CISA Bulletins - Vulnerability Summary for the Week of November 11, 2024

  • Welcome to ITBible, we're your #1 resource for enterprise or homelab IT problems (or just a place to show off your stuff).
C

CISA

Guest

High Vulnerabilities

Primary
Vendor
-- Product
Description
Published
CVSS Score
Source Info
1000 Projects--Beauty Parlour Management System
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2024-11-12
7.3
1000 Projects--Beauty Parlour Management System
A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.​
2024-11-15​
7.3
1000 Projects--Beauty Parlour Management System
A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-11-15
7.3
1000 Projects--Portfolio Management System MCA
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.​
2024-11-15​
7.3
adobe -- after_effects
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
7.8
adobe -- after_effects
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
7.8
adobe -- after_effects
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
7.8
adobe -- illustrator
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
7.8
adobe -- illustrator
Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
7.8
adobe -- illustrator
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
7.8
adobe -- illustrator
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
7.8
adobe -- indesign
InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
7.8
adobe -- indesign
InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
7.8
adobe -- indesign
InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
7.8
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
7.8
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
7.8
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
7.8
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
7.8
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
7.8
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
7.8
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
7.8
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
7.8
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
7.8
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
7.8
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
7.8
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
7.8
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
7.8
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
7.8
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
7.8
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
7.8
Adobe--Adobe Commerce
Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction.
2024-11-12
7.7
Adobe--Animate
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
7.8
Adobe--Animate
Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
7.8
Adobe--Photoshop Desktop
Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
7.8
adonesevangelista -- agri-trading_online_shopping_system
A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding a product to the cart. By setting the quantity value to -0, an attacker can exploit a flaw in the application's total price calculation logic. This vulnerability causes the total price to be reduced to zero, allowing the attacker to add items to the cart and proceed to checkout.
2024-11-14
7.5
algolplus--Advanced Order Export For WooCommerce
The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).​
2024-11-13​
8.1
amd -- ryzen_ai_software
Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.
2024-11-12
7.8
amd -- ryzen_ai_software
Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.​
2024-11-12​
7.8
AMD--AMD Cloud Manageability Service Software
Incorrect default permissions in the AMD Cloud Manageability Service (ACMS) Software installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
2024-11-12
7.3
AMD--AMD Management Console
Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.​
2024-11-12​
7.3
AMD--AMD Management Plug-In for SCCM
Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
2024-11-12
7.3
AMD--AMD Provisioning Console (APC) Software
Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.​
2024-11-12​
7.3
AMD--AMD Ryzen AI Software
Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.
2024-11-12
8.8
AMD--AMD Ryzen Master Monitoring SDK
Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.​
2024-11-12​
7.3
AMD--AMD Ryzen Master Utility for Overclocking Control
Incorrect default permissions in the AMD RyzenTM Master Utility installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
2024-11-12
7.3
AMD--AMD Software: PRO Edition
Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.​
2024-11-12​
7.3
AMI--AptioV
APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode.
2024-11-12
7.2
ampache -- ampache
Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-11-11​
9
ampache -- ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-11-11
8.1
ampache -- ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-11-11​
8.1
ampache -- ampache
Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL?-?Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-11-11
8.4
ampache -- ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-11-11​
8.1
angeljudesuarez -- construction_management_system
A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter.
2024-11-13
7.2
angeljudesuarez -- construction_management_system
A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter.​
2024-11-13​
7.2
angeljudesuarez -- tailoring_management_system
A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. This vulnerability affects unknown code of the file /incadd.php. The manipulation of the argument inccat/desc/date/amount leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "inccat" to be affected. But it must be assumed "desc", "date", and "amount" are affected as well.
2024-11-11
9.8
anisha -- job_recruitment
A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /activation.php. The manipulation of the argument e_hash leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.​
2024-11-11​
9.8
anisha -- job_recruitment
A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2024-11-11
9.8
anisha -- job_recruitment
A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.​
2024-11-12​
9.8
anisha -- job_recruitment
A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2024-11-12
8.8
Anthony Carbon--WDES Responsive Mobile Menu
Deserialization of Untrusted Data vulnerability in Anthony Carbon WDES Responsive Mobile Menu allows Object Injection.This issue affects WDES Responsive Mobile Menu: from n/a through 5.3.18.​
2024-11-16​
9.8
Apache Software Foundation--Apache Airflow
Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets.
2024-11-15
7.5
Apache Software Foundation--Apache CloudStack

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack.

Users are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue.

Additionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. However, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives.

for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-].); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; done
For checking the whole template/volume features of each disk, operators can run the following command:

for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-].); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done
2024-11-12​
8.5
Apache Software Foundation--Apache Traffic Server

Unchecked return value can allow Apache Traffic Server to retain privileges on startup.

This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1.

Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.
2024-11-14
9.1
Apache Software Foundation--Apache Traffic Server

Improper Input Validation vulnerability in Apache Traffic Server.

This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5.

Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.
2024-11-14​
7.5
Apache Software Foundation--Apache Traffic Server

Valid Host header field can cause Apache Traffic Server to crash on some platforms.

This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5.

Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.
2024-11-14
7.5
Arttia Creative--Datasets Manager by Arttia Creative
Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative.This issue affects Datasets Manager by Arttia Creative: from n/a through 1.5.​
2024-11-14​
10
Autodesk--Installer
A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management.
2024-11-15
7.2
Avigilon--VideoIQ iCVR HD camera
Avigilon - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')​
2024-11-14​
7.5
axelkeller--GPX Viewer
The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible.
2024-11-13
8.8
ays-pro--Chartify WordPress Chart Plugin
The Chartify - WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.​
2024-11-14​
9.8
Baxter--Life2000 Ventilation System
The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
2024-11-14
10
Baxter--Life2000 Ventilation System
The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance.​
2024-11-14​
10
Baxter--Life2000 Ventilation System
The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure.
2024-11-14
9.3
Baxter--Life2000 Ventilation System
The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges.​
2024-11-14​
9.3
Baxter--Life2000 Ventilation System
The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
2024-11-14
9.3
Baxter--Life2000 Ventilation System
The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure.​
2024-11-14​
9.3
Baxter--Life2000 Ventilation System
There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure.
2024-11-14
9.3
Baxter--Life2000 Ventilation System
Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.​
2024-11-14​
9.3
BdThemes--Instant Image Generator
Unrestricted Upload of File with Dangerous Type vulnerability in BdThemes Instant Image Generator allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through 1.5.4.
2024-11-14
10
Bigfive--CF7 Reply Manager
Unrestricted Upload of File with Dangerous Type vulnerability in Bigfive CF7 Reply Manager.This issue affects CF7 Reply Manager: from n/a through 1.2.3.​
2024-11-16​
9.9
Bikram Joshi--B-Banner Slider
Unrestricted Upload of File with Dangerous Type vulnerability in Bikram Joshi B-Banner Slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a through 1.1.
2024-11-16
9.9
BlackBerry--SecuSUITE
A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege.​
2024-11-12​
7.3
Boa web server--Boa web server 0.94.14rc21
Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
2024-11-14
7.5
Bosch Rexroth AG--IndraDrive FWA-INDRV*-MP*
A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages.​
2024-11-13​
7.5
Ciprian Popescu--W3P SEO
Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu W3P SEO allows Stored XSS.This issue affects W3P SEO: from n/a before 1.8.6.
2024-11-14
7.1
Cisco--Cisco BroadWorks
A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition.

This vulnerability exists because rate limiting does not occur for certain incoming TCP connections. An attacker could exploit this vulnerability by sending a high rate of TCP connections to the server. A successful exploit could allow the attacker to cause TCP connection resources to grow rapidly until the Cisco BroadWorks Network Server becomes unusable.
Note: To recover from this vulnerability, either Cisco BroadWorks Network Server software must be restarted or the Cisco BroadWorks Network Server node must be rebooted. For more information, see the section of this advisory.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.​
2024-11-15​
8.6
Cisco--Cisco Cyber Vision
A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2024-11-15
7.5
Cisco--Cisco Industrial Network Director
A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device.

This vulnerability is due to improper input validation when uploading a Device Pack. An attacker could exploit this vulnerability by altering the request that is sent when uploading a Device Pack. A successful exploit could allow the attacker to execute arbitrary commands as NT AUTHORITY\SYSTEM on the underlying operating system of an affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.​
2024-11-15​
9.9
Cisco--Cisco IOS XR Software
A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack.
The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root.
2024-11-15
8.8
Cisco--Cisco Modeling Labs
A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges.

This vulnerability is due to the improper handling of certain messages that are returned by the associated external authentication server. An attacker could exploit this vulnerability by logging in to the web interface of an affected server. Under certain conditions, the authentication mechanism would be bypassed and the attacker would be logged in as an administrator. A successful exploit could allow the attacker to obtain administrative privileges on the web interface of an affected server, including the ability to access and modify every simulation and all user-created data. To exploit this vulnerability, the attacker would need valid user credentials that are stored on the associated external authentication server.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.​
2024-11-15​
9.1
Cisco--Cisco Redundancy Configuration Manager
A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container.

This vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
The attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2024-11-15
8.1
Cisco--Cisco TelePresence Video Communication Server (VCS) Expressway
A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.  The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.
Note: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.​
2024-11-15​
7.4
Cisco--Cisco TelePresence Video Communication Server (VCS) Expressway
A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 
2024-11-15
7.4
Citrix Session Recording--Citrix Session Recording
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server​
2024-11-12​
8.8
Clarisse K.--Writer Helper
Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through 3.1.6.
2024-11-16
9.9
cli--cli

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0.

