CISA Bulletins - Vulnerability Summary for the Week of March 11, 2024

  • Welcome to ITBible, we're your #1 resource for enterprise or homelab IT problems (or just a place to show off your stuff).
C

CISA

Guest

High Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
academylms -- academy_lms_-_elearning_and_online_course_solution_for_wordpress
The Academy LMS - eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This makes it possible for authenticated attackers, with minimal permissions such as students, to elevate their user role to that of an administrator.​
2024-03-13​
8.8
CVE-2024-1505
[email protected]
[email protected]
andrei_ivasiuc -- fontific_|_google_fonts
Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Fontific | Google Fonts allows Stored XSS.This issue affects Fontific | Google Fonts: from n/a through 0.1.6.​
2024-03-16​
7.1
CVE-2024-27194
[email protected]
apache_software_foundation -- apache_pulsar
Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections without requiring proper authentication credentials. This issue affects Apache Pulsar versions from 2.6.0 to 2.10.5, from 2.11.0 to 2.11.2, from 3.0.0 to 3.0.1, and 3.1.0. The known risks include exposing sensitive information such as connected client IP and unauthorized logging level manipulation which could lead to a denial-of-service condition by significantly increasing the proxy's logging overhead. When deployed via the Apache Pulsar Helm chart within Kubernetes environments, the actual client IP might not be revealed through the load balancer's default behavior, which typically obscures the original source IP addresses when externalTrafficPolicy is being configured to "Cluster" by default. The /proxy-stats endpoint contains topic level statistics, however, in the default configuration, the topic level statistics aren't known to be exposed. 2.10 Pulsar Proxy users should upgrade to at least 2.10.6. 2.11 Pulsar Proxy users should upgrade to at least 2.11.3. 3.0 Pulsar Proxy users should upgrade to at least 3.0.2. 3.1 Pulsar Proxy users should upgrade to at least 3.1.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. Additionally, it's imperative to recognize that the Apache Pulsar Proxy is not intended for direct exposure to the internet. The architectural design of Pulsar Proxy assumes that it will operate within a secured network environment, safeguarded by appropriate perimeter defenses.​
2024-03-12​
8.2
CVE-2022-34321
[email protected]
[email protected]
apache_software_foundation -- apache_pulsar
Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true". This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.4. 3.0 Pulsar Function Worker users should upgrade to at least 3.0.3. 3.1 Pulsar Function Worker users should upgrade to at least 3.1.3. 3.2 Pulsar Function Worker users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.​
2024-03-12​
8.5
CVE-2024-27135
[email protected]
[email protected]
apache_software_foundation -- apache_pulsar
In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in the zip files, which aren't properly validated, contain special elements like "..", altering the directory path. This could allow an attacker to create or modify files outside of the designated extraction directory, potentially influencing system behavior. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true". This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.4. 3.0 Pulsar Function Worker users should upgrade to at least 3.0.3. 3.1 Pulsar Function Worker users should upgrade to at least 3.1.3. 3.2 Pulsar Function Worker users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.​
2024-03-12​
8.4
CVE-2024-27317
[email protected]
[email protected]
apache_software_foundation -- apache_pulsar
The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will retrieve the implementation from the URL provided by the user. However, this feature introduces a vulnerability that can be exploited by an attacker to gain unauthorized access to any file that the Pulsar Functions Worker process has permissions to read. This includes reading the process environment which potentially includes sensitive information, such as secrets. Furthermore, an attacker could leverage this vulnerability to use the Pulsar Functions Worker as a proxy to access the content of remote HTTP and HTTPS endpoint URLs. This could also be used to carry out denial of service attacks. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true". This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.4. 3.0 Pulsar Function Worker users should upgrade to at least 3.0.3. 3.1 Pulsar Function Worker users should upgrade to at least 3.1.3. 3.2 Pulsar Function Worker users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. The updated versions of Pulsar Functions Worker will, by default, impose restrictions on the creation of functions using URLs. For users who rely on this functionality, the Function Worker configuration provides two configuration keys: "additionalEnabledConnectorUrlPatterns" and "additionalEnabledFunctionsUrlPatterns". These keys allow users to specify a set of URL patterns that are permitted, enabling the creation of functions using URLs that match the defined patterns. This approach ensures that the feature remains available to those who require it, while limiting the potential for unauthorized access and exploitation.​
2024-03-12​
8.5
CVE-2024-27894
[email protected]
[email protected]
arcserve -- unified_data_protection
An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.​
2024-03-13​
9.8
CVE-2024-0799
[email protected]
arcserve -- unified_data_protection
A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet.​
2024-03-13​
8.8
CVE-2024-0800
[email protected]
arcserve -- unified_data_protection
A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll.​
2024-03-13​
7.5
CVE-2024-0801
[email protected]
argoproj -- argo-cd
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin). This vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in Argo CD versions v2.10.3 v2.9.8, and v2.8.12. There are no completely-safe workarounds besides upgrading. The safest alternative, if upgrading is not possible, would be to create a Kubernetes admission controller to reject any resources with an annotation starting with link.argocd.argoproj.io or reject the resource if the value use an improper URL protocol. This validation will need to be applied in all clusters managed by ArgoCD.​
2024-03-13​
9
CVE-2024-28175
[email protected]
[email protected]
autopolisbg -- bulgarisation_for_woocommerce
The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level access and above, to generate and delete labels.​
2024-03-13​
7.3
CVE-2024-0683
[email protected]
[email protected]
autopolisbg -- bulgarisation_for_woocommerce
The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.14. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to generate and delete labels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
2024-03-12​
7.3
CVE-2024-2395
[email protected]
[email protected]
aweber -- aweber_-_free_sign_up_form_and_landing_page_builder_plugin_for_lead_generation_and_email_newsletter_growth
The AWeber - Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'post_id' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-03-13​
7.2
CVE-2024-1793
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
badger_meter -- monitool
SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the j_username parameter and retrieve the information stored in the database.​
2024-03-12​
9.8
CVE-2024-1301
[email protected]
badger_meter -- monitool
Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials.​
2024-03-12​
7.3
CVE-2024-1302
[email protected]
bee -- beepress
Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows Stored XSS.This issue affects BeePress: from n/a through 6.9.8.​
2024-03-16​
7.1
CVE-2024-27197
[email protected]
boldgrid -- weforms_-easy_drag&_drop_contact_form_builder_for_wordpress
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-12​
7.2
CVE-2024-0386
[email protected]
[email protected]
canon_inc. -- color_imageclass_mf740c_series
Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF740C Series/Satera MF640C Series/Satera LBP660C Series/Satera LBP620C Series firmware v12.07 and earlier, and Satera MF750C Series/Satera LBP670C Series firmware v03.09 and earlier sold in Japan.Color imageCLASS MF740C Series/Color imageCLASS MF640C Series/Color imageCLASS X MF1127C/Color imageCLASS LBP664Cdw/Color imageCLASS LBP622Cdw/Color imageCLASS X LBP1127C firmware v12.07 and earlier, and Color imageCLASS MF750C Series/Color imageCLASS X MF1333C/Color imageCLASS LBP674Cdw/Color imageCLASS X LBP1333C firmware v03.09 and earlier sold in US.i-SENSYS MF740C Series/i-SENSYS MF640C Series/C1127i Series/i-SENSYS LBP660C Series/i-SENSYS LBP620C Series/C1127P firmware v12.07 and earlier, and i-SENSYS MF750C Series/C1333i Series/i-SENSYS LBP673Cdw/C1333P firmware v03.09 and earlier sold in Europe.​
chatgptnextweb -- nextchat
NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using HTTP POST, PUT, and other methods. Attackers can also use this vulnerability to mask their source IP by forwarding malicious traffic intended for other Internet targets through these open proxies. As of time of publication, no patch is available, but other mitigation strategies are available. Users may avoid exposing the application to the public internet or, if exposing the application to the internet, ensure it is an isolated network with no access to any other internal resources.​
2024-03-12​
9.1
CVE-2023-49785
[email protected]
[email protected]
cisco -- cisco_ios_xr_software
A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition.​
2024-03-13​
7.4
CVE-2024-20318
[email protected]
cisco -- cisco_ios_xr_software
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.​
2024-03-13​
7.8
CVE-2024-20320
[email protected]
cisco -- cisco_ios_xr_software
A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful exploit could allow the attacker to crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic across the router.​
2024-03-13​
7.4
CVE-2024-20327
[email protected]
cms_made_simple -- cms_made_simple
Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.​
2024-03-12​
9.8
CVE-2024-1527
[email protected]
cms_made_simple -- cms_made_simple
CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.​
2024-03-12​
7.4
CVE-2024-1528
[email protected]
cms_made_simple -- cms_made_simple
Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially take over their browser session.​
2024-03-12​
7.4
CVE-2024-1529
[email protected]
codepeople -- calculated_fields_form
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires the professional version or higher.​
2024-03-13​
7.2
CVE-2024-2020
[email protected]
[email protected]
concerted_action -- action_network
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Concerted Action Action Network allows Reflected XSS.This issue affects Action Network: from n/a through 1.4.2.​
2024-03-15​
7.1
CVE-2024-25921
[email protected]
corewcf -- corewcf
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two scenarios when this can happen. When a client established a connection to the service and sends no data, the service will wait indefinitely for the client to initiate the NetFraming session handshake. Additionally, once a client has established a session, if the client doesn't send any requests for the period of time configured in the binding ReceiveTimeout, the connection is not properly closed as part of the session being aborted. The bindings affected by this behavior are NetTcpBinding, NetNamedPipeBinding, and UnixDomainSocketBinding. Only NetTcpBinding has the ability to accept non local connections. The currently supported versions of CoreWCF are v1.4.x and v1.5.x. The fix can be found in v1.4.2 and v1.5.3 of the CoreWCF packages. Users are advised to upgrade. There are no workarounds for this issue.​
2024-03-15​
7.5
CVE-2024-28252
[email protected]
[email protected]
cyberlord92 -- web_application_firewall_-_website_security
The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web Application Firewall). This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator.​
2024-03-13​
9.8
CVE-2024-2172
[email protected]
[email protected]
[email protected]
dell -- poweredge_platform
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.​
2024-03-13​
7.2
CVE-2024-0161
[email protected]
etoile_web_design -- ultimate_reviews
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.This issue affects Ultimate Reviews: from n/a through 3.2.8.​
2024-03-15​
7.1
CVE-2024-25597
[email protected]
faronics -- deep_freeze_server_standard
A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file. An attacker with local user privileges could exploit this vulnerability to replace the legitimate DFServ.exe service executable with a malicious file of the same name and located in a directory that has a higher priority than the legitimate directory. Thus, when the service starts, it will run the malicious file instead of the legitimate executable, allowing the attacker to execute arbitrary code, gain unauthorized access to the compromised system or stop the service from running.​
2024-03-12​
7.8
CVE-2024-1618
[email protected]
fortinet -- forticlient_endpoint_management_server​
A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets.​
2024-03-12​
8.8
CVE-2023-47534
[email protected]
fortinet -- forticlient_enterprise_management_server​
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.​
2024-03-12​
9.8
CVE-2023-48788
[email protected]
fortinet -- fortimanager​
A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.​
2024-03-12​
9.8
CVE-2023-36554
[email protected]
fortinet -- fortios
An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts.​
2024-03-12​
7.5
CVE-2023-46717
[email protected]
fortinet -- fortiproxy​
A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.​
2024-03-12​
9.8
CVE-2023-42789
[email protected]
fortinet -- fortiproxy​
A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.​
2024-03-12​
8.1
CVE-2023-42790
[email protected]
fortra -- filecatalyst
A directory traversal within the 'ftpservlet' of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended 'uploadtemp' directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal's DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.​
2024-03-13​
9.8
CVE-2024-25153
df4dee71-de3a-4139-9588-11b62fe6c0ff
df4dee71-de3a-4139-9588-11b62fe6c0ff
freescout-helpdesk -- freescout
FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing complete stack traces of exceptions in its database. The sensitive information is then inadvertently disclosed to users via the /conversation/ajax-html/send_log?folder_id=&thread_id={id} endpoint. The stack trace reveals value of parameters, including the username and password, passed to the Swift_Transport_Esmtp_Auth_LoginAuthenticator->authenticate() function. Exploiting this vulnerability allows an attacker to gain unauthorized access to SMTP server credentials. With this sensitive information in hand, the attacker can potentially send unauthorized emails from the compromised SMTP server, posing a severe threat to the confidentiality and integrity of email communications. This could lead to targeted attacks on both the application users and the organization itself, compromising the security of email exchange servers. This issue has been addressed in version 1.8.124. Users are advised to upgrade. Users unable to upgrade should adopt the following measures: 1. Avoid Storing Complete Stack Traces, 2. Implement redaction mechanisms to filter and exclude sensitive information, and 3. Review and enhance the application's logging practices.​
2024-03-12​
7.1
CVE-2024-28186
[email protected]
[email protected]
givewp -- give
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP Give allows Reflected XSS.This issue affects Give: from n/a through 3.3.1.​
2024-03-15​
7.1
CVE-2024-27987
[email protected]
go-vela -- worker
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and - by using common substitution string manipulation - can bypass log masking and expose secrets without the use of the commands block. This unexpected behavior primarily impacts secrets restricted by the "no commands" option. This can lead to unintended use of the secret value, and increased risk of exposing the secret during image execution bypassing log masking. To exploit this the pipeline author must be supplying the secrets to a plugin that is designed in such a way that will print those parameters in logs. Plugin parameters are not designed for sensitive values and are often intentionally printed throughout execution for informational/debugging purposes. Parameters should therefore be treated as insensitive. While Vela provides secrets masking, secrets exposure is not entirely solved by the masking process. A docker image (plugin) can easily expose secrets if they are not handled properly, or altered in some way. There is a responsibility on the end-user to understand how values injected into a plugin are used. This is a risk that exists for many CICD systems (like GitHub Actions) that handle sensitive runtime variables. Rather, the greater risk is that users who restrict a secret to the "no commands" option and use image restriction can still have their secret value exposed via substitution tinkering, which turns the image and command restrictions into a false sense of security. This issue has been addressed in version 0.23.2. Users are advised to upgrade. Users unable to upgrade should not provide sensitive values to plugins that can potentially expose them, especially in parameters that are not intended to be used for sensitive values, ensure plugins (especially those that utilize shared secrets) follow best practices to avoid logging parameters that are expected to be sensitive, minimize secrets with pull_request events enabled, as this allows users to change pipeline configurations and pull in secrets to steps not typically part of the CI process, make use of the build approval setting, restricting builds from untrusted users, and limit use of shared secrets, as they are less restrictive to access by nature.​
2024-03-12​
7.7
CVE-2024-28236
[email protected]
[email protected]
hammadh -- play.ht_-_make_your_blog_posts_accessible_with_text_to_speech_audio
The Play.ht - Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the play_podcast_data post meta. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.​
2024-03-13​
8.8
CVE-2024-1772
[email protected]
[email protected]
hopsoft -- turbo_boost-commands
turbo_boost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted depending on the the strictness of authorization checks that individual applications enforce. Being able to call some of these methods can have security implications. Commands verify that the class must be a Command and that the method requested is defined as a public method; however, this isn't robust enough to guard against all unwanted code execution. The library should more strictly enforce which methods are considered safe before allowing them to be executed. This issue has been addressed in versions 0.1.3, and 0.2.2. Users are advised to upgrade. Users unable to upgrade should see the repository GHSA for workaround advice.​
2024-03-14​
8.1
CVE-2024-28181
[email protected]
[email protected]
ibm -- i
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203.​
2024-03-14​
8.4
CVE-2024-22346
[email protected]
[email protected]
ibm -- maximo_asset_management
