
[email protected]
nextendweb -- smart_slider_3
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files, including SVG files, which can be used to conduct stored cross-site scripting attacks.​
2024-04-13​
6.4
CVE-2024-3027
[email protected]
[email protected]
nick_pelton -- search_keyword_redirect
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Pelton Search Keyword Redirect allows Stored XSS.This issue affects Search Keyword Redirect: from n/a through 1.0.​
2024-04-11​
5.9
CVE-2024-32080
[email protected]
nickboss -- wordpress_file_upload
The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2847
[email protected]
[email protected]
ninjateam -- wp_chat_app
The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageAlt' block attribute in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2513
[email protected]
[email protected]
nudgify -- nudgify_social_proof,sales_popup&_fomo
Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3.​
2024-04-12​
4.3
CVE-2024-31239
[email protected]
nuknightlab -- knight_lab_timeline
The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2287
[email protected]
[email protected]
nvidia -- chatrtx
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure.​
2024-04-08​
6.5
CVE-2024-0083
[email protected]
oceanwp -- ocean_extra
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'twitter_username' parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-3167
[email protected]
[email protected]
[email protected]
octolize -- usps_shipping_for_woocommerce_-_live_rates
Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce - Live Rates.This issue affects USPS Shipping for WooCommerce - Live Rates: from n/a through 1.9.2.​
2024-04-10​
4.3
CVE-2024-31943
[email protected]
octolize -- woocommerce_ups_shipping_-_live_rates_and_access_points
Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping - Live Rates and Access Points.This issue affects WooCommerce UPS Shipping - Live Rates and Access Points: from n/a through 2.2.4.​
2024-04-10​
4.3
CVE-2024-31944
[email protected]
open-telemetry -- opentelemetry-dotnet
OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of OpenTelemetry.Instrumentation.Http and OpenTelemetry.Instrumentation.AspNetCore the url.full writes attribute/tag on spans (Activity) when tracing is enabled for outgoing http requests and OpenTelemetry.Instrumentation.AspNetCore writes the url.query attribute/tag on spans (Activity) when tracing is enabled for incoming http requests. These attributes are defined by the Semantic Conventions for HTTP Spans. Up until version 1.8.1 the values written by OpenTelemetry.Instrumentation.Http & OpenTelemetry.Instrumentation.AspNetCore will pass-through the raw query string as was sent or received (respectively). This may lead to sensitive information (e.g. EUII - End User Identifiable Information, credentials, etc.) being leaked into telemetry backends (depending on the application(s) being instrumented) which could cause privacy and/or security incidents. Note: Older versions of OpenTelemetry.Instrumentation.Http & OpenTelemetry.Instrumentation.AspNetCore may use different tag names but have the same vulnerability. The 1.8.1 versions of OpenTelemetry.Instrumentation.Http & OpenTelemetry.Instrumentation.AspNetCore will now redact by default all values detected on transmitted or received query strings. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-04-12​
4.1
CVE-2024-32028
[email protected]
[email protected]
[email protected]
open-xchange_gmbh -- ox_app_suite
RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Potentially malicious attributes now get removed from external RSS content. No publicly available exploits are known.​
2024-04-08​
6.1
CVE-2024-23192
[email protected]
[email protected]
[email protected]
[email protected]
open-xchange_gmbh -- ox_app_suite
Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering attack to make users import external content. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-generated content has been improved. No publicly available exploits are known.​
2024-04-08​
5.4
CVE-2024-23189
[email protected]
[email protected]
[email protected]
[email protected]
open-xchange_gmbh -- ox_app_suite
Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known.​
2024-04-08​
5.4
CVE-2024-23190
[email protected]
[email protected]
[email protected]
[email protected]
open-xchange_gmbh -- ox_app_suite
Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known.​
2024-04-08​
5.4
CVE-2024-23191
[email protected]
[email protected]
[email protected]
[email protected]
opengnsys -- opengnsys
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored.​
2024-04-12​
5.9
CVE-2024-3706
[email protected]
opengnsys -- opengnsys
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.​
2024-04-12​
5.3
CVE-2024-3707
[email protected]
palo_alto_networks -- pan-os
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.​
2024-04-10​
5.3
CVE-2024-3386
[email protected]
palo_alto_networks -- pan-os
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.​
2024-04-10​
5.3
CVE-2024-3387
[email protected]
palo_alto_networks -- pan-os
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.​
2024-04-10​
4.1
CVE-2024-3388
[email protected]
patrickposner -- passster_-_password_protect_pages_and_content
The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2026
[email protected]
[email protected]
pdfcrowd -- save_as_pdf_plugin_by_pdfcrowd
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.1 .​
2024-04-11​
5.9
CVE-2024-31930
[email protected]
peach_payments -- peach_payments_gateway
Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9.​
2024-04-11​
5.4
CVE-2024-25922
[email protected]