Developers connect to remote codespaces through an SSH server running within the devcontainer, which is generally provided through the [default devcontainer image]( https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-... https://docs.github.com/en/codespac...using-the-default-dev-container-configuration) . GitHub CLI [retrieves SSH connection details]( https://github.com/cli/cli/blob/30066b0042d0c5928d959e288144300cb28196c9/internal/codespaces/rpc/inv... https://github.com/cli/cli/blob/300.../internal/codespaces/rpc/invoker.go#L230-L244 ), such as remote username, which is used in [executing ssh commands]( https://github.com/cli/cli/blob/e356c69a6f0125cfaac782c35acf77314f18908d/pkg/cmd/codespace/ssh.go#L2... https://github.com/cli/cli/blob/e35...acf77314f18908d/pkg/cmd/codespace/ssh.go#L263 ) for gh codespace ssh or gh codespace logs commands.

This exploit occurs when a malicious third-party devcontainer contains a modified SSH server that injects ssh arguments within the SSH connection details. gh codespace ssh and gh codespace logs commands could execute arbitrary code on the user's workstation if the remote username contains something like -oProxyCommand="echo hacked" #. The -oProxyCommand flag causes ssh to execute the provided command while # shell comment causes any other ssh arguments to be ignored.

In 2.62.0, the remote username information is being validated before being used.
2024-11-14​
8
cmorillas1--External Database Based Actions
The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_handle' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin settings and log in as any existing user on the site, such as an administrator.
2024-11-15
7.5
cmsMinds--Boat Rental Plugin for WordPress
Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through 1.0.1.​
2024-11-14​
10
code-projects--Job Recruitment
A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file reset.php. The manipulation of the argument e leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2024-11-15
7.3
codeSavory--BasePress Migration Tools
Unrestricted Upload of File with Dangerous Type vulnerability in codeSavory BasePress Migration Tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through 1.0.0.​
2024-11-16​
9.9
craftcms--cms
Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5.
2024-11-13
8.4
craftcms--cms
Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server. This is fixed in 5.4.9 and 4.12.8.​
2024-11-13​
7.7
craftcms--cms
Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3.
2024-11-13
7.2
creativeinteractivemedia--Real3D Flipbook Lite 3D FlipBook, PDF Viewer, PDF Embedder
The 3D FlipBook, PDF Viewer, PDF Embedder - Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'r3dfb_save_thumbnail_callback' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.​
2024-11-16​
8.8
cyberlord92--Login using WordPress Users ( WP as SAML IDP )
The Login using WordPress Users ( WP as SAML IDP ) plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.15.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2024-11-16
7.2
Dang Ngoc Binh--Audio Record
Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record allows Upload a Web Shell to a Web Server.This issue affects Audio Record: from n/a through 1.0.​
2024-11-11​
10
Davor Zeljkovic--Convert Docx2post
Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post allows Upload a Web Shell to a Web Server.This issue affects Convert Docx2post: from n/a through 1.4.
2024-11-16
9.1
decidim--decidim
Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0.​
2024-11-13​
7.7
decidim-ice--decidim-module-decidim_awesome
An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands.
2024-11-12
9
dell -- smartfabric_os10
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.​
2024-11-12​
7.8
dell -- smartfabric_os10
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
2024-11-12
7.8
dell -- smartfabric_os10
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.​
2024-11-12​
7.8
Dell--SmartFabric OS10 Software
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution
2024-11-12
7.8
Delta Electronics--DIAScreen
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code.​
2024-11-11​
7.8
Delta Electronics--DIAScreen
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.
2024-11-11
7.8
Delta Electronics--DIAScreen
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code.​
2024-11-11​
7.8
dlink -- dsl6740c_firmware
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user's password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user's account.
2024-11-11
9.8
dlink -- dsl6740c_firmware
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.​
2024-11-11​
7.2
dlink -- dsl6740c_firmware
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
2024-11-11
7.2
dlink -- dsl6740c_firmware
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.​
2024-11-11​
7.2
dlink -- dsl6740c_firmware
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
2024-11-11
7.2
dlink -- dsl6740c_firmware
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page.​
2024-11-11​
7.2
dlink -- dsl6740c_firmware
The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password.
2024-11-11
7.5
DMC--Airin Blog
Deserialization of Untrusted Data vulnerability in DMC Airin Blog allows Object Injection.This issue affects Airin Blog: from n/a through 1.6.1.​
2024-11-16​
9.8
DonnellC--Global Gateway e4 | Payeezy Gateway
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DonnellC Global Gateway e4 | Payeezy Gateway.This issue affects Global Gateway e4 | Payeezy Gateway: from n/a through 2.0.
2024-11-14
8.6
DoThatTask--Do That Task
Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through 1.5.5.​
2024-11-14​
10
dotnetzip.semverd_project -- dotnetzip.semverd
Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
2024-11-13
9.8
Elastic--Kibana

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges https://www.elastic.co/guide/en/ela...urrent/defining-roles.html#roles-indices-priv  and Kibana privileges https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html  assigned to them.

The following Elasticsearch indices permissions are required

  • write privilege on the system indices .kibana_ingest*
  • The allow_restricted_indices flag is set to true

Any of the following Kibana privileges are additionally required

  • Under Fleet the All privilege is granted
  • Under Integration the Read or All privilege is granted
  • Access to the fleet-setup privilege is gained through the Fleet Server's service account token
2024-11-14​
9.1
Eugen Bobrowski--Debug Tool
Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through 2.2.
2024-11-16
10
Flowcraft UX Design Studio--Advanced Personalization
Deserialization of Untrusted Data vulnerability in Flowcraft UX Design Studio Advanced Personalization allows Object Injection.This issue affects Advanced Personalization: from n/a through 1.1.2.​
2024-11-16​
9.8
fortinet -- forticlient
A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.
2024-11-12
8.8
fortinet -- forticlient
A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering.​
2024-11-12​
7.8
Fortinet--FortiClientWindows
A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.
2024-11-13
7.8
Fortinet--FortiManager
A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData
at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests.​
2024-11-12​
7.5
Fortinet--FortiOS
A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link.
2024-11-12
7.5
FraudLabs Pro--FraudLabs Pro SMS Verification
Cross-Site Request Forgery (CSRF) vulnerability in FraudLabs Pro FraudLabs Pro SMS Verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through 1.10.1.​
2024-11-14​
7.1
FreeBSD--FreeBSD

The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option.

Fetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option.
2024-11-12
7.5
GeekRMX--Twitter @Anywhere Plus
Cross-Site Request Forgery (CSRF) vulnerability in GeekRMX Twitter @Anywhere Plus allows Stored XSS.This issue affects Twitter @Anywhere Plus: from n/a through 2.0.​
2024-11-14​
7.1
GentleSource--Appointmind
Cross-Site Request Forgery (CSRF) vulnerability in GentleSource Appointmind allows Stored XSS.This issue affects Appointmind: from n/a through 4.0.0.
2024-11-14
7.1
GeoVision--GV-VS12
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.​
2024-11-15​
9.8
GitLab--GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations.
2024-11-14
8.5
glpi-project--glpi
GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17.​
2024-11-15​
8.1
gogs--gogs/gogs
A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the tree_path parameter during file uploads. An attacker can set tree_path=.git. to upload a file into the .git directory, allowing them to write or rewrite the .git/config file. If the core.sshCommand is set, this can lead to remote command execution.
2024-11-15
10
google -- android
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.​
2024-11-13​
7.8
Google--Android
In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
2024-11-13
8.4
Google--Android
In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-11-13​
8.4
Google--Android
In multiple locations, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
2024-11-13
8.4
Google--Android
In DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-11-13​
8.4
Google--Android
In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
2024-11-13
8.4
Google--Android
In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-11-13​
8.4
Google--Android
In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
2024-11-13
8.8
Google--Android
In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-11-13​
7.8
Google--Android
In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
2024-11-13
7.8
Google--Android
In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-11-13​
7.8
Google--Android
In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
2024-11-13
7.8
Google--Android
In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-11-13​
7.8
Google--Android
In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
2024-11-13
7.8
Google--Android
In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-11-13​
7.8
Google--Chrome
Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
2024-11-12
8.8
Google--Chrome
Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)​
2024-11-12​
8.3
Google--Chrome
Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium)
2024-11-12
8.8
Google--Chrome
Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)​
2024-11-12​
7.5
Grand Vice info--Webopac
Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.
2024-11-11
9.8
Grand Vice info--Webopac
Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server.​
2024-11-11​
8.8
Grand Vice info--Webopac7
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
2024-11-11
9.8
Halyra--CDI
Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI.This issue affects CDI: from n/a through 5.5.3.​
2024-11-16​
9.1
Henrik Hoff--WP Course Manager
Cross-Site Request Forgery (CSRF) vulnerability in Henrik Hoff WP Course Manager allows Stored XSS.This issue affects WP Course Manager: from n/a through 1.3.
2024-11-14
7.1
Hive Support--Hive Support WordPress Help Desk
Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support - WordPress Help Desk allows Upload a Web Shell to a Web Server.This issue affects Hive Support - WordPress Help Desk: from n/a through 1.1.1.​
2024-11-14​
9.9
ibm -- soar
IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism.
2024-11-14
8.1
IBM--Engineering Insights
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.​
2024-11-15​
8.2
IBM--Sterling Secure Proxy
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system.
2024-11-15
7.5
icdsoft--MultiManager WP Manage All Your WordPress Sites Easily
The MultiManager WP - Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current user via user-supplied input. This makes it possible for unauthenticated attackers to generate an impersonation link that will allow them to log in as any existing user, such as an administrator. NOTE: The user impersonation feature was disabled in version 1.1.0 and re-enabled with a patch in version 1.1.2.​
2024-11-13​
9.8
Icinga--icinga2
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12.
2024-11-12
9.8
ivanti -- avalanche
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.​
2024-11-12​
7.5
ivanti -- avalanche
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
2024-11-12
7.5
ivanti -- avalanche
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.​
2024-11-12​
7.5
ivanti -- avalanche
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
2024-11-12
7.5
ivanti -- avalanche
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.​
2024-11-12​
7.5
ivanti -- connect_secure
Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
2024-11-12
7.2
ivanti -- connect_secure
A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.​
2024-11-12​
7.5
Ivanti--Avalanche
An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory.
2024-11-12
7.5
Ivanti--Connect Secure
Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.​
2024-11-12​
9.1
Ivanti--Connect Secure
Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
2024-11-12
9.1
Ivanti--Connect Secure
Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.​
2024-11-13​
9.1
Ivanti--Connect Secure
Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
2024-11-12
8.4
Ivanti--Connect Secure
A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution.​
2024-11-12​
8.8
Ivanti--Connect Secure
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 and Ivanti Policy Secure before version 22.6R1 allow a local authenticated attacker to escalate their privileges.
2024-11-13
7.8
Ivanti--Connect Secure
Excessive binary privileges in Ivanti Connect Secure which affects versions 22.4R2 through 22.7R2.2 inclusive within the R2 release line and Ivanti Policy Secure before version 22.7R1.2 allow a local authenticated attacker to escalate privileges.​
2024-11-12​
7.8
Ivanti--Connect Secure
A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.
2024-11-12
7.5
Ivanti--Endpoint Manager
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.​
2024-11-12​
9.8
Ivanti--Endpoint Manager
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
2024-11-12
8.8
Ivanti--Endpoint Manager
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.​
2024-11-12​
7.8
Ivanti--Endpoint Manager
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
2024-11-12
7.8
Ivanti--Endpoint Manager
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.​
2024-11-12​
7.2
Ivanti--Endpoint Manager
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
2024-11-12
7.2
Ivanti--Endpoint Manager
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.​
2024-11-12​
7.2
Ivanti--Endpoint Manager
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
2024-11-12
7.2
Ivanti--EPM
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.​
2024-11-13​
7.2
Ivanti--Secure Access Client
Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
2024-11-12
7.8
Ivanti--Secure Access Client
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.​
2024-11-12​
7.1
Ivanti--Secure Access Client
Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.
2024-11-12
7.3
Jenkins Project--Jenkins Authorize Project Plugin
Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.​
2024-11-13​
8
Jenkins Project--Jenkins OpenId Connect Authentication Plugin
Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.
2024-11-13
8.8
Jenkins Project--Jenkins Pipeline: Declarative Plugin
Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved.​
2024-11-13​
8
Jenkins Project--Jenkins Shared Library Version Override Plugin
Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection.
2024-11-13
8.8
Joshua Wolfe--The Novel Design Store Directory
Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through 4.3.0.​
2024-11-11​
10
kanboard--kanboard
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its path entry in the project_has_files SQLite db. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, can set arbitrary file links, by abusing path traversals. Once the modified db is uploaded and the project page is accessed, a file download can be triggered and all files, readable in the context of the Kanboard application permissions, can be downloaded. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-11-11
9.1
kanboard--kanboard
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting application_language in the settings table. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, has control over the filepath, which is loaded. Exploiting this vulnerability has one constraint: the attacker must be able to place a file (called translations.php) on the system. However, this is not impossible, think of anonymous FTP server or another application that allows uploading files. Once the attacker has placed its file with the actual php code as the payload, the attacker can craft a sqlite db settings, which uses path traversal to point to the directory, where the translations.php file is stored. Then gaining code execution after importing the crafted sqlite.db. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-11-11​
9.1
KCT--Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One
Missing Authorization vulnerability in KCT Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through 2.1.2.
2024-11-14
7.5
Kinetic Innovative Technologies Sdn Bhd--kineticPay for WooCommerce
Unrestricted Upload of File with Dangerous Type vulnerability in Kinetic Innovative Technologies Sdn Bhd kineticPay for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects kineticPay for WooCommerce: from n/a through 2.0.8.​
2024-11-14​
10
Labs64--DigiPass
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Labs64 DigiPass allows Absolute Path Traversal.This issue affects DigiPass: from n/a through 0.3.0.
2024-11-14
7.5
Laravel-Backpack--FileManager
FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.​
2024-11-13​
7.6
laurent22--joplin
Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization of <a> tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution.
2024-11-14
7.7
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This vulnerability can result in the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.​
2024-11-15​
7.5
Made I.T.--Forms
Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through 2.8.0.
2024-11-11
10
Medma Technologies--Matix Popup Builder
Missing Authorization vulnerability in Medma Technologies Matix Popup Builder allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through 1.0.0.​
2024-11-14​
9.8
melapress--WP Activity Log
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page.
2024-11-15
7.2
microsoft -- 365_apps
Microsoft Excel Remote Code Execution Vulnerability​
2024-11-12​
7.8
microsoft -- 365_apps
Microsoft Excel Remote Code Execution Vulnerability
2024-11-12
7.8
microsoft -- 365_apps
Microsoft Excel Remote Code Execution Vulnerability​
2024-11-12​
7.8
microsoft -- 365_apps
Microsoft Excel Remote Code Execution Vulnerability
2024-11-12
7.8
microsoft -- 365_apps
Microsoft Word Security Feature Bypass Vulnerability​
2024-11-12​
7.5
microsoft -- exchange_server
Microsoft Exchange Server Spoofing Vulnerability
2024-11-12
7.5
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability​
2024-11-12​
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability
2024-11-12
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability​
2024-11-12​
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability
2024-11-12
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability​
2024-11-12​
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability
2024-11-12
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability​
2024-11-12​
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability
2024-11-12
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability​
2024-11-12​
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability
2024-11-12
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability​
2024-11-12​
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability
2024-11-12
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability​
2024-11-12​
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability
2024-11-12
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability​
2024-11-12​
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability
2024-11-12
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability​
2024-11-12​
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability
2024-11-12
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability​
2024-11-12​
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability
2024-11-12
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability​
2024-11-12​
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability
2024-11-12
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability​
2024-11-12​
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability
2024-11-12
8.8
microsoft -- sql_server_2016
SQL Server Native Client Remote Code Execution Vulnerability​
2024-11-12​
8.8
microsoft -- sql_server_2016
Microsoft SQL Server Remote Code Execution Vulnerability
2024-11-12
7.8
microsoft -- sql_server_2016
Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability​
2024-11-12​
7.8
microsoft -- windows_10_1507
Windows Telephony Service Remote Code Execution Vulnerability
2024-11-12
8.8
microsoft -- windows_10_1507
Windows Telephony Service Remote Code Execution Vulnerability​
2024-11-12​
8.8
microsoft -- windows_10_1507
Windows Telephony Service Remote Code Execution Vulnerability
2024-11-12
8.8
microsoft -- windows_10_1507
Windows Task Scheduler Elevation of Privilege Vulnerability​
2024-11-12​
8.8
microsoft -- windows_10_1507
Windows NT OS Kernel Elevation of Privilege Vulnerability
2024-11-12
7.8
microsoft -- windows_11_22h2
Microsoft Windows VMSwitch Elevation of Privilege Vulnerability​
2024-11-12​
8.1
Microsoft--airlift.microsoft.com
Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.
2024-11-12
7.3
Microsoft--Azure CycleCloud
Azure CycleCloud Remote Code Execution Vulnerability​
2024-11-12​
9.9
Microsoft--Azure Database for PostgreSQL Flexible Server
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
2024-11-12
7.2
Microsoft--Azure Database for PostgreSQL Flexible Server
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability​
2024-11-12​
7.2
Microsoft--Azure Stack HCI
Azure Stack HCI Elevation of Privilege Vulnerability
2024-11-15
8.8
Microsoft--LightGBM
LightGBM Remote Code Execution Vulnerability​
2024-11-12​
8.1
Microsoft--Microsoft Office LTSC for Mac 2024
Microsoft Excel Remote Code Execution Vulnerability
2024-11-12
7.8
Microsoft--Microsoft Office LTSC for Mac 2024
Microsoft Office Graphics Remote Code Execution Vulnerability​
2024-11-12​
7.8
Microsoft--Microsoft Office LTSC for Mac 2024
Microsoft Office Graphics Remote Code Execution Vulnerability
2024-11-12
7.8
Microsoft--Microsoft PC Manager
Microsoft PC Manager Elevation of Privilege Vulnerability​
2024-11-12​
7.8
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client Remote Code Execution Vulnerability
2024-11-12
8.8
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client Remote Code Execution Vulnerability​
2024-11-12​
8.8
Microsoft--Microsoft SQL Server 2017 (GDR)
SQL Server Native Client Remote Code Execution Vulnerability
2024-11-12
8.8
Microsoft--Microsoft SQL Server 2019 (CU 29)
SQL Server Native Client Remote Code Execution Vulnerability​
2024-11-12​
8.8
Microsoft--Microsoft TorchGeo
TorchGeo Remote Code Execution Vulnerability
2024-11-12
8.1
Microsoft--Microsoft Visual Studio 2022 version 17.6
.NET and Visual Studio Denial of Service Vulnerability​
2024-11-12​
7.5
Microsoft--Microsoft Visual Studio 2022 version 17.8
.NET and Visual Studio Remote Code Execution Vulnerability
2024-11-12
9.8
Microsoft--Python extension for Visual Studio Code
Visual Studio Code Python Extension Remote Code Execution Vulnerability​
2024-11-12​
8.8
Microsoft--Visual Studio Code Remote - SSH Extension
Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
2024-11-12
7.1
Microsoft--Windows 10 Version 1809
Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability​
2024-11-12​
8.8
Microsoft--Windows 10 Version 1809
Windows Telephony Service Remote Code Execution Vulnerability
2024-11-12
8.8
Microsoft--Windows 10 Version 1809
Windows Telephony Service Remote Code Execution Vulnerability​
2024-11-12​
8.8
Microsoft--Windows 10 Version 1809
Windows Telephony Service Remote Code Execution Vulnerability
2024-11-12
8.8
Microsoft--Windows 10 Version 1809
Windows Registry Elevation of Privilege Vulnerability​
2024-11-12​
7.5
Microsoft--Windows 10 Version 1809
Windows Telephony Service Elevation of Privilege Vulnerability
2024-11-12
7.8
Microsoft--Windows 10 Version 1809
Win32k Elevation of Privilege Vulnerability​
2024-11-12​
7.8
Microsoft--Windows 10 Version 1809
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
2024-11-12
7.8
Microsoft--Windows Server 2019
Windows DNS Spoofing Vulnerability​
2024-11-12​
7.5
Microsoft--Windows Server 2019
Active Directory Certificate Services Elevation of Privilege Vulnerability
2024-11-12
7.8
Microsoft--Windows Server 2022
Windows SMBv3 Server Remote Code Execution Vulnerability​
2024-11-12​
8.1
Microsoft--Windows Server 2022
Windows Update Stack Elevation of Privilege Vulnerability
2024-11-12
7.8
Microsoft--Windows Server 2022
Windows Kernel Elevation of Privilege Vulnerability​
2024-11-12​
7.8
Microsoft--Windows Server 2022
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
2024-11-12
7.8
Microsoft--Windows Server 2025
Windows KDC Proxy Remote Code Execution Vulnerability​
2024-11-12​
9.8
Microsoft--Windows Server 2025
Windows DWM Core Library Elevation of Privilege Vulnerability
2024-11-12
7.8
Microsoft--Windows Server 2025
Windows Registry Elevation of Privilege Vulnerability​
2024-11-12​
7.8
Microsoft--Windows Server 2025
Windows SMB Denial of Service Vulnerability
2024-11-12
7.5
Microsoft--Windows Server 2025
Windows Client-Side Caching Elevation of Privilege Vulnerability​
2024-11-12​
7.8
mobisoft974--Relais 2FA
The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rl_do_ajax' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
2024-11-12
9.8
n/a--dom-iterator
All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.​
2024-11-13​
7.3
n/a--Harbor
Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.  The attacker could modify Webhook policies configured in other projects.
2024-11-14
7.7
n/a--Harbor
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.​
2024-11-14​
7.4
n/a--Harbor