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566.​
2024-03-14​
8.2
CVE-2024-27266
[email protected]
[email protected]
intumit -- smartrobot
Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality.​
2024-03-13​
9.8
CVE-2024-2413
[email protected]
inunosinsi -- soycms
SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection vulnerability within the file upload feature when accessed by an administrator. The vulnerability enables the execution of arbitrary OS commands through specially crafted file names containing a semicolon, affecting the jpegoptim functionality. This vulnerability has been patched in version 3.14.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-11​
7.2
CVE-2024-28187
[email protected]
[email protected]
jfrog -- artifactory
JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism.​
2024-03-13​
8.8
CVE-2024-2247
[email protected]
joel_starnes -- postmash_-_custom_post_order
Cross Site Scripting (XSS) vulnerability in Joel Starnes postMash - custom post order allows Reflected XSS.This issue affects postMash - custom post order: from n/a through 1.2.0.​
2024-03-15​
7.1
CVE-2024-27196
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256951. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-15​
7.3
CVE-2024-2514
[email protected]
[email protected]
[email protected]
manageengine_ -- manageengine_desktop_central
Unrestricted file upload vulnerability in ManageEngine Desktop Central affecting version 9, build 90055. This vulnerability could allow a remote attacker to upload a malicious file to the system without any credentials provided.​
2024-03-11​
9.8
CVE-2024-2370
[email protected]
mattermost -- mattermost
Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication, allowing an authenticated attacker to take over other user accounts via a crafted switch request under specific conditions.​
2024-03-15​
8.8
CVE-2024-2450
[email protected]
microsoft -- azure_data_studio
Azure Data Studio Elevation of Privilege Vulnerability​
2024-03-12​
7.3
CVE-2024-26203
[email protected]
microsoft -- azure_kubernetes_service
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability​
2024-03-12​
9
CVE-2024-21400
[email protected]
microsoft -- azure_sdk
Azure SDK Spoofing Vulnerability​
2024-03-12​
7.5
CVE-2024-21421
[email protected]
microsoft -- microsoft_365_apps_for_enterprise
Microsoft Office Elevation of Privilege Vulnerability​
2024-03-12​
7.8
CVE-2024-26199
[email protected]
microsoft -- microsoft_authenticator
Microsoft Authenticator Elevation of Privilege Vulnerability​
2024-03-12​
7.1
CVE-2024-21390
[email protected]
microsoft -- microsoft_dynamics_365_(on-premises)_version_9.1

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability​
2024-03-12​
7.6
CVE-2024-21419
[email protected]
microsoft -- microsoft_exchange_server_2019_cumulative_update_14
Microsoft Exchange Server Remote Code Execution Vulnerability​
2024-03-12​
8.8
CVE-2024-26198
[email protected]
microsoft -- microsoft_outlook_for_android
Outlook for Android Information Disclosure Vulnerability​
2024-03-12​
7.5
CVE-2024-26204
[email protected]
microsoft -- microsoft_sharepoint_enterprise_server_2016
Microsoft SharePoint Server Remote Code Execution Vulnerability​
2024-03-12​
7.8
CVE-2024-21426
[email protected]
microsoft -- microsoft_visual_studio_2022_version_17.9
.NET and Visual Studio Denial of Service Vulnerability​
2024-03-12​
7.5
CVE-2024-21392
[email protected]
microsoft -- microsoft_visual_studio_2022_version_17.9
Microsoft QUIC Denial of Service Vulnerability​
2024-03-12​
7.5
CVE-2024-26190
[email protected]
microsoft -- skype_for_consumer
Skype for Consumer Remote Code Execution Vulnerability​
2024-03-12​
8.8
CVE-2024-21411
[email protected]
microsoft -- software_for_open_networking_in_the_cloud_(sonic)
Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability​
2024-03-12​
7.8
CVE-2024-21418
[email protected]
microsoft -- sql_server_backend_for_django
Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability​
2024-03-12​
8.8
CVE-2024-26164
[email protected]
microsoft -- system_center_operations_manager_(scom)_2019
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability​
2024-03-12​
9.8
CVE-2024-21334
[email protected]
microsoft -- system_center_operations_manager_(scom)_2019
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability​
2024-03-12​
7.8
CVE-2024-21330
[email protected]
microsoft -- visual_studio_code
Visual Studio Code Elevation of Privilege Vulnerability​
2024-03-12​
8.8
CVE-2024-26165
[email protected]
microsoft -- windows_10_version_1809
Windows Hyper-V Remote Code Execution Vulnerability​
2024-03-12​
8.1
CVE-2024-21407
[email protected]
microsoft -- windows_10_version_1809
Microsoft ODBC Driver Remote Code Execution Vulnerability​
2024-03-12​
8.8
CVE-2024-21440
[email protected]
microsoft -- windows_10_version_1809
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability​
2024-03-12​
8.8
CVE-2024-21441
[email protected]
microsoft -- windows_10_version_1809
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability​
2024-03-12​
8.8
CVE-2024-21444
[email protected]
microsoft -- windows_10_version_1809
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability​
2024-03-12​
8.8
CVE-2024-21450
[email protected]
microsoft -- windows_10_version_1809
Microsoft ODBC Driver Remote Code Execution Vulnerability​
2024-03-12​
8.8
CVE-2024-21451
[email protected]
microsoft -- windows_10_version_1809
Microsoft ODBC Driver Remote Code Execution Vulnerability​
2024-03-12​
8.8
CVE-2024-26159
[email protected]
microsoft -- windows_10_version_1809
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability​
2024-03-12​
8.8
CVE-2024-26161
[email protected]
microsoft -- windows_10_version_1809
Microsoft ODBC Driver Remote Code Execution Vulnerability​
2024-03-12​
8.8
CVE-2024-26162
[email protected]
microsoft -- windows_10_version_1809
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability​
2024-03-12​
8.8
CVE-2024-26166
[email protected]
microsoft -- windows_10_version_1809
Windows Kerberos Security Feature Bypass Vulnerability​
2024-03-12​
7.5
CVE-2024-21427
[email protected]
microsoft -- windows_10_version_1809
Windows Update Stack Elevation of Privilege Vulnerability​
2024-03-12​
7
CVE-2024-21432
[email protected]
microsoft -- windows_10_version_1809
Windows Print Spooler Elevation of Privilege Vulnerability​
2024-03-12​
7
CVE-2024-21433
[email protected]
microsoft -- windows_10_version_1809
Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability​
2024-03-12​
7.8
CVE-2024-21434
[email protected]
microsoft -- windows_10_version_1809
Windows Installer Elevation of Privilege Vulnerability​
2024-03-12​
7.8
CVE-2024-21436
[email protected]
microsoft -- windows_10_version_1809
Windows Graphics Component Elevation of Privilege Vulnerability​
2024-03-12​
7.8
CVE-2024-21437
[email protected]
microsoft -- windows_10_version_1809
Microsoft AllJoyn API Denial of Service Vulnerability​
2024-03-12​
7.5
CVE-2024-21438
[email protected]
microsoft -- windows_10_version_1809
Windows Telephony Server Elevation of Privilege Vulnerability​
2024-03-12​
7
CVE-2024-21439
[email protected]
microsoft -- windows_10_version_1809
Windows Kernel Elevation of Privilege Vulnerability​
2024-03-12​
7.3
CVE-2024-21443
[email protected]
microsoft -- windows_10_version_1809
NTFS Elevation of Privilege Vulnerability​
2024-03-12​
7.8
CVE-2024-21446
[email protected]
microsoft -- windows_10_version_1809
Windows Error Reporting Service Elevation of Privilege Vulnerability​
2024-03-12​
7.8
CVE-2024-26169
[email protected]
microsoft -- windows_10_version_1809
Windows Kernel Elevation of Privilege Vulnerability​
2024-03-12​
7.8
CVE-2024-26173
[email protected]
microsoft -- windows_10_version_1809
Windows Kernel Elevation of Privilege Vulnerability​
2024-03-12​
7.8
CVE-2024-26176
[email protected]
microsoft -- windows_10_version_1809
Windows Kernel Elevation of Privilege Vulnerability​
2024-03-12​
7.8
CVE-2024-26178
[email protected]
microsoft -- windows_10_version_1809
Windows Kernel Elevation of Privilege Vulnerability​
2024-03-12​
7.8
CVE-2024-26182
[email protected]
microsoft -- windows_11_version_22h2
Windows OLE Remote Code Execution Vulnerability​
2024-03-12​
8.8
CVE-2024-21435
[email protected]
microsoft -- windows_server_2022
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability​
2024-03-12​
7.8
CVE-2024-21431
[email protected]
microsoft -- windows_server_2022
Windows USB Print Driver Elevation of Privilege Vulnerability​
2024-03-12​
7.8
CVE-2024-21442
[email protected]
microsoft -- windows_server_2022
Windows USB Print Driver Elevation of Privilege Vulnerability​
2024-03-12​
7
CVE-2024-21445
[email protected]
microsoft -- windows_server_2022
Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability​
2024-03-12​
7.8
CVE-2024-26170
[email protected]
mitsubishi_electric_corporation -- melsec-q_series_q03udecpu
Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet.​
2024-03-15​
9.8
CVE-2024-0802
[email protected]
[email protected]
[email protected]
mitsubishi_electric_corporation -- melsec-q_series_q03udecpu
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.​
2024-03-15​
9.8
CVE-2024-0803
[email protected]
[email protected]
[email protected]
mitsubishi_electric_corporation -- melsec-q_series_q03udecpu
Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.​
2024-03-15​
9.8
CVE-2024-1915
[email protected]
[email protected]
[email protected]
mitsubishi_electric_corporation -- melsec-q_series_q03udecpu
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.​
2024-03-15​
9.8
CVE-2024-1916
[email protected]
[email protected]
[email protected]
mitsubishi_electric_corporation -- melsec-q_series_q03udecpu
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.​
2024-03-15​
9.8
CVE-2024-1917
[email protected]
[email protected]
[email protected]
mndpsingh287 -- file_manager
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version requires Administrator access for this vulnerability to be exploitable. The Pro version allows a file manager to be embedded via a shortcode and also allows admins to grant file handling privileges to other user levels, which could lead to this vulnerability being exploited by lower-level users.​
2024-03-13​
9.9
CVE-2023-6825
[email protected]
[email protected]
[email protected]
mostafas1990 -- wp_statistics
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
7.2
CVE-2024-2194
[email protected]
[email protected]
movistar_ -- router_movistar_4g
The primary channel is unprotected on Movistar 4G router affecting E version S_WLD71-T1_v2.0.201820. This device has the 'adb' service open on port 5555 and provides access to a shell with root privileges.​
2024-03-13​
8.8
CVE-2024-2414
[email protected]
movistar_ -- router_movistar_4g
Command injection vulnerability in Movistar 4G router affecting version ES_WLD71-T1_v2.0.201820. This vulnerability allows an authenticated user to execute commands inside the router by making a POST request to the URL '/cgi-bin/gui.cgi'.​
2024-03-13​
7.8
CVE-2024-2415
[email protected]
n/a -- 4th_generation_intel(r)_xeon(r)_processors_when_using_intel(r)_sgx_or_intel(r)_tdx
On-chip debug and test interface with improper access control in some 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.​
2024-03-14​
7.2
CVE-2023-32666
[email protected]
n/a -- intel(r)_processors
Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.​
2024-03-14​
7.2
CVE-2023-32282
[email protected]
ni -- labview
An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.​
2024-03-11​
7.8
CVE-2024-23608
[email protected]
ni -- labview
An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.​
2024-03-11​
7.8
CVE-2024-23609
[email protected]
ni -- labview
An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.​
2024-03-11​
7.8
CVE-2024-23610
[email protected]
ni -- labview
An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.​
2024-03-11​
7.8
CVE-2024-23611
[email protected]
ni -- labview
An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.​
2024-03-11​
7.8
CVE-2024-23612
[email protected]
open-metadata -- openmetadata
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare() is called from EntityRepository.prepareInternal() which, in turn, gets called from EntityResource.createOrUpdate(). Note that even though there is an authorization check (authorizer.authorize()), it gets called after prepareInternal() gets called and therefore after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to /api/v1/policies which gets handled by PolicyResource.createOrUpdate(). This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as GHSL-2023-252. This issue may lead to Remote Code Execution and has been addressed in version 1.3.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-15​
9.4
CVE-2024-28253
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
open-metadata -- openmetadata
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111 will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the SecurityContext.getUserPrincipal() since it will return null and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GHSL-2023-237.​
2024-03-15​
9.8
CVE-2024-28255
[email protected]
[email protected]
[email protected]
open-metadata -- openmetadata
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ?AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. The /api/v1/events/subscriptions/validation/condition/<expression> endpoint passes user-controlled data AlertUtil::validateExpession allowing authenticated (non-admin) users to execute arbitrary system commands on the underlaying operating system. In addition, there is a missing authorization check since Authorizer.authorize() is never called in the affected path and, therefore, any authenticated non-admin user is able to trigger this endpoint and evaluate arbitrary SpEL expressions leading to arbitrary command execution. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as GHSL-2023-235. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-15​
8.8
CVE-2024-28254
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
open-metadata -- openmetadata
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, AlertUtil::validateExpression is also called from EventSubscriptionRepository.prepare(), which can lead to Remote Code Execution. prepare() is called from EntityRepository.prepareInternal() which, in turn, gets called from EntityResource.createOrUpdate(). Note that, even though there is an authorization check (authorizer.authorize()), it gets called after prepareInternal() gets called and, therefore, after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to /api/v1/events/subscriptions which gets handled by EventSubscriptionResource.createOrUpdateEventSubscription(). This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GHSL-2023-251.​
2024-03-15​
8.8
CVE-2024-28847
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
open-metadata -- openmetadata
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ?CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. The /api/v1/policies/validation/condition/<expression> endpoint passes user-controlled data CompiledRule::validateExpession allowing authenticated (non-admin) users to execute arbitrary system commands on the underlaying operating system. In addition, there is a missing authorization check since Authorizer.authorize() is never called in the affected path and therefore any authenticated non-admin user is able to trigger this endpoint and evaluate arbitrary SpEL expressions leading to arbitrary command execution. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as GHSL-2023-236. This issue may lead to Remote Code Execution and has been resolved in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-15​
8.8
CVE-2024-28848
[email protected]
[email protected]
[email protected]
[email protected]
opentext -- netiq_privileged_account_manager
Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2.​
2024-03-13​
8.6
CVE-2020-11862
[email protected]
opentextâ„¢ -- exceed_turbo_x
Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated RPC.​
2024-03-13​
8.6
CVE-2023-38534
[email protected]
papercut -- papercut_ng,_papercut_mf
This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls.​
2024-03-14​
8.6
CVE-2024-1222
eb41dac7-0af8-4f84-9f6d-0272772514f4
papercut -- papercut_ng,_papercut_mf
This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this.​
2024-03-14​
7.2
CVE-2024-1654
eb41dac7-0af8-4f84-9f6d-0272772514f4
papercut -- papercut_ng,_papercut_mf
This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server.​
2024-03-14​
7.2
CVE-2024-1882
eb41dac7-0af8-4f84-9f6d-0272772514f4
payu -- payu_india
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PayU PayU India allows Reflected XSS.This issue affects PayU India: from n/a through 3.8.2.​
2024-03-15​
7.1
CVE-2024-27193
[email protected]
peering-manager -- peering-manager
Peering Manager is a BGP session management tool. There is a Server Side Template Injection vulnerability that leads to Remote Code Execution in Peering Manager <=1.8.2. As a result arbitrary commands can be executed on the operating system that is running Peering Manager. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-12​
8.1
CVE-2024-28114
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
pegasystems -- pega_platform
Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.​
2024-03-14​
7.7
CVE-2023-50168
[email protected]
phlex-ruby -- phlex
phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you render an <a> tag with an href attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user. If you splat user-provided attributes when rendering any HTML tag, malicious event attributes could be included in the output, executing JavaScript when the events are triggered by another user. Patches are available on RubyGems for all 1.x minor versions. Users are advised to upgrade. Users unable to upgrade should consider configuring a content security policy that does not allow unsafe-inline.​
2024-03-11​
7.1
CVE-2024-28199
[email protected]
[email protected]
[email protected]
[email protected]
phoenix_contact -- charx_sec-3000
An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical function.​
2024-03-12​
9.8
CVE-2024-25995
[email protected]
phoenix_contact -- charx_sec-3000
An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service.​
2024-03-12​
8.4
CVE-2024-25999
[email protected]
phoenix_contact -- charx_sec-3000
An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected.​
2024-03-12​
8.7
CVE-2024-26288
[email protected]
phoenix_contact -- charx_sec-3000
An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation.​
2024-03-12​
7.3
CVE-2024-25998
[email protected]
phoenix_contact -- charx_sec-3000
An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.​
2024-03-12​
7.4
CVE-2024-26001
[email protected]
phoenix_contact -- charx_sec-3000
An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files.​
2024-03-12​
7.8
CVE-2024-26002
[email protected]
phoenix_contact -- charx_sec-3000
An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging functionality.​
2024-03-12​
7.5
CVE-2024-26003
[email protected]
phoenix_contact -- charx_sec-3000
An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality.​
2024-03-12​
7.5
CVE-2024-26004
[email protected]
pickplugins -- post_grid,form_maker,_popup_maker,_woocommerce_blocks,_post_blocks,_post_carousel-_combo_blocks
The Post Grid Combo - 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts.​
2024-03-12​
7.5
CVE-2023-7072
[email protected]
[email protected]
[email protected]
pixelemu -- terraclassifieds
Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClassifieds.This issue affects TerraClassifieds: from n/a through 2.0.3.​
2024-03-16​
8.8
CVE-2023-51474
[email protected]
plv8 -- plv8
A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum.​
2024-03-14​
7.2
CVE-2024-1713
[email protected]
projectdiscovery -- nuclei
projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This advisory outlines the impacted users, provides details on the security patch, and suggests mitigation strategies. The vulnerability is addressed in Nuclei v3.2.0. Users are strongly recommended to update to this version to mitigate the security risk. Users should refrain from using custom workflows if unable to upgrade immediately. Only trusted, verified workflows should be executed.​
2024-03-15​
7.4
CVE-2024-27920
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
pterodactyl -- wings
Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside of a server's base directory (sandbox root) is possible. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by Wings. Details on the exploitation of this vulnerability are embargoed until March 27th, 2024 at 18:00 UTC. In order to mitigate this vulnerability, a full rewrite of the entire server filesystem was necessary. Because of this, the size of the patch is massive, however effort was made to reduce the amount of breaking changes. Users are advised to update to version 1.11.9. There are no known workarounds for this vulnerability.​
2024-03-13​
9.9
CVE-2024-27102
[email protected]
[email protected]
realmag777 -- husky_-_products_filter_professional_for_woocommerce
The HUSKY - Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to SQL Injection via the 'name' parameter in the woof shortcode in all versions up to, and including, 1.3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-03-15​
8.8
CVE-2024-1795
[email protected]
[email protected]
rejetto_ -- http_file_server_
The software does not neutralize or incorrectly neutralizes certain characters before the data is included in outgoing HTTP headers. The inclusion of invalidated data in an HTTP header allows an attacker to specify the full HTTP response represented by the browser. An attacker could control the response and craft attacks such as cross-site scripting and cache poisoning attacks.​
2024-03-12​
7.5
CVE-2024-1226
[email protected]
renventura -- woocommerce_add_to_cart_custom_redirect
The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcr_dismiss_admin_notice' function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with contributor access and above, to update the values of arbitrary site options to 'dismissed'.​
2024-03-13​
8.1
CVE-2024-1862
[email protected]
[email protected]
[email protected]
root3nl -- supportapp
Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang #!/bin/zsh is being used. When the installer is executed it asks for the users password to be executed as root. However, it'll still be using the $HOME of the user and therefore loading the file $HOME/.zshenv when the postinstall script is executed. An attacker could add malicious code to $HOME/.zshenv and it will be executed when the app is installed. An attacker may leverage this vulnerability to escalate privilege on the system. This issue has been addressed in version 2.5.1 Rev 2. All users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-14​
7.3
CVE-2024-27301
[email protected]
[email protected]
sagemcom -- fast3686_v2_vodafone
Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not handle session details correctly.​
2024-03-14​
7.7
CVE-2024-1623
[email protected]
sandi_verdev -- watermark_reloaded
Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Watermark RELOADED allows Stored XSS.This issue affects Watermark RELOADED: from n/a through 1.3.5.​
2024-03-16​
7.1
CVE-2024-27195
[email protected]
sandisk -- privateaccess_windows_app
A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user's vault or has already gained access into a user's system. This attack is limited to the system in context and cannot be propagated.​
2024-03-13​
7.9
CVE-2024-22167
[email protected]
santesoft -- sante_fft_imaging
In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution.​
2024-03-11​
7.8
CVE-2024-1696
[email protected]
sap_se -- sap_netweaver_as_java_(administrator_log_viewer_plug-in)
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application.​
2024-03-12​
9.1
CVE-2024-22127
[email protected]
[email protected]
scott_reilly -- configure_smtp
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Reilly Configure SMTP allows Reflected XSS.This issue affects Configure SMTP: from n/a through 3.1.​
2024-03-15​
7.1
CVE-2024-27192
[email protected]
siemens -- cerberus_pro_en_engineering_tool
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x (All versions < IP8), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.2.5015), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow. This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges.​
2024-03-12​
10
CVE-2024-22039
[email protected]
siemens -- cerberus_pro_en_engineering_tool
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread. This could allow an unauthenticated remote attacker to crash the network service.​
2024-03-12​
7.5
CVE-2024-22040
[email protected]
siemens -- cerberus_pro_en_engineering_tool
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems improperly handles memory buffers when parsing X.509 certificates. This could allow an unauthenticated remote attacker to crash the network service.​
2024-03-12​
7.5
CVE-2024-22041
[email protected]
siemens -- sentron_3kc_atc6_expansion_module_ethernet
A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet. This could allow an attacker on the same Modbus network to create a denial of service condition that forces the device to reboot.​
2024-03-12​
7.5
CVE-2024-22044
[email protected]
siemens -- simcenter_femap
A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22051)​
2024-03-12​
7.8
CVE-2024-27907
[email protected]
siemens -- sinema_remote_connect_client
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product.​
2024-03-12​
7.6
CVE-2024-22045
[email protected]
siemens -- sinema_remote_connect_server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution.​
2024-03-12​
9.8
CVE-2022-32257
[email protected]
smub -- giveaways_and_contests_by_rafflepress_-_get_more_website_traffic,_email_subscribers,_and_social_followers
The Giveaways and Contests by RafflePress - Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'parent_url' parameter in all versions up to, and including, 1.12.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
7.2
CVE-2024-1935
[email protected]
[email protected]
[email protected]
softing -- edgeconnector
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.​
2024-03-14​
8
CVE-2024-0860
[email protected]
spring -- spring_framework
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.​
2024-03-16​
8.1
CVE-2024-22259
[email protected]
stimulusreflex -- stimulus_reflex
stimulus_reflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security implications. To invoke a reflex a websocket message of the following shape is sent: \"target\":\"[class_name]#[method_name]\",\"args\":[]. The server will proceed to instantiate reflex using the provided class_name as long as it extends StimulusReflex::Reflex. It then attempts to call method_name on the instance with the provided arguments. This is problematic as reflex.method method_name can be more methods that those explicitly specified by the developer in their reflex class. A good example is the instance_variable_set method. This vulnerability has been patched in versions 3.4.2 and 3.5.0.rc4. Users unable to upgrade should: see the backing GHSA advisory for mitigation advice.​
2024-03-12​
8.8
CVE-2024-28121
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
storeapps -- news_announcement_scroll
The News Announcement Scroll plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-03-13​
8.8
CVE-2023-5663
[email protected]
[email protected]
[email protected]
sygnoos -- social_media_share_buttons
The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.​
2024-03-16​
8.8
CVE-2024-1685
[email protected]
[email protected]
tatvic -- conversios_-google_analytics_4(ga4),meta_pixel&_more_via_google_tag_manager_for_woocommerce
The Conversios - Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 6.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-03-13​
8.8
CVE-2024-1203
[email protected]
[email protected]
tenda -- ac18
A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-15​
8.8
CVE-2024-2485
[email protected]
[email protected]
[email protected]
tenda -- ac18
A vulnerability was found in Tenda AC18 15.03.05.05. It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256893 was assigned to this vulnerability.​
2024-03-15​
8.8
CVE-2024-2486
[email protected]
[email protected]
[email protected]
tenda -- ac18
A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256894 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-15​
8.8
CVE-2024-2487
[email protected]
[email protected]
[email protected]
tenda -- ac18
A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIP leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256895. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-15​
8.8
CVE-2024-2488
[email protected]
[email protected]
[email protected]
tenda -- ac18
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256896. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-15​
8.8
CVE-2024-2489
[email protected]
[email protected]
[email protected]
tenda -- ac18
A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256897 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-15​
8.8
CVE-2024-2490
[email protected]
[email protected]
[email protected]
themefusecom -- brizy_-_page_builder
The Brizy - Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. This makes it possible for authenticated attackers, with contributor access or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.​
2024-03-13​
8.8
CVE-2024-1311
[email protected]
[email protected]
[email protected]
themeum -- tutor_lms_-_elearning_and_online_course_solution
The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber/student access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-03-13​
8.8
CVE-2024-1751
[email protected]
[email protected]
[email protected]
tibco_software_inc. -- tibco_ftl_-_enterprise_edition
The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.​
2024-03-12​
8.8
CVE-2024-1138
[email protected]
tmccombs -- tls-listener
tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 `TcpStream`s a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using TlsListener::new() vulnerable to a slow-loris DoS attack. This impacts any publicly accessible service using the default configuration of tls-listener in versions prior to 0.10.0. Users are advised to upgrade. Users unable to upgrade may mitigate this by passing a large value, such as usize::MAX as the parameter to Builder::max_handshakes.​
2024-03-15​
7.5
CVE-2024-28854
[email protected]
[email protected]
[email protected]
totolink -- x6000r
A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-10​
8.8
CVE-2024-2353
[email protected]
[email protected]
[email protected]
ultimatemember -- ultimate_member_-user_profile,_registration,_login,_member_directory,_content_restriction&_membership_plugin
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-03-13​
9.8
CVE-2024-1071
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
ultimatemember -- ultimate_member_-user_profile,_registration,_login,_member_directory,_content_restriction&_membership_plugin
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
7.2
CVE-2024-2123
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
ultimatemember -- ultimate_member_-user_profile,_registration,_login,_member_directory,_content_restriction&_membership_plugin
In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag.​
2024-03-13​
7.2
CVE-2024-25155
df4dee71-de3a-4139-9588-11b62fe6c0ff
df4dee71-de3a-4139-9588-11b62fe6c0ff
wago -- controller_bacnet/ip
An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device.​
2024-03-13​
8.8
CVE-2015-10123
[email protected]
webtechstreet -- elementor_addon_elements
The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on the server, which may expose sensitive information.​
2024-03-13​
8.8
CVE-2024-1358
[email protected]
[email protected]
[email protected]
wp_codeus -- advanced_sermons
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Reflected XSS.This issue affects Advanced Sermons: from n/a through 3.2.​
2024-03-13​
7.1
CVE-2024-27952
[email protected]
wpdevteam -- essential_addons_for_elementor_-best_elementor_templates,_widgets,_kits&_woocommerce_builders
The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's event calendar widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
7.4
CVE-2024-1536
[email protected]
[email protected]
wpmudev -- hustle_-_email_marketing,_lead_generation,_optins,_popups
The Hustle - Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII.​
2024-03-13​
8.6
CVE-2024-0368
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
wpwax -- logo_showcase_ultimate_-logo_carousel,_logo_slider&_logo_grid
The Logo Showcase Ultimate - Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization via shortcode of untrusted input. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.​
2024-03-13​
7.5
CVE-2024-1951
[email protected]
[email protected]
[email protected]
[email protected]
wpwax -- post_grid,slider&carousel_ultimate-with_shortcode,_gutenberg_block&_elementor_widget
The Post Grid, Slider & Carousel Ultimate - with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpost_shortcode_metabox_markup function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.​
2024-03-13​
8.8
CVE-2024-2006
[email protected]
[email protected]
[email protected]
wpwax -- product_carousel_slider_&_grid_ultimate_for_woocommerce
The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.​
2024-03-13​
7.5
CVE-2024-1950
[email protected]
[email protected]
[email protected]
[email protected]
yooooomi -- your_spotify
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows attackers to bypass authentication and authenticate as arbitrary YourSpotify users, including admin users. This issue has been addressed in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-13​
9.1
CVE-2024-28194
[email protected]
yooooomi -- your_spotify
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery (CSRF). Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the affected YourSpotify instance. Using repeated CSRF attacks, it is also possible to create a new user on the victim instance and promote the new user to instance administrator if a legitimate administrator visits a website prepared by an attacker. Note: Real-world exploitability of this vulnerability depends on the browser version and browser settings in use by the victim. This issue has been addressed in version 1.9.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-13​
8.1
CVE-2024-28195
[email protected]
[email protected]
zephyrproject-rtos -- zephyr
Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address.​
2024-03-15​
8.6
CVE-2023-7060
[email protected]
zephyrproject-rtos -- zephyr
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges​
2024-03-11​
8.8
CVE-2024-0670
[email protected]
[email protected]
zitadel -- zitadel
Zitadel is an open source identity management system. Zitadel uses a cookie to identify the user agent (browser) and its user sessions. Although the cookie was handled according to best practices, it was accessible on subdomains of the ZITADEL instance. An attacker could take advantage of this and provide a malicious link hosted on the subdomain to the user to gain access to the victim's account in certain scenarios. A possible victim would need to login through the malicious link for this exploit to work. If the possible victim already had the cookie present, the attack would not succeed. The attack would further only be possible if there was an initial vulnerability on the subdomain. This could either be the attacker being able to control DNS or a XSS vulnerability in an application hosted on a subdomain. Versions 2.46.0, 2.45.1, and 2.44.3 have been patched. Zitadel recommends upgrading to the latest versions available in due course. Note that applying the patch will invalidate the current cookie and thus users will need to start a new session and existing sessions (user selection) will be empty. For self-hosted environments unable to upgrade to a patched version, prevent setting the following cookie name on subdomains of your Zitadel instance (e.g. within your WAF): __Secure-zitadel-useragent.​
2024-03-11​
7.5
CVE-2024-28197
[email protected]
zoom_video_communications,_inc. -- zoom_rooms_client_for_windows
Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.​
2024-03-13​
7.2
CVE-2024-24693
[email protected]

Back to top




Medium Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
aio-libs -- aiosmtpd
aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing attacks. This issue is also existed in other SMTP software like Postfix. With the right SMTP server constellation, an attacker can send spoofed e-mails to inbound/receiving aiosmtpd instances. This issue has been addressed in version 1.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-12​
5.3
CVE-2024-27305
[email protected]
[email protected]
[email protected]
ameliabooking -- booking_for_appointments_and_events_calendar_-_amelia
The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all versions up to, and including, 1.0.98 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-03-13​
6.1
CVE-2024-1484
[email protected]
[email protected]
apache_software_foundation -- apache_pulsar
The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This issue affects Apache Pulsar versions from 2.7.1 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Apache Pulsar users should upgrade to at least 2.10.6. 2.11 Apache Pulsar users should upgrade to at least 2.11.4. 3.0 Apache Pulsar users should upgrade to at least 3.0.3. 3.1 Apache Pulsar users should upgrade to at least 3.1.3. 3.2 Apache Pulsar users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.​
2024-03-12​
6.4
CVE-2024-28098
[email protected]
[email protected]
apache_software_foundation -- apache_zookeeper
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256454 is the identifier assigned to this vulnerability.​
2024-03-12​
4.7
CVE-2024-2394
[email protected]
[email protected]
[email protected]
argoproj -- argo-cd
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper validation bug allows users who have create privileges but not override privileges to sync local manifests on app creation. All other restrictions, including AppProject restrictions are still enforced. The only restriction which is not enforced is that the manifests come from some approved git/Helm/OCI source. The bug was introduced in 1.2.0-rc1 when the local manifest sync feature was added. The bug has been patched in Argo CD versions 2.10.3, 2.9.8, and 2.8.12. Users are advised to upgrade. Users unable to upgrade may mitigate the risk of branch protection bypass by removing applications, create RBAC access. The only way to eliminate the issue without removing RBAC access is to upgrade to a patched version.​
2024-03-13​
6.4
CVE-2023-50726
[email protected]
[email protected]
[email protected]
ari_soft -- ari_stream_quiz
Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream Quiz.This issue affects ARI Stream Quiz: from n/a through 1.2.32.​
2024-03-16​
5.4
CVE-2023-51487