peepso -- community_by_peepso
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1.​
2024-04-12​
4.3
CVE-2024-31251
[email protected]
pencidesign -- soledad
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.​
2024-04-09​
6.5
CVE-2024-31368
[email protected]
pencidesign -- soledad
Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.​
2024-04-09​
5.4
CVE-2024-31369
[email protected]
phpbits_creative_studio -- easy_login_styler_-_white_label_admin_login_page_for_wordpress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phpbits Creative Studio Easy Login Styler - White Label Admin Login Page for WordPress allows Stored XSS.This issue affects Easy Login Styler - White Label Admin Login Page for WordPress: from n/a through 1.0.6.​
2024-04-07​
5.9
CVE-2024-31344
[email protected]
phpgurukul -- small_crm
A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260479.​
2024-04-12​
6.3
CVE-2024-3690
[email protected]
[email protected]
[email protected]
[email protected]
pickplugins -- accordion
The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with contributor access and above, to duplicate arbitrary posts, allowing access to the contents of password-protected posts.​
2024-04-09​
5.4
CVE-2024-1641
[email protected]
[email protected]
[email protected]
ping_identity -- pingfederate
Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests.​
2024-04-10​
6.5
CVE-2023-40148
[email protected]
[email protected]
planet -- igs-4215-16t2s
Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality.​
2024-04-11​
6.4
CVE-2024-2742
[email protected]
pluginsware -- advanced_classifieds_&_directory_pro
The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber access or higher, to delete arbitrary media uploads.​
2024-04-09​
4.3
CVE-2024-2222
[email protected]
[email protected]
[email protected]
[email protected]
polevaultweb -- intagrate_lite
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Polevaultweb Intagrate Lite allows Stored XSS.This issue affects Intagrate Lite: from n/a through 1.3.7.​
2024-04-11​
5.9
CVE-2024-31929
[email protected]
popup_likebox_team -- popup_like_box
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through 3.7.2.​
2024-04-11​
5.9
CVE-2024-31387
[email protected]
prasunsen -- watu_quiz
The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-0873
[email protected]
[email protected]
prasunsen -- watu_quiz
The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which can include session tokens and user emails.​
2024-04-09​
4.3
CVE-2024-0872
[email protected]
[email protected]
princeahmed -- wp_radio_-_worldwide_online_radio_stations_directory_for_wordpress
The WP Radio - Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as insufficient access control on the settings. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-10​
6.4
CVE-2024-1041
[email protected]
[email protected]
princeahmed -- wp_radio_-_worldwide_online_radio_stations_directory_for_wordpress
The WP Radio - Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber access and above, to import radio stations, remove countries, and modify the plugin's settings, which can lead to Cross-Site Scripting, tracked separately in CVE-2024-1041.​
2024-04-10​
6.4
CVE-2024-1042
[email protected]
[email protected]
propertyhive -- propertyhive
Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9.​
2024-04-11​
5.4
CVE-2024-27985
[email protected]
psi-4ward -- psitransfer
PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. The vulnerability allows an attacker to influence those users who come to the file distribution after them and slip the victim files with a malicious or phishing signature. Version 2.2.0 contains a patch for the issue. CVE-2024-31453 allows users to violate the integrity of a file bucket and upload new files there, while the vulnerability with the number CVE-2024-31454 allows users to violate the integrity of a single file that is uploaded by another user by writing data there and not allows you to upload new files to the bucket. Thus, vulnerabilities are reproduced differently, require different security recommendations and affect different objects of the application's business logic.​
2024-04-09​
6.5
CVE-2024-31453
[email protected]
[email protected]
psi-4ward -- psitransfer
PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The vulnerability allows an attacker to influence those users who come to the file distribution after them and slip the victim files with a malicious or phishing signature. Version 2.2.0 contains a patch for this issue. CVE-2024-31454 allows users to violate the integrity of a file that is uploaded by another user. In this case, additional files are not loaded into the file bucket. Violation of integrity at the level of individual files. While the vulnerability with the number CVE-2024-31453 allows users to violate the integrity of a file bucket without violating the integrity of files uploaded by other users. Thus, vulnerabilities are reproduced differently, require different security recommendations and affect different objects of the application's business logic.​
2024-04-09​
6.5
CVE-2024-31454
[email protected]
[email protected]
puneethreddyhc -- event_management
A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259613 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-04-07​
5.5
CVE-2024-3432
[email protected]
[email protected]
[email protected]
qodeinteractive -- qi_addons_for_elementor
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-0826
[email protected]
[email protected]
[email protected]
rainbowgeek -- seopress_-_on-site_seo
The SEOPress - On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2165
[email protected]
[email protected]