Harbor fails to validate the user permissions when updating tag retention policies.Â

By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify
tag retention policies configured in other projects.
2024-11-14
7.7
n/a--Harbor
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database.​
2024-11-14​
7.4
n/a--Intel(R) CIP software
Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access.
2024-11-13
8.2
n/a--Intel(R) DSA
Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
7.3
n/a--Intel(R) EMA software
Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
8.2
n/a--Intel(R) Extension for Transformers software
Path traversal for some Intel(R) Extension for Transformers software before version 1.5 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
7.1
n/a--Intel(R) Graphics Drivers
Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
8.4
n/a--Intel(R) Graphics Drivers
Out-of-bounds write in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
8.4
n/a--Intel(R) Neural Compressor software
Improper neutralization of special elements used in an SQL command ('SQL Injection') in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
2024-11-13
8
n/a--Intel(R) Neural Compressor software
Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.​
2024-11-13​
7.5
n/a--Intel(R) Neural Compressor software
Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
7
n/a--Intel(R) Processors
Protection mechanism failure in the SPP for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
8.8
n/a--Intel(R) processors with Intel(R) ACTM
Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access.
2024-11-13
7.2
n/a--Intel(R) processors with Intel(R) ACTM
Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access.​
2024-11-13​
7.2
n/a--Intel(R) Server Board M10JNP2SB Family
Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access.
2024-11-13
7.5
n/a--Intel(R) Server Board M70KLP
Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access.​
2024-11-13​
7.5
n/a--Intel(R) Server Board S2600BP Family
Improper input validation in UEFI firmware in some Intel(R) Server Board S2600BP Family may allow a privileged user to potentially enable escalation of privilege via local access.
2024-11-13
7.5
n/a--Intel(R) Server Board S2600ST Family BIOS and Firmware Update software
Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access.​
2024-11-13​
8.2
n/a--Intel(R) Server S2600BPBR
Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access.
2024-11-13
7.5
n/a--Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX
Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.​
2024-11-13​
8.8
n/a--Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX
Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.
2024-11-13
7.2
n/a--n/a
A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.​
2024-11-17​
9.8
n/a--n/a
EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities.
2024-11-11
9.8
n/a--n/a
Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via the MMS FileDirResponse message.​
2024-11-15​
9.8
n/a--n/a
Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via the MMS IdentifyResponse message.
2024-11-15
9.8
n/a--n/a
The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component.​
2024-11-11​
9.1
n/a--n/a
The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which allows attackers to construct payloads for attacks.
2024-11-11
9.8
n/a--n/a
A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System v1.0 allows an attacker to execute arbitrary SQL commands via the "searchdata " parameter.​
2024-11-11​
9.8
n/a--n/a
An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.
2024-11-11
9.8
n/a--n/a
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.​
2024-11-11​
9.8
n/a--n/a
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function.
2024-11-12
8
n/a--n/a
A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.​
2024-11-14​
8.8
n/a--n/a
Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote code execution as root via traffic to TCP port 8000 or 8080 on a LAN interface. On other devices, this may be exploitable over a WAN interface.
2024-11-11
8.8
n/a--n/a
The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the com.bluesky.browser.ui.BrowserMainActivity component.​
2024-11-11​
8.1
n/a--n/a
The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component.
2024-11-11
8.1
n/a--n/a
The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component.​
2024-11-11​
8.1
n/a--n/a
UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability.
2024-11-11
8.1
n/a--n/a
A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file.​
2024-11-14​
8.8
n/a--n/a
A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.
2024-11-14
8.8
n/a--n/a
D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.​
2024-11-11​
8
n/a--n/a
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this.
2024-11-11
8.4
n/a--n/a
guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability.​
2024-11-17​
8.1
n/a--n/a
Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Access Control via the diagnostic utility in the router dashboard.​
2024-11-12​
7.3
n/a--n/a
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
2024-11-17
7.7
n/a--n/a
An invalid memory access when handling the ProtocolIE_ID field of E-RAB Release Indication messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.​
2024-11-15​
7.5
n/a--n/a
An invalid memory access when handling the ProtocolIE_ID field of E-RAB NotToBeModifiedBearerModInd information element in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.
2024-11-15
7.5
n/a--n/a
An invalid memory access when handling the ProtocolIE_ID field of E-RAB Modify Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.​
2024-11-15​
7.5
n/a--n/a
An invalid memory access when handling a UE Context Release message containing an invalid UE identifier in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.
2024-11-15
7.5
n/a--n/a
An invalid memory access when handling the ProtocolIE_ID field of E-RAB Setup List Context SURes messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.​
2024-11-15​
7.5
n/a--n/a
An invalid memory access when handling the ENB Configuration Transfer messages containing invalid PLMN Identities in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.
2024-11-15
7.5
n/a--n/a
An invalid memory access when handling the ProtocolIE_ID field of S1Setup Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.​
2024-11-15​
7.5
n/a--n/a
NULL pointer dereference in the MMS Client in MZ Automation LibIEC1850 before commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33 allows a malicious server to Cause a Denial-of-Service via the MMS InitiationResponse message.
2024-11-15
7.5
n/a--n/a
An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local attacker to execute arbitrary code via the WifiAutoInstallDriver.exe and MSASN1.dll components.​
2024-11-15​
7.8
n/a--n/a
An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs) such as the User Plane Function (UPF) and the Session Management Function (SMF), The Packet Data Unit (PDU) session establishment process.
2024-11-12
7.5
n/a--n/a
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.​
2024-11-11​
7.5
n/a--n/a
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
2024-11-11
7.5
n/a--n/a
A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero.​
2024-11-14​
7.4
n/a--PostgreSQL
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
2024-11-14
8.8
NetScaler--NetScaler ADC
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources​
2024-11-12​
8.8
nextcloud--security-advisories
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like [email protected] that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0.
2024-11-15
8.2
nikoarroyocuraza -- online_furniture_shopping_project
A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.​
2024-11-13​
8.8
Nomysoft Informatics--Nomysem
Improper Privilege Management vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users.This issue affects Nomysem: before 13.10.2024.
2024-11-12
7.1
OpenBSD--OpenBSD
In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021,
avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.​
2024-11-15​
9.8
OpenSSL--OpenSSL

Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
memory to be accessed that was previously freed in some situations

Impact summary: A use after free can have a range of potential consequences such
as the corruption of valid data, crashes or execution of arbitrary code.
However, only applications that directly call the SSL_free_buffers function are
affected by this issue. Applications that do not call this function are not
vulnerable. Our investigations indicate that this function is rarely used by
applications.

The SSL_free_buffers function is used to free the internal OpenSSL buffer used
when processing an incoming record from the network. The call is only expected
to succeed if the buffer is not currently in use. However, two scenarios have
been identified where the buffer is freed even when still in use.

The first scenario occurs where a record header has been received from the
network and processed by OpenSSL, but the full record body has not yet arrived.
In this case calling SSL_free_buffers will succeed even though a record has only
been partially processed and the buffer is still in use.

The second scenario occurs where a full record containing application data has
been received and processed by OpenSSL but the application has only read part of
this data. Again a call to SSL_free_buffers will succeed even though the buffer
is still in use.

While these scenarios could occur accidentally during normal operation a
malicious attacker could attempt to engineer a stituation where this occurs.
We are not aware of this issue being actively exploited.