[email protected]
artibot -- artibot_free_chat_bot_for_wordpress_websites​
The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.​
2024-03-13​
4.4
CVE-2024-0449
[email protected]
[email protected]
artibot -- artibot_free_chat_bot_for_wordpress_websites
The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibot_update function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin settings.​
2024-03-13​
5
CVE-2024-0447
[email protected]
[email protected]
atlas_gondal -- export_media_urls
Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export Media URLs.This issue affects Export Media URLs: from n/a through 1.0.​
2024-03-16​
4.3
CVE-2023-51510
[email protected]
automattic,inc. -- crowdsignal_dashboard-polls,_surveys&_more
Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard - Polls, Surveys & more.This issue affects Crowdsignal Dashboard - Polls, Surveys & more: from n/a through 3.0.11.​
2024-03-16​
5.4
CVE-2023-51489
[email protected]
averta -- depicter_slider
Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Slider.This issue affects Depicter Slider: from n/a through 2.0.6.​
2024-03-16​
5.4
CVE-2023-51491
[email protected]
badger_meter -- monitool
Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality.​
2024-03-12​
6.5
CVE-2024-1303
[email protected]
badger_meter -- monitool
Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session.​
2024-03-12​
6.3
CVE-2024-1304
[email protected]
barrykooij -- related_posts_for_wordpress
The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link() function. This makes it possible for unauthenticated attackers to add related posts to other posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This ultimately makes it possible for attackers to view draft and password protected posts.​
2024-03-13​
5.4
CVE-2024-0592
[email protected]
[email protected]
[email protected]
basix -- nex-forms_-_ultimate_form_builder
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms - Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms - Ultimate Form Builder: from n/a through 8.5.5.​
2024-03-15​
6.5
CVE-2024-25593
[email protected]
bdthemes -- prime_slider_-addons_for_elementor(revolution_of_a_slider,_hero_slider,_ecommerce_slider)
The Prime Slider - Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Rubix widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1507
[email protected]
[email protected]
bdthemes -- prime_slider_-addons_for_elementor(revolution_of_a_slider,_hero_slider,_ecommerce_slider)
The Prime Slider - Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings['title_tags']' attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1508
[email protected]
[email protected]
binhnguyenplus -- ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketin-¦​
The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflow_save_hook() function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to update the 'ladiflow_hook_configs' option.​
2024-03-12​
4.3
CVE-2023-4626
[email protected]
[email protected]
binhnguyenplus -- ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_config() function in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to update the 'ladipage_config' option.​
2024-03-12​
4.3
CVE-2023-4627
[email protected]
[email protected]
binhnguyenplus -- ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflow_hook_configs' option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
2024-03-12​
4.3
CVE-2023-4628
[email protected]
[email protected]
binhnguyenplus -- ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the save_config() function in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to update the 'ladipage_config' option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
2024-03-12​
4.3
CVE-2023-4629
[email protected]
[email protected]
binhnguyenplus -- ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS​
2024-03-12​
4.3
CVE-2023-4728
[email protected]
[email protected]
binhnguyenplus -- ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
2024-03-12​
4.3
CVE-2023-4729
[email protected]
[email protected]
binhnguyenplus -- ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to modify a variety of settings, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. An attacker can directly modify the 'ladipage_key' which enables them to create new posts on the website and inject malicious web scripts,​
2024-03-12​
4.3
CVE-2023-4731
[email protected]
[email protected]
[email protected]
[email protected]
bitpressadmin -- contact_form_builder_by_bit_form:_create_contact_form,_multi_step_form,_conversational_form
The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitforms_update_form_entry AJAX action in all versions up to, and including, 2.10.1. This makes it possible for unauthenticated attackers to modify form submissions.​
2024-03-13​
5.3
CVE-2024-1640
[email protected]
[email protected]
blossomthemes -- blossom_spa
The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.4 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts.​
2024-03-12​
5.8
CVE-2024-2107
[email protected]
[email protected]
bluecoral -- chat_bubble_-_floating_chat_with_contact_chat_icons,_messages,_telegram,_email,_sms,_call_me_back
The Chat Bubble - Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.​
2024-03-13​
4.4
CVE-2024-0898
[email protected]
[email protected]
bobbingwide -- oik
The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes such as bw_contact_button and bw_button shortcodes in all versions up to, and including, 4.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-14​
6.4
CVE-2024-2256
[email protected]
[email protected]
[email protected]
bradwenqiang -- hr
A vulnerability was found in BradWenqiang HR 2.0. It has been rated as critical. Affected by this issue is the function selectAll of the file /bishe/register of the component Background Management. The manipulation of the argument userName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256886 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-15​
6.3
CVE-2024-2478
[email protected]
[email protected]
[email protected]
brainstormforce -- elementor_header_&_footer_builder
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1237
[email protected]
[email protected]
[email protected]
britner -- gutenberg_blocks_by_kadence_blocks_-_page_builder_features
The Gutenberg Blocks by Kadence Blocks - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1541
[email protected]
[email protected]
[email protected]
catchsquare -- wp_social_widget
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS.This issue affects WP Social Widget: from n/a through 2.2.5.​
2024-03-15​
6.5
CVE-2024-27189
[email protected]
charlestsmith -- word_replacer_pro
The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the affected WordPress site.​
2024-03-16​
5.3
CVE-2024-1733
[email protected]
[email protected]
choijun -- la-studio_element_kit_for_elementor
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and output escaping the user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-14​
6.4
CVE-2024-2249
[email protected]
[email protected]
chrisbadgett -- lifterlms_-_wordpress_lms_plugin_for_elearning
The LifterLMS - WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site.​
2024-03-13​
5.3
CVE-2024-0377
[email protected]
[email protected]
cisco -- cisco_ios_xr_software
A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid user credentials to perform this attack. This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An attacker could exploit this vulnerability by authenticating to the device and issuing SCP or SFTP CLI commands with specific parameters. A successful exploit could allow the attacker to impact the functionality of the device, which could lead to a DoS condition. The device may need to be manually rebooted to recover. Note: This vulnerability is exploitable only when a local user invokes SCP or SFTP commands at the Cisco IOS XR CLI. A local user with administrative privileges could exploit this vulnerability remotely.​
2024-03-13​
6.5
CVE-2024-20262
[email protected]
cisco -- cisco_ios_xr_software
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zoom_recordings_by_meeting' shortcode in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-12​
6.4
CVE-2024-2031
[email protected]
[email protected]
cisco -- cisco_ios_xr_software
A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a crash of the dhcpd process. While the dhcpd process is restarting, which may take approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period and rely on the DHCPv4 server of the affected device. Notes: Only the dhcpd process crashes and eventually restarts automatically. The router does not reload. This vulnerability only applies to DHCPv4. DHCP version 6 (DHCPv6) is not affected.​
2024-03-13​
5.3
CVE-2024-20266
[email protected]
cisco -- cisco_ios_xr_software
A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL.​
2024-03-13​
5.8
CVE-2024-20315
[email protected]
cisco -- cisco_ios_xr_software
A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL.​
2024-03-13​
5.8
CVE-2024-20322
[email protected]
cisco -- cisco_ios_xr_software
A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device. This vulnerability is due to incorrect UDP forwarding programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by attempting to perform an SNMP operation using broadcast as the destination address that could be processed by an affected device that is configured with an SNMP server. A successful exploit could allow the attacker to communicate to the device on the configured SNMP ports. Although an unauthenticated attacker could send UDP datagrams to the configured SNMP port, only an authenticated user can retrieve or modify data using SNMP requests.​
2024-03-13​
4.3
CVE-2024-20319
[email protected]
citrix -- citrix_sd-wan_standard/premium_editions
Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.​
2024-03-12​
6.5
CVE-2024-2049
[email protected]
ckan -- ckan
A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. This could lead to an attacker injecting false log entries or corrupt the log file format. This has been fixed in the CKAN versions 2.9.11 and 2.10.4. Users are advised to upgrade. Users unable to upgrade should override the /user/reset endpoint to filter the id parameter in order to exclude newlines.​
2024-03-13​
4.3
CVE-2024-27097
[email protected]
[email protected]
cloudflare -- quiche
Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited number of 1-RTT CRYPTO frames after previously completing the QUIC handshake. Exploitation was possible for the duration of the connection which could be extended by the attacker. quiche 0.19.2 and 0.20.1 are the earliest versions containing the fix for this issue.​
2024-03-12​
5.9
CVE-2024-1765
[email protected]
codename065 -- download_manager
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2023-6954
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
codename065 -- download_manager
The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published).​
2024-03-13​
5.3
CVE-2023-6785
[email protected]
[email protected]
codeworkweb -- cww_companion
The CWW Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Module2 widget in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-12​
6.4
CVE-2024-2130
[email protected]
[email protected]
collizo4sky -- paid_membership_plugin,ecommerce,_user_registration_form,_login_form,_user_profile&restrict_content-_profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1409
[email protected]
[email protected]
collizo4sky -- paid_membership_plugin,ecommerce,_user_registration_form,_login_form,_user_profile&restrict_content-_profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1535
[email protected]
[email protected]
[email protected]
collizo4sky -- paid_membership_plugin,ecommerce,_user_registration_form,_login_form,_user_profile&restrict_content-_profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1806
[email protected]
[email protected]
[email protected]
cool_plugins -- cryptocurrency_widgets_-price_ticker&_coins_list
Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets - Price Ticker & Coins List.This issue affects Cryptocurrency Widgets - Price Ticker & Coins List: from n/a through 2.6.8.​
2024-03-13​
4.7
CVE-2024-27953
[email protected]
cozmoslabs -- paid_member_subscriptions
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4.​
2024-03-15​
4.3
CVE-2023-51522
[email protected]
cozyvision1 -- sms_alert_order_notifications_-_woocommerce
The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attackers to delete pages and posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
2024-03-13​
4.3
CVE-2024-1489
[email protected]
[email protected]
crmperks -- database_for_contact_form_7,_wpforms,_elementor_forms
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-2030
[email protected]
[email protected]
[email protected]
[email protected]
cservit -- affiliate-toolkit – WordPress Affiliate Plugin​
The affiliate-toolkit - WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating product lists.​
2024-03-08​
6.3
CVE-2024-1851
[email protected]
[email protected]
cyberlord92 -- page_restriction_wordpress_(wp)_-_protect_wp_pages/post
The Page Restriction WordPress (WP) - Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected pages. The vendor has decided that they will not implement REST API protection on posts and pages and the restrictions will only apply to the front-end of the site. The vendors solution was to add notices throughout the dashboard and recommends installing the WordPress REST API Authentication plugin for REST API coverage.​
2024-03-13​
5.3
CVE-2024-0681
[email protected]
[email protected]
david_de_boer -- paytium:mollie_payment_forms&_donations
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through 4.4.2.​
2024-03-13​
6.5
CVE-2024-25099
[email protected]
dell -- poweredge_bios_intel_16g
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.​
2024-03-13​
5.3
CVE-2024-0162
[email protected]
dell -- poweredge_bios_intel_16g
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.​
2024-03-13​
5.3
CVE-2024-0163
[email protected]
devitemsllc -- ht_mega_-_absolute_addons_for_elementor
The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on the 'titleTag' user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-12​
6.4
CVE-2024-1397
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
devitemsllc -- ht_mega_-_absolute_addons_for_elementor
The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'border_type' attribute of the Post Carousel widget in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-12​
6.4
CVE-2024-1421
[email protected]
[email protected]
directus -- directus
Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a redirect parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth API GET request to directus/auth/login/google?redirect=http://malicious-fishing-site.com. While credentials don't seem to be passed to the attacker site, the user can be phished into clicking a legitimate directus site and be taken to a malicious site made to look like a an error message "Your password needs to be updated" to phish out the current password. Users who login via OAuth2 into Directus may be at risk. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-12​
5.4
CVE-2024-28239
[email protected]
[email protected]
[email protected]
discourse -- discourse
Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable invites or restrict access to them using the invite allowed groups site setting.​
2024-03-15​
6.5
CVE-2024-27085
[email protected]
[email protected]
discourse -- discourse
Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing users and exporting CSV files weren't enforcing limits on the sizes of the parameters that they accept. This could lead to excessive resource consumption which could render an instance inoperable. A site could be disrupted by either a malicious moderator on the same site or a malicious staff member on another site in the same multisite cluster. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-15​
6.5
CVE-2024-27100
[email protected]
[email protected]
discourse -- discourse
Discourse is an open source platform for community discussion. In affected versions an attacker can learn that a secret subcategory exists under a public category which has no public subcategories. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-15​
5.3
CVE-2024-24748
[email protected]
[email protected]
discourse -- discourse
Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do note that the impact varies from site to site as various site settings like max_image_size_kb, max_attachment_size_kb and max_image_megapixels will determine the amount of resources used when creating an upload. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should reduce max_image_size_kb, max_attachment_size_kb and max_image_megapixels as smaller uploads require less resources to process. Alternatively, client_max_body_size can be reduced in Nginx to prevent large uploads from reaching the server.​
2024-03-15​
5.3
CVE-2024-24827
[email protected]
[email protected]
discourse -- discourse
Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should temporarily remove category backgrounds.​
2024-03-15​
5.3
CVE-2024-28242
[email protected]
[email protected]
doofinder -- doofinder_for_woocommerce
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder for WooCommerce allows Stored XSS.This issue affects Doofinder for WooCommerce: from n/a through 2.1.8.​
2024-03-15​
5.9
CVE-2024-25596
[email protected]
dreamer -- cms
A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-10​
4.3
CVE-2024-2354
[email protected]
[email protected]
[email protected]
droitthemes -- droit_elementor_addons_-_widgets,_blocks,_templates_library_for_elementor_builder
The Droit Elementor Addons - Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied attributes such as URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
5.4
CVE-2024-2252
[email protected]
[email protected]
edge22 -- generateblocks
The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status as well as those with scheduled publication dates.​
2024-03-13​
4.3
CVE-2024-1452
[email protected]
[email protected]
[email protected]
[email protected]
edge22 -- wp_show_posts
The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, private and pending posts and pages.​
2024-03-13​
5.3
CVE-2024-1479
[email protected]
[email protected]
[email protected]
[email protected]
elementinvader -- elementinvader_addons_for_elementor
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link in the EliSlider in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-16​
6.4
CVE-2024-2308
[email protected]
[email protected]
elementor -- elementor_pro
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.This issue affects Elementor Pro: from n/a through 3.19.2.​
2024-03-16​
6.5
CVE-2024-23523
[email protected]
exafunction -- codeium-chrome
codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus impersonate the user on the backend autocomplete server. This issue has not been addressed. Users are advised to monitor the usage of their API key.​
2024-03-11​
6.5
CVE-2024-28120
[email protected]
[email protected]
expresstech -- quiz_and_survey_master
Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master. This issue affects Quiz And Survey Master: from n/a through 8.1.18.​
2024-03-16​
5.4
CVE-2023-51521
[email protected]
file_manager -- file_manager_pro
The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-03-13​
6.1
CVE-2023-7015
[email protected]
[email protected]