rankmath -- rank_math_seo_with_ai_seo_tools
The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo block attributes in all versions up to, and including, 1.0.214 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2536
[email protected]
[email protected]
realmag777 -- wolf_-_wordpress_posts_bulk_editor_and_manager_professional
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF - WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF - WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1.​
2024-04-10​
4.3
CVE-2024-31430
[email protected]
[email protected]
redisbloom -- redisbloom
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.​
2024-04-09​
5.5
CVE-2024-25116
[email protected]
[email protected]
relevanssi -- relevanssi_-a_better_search(pro)
The Relevanssi - A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS.​
2024-04-09​
5.3
CVE-2024-3213
[email protected]
[email protected]
[email protected]
relevanssi -- relevanssi_-a_better_search(pro)
The Relevanssi - A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.​
2024-04-09​
5.8
CVE-2024-3214
[email protected]
[email protected]
repute_infosystems -- arforms_form_builder
Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.​
2024-04-12​
6.3
CVE-2024-31272
[email protected]
repute_infosystems -- bookingpress
Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81.​
2024-04-07​
4.3
CVE-2024-31296
[email protected]
revolution_slider -- slider_revolution
The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure revslider can be extended to authors.​
2024-04-09​
6.4
CVE-2024-2306
[email protected]
[email protected]
rtcamp -- transcoder
Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.This issue affects Transcoder: from n/a through 1.3.5.​
2024-04-12​
4.3
CVE-2024-31305
[email protected]
rubengc -- gamipress_-the#1_gamification_plugin_to_reward_points_achievements_badges_&_ranks_in_wordpress
The GamiPress - The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2783
[email protected]
[email protected]
saleor -- saleor
Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string in refreshToken mutation, while the token persists in JWT_REFRESH_TOKEN_COOKIE_NAME cookie, application omits validation against CSRF token and returns valid access token. Versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19 contain a patch for the issue. As a workaround, one may replace saleor.graphql.account.mutations.authentication.refresh_token.py.get_refresh_token. This will fix the issue, but be aware, that it returns JWT_MISSING_TOKEN instead of JWT_INVALID_TOKEN.​
2024-04-08​
4.2
CVE-2024-31205
[email protected]
[email protected]
saleor -- saleor
Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2.​
2024-04-11​
4.3
CVE-2024-32105
[email protected]
saleswonder.biz_team -- wp2leads
Missing Authorization vulnerability in Saleswonder.Biz Team WP2LEADS.This issue affects WP2LEADS: from n/a through 3.2.7.​
2024-04-08​
5.4
CVE-2024-31375
[email protected]
sap_se -- sap_business_connector
The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client side.​
2024-04-09​
4.8
CVE-2024-30214
[email protected]
[email protected]
sap_se -- sap_business_connector
The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is obtained, or the amount or kind of loss is limited.​
2024-04-09​
4.8
CVE-2024-30215
[email protected]
[email protected]
sap_se -- sap_group_reporting_data_collection_(enter_package_data)
SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization causing high impact on Integrity of the appliction.​
2024-04-09​
6.5
CVE-2024-28167
[email protected]
[email protected]
sap_se -- sap_netweaver_as_abap_and_abap_platform
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability.​
2024-04-09​
6.5
CVE-2024-30218
[email protected]
[email protected]
sap_se -- sap_netweaver
SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality.​
2024-04-09​
5.3
CVE-2024-27898
[email protected]
[email protected]
sap_se -- sap_s/4_hana_(cash_management)
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the application. Confidentiality and Availability are not impacted.​
2024-04-09​
4.3
CVE-2024-30216
[email protected]
[email protected]
sap_se -- sap_s/4_hana_(cash_management)
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted.​
2024-04-09​
4.3
CVE-2024-30217
[email protected]
[email protected]
saumya_majumder -- wp_server_health_stats
Cross-Site Request Forgery (CSRF) vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3.​
2024-04-12​
4.3
CVE-2024-31250
[email protected]
sc0ttkclark -- pods_-_custom_content_types_and_fields
The Pods - Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode. This makes it possible for authenticated attackers, with contributor access or higher, to create pods and users (with default role).​
2024-04-09​
4.3
CVE-2023-6965
[email protected]
[email protected]
[email protected]
setriosoft -- bizcalendar_web
The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-04-10​
6.1
CVE-2024-1780
[email protected]
[email protected]
shopware -- shopware
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on CustomerLogoutEvent and invalidates the session additionally. The problem has been fixed in Shopware 6.6.1.0 and 6.5.8.8. Those who are unable to update can install the latest version of the Shopware Security Plugin as a workaround.​
2024-04-08​
5.3
CVE-2024-31447
[email protected]
[email protected]
[email protected]
shortpixel -- shortpixel_adaptive_images
Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2.​
2024-04-10​
5.3
CVE-2024-31230
[email protected]
siemens -- scalance_w1748-1_m12