The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
2024-11-13
7.5
Optimal Access Inc.--KBucket
Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access Inc. KBucket allows Upload a Web Shell to a Web Server.This issue affects KBucket: from n/a through 4.1.6.​
2024-11-14​
9.9
parisneo--parisneo/lollms-webui
parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upon rendering, leading to potential credential theft and unauthorized data access. The Open Redirect vulnerability arises from insufficient URL validation within SVG files, enabling attackers to redirect users to malicious websites, thereby exposing them to phishing attacks, malware distribution, and reputation damage. These vulnerabilities are present in the application's functionality to send files to the AI module.
2024-11-14
7.3
Phan An--AJAX Random Posts
Deserialization of Untrusted Data vulnerability in Phan An AJAX Random Posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through 0.3.3.​
2024-11-16​
9.8
Phoenixheart--Referrer Detector
Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector allows Object Injection.This issue affects Referrer Detector: from n/a through 4.2.1.0.
2024-11-16
9.8
Platform.ly--Platform.ly Official
Cross-Site Request Forgery (CSRF) vulnerability in Platform.Ly Platform.Ly Official allows Stored XSS.This issue affects Platform.Ly Official: from n/a through 1.1.3.​
2024-11-14​
7.1
Podlove--Podlove Podcast Publisher
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.15.
2024-11-14
9.1
pressaholic--WordPress Video Robot - The Ultimate Video Importer
The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvr_rate_request_result() function in all versions up to, and including, 1.20.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta on a WordPress site. This can be leveraged to update their capabilities to that of an administrator.​
2024-11-16​
8.8
Progress Software Corporation--Telerik Report Server
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
2024-11-13
7.1
Progress Software--Telerik UI for WinForms
In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability.​
2024-11-13​
7.8
Progress Software--Telerik UI for WPF
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability.
2024-11-13
7.8
Really Simple Plugins--Really Simple Security Pro multisite
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).​
2024-11-15​
9.8
Red Hat--Migration Toolkit for Runtimes 1 on RHEL 8
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.
2024-11-17
7.4
Red Hat--Red Hat Enterprise Linux
A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks.
2024-11-17
7.5
Red Hat--Red Hat Single Sign-On 7
A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.​
2024-11-14​
7.5
redefiningtheweb--PDF Generator Addon for Elementor Page Builder
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
2024-11-16
7.5
revmakx--Backup and Staging by WP Time Capsule
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.​
2024-11-16​
9.8
Richteam--Share Buttons Social Media
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Richteam Share Buttons - Social Media allows Blind SQL Injection.This issue affects Share Buttons - Social Media: from n/a through 1.0.2.
2024-11-11
8.5
Rockwell Automation--Arena Input Analyzer
A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file.​
2024-11-14​
7.3
Rockwell Automation--FactoryTalk Updater
An
authentication bypass vulnerability exists in the affected product. The
vulnerability exists due to shared secrets across accounts and could allow a threat
actor to impersonate a user if the threat actor is able to enumerate additional
information required during authentication.
2024-11-12
9.1
Rockwell Automation--FactoryTalk Updater
A Remote
Code Execution vulnerability exists in the affected product. The vulnerability requires
a high level of permissions and exists due to improper input validation resulting
in the possibility of a malicious Updated Agent being deployed.​
2024-11-12​
8.4
Rockwell Automation--FactoryTalk Updater
A Local Privilege Escalation vulnerability exists in the affected product. The vulnerability requires a local, low privileged threat actor to replace certain files during update and exists due to a failure to perform proper security checks before installation.
2024-11-12
7.3
Rockwell Automation--FactoryTalk View Machine Edition
A remote code execution vulnerability exists in the affected
product. The vulnerability allows users to save projects within the public
directory allowing anyone with local access to modify and/or delete files. Additionally,
a malicious user could potentially leverage this vulnerability to escalate
their privileges by changing the macro to execute arbitrary code.​
2024-11-12​
7.3
Sage AI--Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation
Unrestricted Upload of File with Dangerous Type vulnerability in Sage AI Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation: from n/a through 2.4.9.
2024-11-14
9.9
sap -- host_agent
An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application.​
2024-11-12​
7.1
SAP_SE--SAP Web Dispatcher
An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser (XXS) or transmitted to another server (SSRF) gives the attacker the ability to execute arbitrary code on the server fully compromising confidentiality, integrity and availability.
2024-11-12
8.8
Schneider Electric--EcoStruxure IT Gateway
CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on
the network and potentially impacting connected devices.​
2024-11-13​
9.8
Schneider Electric--Modicon M340 CPU (part numbers BMXP34*)
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could
cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a
crafted Modbus function call to tamper with memory area involved in memory size computation.
2024-11-13
8.1
Schneider Electric--Modicon M340 CPU (part numbers BMXP34*)
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of
confidentiality and integrity of controllers. To be successful, the attacker needs to inject themself inside the
logical network while a valid user uploads or downloads a project file into the controller.​
2024-11-13​
7.5
Schneider Electric--Modicon M340 CPU (part numbers BMXP34*)
CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss
of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the
controller and the engineering workstation while a valid user is establishing a communication session. This
vulnerability is inherent to Diffie Hellman algorithm which does not protect against Man-In-The-Middle attacks.
2024-11-13
7.5
Schneider Electric--PowerLogic PM5320
CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become
unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network.​
2024-11-13​
7.5
Shoaib Rehmat--ZIJ KART
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Shoaib Rehmat ZIJ KART allows PHP Local File Inclusion.This issue affects ZIJ KART: from n/a through 1.1.
2024-11-14
8.1
siemens -- ruggedcom_rm1224_lte\(4g\)_eu_firmware
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate input in configuration fields of the iperf functionality. This could allow an unauthenticated remote attacker to execute arbitrary code on the device.​
2024-11-12​
9.8
siemens -- ruggedcom_rm1224_lte\(4g\)_eu_firmware
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.
2024-11-12
7.2
siemens -- simatic_cp_1543-1_firmware
A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem.​
2024-11-12​
7.5
siemens -- sinec_ins
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device.
2024-11-12
9.9
siemens -- sinec_ins
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS.​
2024-11-12​
9.1
siemens -- sinec_ins
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled.
2024-11-12
8.1
siemens -- siport
A vulnerability has been identified in SIPORT (All versions < V3.4.0). The affected application improperly assigns file permissions to installation folders.

This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges.​
2024-11-12​
7.8
siemens -- solid_edge_se2024
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process.
2024-11-12
7.8
siemens -- solid_edge_se2024
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.​
2024-11-12​
7.8
siemens -- solid_edge_se2024
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system.
2024-11-12
7.3
siemens -- spectrum_power_7
A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3). The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges.​
2024-11-12​
7.8
siemens -- telecontrol_server_basic
A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0) (All versions < V3.1.2.1 with redundancy configured). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges.
2024-11-12
10
Siemens--SIMATIC S7-PLCSIM V16
A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 5), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 8), SIMATIC STEP 7 V18 (All versions < V18 Update 5), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions < V17 Update 8), SIMATIC WinCC Unified V18 (All versions < V18 Update 5), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions < V17 Update 8), SIMATIC WinCC V18 (All versions < V18 Update 5), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions < V17 Update 8), SIMOCODE ES V18 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (All versions < V17 Update 8), SIRIUS Safety ES V18 (All versions), SIRIUS Soft Starter ES V17 (All versions < V17 Update 8), SIRIUS Soft Starter ES V18 (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions < V4.6.0.1), TIA Portal Cloud V18 (All versions < V4.6.1.0). Affected products do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.​
2024-11-12​
7.3
Skpstorm--SK WP Settings Backup
Cross-Site Request Forgery (CSRF) vulnerability in Skpstorm SK WP Settings Backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through 1.0.
2024-11-16
8.8
sodah--LUNA RADIO PLAYER
The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.​
2024-11-13​
7.5
SoftBank Corp.--Mesh Wi-Fi router RP562B
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may execute an arbitrary OS command.
2024-11-12
8
Softpulse Infotech--Picsmize
Unrestricted Upload of File with Dangerous Type vulnerability in Softpulse Infotech Picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through 1.0.0.​
2024-11-14​
10
Sound Research--SECOMN64 Driver
Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities.
2024-11-12
8.8
Stephen Cui--Xin
Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1.​
2024-11-16​
9.8
Subhasis Laha--Gallerio
Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: from n/a through 1.01.
2024-11-16
9.9
sudiptomahato--Blogger 301 Redirect
The Blogger 301 Redirect plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'br' parameter in all versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.​
2024-11-16​
7.5
SUSE--rancher
A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext object inside Rancher. This vulnerability is only applicable to users that deploy clusters in vSphere environments.
2024-11-13
9.1
symfony--symfony
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. This vulnerability is fixed in 5.4.47, 6.4.15, and 7.1.8.​
2024-11-13​
7.5
Synology--BeePhotos
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
2024-11-15
9.8
Team Devexhub--Devexhub Gallery
Unrestricted Upload of File with Dangerous Type vulnerability in Team Devexhub Devexhub Gallery allows Upload a Web Shell to a Web Server.This issue affects Devexhub Gallery: from n/a through 2.0.1.​
2024-11-14​
10
Team HB WEBSOL--HB AUDIO GALLERY
Unrestricted Upload of File with Dangerous Type vulnerability in Team HB WEBSOL HB AUDIO GALLERY allows Upload a Web Shell to a Web Server.This issue affects HB AUDIO GALLERY: from n/a through 3.0.
2024-11-11
10
Team PushAssist--Push Notifications for WordPress by PushAssist
Unrestricted Upload of File with Dangerous Type vulnerability in Team PushAssist Push Notifications for WordPress by PushAssist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through 3.0.8.​
2024-11-16​
9.9
TECNO--com.transsion.phoenix
Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.
2024-11-14
7.5
tenda -- ac10_firmware
A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.​
2024-11-11​
8.8
Tenda--AC10
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2024-11-15
8.8
tendacn -- g3_firmware
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function.​
2024-11-13​
8.8
tendacn -- g3_firmware
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function.
2024-11-13
8.8
tendacn -- g3_firmware
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function.​
2024-11-13​
8.8
timgeyssens -- ui-o-matic
A vulnerability has been found in TimGeyssens UIOMatic 5 and classified as critical. This vulnerability affects unknown code of the file /src/UIOMatic/wwwroot/backoffice/resources/uioMaticObject.r. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-11-12
7.2
tolgee--tolgee-platform
Tolgee is an open-source localization platform. Tolgee 3.81.1 included the all configuration properties in the PublicConfiguratioDTO publicly exposed to users. This vulnerability is fixed in v3.81.2.​
2024-11-12​
9.8
TP-Link--VN020 F3v(T)
A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2024-11-15
7.5
tripetto--WordPress form builder plugin for contact forms, surveys and quizzes Tripetto
The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the file.​
2024-11-15​
7.2
uiuxlab--Uix Slideshow
The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
2024-11-16
7.3
UjW0L--Image Classify
Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify allows Upload a Web Shell to a Web Server.This issue affects Image Classify: from n/a through 1.0.0.​
2024-11-11​
10
Unknown--Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
2024-11-14
8.6
Unknown--WooCommerce Upload Files
The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.​
2024-11-13​
9.8
VaeMendis--VaeMendis Ubooquity version 2.1.2
VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2024-11-14
7.5
VaeMendis--VaeMendis Ubooquity version 2.1.2
VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor​
2024-11-14​
7.5
vanquish--WordPress User Extra Fields
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
2024-11-13
9.8
vanquish--WordPress User Extra Fields
The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to add custom fields that can be updated and then use the check_and_overwrite_wp_or_woocommerce_fields function to update the wp_capabilities field to have administrator privileges.​
2024-11-13​
8.8
vice -- webopac
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
2024-11-11
9.8
webfulcreations -- computer_repair_shop
Unrestricted Upload of File with Dangerous Type vulnerability in Webful Creations Computer Repair Shop allows Upload a Web Shell to a Web Server.This issue affects Computer Repair Shop: from n/a through 3.8115.​
2024-11-11​
9.8
WebTechGlobal--Easy CSV Importer BETA
Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through 7.0.0.
2024-11-14
10
wedevs--WP Project Manager Task, team, and project management plugin featuring kanban board and gantt charts
The WP Project Manager - Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permission' class due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to spoof their identity to that of an administrator and access all of the plugins REST routes.​
2024-11-13​
7.3
Wibergs Web--CSV to html
Unrestricted Upload of File with Dangerous Type vulnerability in Wibergs Web CSV to html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through 3.04.
2024-11-16
9.9
wpdevteam--Essential Addons for Elementor Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor - Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including usernames and passwords of any user, including Administrators, as long as that user opens the email notification for a password change request and images are not blocked by the email client.​
2024-11-15​
8
WPExperts--User Management
Unrestricted Upload of File with Dangerous Type vulnerability in WPExperts User Management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through 1.1.
2024-11-16
9.9
wpvividplugins--Migration, Backup, Staging WPvivid Backup & Migration
The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must create a staging site to trigger the exploit.​
2024-11-14​
8.8
wpxpo--Post Grid Gutenberg Blocks and WordPress Blog Plugin PostX
The Post Grid Gutenberg Blocks and WordPress Blog Plugin - PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up to, and including, 4.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
2024-11-16
8.8
xwikisas--macro-pdfviewer
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.​
2024-11-13​
9
xwikisas--macro-pdfviewer
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs to provide the reference to a PDF file to the macro. To obtain the reference of the desired attachment, the attacker can access the Page Index, Attachments tab. Even if the UI shows N/A, the user can inspect the page and check the HTTP request that fetches the live data entries. The attachment URL is available in the returned JSON for all attachments, including protected ones and allows getting the necessary values. This vulnerability is fixed in version 2.5.6.
2024-11-13
7.5
xwikisas--macro-pdfviewer
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. This is fixed in 2.5.6.​
2024-11-13​
7.5
zephyrproject-rtos--Zephyr
When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.
2024-11-15
9.3