fluid-cloudnative -- fluid
Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to unauthorized access, modification or deletion of data. Users who're using versions < 0.9.3 with JuicefsRuntime should upgrade to v0.9.3.​
2024-03-15​
4
CVE-2023-51699
[email protected]
[email protected]
follow-redirects -- follow-redirects
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-14​
6.5
CVE-2024-28849
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
formfacade -- formfacade
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormFacade allows Stored XSS.This issue affects FormFacade: from n/a through 1.0.0.​
2024-03-15​
6.5
CVE-2024-25934
[email protected]
fortinet -- fortimanager
A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.​
2024-03-12​
6.7
CVE-2023-41842
[email protected]
fortinet -- fortiportal
An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload.​
2024-03-12​
4.3
CVE-2024-21761
[email protected]
fortinet -- fortiproxy​
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user's bookmark via URL manipulation.​
2024-03-12​
4.3
CVE-2024-23112
[email protected]
fortra -- filecatalyst
Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage.​
2024-03-13​
5.3
CVE-2024-25154
df4dee71-de3a-4139-9588-11b62fe6c0ff
df4dee71-de3a-4139-9588-11b62fe6c0ff
fortra -- goanywhere_mft
A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients.​
2024-03-14​
6.5
CVE-2024-25156
df4dee71-de3a-4139-9588-11b62fe6c0ff
frenify -- categorify_-wordpress_media_library_category&_file_manager
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add categories.​
2024-03-13​
4.3
CVE-2024-0385
[email protected]
[email protected]
friendlyelec -- friendlywrt
Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data.​
2024-03-15​
5.2
CVE-2024-2495
[email protected]
friendsofsymfony1 -- symfony1
Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. This vulnerability present no direct threat but is a vector that will enable remote code execution if a developper deserialize user untrusted data. Symfony 1 depends on Swift Mailer which is bundled by default in vendor directory in the default installation since 1.3.0. Swift Mailer classes implement some __destruct() methods. These methods are called when php destroys the object in memory. However, it is possible to include any object type in $this->_keys to make PHP access to another array/object properties than intended by the developer. In particular, it is possible to abuse the array access which is triggered on foreach($this->_keys ...) for any class implementing ArrayAccess interface. This may allow an attacker to execute any PHP command which leads to remote code execution. This issue has been addressed in version 1.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-15​
5
CVE-2024-28859
[email protected]
[email protected]
gacjie -- server
A vulnerability, which was classified as critical, was found in Gacjie Server up to 1.0. This affects the function index of the file /app/admin/controller/Upload.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256503.​
2024-03-12​
5.4
CVE-2024-2406
[email protected]
[email protected]
[email protected]
geminilabs -- site_reviews
The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-2293
[email protected]
[email protected]
[email protected]
gonahkar -- custom_fields_shortcode
The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2023-6809
[email protected]
[email protected]
gpriday -- siteorigin_widgets_bundle
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Affected parameters include: $instance['fonts']['title_options']['tag'], $headline_tag, $sub_headline_tag, $feature['icon'].​
2024-03-13​
6.4
CVE-2024-1723
[email protected]
[email protected]
[email protected]
hammadh -- play.ht_-_make_your_blog_posts_accessible_with_text_to_speech_audio
The Play.ht - Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber access or higher, to delete, retrieve, or modify post metadata, retrieve posts contents of protected posts, modify conversion data and delete article audio.​
2024-03-13​
5.4
CVE-2024-0828
[email protected]
[email protected]
hammadh -- play.ht_-_make_your_blog_posts_accessible_with_text_to_speech_audio
The Play.ht - Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
2024-03-13​
4.3
CVE-2024-0827
[email protected]
[email protected]
heimavista -- rpage
The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled.​
2024-03-13​
5.3
CVE-2024-2412
[email protected]
hiroaki_miyashita -- custom_field_template
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.​
2024-03-15​
6.5
CVE-2024-25919
[email protected]
hitachi -- cosminexus_component_container
Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 through 11-20-, from 11-10 through 11-10-, from 11-00 before 11-00-12, All versions of V8 and V9.​
2024-03-12​
5.6
CVE-2023-6814
[email protected]
htplugins -- ht_easy_ga4_-_google_analytics_wordpress_plugin
The HT Easy GA4 - Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login() function in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to update the email associated through the plugin with GA4.​
2024-03-13​
5.3
CVE-2024-1176
[email protected]
[email protected]
ibm -- host_access_transformation_services
IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 210989.​
2024-03-15​
6.2
CVE-2021-38938
[email protected]
[email protected]
ibm -- integration_bus_for_z/os
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564.​
2024-03-14​
4.5
CVE-2024-27265
[email protected]
[email protected]
ibm -- maximo_application_suite_-_maximo_mobile_for_eam
IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: 266875.​
2024-03-13​
5.1
CVE-2023-43043
[email protected]
[email protected]
ibm -- maximo_asset_management
IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262192.​
2024-03-13​
6.4
CVE-2023-38723
[email protected]
[email protected]
ibm -- secure_proxy
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270973.​
2024-03-15​
6.1
CVE-2023-47162
[email protected]
[email protected]
ibm -- secure_proxy
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974.​
2024-03-15​
6.1
CVE-2023-47699
[email protected]
[email protected]
ibm -- secure_proxy
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692.​
2024-03-15​
5.4
CVE-2023-46182
[email protected]
[email protected]
ibm -- secure_proxy
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598.​
2024-03-15​
5.9
CVE-2023-47147
[email protected]
[email protected]
ibm -- secure_proxy
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683.​
2024-03-15​
4.3
CVE-2023-46179
[email protected]
[email protected]
ibm -- secure_proxy
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686.​
2024-03-15​
4
CVE-2023-46181
[email protected]
[email protected]
ibm -- sterling_partner_engagement_manager
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250421.​
2024-03-13​
5.4
CVE-2023-28517
[email protected]
[email protected]
icopydoc -- yml_for_yandex_market
The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the feed_id parameter in all versions up to, and including, 4.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-03-13​
6.1
CVE-2024-1365
[email protected]
[email protected]
intoxstudio -- restrict_user_access_-ultimate_membership&_content_protection
The Restrict User Access - Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API.​
2024-03-13​
5.3
CVE-2024-0687
[email protected]
[email protected]
joseph_c_dolson -- my_calendar
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joseph C Dolson My Calendar allows Stored XSS.This issue affects My Calendar: from n/a through 3.4.23.​
2024-03-15​
6.5
CVE-2024-25916
[email protected]
justinbusa -- beaver_builder_-_wordpress_page_builder
The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-0896
[email protected]
[email protected]
[email protected]
justinbusa -- beaver_builder_-_wordpress_page_builder
The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-0897
[email protected]
[email protected]
justinbusa -- beaver_builder_-_wordpress_page_builder
The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'link_url' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1074
[email protected]
[email protected]
[email protected]
justinbusa -- beaver_builder_-_wordpress_page_builder
The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1080
[email protected]
[email protected]
justinbusa -- beaver_builder_-_wordpress_page_builder
The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link]' and 'fl_builder_data[settings][link_target]' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
5.4
CVE-2024-0871
[email protected]
[email protected]
justinbusa -- beaver_builder_-_wordpress_page_builder
The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-03-13​
5.4
CVE-2024-1038
[email protected]
[email protected]
[email protected]
kbjohnson90 -- user_shortcodes_plus
The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive user meta.​
2024-03-13​
5.3
CVE-2023-6969
[email protected]
[email protected]
korenix -- jeti/o_6550
Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. The SNMP protocol uses plaintext to transfer data, allowing an attacker to intercept traffic and retrieve credentials.​
2024-03-12​
6.2
CVE-2024-2371
[email protected]
leap13 -- premium_addons_for_elementor
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Link Wrapper functionality in all versions up to, and including, 4.10.17 due to insufficient input sanitization and output escaping on user supplied links. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-0326
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
leap13 -- premium_addons_for_elementor
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets in all versions up to, and including, 4.10.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1680
[email protected]
[email protected]
livemesh -- elementor_addons_by_livemesh
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Elementor Addons by Livemesh allows Stored XSS.This issue affects Elementor Addons by Livemesh: from n/a through 8.3.5.​
2024-03-14​
6.5
CVE-2024-27986
[email protected]
livemesh -- livemesh_addons_for_elementor
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.3.​
2024-03-15​
6.5
CVE-2024-25598
[email protected]
livemesh -- wpbakery_page_builder_addons_by_livemesh
The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'per_line_mobile' shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-2079
[email protected]
[email protected]
logitech -- logi_tune
Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion.​
2024-03-15​
4.4
CVE-2024-2537
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file home.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
6.3
CVE-2024-2516
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. This vulnerability affects unknown code of the file book_history.php. The manipulation of the argument del_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
6.3
CVE-2024-2517
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookdate.php. The manipulation of the argument room_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
6.3
CVE-2024-2520
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/booktime.php. The manipulation of the argument room_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
6.3
CVE-2024-2522
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability, which was classified as critical, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This issue affects some unknown processing of the file /admin/receipt.php. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
6.3
CVE-2024-2524
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/rooms.php. The manipulation of the argument room_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
6.3
CVE-2024-2527
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-rooms.php. The manipulation of the argument room_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256965 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
6.3
CVE-2024-2528
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/rooms.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
6.3
CVE-2024-2529
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected is an unknown function of the file /admin/update-rooms.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
6.3
CVE-2024-2531
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256969 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
6.3
CVE-2024-2532
[email protected]
[email protected]
[email protected]
mainwp -- mainwp_dashboard_-_wordpress_manager_for_multiple_websites_maintenance
The MainWP Dashboard - WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'posting_bulk' function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
2024-03-13​
4.3
CVE-2024-1642
[email protected]
[email protected]
[email protected]
mattermost -- mattermost
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks against the users of the Mattermost server.​
2024-03-15​
6.1
CVE-2024-2445
[email protected]
mattermost -- mattermost
Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages.​
2024-03-15​
4.3
CVE-2024-2446
[email protected]
mattermost -- mattermost_mobile
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-15​
4.7
CVE-2024-2497
[email protected]
[email protected]
[email protected]
mdp -- rotp
The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation.​
2024-03-16​
5.3
CVE-2024-28862
[email protected]
metagauss -- eventprime_-_events_calendar,_bookings_and_tickets
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to to retrieve the attendees list for any event.​
2024-03-13​
5.3
CVE-2024-1126
[email protected]
[email protected]
metagauss -- eventprime_-_events_calendar,_bookings_and_tickets
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for unauthenticated attackers to book events for free.​
2024-03-13​
5.3
CVE-2024-1321
[email protected]
[email protected]
metagauss -- eventprime_-_events_calendar,_bookings_and_tickets
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve all event booking which can contain PII.​
2024-03-13​
4.3
CVE-2024-1127
[email protected]
[email protected]
[email protected]
mha_sistemas -- armhazena
A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0. This vulnerability affects unknown code of the component Executa Page. The manipulation of the argument Companhia/Planta/Agente de/Agente até leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256888. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-15​
6.3
CVE-2024-2480
[email protected]
[email protected]
[email protected]
microsoft -- intune_company_portal_for_android
Microsoft Intune Linux Agent Elevation of Privilege Vulnerability​
2024-03-12​
6.6
CVE-2024-26201
[email protected]
microsoft -- microsoft_edge_(chromium-based)
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability​
2024-03-14​
4.7
CVE-2024-26163
[email protected]
microsoft -- microsoft_teams_for_android
Microsoft Teams for Android Information Disclosure Vulnerability​
2024-03-12​
5
CVE-2024-21448
[email protected]
microsoft -- windows_10_version_1809
Windows USB Hub Driver Remote Code Execution Vulnerability​
2024-03-12​
6.8
CVE-2024-21429
[email protected]
microsoft -- windows_10_version_1809
Windows Hyper-V Denial of Service Vulnerability​
2024-03-12​
5.5
CVE-2024-21408
[email protected]
microsoft -- windows_10_version_1809
Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability​
2024-03-12​
5.7
CVE-2024-21430
[email protected]
microsoft -- windows_10_version_1809
Windows Kernel Information Disclosure Vulnerability​
2024-03-12​
5.5
CVE-2024-26174
[email protected]
microsoft -- windows_10_version_1809
Windows Kernel Information Disclosure Vulnerability​
2024-03-12​
5.5
CVE-2024-26177
[email protected]
microsoft -- windows_10_version_1809
Windows Kernel Denial of Service Vulnerability​
2024-03-12​
5.5
CVE-2024-26181
[email protected]
microsoft -- windows_11_version_22h2
Windows Compressed Folder Tampering Vulnerability​
2024-03-12​
6.5
CVE-2024-26185
[email protected]
microsoft -- windows_11_version_22h2
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability​
2024-03-12​
5.5
CVE-2024-26160
[email protected]
microsoft -- windows_defender_antimalware_platform
Microsoft Defender Security Feature Bypass Vulnerability​
2024-03-12​
5.5
CVE-2024-20671
[email protected]
microsoft -- windows_server_2019
Windows Standards-Based Storage Management Service Denial of Service Vulnerability​
2024-03-12​
6.5
CVE-2024-26197
[email protected]
movistar_ -- router_movistar_4g
Cross-Site Request Forgery vulnerability in Movistar's 4G router affecting version ES_WLD71-T1_v2.0.201820. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application in which they are currently authenticated.​
2024-03-13​
6.5
CVE-2024-2416
[email protected]
mra13 -- simple_membership
The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution.​
2024-03-13​
4.7
CVE-2024-1985
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
msaari -- relevanssi_-_a_better_search
The Relevanssi - A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is.​
2024-03-13​
5.3
CVE-2024-1380
[email protected]
[email protected]
n/a -- 1panel
A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-256304.​
2024-03-10​
6.3
CVE-2024-2352
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
n/a -- 3rd_and_4th_generation_intel(r)_xeon(r)_processors_when_using_intel(r)_sgx_or_intel(r)_tdx
Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.​
2024-03-14​
6.1
CVE-2023-22655
[email protected]
n/a -- intel(r)_atom(r)_processors
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.​
2024-03-14​
6.5
CVE-2023-28746
[email protected]
n/a -- intel(r)_csme_installer_software
Incorrect default permissions in some Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-03-14​
6.7
CVE-2023-28389
[email protected]
n/a -- intel(r)_csme_installer_software
Improper input validation in the Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-03-14​
6.7
CVE-2023-32633
[email protected]
n/a -- intel(r)_processors
Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.​
2024-03-14​
6.5
CVE-2023-39368
[email protected]
n/a -- intel(r)_processors
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.​
2024-03-14​
5.5
CVE-2023-38575
[email protected]
n/a -- intel(r)_sps_firmware_versions
Uncontrolled resource consumption for some Intel(R) SPS firmware versions may allow a privileged user to potentially enable denial of service via network access.​
2024-03-14​
6.8
CVE-2023-35191
[email protected]
n/a -- intel(r)_xeon(r)_d_processors_with_intel(r)_sgx
Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.​
2024-03-14​
5.3
CVE-2023-43490
[email protected]
n/a -- libvirt
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the names array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.​
2024-03-11​
5.5
CVE-2024-1441
[email protected]
[email protected]
n/a -- openstack-designate
An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.​
2024-03-15​
6.6
CVE-2023-6725
[email protected]
[email protected]
n/a -- ovn
A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.​
2024-03-12​
6.5
CVE-2024-2182
[email protected]
[email protected]
[email protected]
[email protected]
ndijkstra -- mollie_forms
The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to duplicate arbitrary posts and pages.​
2024-03-11​
4.3
CVE-2024-1400
[email protected]
[email protected]
ndijkstra -- mollie_forms
The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export payment data collected by this plugin.​
2024-03-11​
4.3
CVE-2024-1645
[email protected]
[email protected]
[email protected]
netweblogic -- events_manager_-_calendar,_bookings,_tickets,_and_more!