A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0). This CVE refers to Scenario 2 "Abuse the queue for network disruptions" of CVE-2022-47522. Affected devices can be tricked into enabling its power-saving mechanisms for a victim client. This could allow a physically proximate attacker to execute disconnection and denial-of-service attacks.​
2024-04-09​
6.1
CVE-2024-30190
[email protected]
siemens -- scalance_w721-1_rj45
A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0) (All versions), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6) (All versions), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0) (All versions), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0) (All versions), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0) (All versions), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0) (All versions), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0) (All versions), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0) (All versions), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0) (All versions), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0) (All versions), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0) (All versions), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0) (All versions), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6) (All versions), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0) (All versions), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0) (All versions), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0) (All versions), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0) (All versions), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0) (All versions), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0) (All versions), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0) (All versions), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0) (All versions), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0) (All versions), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0) (All versions), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0) (All versions), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0) (All versions), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0) (All versions), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0) (All versions), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0) (All versions), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0) (All versions). This CVE refers to Scenario 1 "Leak frames from the Wi-Fi queue" of CVE-2022-47522. Affected devices queue frames in order to subsequently change the security context and leak the queued frames. This could allow a physically proximate attacker to intercept (possibly cleartext) target-destined frames.​
2024-04-09​
6.1
CVE-2024-30189
[email protected]
siemens -- simatic_pcs_7_v9.1
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions). The affected products do not properly validate the input provided in the login dialog box. An attacker could leverage this vulnerability to cause a persistent denial of service condition.​
2024-04-09​
6.2
CVE-2023-50821
[email protected]
sigstore -- cosign
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other services on the machine that will not be available for the duration of the machine denial. The root cause of this issue is that Cosign reads the attachment from a remote image entirely into memory without checking the size of the attachment first. As such, a large attachment can make Cosign read a large attachment into memory; If the attachments size is larger than the machine has memory available, the machine will be denied of service. The Go runtime will make a SigKill after a few seconds of system-wide denial. This issue can allow a supply-chain escalation from a compromised registry to the Cosign user: If an attacher has compromised a registry or the account of an image vendor, they can include a malicious attachment and hurt the image consumer. Version 2.2.4 contains a patch for the vulnerability.​
2024-04-10​
4.2
CVE-2024-29902
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
sigstore -- cosign
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted artifact can control the amount of memory that Cosign allocates. The exact issue is Cosign allocates excessive memory on the lines that creates a slice of the same length as the manifests. Version 2.2.4 contains a patch for the vulnerability.​
2024-04-10​
4.2
CVE-2024-29903
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
silverks -- graphene
The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source.​
2024-04-09​
5.3
CVE-2024-1984
[email protected]
[email protected]
smub -- easy_digital_downloads_-sell_digital_files&subscriptions(ecommerce_store_+_payments_made_easy)
The Easy Digital Downloads - Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII.​
2024-04-09​
5.3
CVE-2024-2302
[email protected]
[email protected]
[email protected]
smub -- wordpress_gallery_plugin_-_nextgen_gallery
The WordPress Gallery Plugin - NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.​
2024-04-09​
5.3
CVE-2024-3097
[email protected]
[email protected]
[email protected]
[email protected]
soflyy -- import_any_xml_or_csv_file_to_wordpress
Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3.​
2024-04-10​
4.3
CVE-2024-31939
[email protected]
softaculous -- page_builder:pagelayer-_drag_and_drop_website_builder
The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attr' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2504
[email protected]
[email protected]
[email protected]
someguy9 -- lightweight_accordion
The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-04-09​
6.4
CVE-2024-2436
[email protected]
[email protected]
[email protected]