Back to top





Medium Vulnerabilities

Showing 428 of 428 total entries
Primary
Vendor
-- Product
Description
Published
CVSS Score
Source Info
--Lingdang CRM
A vulnerability classified as critical was found in ä¸æµ·çµå½ä¿¡æ¯ç§ææéå¬å¸ Lingdang CRM up to 8.6.4.3. Affected by this vulnerability is an unknown functionality of the file /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-11-12
6.3
--Lingdang CRM
A vulnerability, which was classified as critical, has been found in ä¸æµ·çµå½ä¿¡æ¯ç§ææéå¬å¸ Lingdang CRM up to 8.6.4.3. Affected by this issue is some unknown functionality of the file /crm/wechatSession/index.php?msgid=1&operation=upload. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.​
2024-11-12​
6.3
--Lingdang CRM
A vulnerability, which was classified as problematic, was found in ä¸æµ·çµå½ä¿¡æ¯ç§ææéå¬å¸ Lingdang CRM up to 8.6.4.3. This affects an unknown part of the file /crm/data/pdf.php. The manipulation of the argument url with the input ../config.inc.php leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-11-12
4.3
1000 Projects--Beauty Parlour Management System
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.​
2024-11-12​
4.7
10up--Simple Local Avatars
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the sla_clear_user_cache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear user caches.
2024-11-16
4.3
aaron13100--404 Solution
The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated attackers to extract sensitive data such as redirects including GET parameters which may reveal sensitive information.​
2024-11-16​
5.3
Abdullah--Extender All In One For Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Extender All In One For Elementor allows Stored XSS.This issue affects Extender All In One For Elementor: from n/a through 1.0.3.
2024-11-11
6.5
adobe -- after_effects
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
5.5
adobe -- after_effects
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
5.5
adobe -- after_effects
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
5.5
adobe -- audition
Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
5.5
adobe -- bridge
Bridge versions 13.0.9, 14.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
5.5
adobe -- bridge
Bridge versions 13.0.9, 14.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
5.5
adobe -- illustrator
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
5.5
adobe -- illustrator
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
5.5
adobe -- illustrator
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
5.5
adobe -- illustrator
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
5.5
adobe -- illustrator
Illustrator versions 28.7.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
5.5
adobe -- indesign
InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
5.5
adobe -- indesign
InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
5.5
adobe -- indesign
InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
5.5
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
5.5
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
5.5
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
5.5
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak. This vulnerability allows an attacker to write a controlled value at a controlled memory location, which could result in the disclosure of sensitive memory content. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
5.5
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
5.5
adobe -- substance_3d_painter
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-12
5.5
Adobe--Animate
Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2024-11-12​
5.5
Adobe--Audition
Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-11-15
5.5
airties -- air4443_firmware

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).This issue affects Air4443 Firmware: through 14102024.

NOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support.
2024-11-13​
6.1
amd -- ryzen_ai_software
Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash.
2024-11-12
5.5
AMI--AptioV
APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability.​
2024-11-12​
6.3
AMI--AptioV
APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and impact Integrity.
2024-11-12
4.8
AMI--AptioV
An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.​
2024-11-12​
4.3
ampache -- ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-11-11
5.4
ampache -- ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-11-11​
5.4
andsonsdesign -- wp-contest
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SONS Creative Development WP Contest allows SQL Injection.This issue affects WP Contest: from n/a through 1.0.0.
2024-11-11
6.5
anisha -- jonnys_liquor
A Reflected cross-site scripting (XSS) vulnerability in browse.php of Code-projects Jonnys Liquor 1.0 allows remote attackers to inject arbitrary web scripts or HTML via the search parameter.​
2024-11-13​
6.1
Apereo--CAS
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-11-14
6.3
Apereo--CAS
A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.​
2024-11-14​
4.3
augustinfotech--SVG Case Study
The SVG Case Study plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-11-16
6.4
ays-pro--Popup Box Create Countdown, Coupon, Video, Contact Form Popups
The Popup Box - Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including, 4.9.7. This makes it possible for unauthenticated attackers to update the 'ays_pb_upgrade_plugin' option with arbitrary data.​
2024-11-16​
5.3
bilbud--404 Error Monitor
The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings() function. This makes it possible for unauthenticated attackers to make changes to plugin settings and clear up all the error logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2024-11-16
5.3
BlackBerry--SecuSUITE
A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code running under one of the system accounts listed in the configuration file to potentially issue privileged script commands.​
2024-11-12​
6.4
BlackBerry--SecuSUITE
An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim's account and telephone number.
2024-11-12
4.8
Brocade--Fabric OS
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin.​
2024-11-12​
4.8
bu -- bu_slideshow
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boston University (IS&T) BU Slideshow allows Stored XSS.This issue affects BU Slideshow: from n/a through 2.3.10.
2024-11-11
5.4
Business Directory Team by RadiusTheme--Classified Listing
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Business Directory Team by RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through 3.1.15.1.​
2024-11-16​
5.3
chatwoot--chatwoot/chatwoot
A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token.
2024-11-15
6.8
Cisco--Cisco Analog Telephone Adaptor (ATA) Software
A vulnerability in the Cisco&nbsp;Discovery Protocol functionality of Cisco&nbsp;ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to an out-of-bounds read when processing Cisco&nbsp;Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco&nbsp;Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a service restart.Cisco&nbsp;has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.​
2024-11-15​
5.3
Cisco--Cisco BroadWorks
A vulnerability in the web management interface of Cisco&nbsp;BroadWorks Hosted Thin Receptionist could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2024-11-15
5.4
Cisco--Cisco Catalyst SD-WAN Manager
A vulnerability in the web-based management interface of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system.
This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to bypass authorization checking and gain access to sensitive information on the affected system.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.​
2024-11-15​
6.4
Cisco--Cisco Catalyst SD-WAN Manager
A vulnerability in the web UI of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system.
This vulnerability is due to improper handling of XML External Entity (XXE) entries when the affected software parses certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2024-11-15
6.4
Cisco--Cisco Catalyst SD-WAN Manager
A vulnerability in the web UI of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service (DoS) condition.
This vulnerability is due to improper input validation of user-supplied input to the device template configuration. An attacker could exploit this vulnerability by submitting crafted input to the device template configuration. A successful exploit could allow the attacker to cause a DoS condition on the affected system.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.​
2024-11-15​
6.5
Cisco--Cisco Catalyst SD-WAN Manager
A vulnerability in Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system.
This vulnerability exists because the affected software has insufficient input validation for certain commands. An attacker could exploit this vulnerability by sending crafted requests to the affected commands of an affected system. A successful exploit could allow the attacker to bypass authorization checking and gain restricted access to the configuration data of the affected system.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2024-11-15
5
Cisco--Cisco Catalyst SD-WAN Manager
A vulnerability in the vDaemon service of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a&nbsp;denial of service (DoS) condition.
The vulnerability is due to incomplete bounds checks for data that is provided to the vDaemon service of an affected system. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on the affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could allow the attacker to cause the vDaemon listening service to reload and result in a DoS condition.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.​
2024-11-15​
5.4
Cisco--Cisco Catalyst SD-WAN Manager
A vulnerability in the web-based management interface of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the vManage database or the underlying operating system.Cisco&nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
2024-11-15
4.9
Cisco--Cisco Catalyst SD-WAN Manager
A vulnerability in the web-based management interface of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system.
This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.​
2024-11-15​
4.3
Cisco--Cisco Enterprise Chat and Email
A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.
The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious script code in a chat window. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2024-11-15
6.1
Cisco--Cisco Enterprise Chat and Email
A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.
The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.​
2024-11-15​
6.1
Cisco--Cisco Enterprise Chat and Email
A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device.