The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.​
2024-03-13​
4.4
CVE-2024-0614
[email protected]
[email protected]
[email protected]
newsletter2go -- newsletter2go
The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter in all versions up to, and including, 4.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-12​
6.4
CVE-2024-1328
[email protected]
[email protected]
nik00726 -- team_circle_image_slider_with_lightbox
The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the circle_thumbnail_slider_with_lightbox_image_management_func() function. This makes it possible for unauthenticated attackers to edit image data which can be used to inject malicious JavaScript, along with deleting images, and uploading malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
2024-03-13​
5.3
CVE-2015-10130
[email protected]
[email protected]
nixos -- nix
Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-11​
6.3
CVE-2024-27297
[email protected]
[email protected]
[email protected]
nmedia -- comments_extra_fields_for_post,pages_and_cpt
The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscriber access or higher, to invoke those actions. As a result, they may modify comment form fields and update plugin settings.​
2024-03-13​
4.3
CVE-2024-0829
[email protected]
[email protected]
[email protected]
nmedia -- comments_extra_fields_for_post,pages_and_cpt
The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. As a result, they may modify comment form fields and update plugin settings.​
2024-03-13​
4.3
CVE-2024-0830
[email protected]
[email protected]
[email protected]
openolat -- openolat
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version 18.1.6 and 18.2.2. It is advised to upgrade to the latest version of 18.1.x or 18.2.x. Users unable to upgrade may work around this issue by disabling the Draw.io module or the entire REST API which will secure the system.​
2024-03-11​
4.6
CVE-2024-28198
[email protected]
[email protected]
[email protected]
opentext -- vertica_management_console
Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica's authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x​
2024-03-15​
5
CVE-2023-7248
[email protected]
opentext-- exceed_turbo_x
HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting.​
2024-03-13​
6.4
CVE-2023-38536
[email protected]
opentextâ„¢ -- exceed_turbo_x
Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic keys.​
2024-03-13​
4.7
CVE-2023-38535
[email protected]
palantir -- com.palantir.acme.gaia:gaia
One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.​
2024-03-12​
6.8
CVE-2023-30968
[email protected]
palo_alto_networks -- globalprotect_app
An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode.​
2024-03-13​
5.5
CVE-2024-2431
[email protected]
palo_alto_networks -- globalprotect_app
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.​
2024-03-13​
4.5
CVE-2024-2432
[email protected]
palo_alto_networks -- pan-os
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected.​
2024-03-13​
4.3
CVE-2024-2433
[email protected]
papercut -- papercut_ng,_papercut_mf
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability.​
2024-03-14​
6.3
CVE-2024-1883
eb41dac7-0af8-4f84-9f6d-0272772514f4
papercut -- papercut_ng,_papercut_mf
This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.​
2024-03-14​
6.5
CVE-2024-1884
eb41dac7-0af8-4f84-9f6d-0272772514f4
papercut -- papercut_ng,_papercut_mf
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state.​
2024-03-14​
4.8
CVE-2024-1223
eb41dac7-0af8-4f84-9f6d-0272772514f4
pawaryogesh1989 -- bulk_edit_post_titles
The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.​
2024-03-13​
4.3
CVE-2024-0369
[email protected]
[email protected]
peering-manager -- peering-manager
Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting (XSS) attack in the name attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code with the permission of a victim. XSS attacks are often used to steal credentials or login tokens of other users. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-12​
6.1
CVE-2024-28112
[email protected]
[email protected]
phoenix_contact -- charx_sec-3000
An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only.​
2024-03-12​
5.3
CVE-2024-25994
[email protected]
phoenix_contact -- charx_sec-3000
An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user.​
2024-03-12​
5.3
CVE-2024-25996
[email protected]
phoenix_contact -- charx_sec-3000
An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected.​
2024-03-12​
5.3
CVE-2024-25997
[email protected]
phoenix_contact -- charx_sec-3000
An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.​
2024-03-12​
5.9
CVE-2024-26000
[email protected]
phoenix_contact -- charx_sec-3000
An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a DoS.​
2024-03-12​
4.8
CVE-2024-26005
[email protected]
pinterest -- querybook
Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of query executions. Currently the CORS setting allows all origins, which could result in cross-site websocket hijacking and allow attackers to read/edit/remove datadocs of the user. This issue has been addressed in version 3.32.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-14​
5.6
CVE-2024-28251
[email protected]
[email protected]
postalserver -- postal
Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from a server that a user has 'authorised' to send mail on their behalf but were not the genuine author of the e-mail. Postal is not affected for sending outgoing e-mails as email is re-encoded with <CR><LF> line endings when transmitted over SMTP. This issue has been addressed and users should upgrade to Postal v3.0.0 or higher. Once upgraded, Postal will only accept End of DATA sequences which are explicitly <CR><LF>.<CR><LF>. If a non-compliant sequence is detected it will be logged to the SMTP server log. There are no workarounds for this issue.​
2024-03-11​
5.3
CVE-2024-27938
[email protected]
[email protected]
[email protected]
[email protected]
premium_addons_for_elementor -- premium_addons_pro_for_elementor
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1996
[email protected]
[email protected]
premium_addons_for_elementor -- premium_addons_pro_for_elementor
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_fbchat_app_id' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1997
[email protected]
[email protected]
premium_addons_for_elementor -- premium_addons_pro_for_elementor
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigation_dots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-2000
[email protected]
[email protected]
premium_addons_for_elementor -- premium_addons_pro_for_elementor
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-2237
[email protected]
[email protected]
premium_addons_for_elementor -- premium_addons_pro_for_elementor
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-2238
[email protected]
[email protected]
premium_addons_for_elementor -- premium_addons_pro_for_elementor
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-2239
[email protected]
[email protected]
premium_addons_for_elementor -- premium_addons_pro_for_elementor
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-15​
6.4
CVE-2024-2399
[email protected]
[email protected]
[email protected]
qnap -- qts​
An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later​
2024-03-08​
6.5
CVE-2024-21900
[email protected]
radgeek -- feedwordpress
The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive information.​
2024-03-13​
5.3
CVE-2024-0839
[email protected]
[email protected]
rayhanduitku -- duitku_payment_gateway
The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_duitku_response function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the payment status of orders to failed.​
2024-03-13​
5.3
CVE-2024-0631
[email protected]
[email protected]
realmag777 -- husky_-products_filter_for_woocommerce(formerly_woof)
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY - Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY - Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.4.3.​
2024-03-15​
4.3
CVE-2023-50861
[email protected]
realmag777 -- husky_-_products_filter_professional_for_woocommerce
The HUSKY - Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'woof' shortcode in all versions up to, and including, 1.3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'swoof_slug'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-15​
6.4
CVE-2024-1796
[email protected]
[email protected]
rednao -- woocommerce_pdf_invoice_builder
Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce PDF Invoice Builder.This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.101.​
2024-03-16​
5.4
CVE-2023-51486
[email protected]
rejetto_ -- http_file_server_
An open redirect vulnerability, the exploitation of which could allow an attacker to create a custom URL and redirect a legitimate page to a malicious site.​
2024-03-12​
6.5
CVE-2024-1227
[email protected]
rocket_elements -- split_test_for_elementor
Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Split Test For Elementor.This issue affects Split Test For Elementor: from n/a through 1.6.9.​
2024-03-16​
4.3
CVE-2023-51407
[email protected]
rogierlankhorst -- burst_statistics_-_privacy-friendly_analytics_for_wordpress
The Burst Statistics - Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'burst_total_pageviews_count' custom meta field in all versions up to, and including, 1.5.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that this exploit only functions if the victim has the 'Show Toolbar when viewing site' option enabled in their profile.​
2024-03-13​
6.4
CVE-2024-1894
[email protected]
[email protected]
[email protected]
[email protected]
sap_se -- netweaver_(wsrm)
Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.​
2024-03-12​
5.3
CVE-2024-25644
[email protected]
[email protected]
sap_se -- sap_abap_platform
Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner.​
2024-03-12​
4.3
CVE-2024-27900
[email protected]
[email protected]
sap_se -- sap_fiori_front_end_server
SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on Availability of the application.​
2024-03-12​
4.6
CVE-2024-22133
[email protected]
[email protected]
sap_se -- sap_netweaver_(enterprise_portal)
Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application.​
2024-03-12​
5.3
CVE-2024-25645
[email protected]
[email protected]
sap_se -- sap_netweaver_as_abap_applications_based_on_sapgui_for_html_(webgui)
Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user's browser. There is no impact on the availability of the system​
2024-03-12​
5.4
CVE-2024-27902
[email protected]
[email protected]
sap_se -- sap_netweaver_process_integration_(support_web_pages)
Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.​
2024-03-12​
5.3
CVE-2024-28163
[email protected]
[email protected]
sewpafly -- post_thumbnail_editor
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sewpafly Post Thumbnail Editor.This issue affects Post Thumbnail Editor: from n/a through 2.4.8.​
2024-03-16​
5.3
CVE-2024-24845
[email protected]
shapedplugin -- easy_accordion_-_best_accordion_faq_plugin_for_wordpress
The Easy Accordion - Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'accordion_content_source' attribute in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1363
[email protected]
[email protected]
siemens -- sentron_7km_pac3120_ac/dc
A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data.​
2024-03-12​
4.6
CVE-2024-21483
[email protected]
siemens -- siveillance_control
A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges.​
2024-03-12​
5.5
CVE-2023-45793
[email protected]
sirv.com -- sirv
Missing Authorization vulnerability in sirv.Com Sirv.This issue affects Sirv: from n/a through 7.1.2.​
2024-03-15​
5.4
CVE-2023-50898
[email protected]
skyhigh -- skyhigh_client_proxy
A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code.​
2024-03-14​
5.5
CVE-2024-0311
[email protected]
skyhigh -- skyhigh_client_proxy
A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password.​
2024-03-14​
5.5
CVE-2024-0312
[email protected]
skyhigh -- skyhigh_client_proxy
A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. On the contrary, if the victim is legitimately using the temporary bypass to reach out to the Internet for retrieving application and system updates, a remote device could target it and undo the bypass, thereby denying the victim access to the update service, causing it to fail.​
2024-03-14​
5.5
CVE-2024-0313
[email protected]
snowflakedb -- snowflake-hive-metastore-connector
The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a helper script for the Hive MetaStore Connector. A malicious insider without admin privileges could, in theory, use the script to download content from a Microsoft domain to the local system and replace the valid content with malicious code. If the attacker then also had local access to the same system where the maliciously modified script is run, they could attempt to manipulate users into executing the attacker-controlled helper script, potentially gaining elevated privileges to the local system. The vulnerability in the script was patched on February 09, 2024, without a version bump to the Connector. User who use the helper script are strongly advised to use the latest version as soon as possible. Users unable to upgrade should avoid using the helper script.​
2024-03-15​
4
CVE-2024-28851
[email protected]
[email protected]
[email protected]
softaculous -- backuply_-_backup,_restore,_migrate_and_clone
The Backuply - Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only activate_plugins capability to access arbitrary files on the server, which can contain sensitive information. This only impacts sites hosted on Windows servers.​
2024-03-16​
4.9
CVE-2024-2294
[email protected]
[email protected]
[email protected]
[email protected]
soundcloud_inc.,_lawrie_malen -- soundcloud_shortcode
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc., Lawrie Malen SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 4.0.1.​
2024-03-15​
6.5
CVE-2024-25936
[email protected]
sourcecodester -- best_pos_management_system
A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view_order.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256705 was assigned to this vulnerability.​
2024-03-13​
6.3
CVE-2024-2418
[email protected]
[email protected]
[email protected]
sourcecodester -- crud_without_page_reload
A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file add_user.php. The manipulation of the argument city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256453 was assigned to this vulnerability.​
2024-03-12​
6.3
CVE-2024-2393
[email protected]
[email protected]
[email protected]
stylemix -- masterstudy_lms_wordpress_plugin_-_for_online_courses_and_education
The MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email addresses which can be used to help perform future attacks.​
2024-03-13​
5.3
CVE-2024-2106
[email protected]
[email protected]
[email protected]
[email protected]
subratamal -- terawallet_-_best_woocommerce_wallet_system_with_cashback_rewards,_partial_payment,_wallet_refunds
The TeraWallet - Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawallet_export_user_search() function in all versions up to, and including, 1.4.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to export a list of registered users and their emails.​
2024-03-13​
4.3
CVE-2024-1690
[email protected]
[email protected]
surya2developer -- hostel_management_service
A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256889 was assigned to this vulnerability.​
2024-03-15​
4.3
CVE-2024-2483
[email protected]
[email protected]
[email protected]
surya2developer -- hostel_management_system
A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability.​
2024-03-15​
6.5
CVE-2024-2481
[email protected]
[email protected]
[email protected]
svenl77 -- post_form_-registration_form-profile_form_for_user_profiles-frontend_content_forms_for_user_submissions(ugc)
The Post Form - Registration Form - Profile Form for User Profiles - Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyforms_new_page function in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber access or higher, to create pages with arbitrary titles. These pages are published.​
2024-03-13​
4.3
CVE-2024-1158
[email protected]
[email protected]
[email protected]
sysbasics -- customize_my_account_for_woocommerce
Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through 1.8.3.​
2024-03-15​
4.3
CVE-2023-51369
[email protected]
takayukister -- contact_form_7
The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'active-tab' parameter in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-03-13​
6.1
CVE-2024-2242
[email protected]
[email protected]
techfyd -- sky_addons_for_elementor_(free_templates_library,_live_copy,_animations,_post_grid,_post_carousel,_particles,_sliders,_chart,_blogs)
The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link URL value in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-2286
[email protected]
[email protected]
techjewel -- contact_form_plugin_by_fluent_forms_for_quiz,survey,_and_drag&_drop_wp_form_builder
The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin.​
2024-03-13​
4.9
CVE-2023-6957
[email protected]
[email protected]
thedark -- auto_affiliate_links
The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add arbitrary links to posts.​
2024-03-13​
4.3
CVE-2024-1843
[email protected]
[email protected]
[email protected]
themefusecom -- brizy_-_page_builder
The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1291
[email protected]
[email protected]
themefusecom -- brizy_-_page_builder
The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1293
[email protected]
[email protected]
themefusecom -- brizy_-_page_builder
The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block upload in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1296
[email protected]
[email protected]
[email protected]
[email protected]
themefusion -- avada_|website_builder_for_wordpress&_woocommerce
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents of all form submissions, including fields that are obfuscated (such as the contact form's "password" field).​
2024-03-13​
6.5
CVE-2024-1668
[email protected]
[email protected]
themegrill -- maintenance_page
The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access or higher, to download a csv containing subscriber emails.​
2024-03-13​
5.3
CVE-2024-1370
[email protected]
[email protected]
themegrill -- maintenance_page
The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode.​
2024-03-13​
5.3
CVE-2024-1462
[email protected]
[email protected]
themeisle -- orbit_fox_by_themeisle
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2_width attribute in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1497
[email protected]
[email protected]
[email protected]
themeisle -- orbit_fox_by_themeisle
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings['title_tags'] parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1499
[email protected]
[email protected]
[email protected]
themeisle -- orbit_fox_by_themeisle
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-2126
[email protected]
[email protected]
themencode_llc -- tnc_pdf_viewer
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 2.8.0.​
2024-03-13​
6.5
CVE-2024-25097
[email protected]
themisle -- otter_blocks_pro_-gutenberg_blocks,_page_builder_for_gutenberg_editor&_fse
The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1684
[email protected]
[email protected]
themisle -- otter_blocks_pro_-gutenberg_blocks,_page_builder_for_gutenberg_editor&_fse
The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that the patch in 2.6.4 allows SVG uploads but the uploaded SVG files are sanitized.​
2024-03-13​
6.1
CVE-2024-1691
[email protected]
[email protected]
tibco_software_inc. -- tibco_activespaces_-_enterprise_edition
The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0.​
2024-03-12​
4.3
CVE-2024-1137
[email protected]
timstrifler -- exclusive_addons_for_elementor
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1234
[email protected]
[email protected]
timstrifler -- exclusive_addons_for_elementor
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1413
[email protected]
[email protected]
timstrifler -- exclusive_addons_for_elementor
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1414
[email protected]
[email protected]
timstrifler -- exclusive_addons_for_elementor
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-2028
[email protected]
[email protected]
turtlepod -- f(x)_private_site
The f(x) Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API. This makes it possible for unauthenticated attackers to obtain page and post contents of a site protected with this plugin.​
2024-03-12​
5.3
CVE-2024-0906
[email protected]
[email protected]
vantage6 -- vantage6
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost. These routes send emails to users if they have lost their password or MFA token. This issue has been addressed in commit aecfd6d0e and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability.​