sourcecodester -- kortex_lite_advocate_office_management_system
A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This issue affects some unknown processing of the file /control/deactivate_case.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260273 was assigned to this vulnerability.​
2024-04-11​
4.7
CVE-2024-3617
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- kortex_lite_advocate_office_management_system
A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file /control/activate_case.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260274 is the identifier assigned to this vulnerability.​
2024-04-11​
4.7
CVE-2024-3618
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- kortex_lite_advocate_office_management_system
A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /control/addcase_stage.php. The manipulation of the argument cname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260275.​
2024-04-11​
4.7
CVE-2024-3619
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- kortex_lite_advocate_office_management_system
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /control/adds.php. The manipulation of the argument name/gender/dob/email/mobile/address leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260276.​
2024-04-11​
4.7
CVE-2024-3620
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- kortex_lite_advocate_office_management_system
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. This affects an unknown part of the file /control/register_case.php. The manipulation of the argument title/case_no/client_name/court/case_type/case_stage/legel_acts/description/filling_date/hearing_date/opposite_lawyer/total_fees/unpaid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260277 was assigned to this vulnerability.​
2024-04-11​
4.7
CVE-2024-3621
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- laundry_management_system
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259702 is the identifier assigned to this vulnerability.​
2024-04-08​
6.3
CVE-2024-3445
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- laundry_management_system
A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical. This issue affects the function laporan_filter of the file /application/controller/Pelanggan.php. The manipulation of the argument jeniskelamin leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259745 was assigned to this vulnerability.​
2024-04-08​
6.3
CVE-2024-3464
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- laundry_management_system
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been classified as critical. Affected is the function laporan_filter of the file /application/controller/Transaki.php. The manipulation of the argument dari/sampai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259746 is the identifier assigned to this vulnerability.​
2024-04-08​
6.3
CVE-2024-3465
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- laundry_management_system
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function laporan_filter of the file /application/controller/Pengeluaran.php. The manipulation of the argument dari/sampai leads to sql injection. The associated identifier of this vulnerability is VDB-259747.​
2024-04-08​
5.5
CVE-2024-3466
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- online_courseware
A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. This vulnerability affects unknown code of the file admin/editt.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259588.​
2024-04-07​
6.3
CVE-2024-3416
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- online_courseware
A vulnerability, which was classified as critical, has been found in SourceCodester Online Courseware 1.0. This issue affects some unknown processing of the file admin/saveeditt.php. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259589 was assigned to this vulnerability.​
2024-04-07​
6.3
CVE-2024-3417
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- online_courseware
A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259590 is the identifier assigned to this vulnerability.​
2024-04-07​
6.3
CVE-2024-3418
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- online_courseware
A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/edit.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259591.​
2024-04-07​
6.3
CVE-2024-3419
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- online_courseware
A vulnerability was found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/saveedit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259592.​
2024-04-07​
6.3
CVE-2024-3420
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- online_courseware
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argument selector leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259593 was assigned to this vulnerability.​
2024-04-07​
6.3
CVE-2024-3421
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- online_courseware
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259594 is the identifier assigned to this vulnerability.​
2024-04-07​
6.3
CVE-2024-3422
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- online_courseware
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259595.​
2024-04-07​
6.3
CVE-2024-3423
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- online_courseware
A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/listscore.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259596.​
2024-04-07​
6.3
CVE-2024-3424
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester -- online_courseware
A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259597 was assigned to this vulnerability.​
2024-04-07​