This vulnerability is due to differences in authentication responses that are sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to an affected device. A successful exploit could allow the attacker to confirm existing user accounts, which could be used in further attacks.
Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2024-11-15
5.3
Cisco--Cisco Enterprise Chat and Email
A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page.
This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect and is used in phishing attacks that get users to unknowingly visit malicious sites.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.​
2024-11-15​
4.7
Cisco--Cisco Evolved Programmable Network Manager (EPNM)
A vulnerability in the web-based management interface of Cisco&nbsp;PI and Cisco&nbsp;EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the system.

This vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to write arbitrary files to the host system.
Cisco&nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
2024-11-15
6.5
Cisco--Cisco Evolved Programmable Network Manager (EPNM)
A vulnerability in the web-based management interface of Cisco&nbsp;PI and Cisco&nbsp;EPNM could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco&nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.​
2024-11-15​
6.1
Cisco--Cisco Firepower Management Center
A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device.
This vulnerability is due to lack of proper encryption of sensitive information stored within the GUI configuration manager. An attacker could exploit this vulnerability by logging into the FMC GUI and navigating to certain sensitive configurations. A successful exploit could allow the attacker to view sensitive configuration parameters in clear text.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.[[Publication_URL{Layout()}]]This advisory is part of the October 2021 release of the Cisco&nbsp;ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see .
2024-11-15
4.3
Cisco--Cisco Firepower Management Center
A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device.
This vulnerability exists because of improper encryption of sensitive information stored within the GUI configuration manager. An attacker could exploit this vulnerability by logging into the GUI of Cisco FMC Software and navigating to certain sensitive configurations. A successful exploit could allow the attacker to view sensitive configuration parameters in clear text.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.[[Publication_URL{Layout()}]]This advisory is part of the October 2021 release of the Cisco&nbsp;ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see .&nbsp;​
2024-11-15​
4.3
Cisco--Cisco Firepower Threat Defense Software
A vulnerability in the CLI of Cisco&nbsp;FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device.&nbsp;

This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute commands with root privileges on the underlying operating system.
Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2024-11-15
6.7
Cisco--Cisco Firepower Threat Defense Software
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP.
The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.​
2024-11-15​
5.8
Cisco--Cisco Firepower Threat Defense Software
A vulnerability in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic.

This vulnerability is due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit this vulnerability by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should trigger and drop for the ENIP packet.
2024-11-15
5.8
Cisco--Cisco Industrial Network Director
A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data.

This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the application data directory. A successful exploit could allow the attacker to view sensitive information.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.&nbsp;​
2024-11-15​
5.5
Cisco--Cisco IOS XE Catalyst SD-WAN
A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic.&nbsp;

This vulnerability exists because Cisco IOS Software and Cisco IOS XE Software do not support extended IPv4 ACLs for SNMP, but they do allow administrators to configure extended named IPv4 ACLs that are attached to the SNMP server configuration without a warning message. This can result in no ACL being applied to the SNMP listening process. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP operations that should be denied. The attacker has no control of the SNMP ACL configuration and would still need a valid SNMP version 2c (SNMPv2c) community string or SNMP version 3 (SNMPv3) user credentials.
SNMP with IPv6 ACL configurations is not affected.
For more information, see the section of this advisory.
2024-11-15
5.3
Cisco--Cisco IOS XR Software
A vulnerability in the TL1 function of Cisco&nbsp;Network Convergence System (NCS) 4000 Series could allow an authenticated, local attacker to cause a memory leak in the TL1 process.
This vulnerability is due to TL1 not freeing memory under some conditions. An attacker could exploit this vulnerability by connecting to the device and issuing TL1 commands after being authenticated. A successful exploit could allow the attacker to cause the TL1 process to consume large amounts of memory. When the memory reaches a threshold, the Resource Monitor (Resmon)&nbsp;process will begin to restart or shutdown the top five consumers of memory, resulting in a denial of service (DoS).Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco&nbsp;IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see .​
2024-11-15​
6
Cisco--Cisco IOS XR Software
A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco&nbsp;IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continually crash.
This vulnerability exists because the PPPoE feature does not properly handle an error condition within a specific crafted packet sequence. An attacker could exploit this vulnerability by sending a sequence of specific PPPoE packets from controlled customer premises equipment (CPE). A successful exploit could allow the attacker to cause the PPPoE process to continually restart, resulting in a denial of service condition (DoS).Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco&nbsp;IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see .
2024-11-15
6.1
Cisco--Cisco IOS XR Software
A vulnerability in the Cisco&nbsp;Discovery Protocol implementation for Cisco&nbsp;IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco&nbsp;Discovery Protocol process to reload on an affected device.
This vulnerability is due to a heap buffer overflow in certain Cisco&nbsp;Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco&nbsp;Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow, which could cause the Cisco&nbsp;Discovery Protocol process to reload on the device. The bytes that can be written in the buffer overflow are restricted, which limits remote code execution.Note: Cisco&nbsp;Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). &nbsp;Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco&nbsp;IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see .​
2024-11-15​
4.3
Cisco--Cisco Prime Access Registrar
A vulnerability in the web-based management interface of Cisco&nbsp;Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The attacker would require valid credentials for the device.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2024-11-15
5.5
Cisco--Cisco Prime Collaboration Deployment
A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface.

This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Cisco plans to release software updates that address this vulnerability. There are no workarounds that address this vulnerability.​
2024-11-15​
6.1
Cisco--Cisco Redundancy Configuration Manager
A vulnerability in a debug function for Cisco&nbsp;RCM for Cisco&nbsp;StarOS Software could allow an unauthenticated, remote attacker to perform debug actions that could result in the disclosure of confidential information that should be restricted.
This vulnerability exists because of a debug service that incorrectly listens to and accepts incoming connections. An attacker could exploit this vulnerability by connecting to the debug port and executing debug commands. A successful exploit could allow the attacker to view sensitive debugging information.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2024-11-15
5.3
Cisco--Cisco RoomOS Software
A vulnerability in pairing process of Cisco&nbsp;TelePresence CE Software and RoomOS Software for Cisco&nbsp;Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device.
This vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability.​
2024-11-15​
6.8
Cisco--Cisco RoomOS Software
A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device.

This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root.
Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2024-11-15
6.7
Cisco--Cisco RoomOS Software
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.

These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.
Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.​
2024-11-15​
4.4
Cisco--Cisco RoomOS Software
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.

These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.
Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
2024-11-15
4.4
Cisco--Cisco RoomOS Software
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.

These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.
Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.​
2024-11-15​
4.4
Cisco--Cisco RoomOS Software
A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device.

This vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read that discloses sensitive information.
Note: This vulnerability only affects Cisco Webex Desk Hub.
There are no workarounds that address this vulnerability.
2024-11-15
4.3
Cisco--Cisco Secure Network Analytics
A vulnerability in the web-based management interface of Cisco&nbsp;Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Attention: Simplifying the Cisco&nbsp;portfolio includes the renaming of security products under one brand: Cisco&nbsp;Secure. For more information, see .​
2024-11-15​
6.1
Cisco--Cisco Secure Web Appliance
A vulnerability in the web management interface of Cisco&nbsp;AsyncOS for Cisco&nbsp;Secure Web Appliance, formerly Cisco&nbsp;Web Security Appliance (WSA),&nbsp;could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root.
This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least read-only credentials.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Attention: Simplifying the Cisco&nbsp;portfolio includes the renaming of security products under one brand: Cisco&nbsp;Secure. For more information, see .
2024-11-15
6.3
Cisco--Cisco Secure Workload
A vulnerability in the web-based management interface and in the API subsystem of Cisco&nbsp;Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted HTTP message to the affected system. A successful exploit could allow the attacker to execute commands with root-level privileges. To exploit this vulnerability, an attacker would need valid administrator-level credentials.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.​
2024-11-15​
6.5
Cisco--Cisco Smart Software Manager On-Prem
A vulnerability in the web-based management interface of Cisco&nbsp;Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system.
This vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2024-11-15
4.3
Cisco--Cisco TelePresence Endpoint Software (TC/CE)
A vulnerability in the version control of Cisco&nbsp;TelePresence CE Software for Cisco&nbsp;Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device.
This vulnerability is due to insufficient version control. An attacker could exploit this vulnerability by installing an older version of Cisco&nbsp;TelePresence CE Software on an affected device. A successful exploit could allow the attacker to take advantage of vulnerabilities in older versions of the software.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.​
2024-11-15​
6.5
Cisco--Cisco TelePresence Endpoint Software (TC/CE)
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.