2024-03-14​
5.3
CVE-2024-24770
[email protected]
[email protected]
[email protected]
vantage6 -- vantage6
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies. This issue has been addressed in commit 70bb4e1d8 and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability.​
2024-03-14​
4.2
CVE-2024-23823
[email protected]
[email protected]
vantage6 -- vantage6-ui
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit 68dfa6614 which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.​
2024-03-14​
5.4
CVE-2024-24562
[email protected]
[email protected]
visualcomposer -- visual_composer_website_builder,landing_page_builder,_custom_theme_builder,_maintenance_mode&_coming_soon_pages
The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 45.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2023-6880
[email protected]
[email protected]
wago -- controller_bacnet/ip
An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required. This leads to a limited impact of confidentiality and integrity but no impact of availability.​
2024-03-13​
5.4
CVE-2018-25090
[email protected]
wbw -- product_table_by_wbw
Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table by WBW.This issue affects Product Table by WBW: from n/a through 1.8.6.​
2024-03-16​
4.3
CVE-2023-51512
[email protected]
webtechstreet -- elementor_addon_elements​
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'icon_align' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1393
[email protected]
[email protected]
[email protected]
webtechstreet -- elementor_addon_elements
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eae_custom_overlay_switcher' attribute of the Thumbnail Slider widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1391
[email protected]
[email protected]
[email protected]
webtechstreet -- elementor_addon_elements
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1_icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1392
[email protected]
[email protected]
[email protected]
webtechstreet -- elementor_addon_elements
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1422
[email protected]
[email protected]
[email protected]
[email protected]
wokamoto -- simple_tweet
The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tweet this text value in all versions up to, and including, 1.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-0700
[email protected]
[email protected]
[email protected]
wpchill -- simple_restrict
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content​
2024-03-13​
5.3
CVE-2024-1083
[email protected]
[email protected]
wpdatatables -- wpdatatables_-wordpress_data_table,_dynamic_tables&_table_charts_plugin
The wpDataTables - WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-03-13​
6.1
CVE-2024-0591
[email protected]
[email protected]
[email protected]
[email protected]
wpdevteam -- essential_addons_for_elementor_-best_elementor_templates,_widgets,_kits&_woocommerce_builders
The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Data Table widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1537
[email protected]
[email protected]
wpdevteam -- essential_blocks_-page_builder_gutenberg_blocks,_patterns&_templates
The Essential Blocks - Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1854
[email protected]
[email protected]
wpeventmanager -- wp_event_manager_-_events_calendar,_registrations,_sell_tickets_with_woocommerce
The WP Event Manager - Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-03-13​
6.1
CVE-2024-0976
[email protected]
[email protected]
[email protected]
wpgmaps -- wp_go_maps_(formerly_wp_google_maps)​
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1582
[email protected]
[email protected]
wpgmaps -- wp_go_maps_(formerly_wp_google_maps)
The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.​
2024-03-13​
4.4
CVE-2023-4839
[email protected]
[email protected]
wpmu_dev -- broken_link_checker
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3.​
2024-03-15​
5.9
CVE-2024-25592
[email protected]
wpswings -- ultimate_gift_cards_for_woocommerce_-create,_redeem&_manage_digital_gift_certificates_with_personalized_templates
The Ultimate Gift Cards for WooCommerce - Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the wps_wgm_preview_email_template(). This makes it possible for unauthenticated attackers to read password protected and draft posts that may contain sensitive data.​
2024-03-16​
5.3
CVE-2024-1857
[email protected]
[email protected]
wpvividplugins -- wpvivid_backup_for_mainwp
The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-03-13​
6.1
CVE-2024-1383
[email protected]
[email protected]
[email protected]
wpwax -- legal_pages
Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7.​
2024-03-15​
4.3
CVE-2023-50886
[email protected]
xpeedstudio -- elementskit_elementor_addons
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-16​
6.4
CVE-2024-1239
[email protected]
[email protected]
xpeedstudio -- elementskit_elementor_addons
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-16​
6.4
CVE-2024-2042
[email protected]
[email protected]
[email protected]
xpeedstudio -- elementskit_elementor_addons
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled.​
2024-03-16​
5.5
CVE-2023-6525
[email protected]
[email protected]
[email protected]
xpeedstudio -- metform_elementor_contact_form_builder
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-03-13​
6.4
CVE-2024-1585
[email protected]
[email protected]
[email protected]
xpeedstudio -- wp_social_login_and_register_social_counter
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to enable and disable certain providers for the social share and login features.​
2024-03-13​
6.5
CVE-2024-1763
[email protected]
[email protected]
yonifre -- maspik_-_spam_blacklist
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik - Spam Blacklist allows Stored XSS.This issue affects Maspik - Spam Blacklist: from n/a through 0.10.6.​
2024-03-13​
5.9
CVE-2024-25101
[email protected]
yooooomi -- your_spotify
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify API access and refresh tokens to guest users. Attackers with access to a public token for guest access to YourSpotify can therefore obtain access to Spotify API tokens of YourSpotify users. As a consequence, attackers may extract profile information, information about listening habits, playlists and other information from the corresponding Spotify profile. In addition, the attacker can pause and resume playback in the Spotify app at will. This issue has been resolved in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this issue.​
2024-03-13​
6.5
CVE-2024-28193
[email protected]
yooooomi -- your_spotify
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version < 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing user of YourSpotify to trigger actions, such as allowing signup of other users or deleting the current user account. Clickjacking works by opening the target application in an invisible iframe on an attacker-controlled site and luring a victim to visit the attacker page and interacting with it. By positioning elements over the invisible iframe, a victim can be tricked into triggering malicious or destructive actions in the invisible iframe, while they think they interact with a totally different site altogether. When a victim visits an attacker-controlled site while they are logged into YourSpotify, they can be tricked into performing actions on their YourSpotify instance without their knowledge. These actions include allowing signup of other users or deleting the current user account, resulting in a high impact to the integrity of YourSpotify. This issue has been addressed in version 1.9.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-13​
6.5
CVE-2024-28196
[email protected]
yooooomi -- your_spotify
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated before or not, without any user interaction or prerequisite knowledge. This vulnerability allows an attacker to fully bypass the public token authentication mechanism, regardless if a public token has been generated before or not, without any user interaction or prerequisite knowledge. This issue has been addressed in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-13​
5.3
CVE-2024-28192
[email protected]
zemana -- antilogger
Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x80002020 IOCTL code of the zam64.sys and zamguard64.sys drivers​
2024-03-15​
5.5
CVE-2024-2180
[email protected]
[email protected]
zemana -- antilogger
Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service (DoS) vulnerability by triggering the 0x80002004 and 0x80002010 IOCTL codes of the zam64.sys and zamguard64.sys drivers.​
2024-03-15​
5.5
CVE-2024-2204
[email protected]
[email protected]
zemena -- antilogger
Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers.​
2024-03-14​
5.5
CVE-2024-1853
[email protected]
[email protected]
zoom_video_communications,_inc. -- zoom_rooms_client_for_windows
Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.​
2024-03-13​
5.3
CVE-2024-24692
[email protected]

Back to top




Low Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
bpftrace -- bpftrace
If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.​
2024-03-10​
2.8
CVE-2024-2313
[email protected]
[email protected]
cloudflare -- quiche
Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers (IDs); see RFC 9000 Section 5.1 https://datatracker.ietf.org/doc/html/rfc9000#section-5.1 . Endpoints declare the number of active connection IDs they are willing to support using the active_connection_id_limit transport parameter. The peer can create new IDs using a NEW_CONNECTION_ID frame but must stay within the active ID limit. This is done by retirement of old IDs, the endpoint sends NEW_CONNECTION_ID includes a value in the retire_prior_to field, which elicits a RETIRE_CONNECTION_ID frame as confirmation. An unauthenticated remote attacker can exploit the vulnerability by sending NEW_CONNECTION_ID frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that RETIRE_CONNECTION_ID frames can only be sent at a slower rate than they are received, leading to storage of information related to connection IDs in an unbounded queue. Quiche versions 0.19.2 and 0.20.1 are the earliest to address this problem. There is no workaround for affected versions.​
2024-03-12​
3.7
CVE-2024-1410
[email protected]
collaboraonline -- online
Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should not be given out to the client. In affected versions of Collabora Online it is possible to use the CELL() function, with the "filename" argument, in the spreadsheet component to get a path which includes this JailID. The impact of this vulnerability in its own is low because it requires to be chained with another vulnerability. Users should upgrade to Collabora Online 23.05.9; Collabora Online 22.05.22; Collabora Online 21.11.10 or higher. There are no known workarounds for this vulnerability.​
2024-03-11​
2.6
CVE-2024-25114
[email protected]
[email protected]
dell -- poweredge_platform
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.​
2024-03-13​
3.8
CVE-2024-0154
[email protected]
dell -- poweredge_platform
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.​
2024-03-13​
3.8
CVE-2024-0173
[email protected]
directus -- directus
Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser history). Attackers gaining access to these logs may hijack active user sessions, leading to unauthorized access to sensitive information or actions on behalf of the user. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-12​
2.3
CVE-2024-28238
[email protected]
discourse -- discourse
A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /check_availability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword leads to observable response discrepancy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256891.​
2024-03-15​
3.7
CVE-2024-2482
[email protected]
[email protected]
[email protected]
ibm -- maximo_application_suite
IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075.​
2024-03-13​
3.7
CVE-2023-32335
[email protected]
[email protected]
[email protected]
iovisor -- bpf_compiler_collection
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.​
2024-03-10​
2.8
CVE-2024-2314
[email protected]
[email protected]
keerti1924 -- secret-coder-php-project
A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secret_coder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-10​
3.7
CVE-2024-2355
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this issue is some unknown functionality of the file home.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256952. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
3.5
CVE-2024-2515
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. This issue affects some unknown processing of the file book_history.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256955. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
3.5
CVE-2024-2518
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been classified as problematic. Affected is an unknown function of the file navbar.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256956. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
3.5
CVE-2024-2519
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/bookdate.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
3.5
CVE-2024-2521
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability classified as problematic was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This vulnerability affects unknown code of the file /admin/booktime.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
3.5
CVE-2024-2523
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability, which was classified as problematic, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected is an unknown function of the file /admin/receipt.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
3.5
CVE-2024-2525
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/rooms.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
3.5
CVE-2024-2526
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/update-rooms.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256967. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
3.5
CVE-2024-2530
[email protected]
[email protected]
[email protected]
magesh-k21 -- online-college-event-hall-reservation-system
A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256970 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-16​
3.5
CVE-2024-2533
[email protected]
[email protected]
[email protected]
mattermost -- mattermost
Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an attacker to send a very large email payload and crash the server.​
2024-03-15​
3.1
CVE-2024-28053
[email protected]
mattermost -- mattermost_mobile
Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the size of the code block that will be processed by the syntax highlighter, allowing an attacker to send a very large code block and crash the mobile app.​
2024-03-15​
3.5
CVE-2024-24975
[email protected]
mha_sistemas -- armhazena
A vulnerability classified as problematic has been found in MHA Sistemas arMHAzena 9.6.0.0. This affects an unknown part of the component Cadastro Page. The manipulation of the argument Query leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256887. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-15​
3.5
CVE-2024-2479
[email protected]
[email protected]
[email protected]
microsoft -- microsoft_edge_for_android
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability​
2024-03-14​
3.9
CVE-2024-26246
[email protected]
n/a -- eve-ng
A vulnerability was found in EVE-NG 5.0.1-13 and classified as problematic. Affected by this issue is some unknown functionality of the component Lab Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256442 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.​
2024-03-12​
2.4
CVE-2024-2391
[email protected]
[email protected]
[email protected]
n/a -- intel(r)_local_manageability_service_software
Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2316.5.1.2 may allow an authenticated user to potentially enable information disclosure via local access.​
2024-03-14​
3.3
CVE-2023-27502
[email protected]
n/a -- musicshelf
A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256320.​
2024-03-10​
1.8
CVE-2024-2364
[email protected]
[email protected]
[email protected]
n/a -- musicshelf
A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with insufficient computational effort. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-256321 was assigned to this vulnerability.​
2024-03-11​
1.6
CVE-2024-2365
[email protected]
[email protected]
[email protected]
n/a -- quarkus
A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.​
2024-03-13​
3.5
CVE-2024-1979
[email protected]
[email protected]
[email protected]
papercut -- papercut_ng,_papercut_mf
This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF servers.​
2024-03-14​
3.1
CVE-2024-1221
eb41dac7-0af8-4f84-9f6d-0272772514f4
peering-manager -- peering-manager
Peering Manager is a BGP session management tool. In Peering Manager <=1.8.2, it is possible to redirect users to an arbitrary page using a crafted url. As a result users can be redirected to an unexpected location. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-03-12​
3.5
CVE-2024-28113
[email protected]
[email protected]

Back to top




Severity Not Yet Assigned​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
N/A -- N/A
In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Fix memory leak in amd_sfh_work Kmemleak tool detected a memory leak in the amd_sfh driver. ==================== unreferenced object 0xffff88810228ada0 (size 32): comm "insmod", pid 3968, jiffies 4295056001 (age 775.792s) hex dump (first 32 bytes): 00 20 73 1f 81 88 ff ff 00 01 00 00 00 00 ad de . s............. 22 01 00 00 00 00 ad de 01 00 02 00 00 00 00 00 "............... backtrace: [<000000007b4c8799>] kmem_cache_alloc_trace+0x163/0x4f0 [<0000000005326893>] amd_sfh_get_report+0xa4/0x1d0 [amd_sfh] [<000000002a9e5ec4>] amdtp_hid_request+0x62/0x80 [amd_sfh] [<00000000b8a95807>] sensor_hub_get_feature+0x145/0x270 [hid_sensor_hub] [<00000000fda054ee>] hid_sensor_parse_common_attributes+0x215/0x460 [hid_sensor_iio_common] [<0000000021279ecf>] hid_accel_3d_probe+0xff/0x4a0 [hid_sensor_accel_3d] [<00000000915760ce>] platform_probe+0x6a/0xd0 [<0000000060258a1f>] really_probe+0x192/0x620 [<00000000fa812f2d>] driver_probe_device+0x14a/0x1d0 [<000000005e79f7fd>] __device_attach_driver+0xbd/0x110 [<0000000070d15018>] bus_for_each_drv+0xfd/0x160 [<0000000013a3c312>] __device_attach+0x18b/0x220 [<000000008c7b4afc>] device_initial_probe+0x13/0x20 [<00000000e6e99665>] bus_probe_device+0xfe/0x120 [<00000000833fa90b>] device_add+0x6a6/0xe00 [<00000000fa901078>] platform_device_add+0x180/0x380 ==================== The fix is to freeing request_list entry once the processed entry is removed from the request_list.​
2024-03-15​
not yet calculated​
CVE-2021-47133
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A -- N/A
GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path.​
2024-03-11​
not yet calculated​
CVE-2022-46070
[email protected]
N/A -- N/A
Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter.​
2024-03-13​
not yet calculated​
CVE-2023-36238
[email protected]
N/A -- N/A
SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the Student Search function.​
2024-03-13​
not yet calculated​
CVE-2023-41504
[email protected]
N/A -- N/A
An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.​
2024-03-13​
not yet calculated​
CVE-2023-41505
[email protected]
N/A -- N/A
There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload.​
2024-03-14​
not yet calculated​
CVE-2023-42286
[email protected]
N/A -- N/A
Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via "Subject Name" and "Subject Code" section.​
2024-03-12​
not yet calculated​
CVE-2023-42307
[email protected]
N/A -- N/A
Cross Site Scripting (XSS) vulnerability in Manage Fastrack Subjects in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via the "Subject Name" and "Subject Code" Section.​
2024-03-12​
not yet calculated​
CVE-2023-42308
[email protected]
N/A -- N/A
Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.​
2024-03-12​
not yet calculated​
CVE-2023-43279
[email protected]
N/A -- N/A
Cross Site Scripting vulnerability in My Food Recipe Using PHP with Source Code v.1.0 allows a local attacker to execute arbitrary code via a crafted payload to the Recipe Name, Procedure, and ingredients parameters.​
2024-03-12​
not yet calculated​
CVE-2023-43292
[email protected]
N/A -- N/A
Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php.​
2024-03-12​
not yet calculated​
CVE-2023-49453
[email protected]
N/A -- N/A
An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component.​
2024-03-14​
not yet calculated​
CVE-2023-50677
[email protected]
N/A -- N/A
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.​
2024-03-16​
not yet calculated​
CVE-2024-22513
[email protected]
N/A -- N/A
SQL Injection vulnerability in Code-projects.org Scholars Tracking System 1.0 allows attackers to run arbitrary code via login.php.​
2024-03-12​
not yet calculated​
CVE-2024-24092
[email protected]
N/A -- N/A
SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via Personal Information Update information.​
2024-03-12​
not yet calculated​
CVE-2024-24093
[email protected]
N/A -- N/A
Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed.​
2024-03-12​
not yet calculated​
CVE-2024-24097
[email protected]
N/A -- N/A
Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update.​
2024-03-12​
not yet calculated​
CVE-2024-24101
[email protected]
N/A -- N/A
SQL Injection vulnerability in Code-projects Computer Science Time Table System 1.0 allows attackers to run arbitrary code via adminFormvalidation.php.​
2024-03-13​
not yet calculated​
CVE-2024-24105
[email protected]
N/A -- N/A
Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github commit 58c737a263ac0c523592fd87ff71b9e3c07d7cf5, allows remote attackers execute arbitrary code via the wr_content parameter.​
2024-03-16​
not yet calculated​
CVE-2024-24156
[email protected]
N/A -- N/A
In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119.​
2024-03-14​
not yet calculated​
CVE-2024-25139
[email protected]
[email protected]
N/A -- N/A
SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page.​
2024-03-15​
not yet calculated​
CVE-2024-25227
[email protected]
N/A -- N/A
Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php.​
2024-03-14​
not yet calculated​
CVE-2024-25228
[email protected]
[email protected]
N/A -- N/A
SQL Injection vulnerability in code-projects Agro-School Management System 1.0 allows attackers to run arbitrary code via the Login page.​
2024-03-13​
not yet calculated​
CVE-2024-25250
[email protected]
N/A -- N/A
SQL injection vulnerability in Employee Management System v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to the txtemail parameter in the login.php.​
2024-03-12​
not yet calculated​
CVE-2024-25325
[email protected]
N/A -- N/A
DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side Unauthenticated Remote Code Execution (RCE) vulnerability elevated from HNAP Stack-Based Buffer Overflow.​
2024-03-12​
not yet calculated​
CVE-2024-25331
[email protected]
[email protected]
N/A -- N/A
In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies.​
2024-03-14​
not yet calculated​
CVE-2024-25649
[email protected]
N/A -- N/A
Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application.​
2024-03-14​
not yet calculated​
CVE-2024-25650
[email protected]
N/A -- N/A
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint.​
2024-03-14​
not yet calculated​
CVE-2024-25651
[email protected]
N/A -- N/A
In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users.​
2024-03-14​
not yet calculated​
CVE-2024-25652
[email protected]
N/A -- N/A
Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI.​
2024-03-14​
not yet calculated​
CVE-2024-25653
[email protected]
N/A -- N/A
Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance Management System 1.0 allows attackers to run arbitrary code via the Subject and Description fields when submitting a support ticket.​
2024-03-11​
not yet calculated​
CVE-2024-25854
[email protected]
N/A -- N/A
A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7058a can occur via a crafted payload to the email1 or pwd1 parameter in login.php.​
2024-03-15​
not yet calculated​
CVE-2024-26454
[email protected]
[email protected]
N/A -- N/A
An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.​
2024-03-14​
not yet calculated​
CVE-2024-26475
[email protected]
N/A -- N/A
Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.​
2024-03-14​
not yet calculated​
CVE-2024-26503
[email protected]
N/A -- N/A
HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component.​
2024-03-12​
not yet calculated​
CVE-2024-26521
[email protected]
[email protected]
N/A -- N/A
An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c.​
2024-03-13​
not yet calculated​
CVE-2024-26529
[email protected]
[email protected]
N/A -- N/A
A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze.​
2024-03-15​
not yet calculated​
CVE-2024-26540
[email protected]
N/A -- N/A
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.​
2024-03-15​
not yet calculated​
CVE-2024-27351
[email protected]
[email protected]
[email protected]
N/A -- N/A
Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter.​
2024-03-13​
not yet calculated​
CVE-2024-27703
[email protected]
N/A -- N/A
An issue in GLPI v.10.0.12 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the title field.​
2024-03-15​
not yet calculated​
CVE-2024-27756
[email protected]
N/A -- N/A
In RPyC before 6.0.0, when a server exposes a method that calls the attribute named array for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.​
2024-03-12​
not yet calculated​
CVE-2024-27758
[email protected]
[email protected]
N/A -- N/A
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component.​
2024-03-16​
not yet calculated​
CVE-2024-28069
[email protected]
N/A -- N/A
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access.​
2024-03-16​
not yet calculated​
CVE-2024-28070
[email protected]
N/A -- N/A
gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325​
2024-03-15​
not yet calculated​
CVE-2024-28318
[email protected]
N/A -- N/A
gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374​
2024-03-15​
not yet calculated​
CVE-2024-28319
[email protected]
N/A -- N/A
The bwdates-report-result.php file in Phpgurukul User Registration & Login and User Management System 3.1 contains a potential security vulnerability related to user input validation. The script retrieves user-provided date inputs without proper validation, making it susceptible to SQL injection attacks.​
2024-03-14​
not yet calculated​
CVE-2024-28323
[email protected]
N/A -- N/A
A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie.​
2024-03-12​
not yet calculated​
CVE-2024-28338
[email protected]
N/A -- N/A
An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.​
2024-03-12​
not yet calculated​
CVE-2024-28339
[email protected]
[email protected]
N/A -- N/A
An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.​
2024-03-12​
not yet calculated​
CVE-2024-28340
[email protected]
[email protected]
N/A -- N/A
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_name in the apply.cgi interface, thereby gaining root shell privileges.​
2024-03-15​
not yet calculated​
CVE-2024-28353
[email protected]
N/A -- N/A
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface, thereby gaining root shell privileges.​
2024-03-15​
not yet calculated​
CVE-2024-28354
[email protected]
N/A -- N/A
Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function.​
2024-03-14​
not yet calculated​
CVE-2024-28383
[email protected]
N/A -- N/A
SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method.​
2024-03-14​
not yet calculated​
CVE-2024-28388
[email protected]
N/A -- N/A
An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control.​
2024-03-14​
not yet calculated​
CVE-2024-28390
[email protected]
N/A -- N/A
SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods.​
2024-03-14​
not yet calculated​
CVE-2024-28391
[email protected]
N/A -- N/A
TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page.​
2024-03-15​
not yet calculated​
CVE-2024-28401
[email protected]
[email protected]
N/A -- N/A
TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page.​
2024-03-15​
not yet calculated​
CVE-2024-28403
[email protected]
[email protected]
N/A -- N/A
TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.​
2024-03-15​
not yet calculated​
CVE-2024-28404
[email protected]
[email protected]
N/A -- N/A
Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.​
2024-03-14​
not yet calculated​
CVE-2024-28417
[email protected]
N/A -- N/A
Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php​
2024-03-14​
not yet calculated​
CVE-2024-28418
[email protected]
N/A -- N/A
Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file.​
2024-03-14​
not yet calculated​
CVE-2024-28423
[email protected]
N/A -- N/A
zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file.​
2024-03-14​
not yet calculated​
CVE-2024-28424
[email protected]
N/A -- N/A
greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /templates/pickle_utils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file.​
2024-03-14​
not yet calculated​
CVE-2024-28425
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php​
2024-03-13​
not yet calculated​
CVE-2024-28429
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php.​
2024-03-13​
not yet calculated​
CVE-2024-28430
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_del.php.​
2024-03-13​
not yet calculated​
CVE-2024-28431
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_edit.php.​
2024-03-13​
not yet calculated​
CVE-2024-28432
[email protected]
N/A -- N/A
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function.​
2024-03-12​
not yet calculated​
CVE-2024-28535
[email protected]
N/A -- N/A
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function.​
2024-03-12​
not yet calculated​
CVE-2024-28553
[email protected]
N/A -- N/A
RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section.​
2024-03-13​
not yet calculated​
CVE-2024-28623
[email protected]
N/A -- N/A
Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field.​
2024-03-16​
not yet calculated​
CVE-2024-28639
[email protected]
N/A -- N/A
Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field.​
2024-03-16​
not yet calculated​
CVE-2024-28640
[email protected]
N/A -- N/A
A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php.​
2024-03-13​
not yet calculated​
CVE-2024-28662
[email protected]
[email protected]
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_add.php​
2024-03-13​
not yet calculated​
CVE-2024-28665
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php​
2024-03-13​
not yet calculated​
CVE-2024-28666
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/templets_one_edit.php​
2024-03-13​
not yet calculated​
CVE-2024-28667
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php​
2024-03-13​
not yet calculated​
CVE-2024-28668
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php.​
2024-03-13​
not yet calculated​
CVE-2024-28669
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php.​
2024-03-13​
not yet calculated​
CVE-2024-28670
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php.​
2024-03-13​
not yet calculated​
CVE-2024-28671
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php.​
2024-03-13​
not yet calculated​
CVE-2024-28672
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php.​
2024-03-13​
not yet calculated​
CVE-2024-28673
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_edit.php​
2024-03-13​
not yet calculated​
CVE-2024-28675
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php.​
2024-03-13​
not yet calculated​
CVE-2024-28676
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php.​
2024-03-13​
not yet calculated​
CVE-2024-28677
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php​
2024-03-13​
not yet calculated​
CVE-2024-28678
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection.​
2024-03-13​
not yet calculated​
CVE-2024-28679
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php.​
2024-03-13​
not yet calculated​
CVE-2024-28680
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php.​
2024-03-13​
not yet calculated​
CVE-2024-28681
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php.​
2024-03-13​
not yet calculated​
CVE-2024-28682
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file.​
2024-03-13​
not yet calculated​
CVE-2024-28683
[email protected]
N/A -- N/A
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/module_main.php​
2024-03-13​
not yet calculated​
CVE-2024-28684
[email protected]
N/A -- N/A
Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability​
2024-03-14​
not yet calculated​
CVE-2024-28746
[email protected]
[email protected]
N/A -- N/A
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.​
2024-03-15​
not yet calculated​
CVE-2024-28752
[email protected]
N/A -- N/A
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).​
2024-03-10​
not yet calculated​
CVE-2024-28757
[email protected]
[email protected]
N/A -- N/A
Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php.​
2024-03-11​
not yet calculated​
CVE-2024-28816
[email protected]
N/A -- N/A
Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 allows XSS via a crafted S3 bucket name to index.html.​
2024-03-11​
not yet calculated​
CVE-2024-28823
[email protected]
[email protected]
amd -- cpu
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.​
2024-03-15​
not yet calculated​
CVE-2024-2193
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apache_software_foundation -- apache_doris
The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue.​
2024-03-12​
not yet calculated​
CVE-2023-41313
[email protected]
apache_software_foundation -- apache_tomcat
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.​
2024-03-13​
not yet calculated​
CVE-2024-23672
[email protected]
apache_software_foundation -- apache_tomcat
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.​
2024-03-13​
not yet calculated​
CVE-2024-24549
[email protected]
apache_software_foundation -- apache_zookeeper
Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical. Users are recommended to upgrade to version 3.9.2, 3.8.4 which fixes the issue.​
2024-03-15​
not yet calculated​
CVE-2024-23944
[email protected]
apple -- garageband
A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.​
2024-03-12​
not yet calculated​
CVE-2024-23300
[email protected]
[email protected]
apple -- itunes_for_windows
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges.​
2024-03-14​
not yet calculated​
CVE-2023-42938
[email protected]
[email protected]
apple -- xcode
A logic issue was addressed with improved state management.​
2024-03-15​
not yet calculated​
CVE-2024-23298
[email protected]
devolutions -- remote_desktop_manager
Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory.​
2024-03-13​
not yet calculated​
CVE-2024-2403
[email protected]
google -- android
In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-0039
[email protected]
[email protected]
[email protected]
[email protected]
google -- android
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-0044
[email protected]
[email protected]
[email protected]
[email protected]
google -- android
In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-0045
[email protected]
[email protected]
google -- android
In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-0046
[email protected]
[email protected]
google -- android
In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-0047
[email protected]
[email protected]
[email protected]
[email protected]
google -- android
In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-0048
[email protected]
[email protected]
google -- android
In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-0049
[email protected]
[email protected]
google -- android
In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-0050
[email protected]
[email protected]
google -- android
In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-0051
[email protected]
[email protected]
google -- android
In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-0052
[email protected]
[email protected]
google -- android
In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-0053
[email protected]
[email protected]
google -- android
there is a possible Authentication Bypass due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-22005
[email protected]
google -- android
OOB read in the TMU plugin that allows for memory disclosure in the power management subsystem of the device.​
2024-03-11​
not yet calculated​
CVE-2024-22006
[email protected]
google -- android
In constraint_check of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-22007
[email protected]
google -- android
In config_gov_time_windows of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-22008
[email protected]
google -- android
In init_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-22009
[email protected]
google -- android
In dvfs_plugin_caller of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-22010
[email protected]
google -- android
In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-22011
[email protected]
google -- android
In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-23717
[email protected]
[email protected]
google -- android
In dumpBatteryDefend of dump_power.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-25984
[email protected]
google -- android
In bigo_unlocked_ioctl of bigo.c, there is a possible UAF due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-25985
[email protected]
google -- android
In ppmp_unprotect_buf of drm_fw.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-25986
[email protected]
google -- android
In pt_sysctl_command of pt.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-25987
[email protected]
google -- android
In SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-25988
[email protected]
google -- android
In gpu_slc_liveness_update of pixel_gpu_slc.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-25989
[email protected]
google -- android
In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-25990
[email protected]
google -- android
In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-25991
[email protected]
google -- android
In tmu_tz_control of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-25992
[email protected]
google -- android
In tmu_reset_tmu_trip_counter of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-25993
[email protected]
google -- android
In tmu_set_gov_active of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27204
[email protected]
google -- android
there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27205
[email protected]
google -- android
there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27206
[email protected]
google -- android
Exported broadcast receivers allowing malicious apps to bypass broadcast protection.​
2024-03-11​
not yet calculated​
CVE-2024-27207
[email protected]
google -- android
there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27208
[email protected]
google -- android
there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27209
[email protected]
google -- android
In policy_check of fvp.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27210
[email protected]
google -- android
In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27211
[email protected]
google -- android
In init_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27212
[email protected]
google -- android
In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remote Code Execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27213
[email protected]
google -- android
In update_freq_data of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27218
[email protected]
google -- android
In tmu_set_pi of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27219
[email protected]
google -- android
In lpm_req_handler of , there is a possible out of bounds memory access due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27220
[email protected]
google -- android
In update_policy_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27221
[email protected]
google -- android
In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible way to access the file the app cannot access due to Intent Redirect GRANT_URI_PERMISSIONS Attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27222
[email protected]
google -- android
In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure after authenticating the cell connection with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27223
[email protected]
google -- android
In strncpy of strncpy.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27224
[email protected]
google -- android
In sendHciCommand of bluetooth_hci.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27225
[email protected]
google -- android
In tmu_config_gov_params of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27226
[email protected]
google -- android
A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues​
2024-03-11​
not yet calculated​
CVE-2024-27227
[email protected]
google -- android
there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27228
[email protected]
google -- android
In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27229
[email protected]
google -- android
In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27230
[email protected]
google -- android
In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission bypass due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27233
[email protected]
google -- android
In fvp_set_target of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27234
[email protected]
google -- android
In plugin_extern_func of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-03-11​
not yet calculated​
CVE-2024-27235
[email protected]
google -- android
In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​