This vulnerability is due to improper access controls on files that are on the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit this vulnerability, an attacker would need to have a remote support user account.
Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2024-11-15
5.1
Cisco--Cisco Webex Meetings
A vulnerability in the web-based interface of Cisco&nbsp;Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based interface of Cisco&nbsp;Webex Meetings. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.​
2024-11-15​
6.1
cmanon--WP-Strava
The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
2024-11-13
6.1
code-projects--Farmacia
A vulnerability classified as critical was found in code-projects Farmacia 1.0. This vulnerability affects unknown code of the file /editar-cliente.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.​
2024-11-15​
6.3
code-projects--Farmacia
A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /editar-produto.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-11-15
6.3
code-projects--Inventory Management
A vulnerability was found in code-projects Inventory Management up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /model/editProduct.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.​
2024-11-15​
6.3
code-projects--Online Shop Store
A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input <svg%20onload=alert(document.cookie)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2024-11-15
4.3
code-projects--Task Manager
A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0. This affects an unknown part of the file /newProject.php. The manipulation of the argument projectName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.​
2024-11-12​
6.3
coolplugins -- web_stories_widgets_for_elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Web Stories Widgets For Elementor allows Stored XSS.This issue affects Web Stories Widgets For Elementor: from n/a through 1.1.
2024-11-11
5.4
crm2go -- crm2go
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CRM 2go allows DOM-Based XSS.This issue affects CRM 2go: from n/a through 1.0.​
2024-11-11​
5.4
cscode--EleForms All In One Form Integration including DB for Elementor
The EleForms - All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to missing or incorrect nonce validation when deleting form submissions. This makes it possible for unauthenticated attackers to delete form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2024-11-16
4.3
cyberchimps -- responsive_addons_for_elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cyberchimps Responsive Addons for Elementor allows DOM-Based XSS.This issue affects Responsive Addons for Elementor: from n/a through 1.5.4.​
2024-11-11​
5.4
dhoppe--Gallery Manager
The Gallery Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_Query_Arg without appropriate escaping on the URL in all versions up to, and including, 1.6.58. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-11-16
6.1
duongancol--Boostify Header Footer Builder for Elementor
The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to.​
2024-11-13​
4.3
EasyPHP--EasyPHP web server
Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only consecutive strings '/...%5c'.
2024-11-14
6.5
egolacrima--Hide Links
The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to do_shortcode being hooked through the comment_text filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site.​
2024-11-13​
5.3
ehues -- gboy_custom_google_map
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ehues Gboy Custom Google Map allows Blind SQL Injection.This issue affects Gboy Custom Google Map: from n/a through 1.2.
2024-11-11
6.5
element-hq--element-web
Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85.​
2024-11-12​
5
engelen--BulkPress
The BulkPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.3.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-11-16
6.1
erzhongxmu--Jeewms
A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well.​
2024-11-15​
6.3
fbtopcn--(Fat Rat Collect) ,
The ????(Fat Rat Collect) ????????????????, ??????????????????????????? plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to missing escaping on a URL in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-11-13
6.1
fortinet -- forticlient
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process.​
2024-11-12​
6.7
fortinet -- fortiweb
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.
2024-11-12
4.4
Fortinet--FortiAnalyzer
Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.​
2024-11-12​
6.7
Fortinet--FortiAnalyzer
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.
2024-11-12
5.1
Fortinet--FortiAnalyzer
A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests​
2024-11-12​
5.6
Fortinet--FortiManager
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests.
2024-11-12
6.7
Fortinet--FortiManager
A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets.​
2024-11-12​
5.3
Fortinet--FortiManager
An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.
2024-11-12
4.1
Fortinet--FortiManager
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests.​
2024-11-12​
4.9
Fortinet--FortiOS
An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests.
2024-11-12
4.3
Fortinet--FortiPortal
An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests.​
2024-11-12​
5.4
Fortra--Digital Guardian Agent
A security bypass vulnerability exists in the Removable Media Encryption (RME)component of Digital Guardian Windows Agents prior to version 8.2.0. This allows a user to circumvent encryption controls by modifying metadata on the USB device thereby compromising the confidentiality of the stored data.
2024-11-15
4.3
futuriowp -- futurio_extra
The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to.​
2024-11-12​
4.3
get-simple -- getsimplecms
A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-11-12
4.3
getumbrel--umbrel
Umbrel is a home server OS for self-hosting. The login functionality of Umbrel before version 1.2.2 contains a reflected cross-site scripting (XSS) vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the vulnerability. If a JavaScript URL is passed to the redirect parameter the attacker provided JavaScript will be executed after the user entered their password and clicked on login. This vulnerability is fixed in 1.2.2.​
2024-11-13​
5.4
GitLab--GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow.
2024-11-14
6.8
GitLab--GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL.​
2024-11-14​
6.1
GitLab--GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled.
2024-11-14
5.4
glpi-project--glpi
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17.​
2024-11-15​
6.5
glpi-project--glpi
GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17.
2024-11-15
6.5
glpi-project--glpi
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Software form. Upgrade to 10.0.17.​
2024-11-15​
6.5
glpi-project--glpi
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17.
2024-11-15
6.5
glpi-project--glpi
GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17.​
2024-11-15​
6.5
glpi-project--glpi
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the reports pages. Upgrade to 10.0.17.
2024-11-15
6.5
glpi-project--glpi
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Cable form. Upgrade to 10.0.17.​
2024-11-15​
6.5
glpi-project--glpi
GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16.
2024-11-15
5.3
glpi-project--glpi
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another user account and use a malicious payload to triggger a stored XSS. Upgrade to 10.0.17.​
2024-11-15​
5.7
Google--Android
In readEncryptedData of ConscryptEngine.java, there is a possible plaintext leak due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
2024-11-15
6.2
Google--Android
In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-11-13​
6.2
Google--Android
In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
2024-11-13
6.2
Google--Android
In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.​
2024-11-13​
5.5
Google--Android
In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
2024-11-13
5.5
Google--Android
In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.​
2024-11-13​
5
Google--Chrome
Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
2024-11-12
6.5
Google--Chrome
Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)​
2024-11-12​
4.3
Google--Chrome
Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
2024-11-12
4.3
Google--Chrome
Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low)​
2024-11-12​
4.3
goToMain--libosdp
libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. At ospd_common.c, on the osdp_reply_name function, any reply id between REPLY_ACK and REPLY_XRD is valid, but names array do not declare all of the range. On a case of an undefined reply id within the range, name will be null (name = names[reply_id - REPLY_ACK];). Null name will casue a crash on next line: if (name[0] == '\0') as null[0] is invalid. As this logic is not limited to a secure connection, attacker may trigger this vulnerability without any prior knowledge. This issue is fixed in 2.4.0.
2024-11-12
6.5
goToMain--libosdp
libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. In affected versions an unexpected REPLY_CCRYPT or REPLY_RMAC_I may be introduced into an active stream when they should not be. Once RMAC_I message can be sent during a session, attacker with MITM access to the communication may intercept the original RMAC_I reply and save it. While the session continues, the attacker will record all of the replies and save them, till capturing the message to be replied (can be detected by ID, length or time based on inspection of visual activity next to the reader) Once attacker captures a session with the message to be replayed, he stops resetting the connection and waits for signal to perform the replay to of the PD to CP message (ex: by signaling remotely to the MIMT device or setting a specific timing). In order to replay, the attacker will craft a specific RMAC_I message in the proper seq of the execution, which will result in reverting the RMAC to the beginning of the session. At that phase - attacker can replay all the messages from the beginning of the session. This issue has been addressed in commit 298576d9 which is included in release version 3.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
2024-11-11​
5.1
gpac--gpac/gpac
A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash.
2024-11-15
5.9
Grand Vice info--Webopac
Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser.​
2024-11-11​
5.4
Grand Vice info--Webopac7
Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques.
2024-11-11
6.1
hashthemes--Hash Elements
The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that should not be accessible to unauthenticated users.​
2024-11-13​
5.3
HCL Software--HCL Traveler for Microsoft Outlook (HTMO)
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability. The application does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.
2024-11-12
5.3
hyumika -- openstreetmap
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hyumika OSM - OpenStreetMap allows Stored XSS.This issue affects OSM - OpenStreetMap: from n/a through 6.1.2.​
2024-11-11​
5.4
ibm -- security_qradar_edr
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2024-11-14
5.3
ibm -- security_qradar_edr
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.​
2024-11-14​
4.8
IBM--Concert Software
IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2024-11-15
6.1
IBM--Concert Software
IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.​
2024-11-15​
5.9
IBM--Maximo Asset Management
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2024-11-11
6.4
IBM--WebSphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.​
2024-11-11​
4.8
ivanti -- connect_secure
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
2024-11-12
4.9
ivanti -- connect_secure
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.​
2024-11-12​
4.9
ivanti -- secure_access_client
A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.
2024-11-13
4.7
Ivanti--Secure Access Client
A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.​
2024-11-12​
5
ivole--Customer Reviews for WooCommerce
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, 5.61.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel and import or check on the status.
2024-11-16
4.3
Jenkins Project--Jenkins Script Security Plugin
Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system.​
2024-11-13​
4.3
JetBrains--WebStorm
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script
2024-11-15
6.3
jetmonsters--JetWidgets For Elementor
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.​
2024-11-12​
6.4
Jinher Network--Collaborative Management Platform
A vulnerability classified as critical has been found in Jinher Network Collaborative Management Platform éåæ°ååæºè½åå¬å¹³å° 1.0. Affected is an unknown function of the file /C6/JHSoft.Web.AcceptAip/AcceptShow.aspx/. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2024-11-11
6.3
johndarrel--Hide My WP Ghost Security & Firewall
The Hide My WP Ghost - Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.​
2024-11-15​
6.1
jorisderuiter--ConvertCalculator for WordPress
The ConvertCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'type' parameters in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-11-16
6.4
kaminskym--AJAX Login and Registration modal popup + inline form
The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.24. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-11-13​
6.1
kasperta--Bounce Handler MailPoet 3
The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-11-16
6.1
kimberlynorris--Social Proof (Testimonial) Slider
The Social Proof (Testimonial) Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spslider-block shortcode in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-11-13​
6.4
kognetiks -- kognetiks_chatbot
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-11-13
6.1
kognetiks -- kognetiks_chatbot
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete GTP assistants.​
2024-11-13​
5.3
kognetiks -- kognetiks_chatbot
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new GTP assistants.
2024-11-13
4.3
kognetiks -- kognetiks_chatbot
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to update GTP assistants.​
2024-11-13​
4.3
kognetiks -- kognetiks_chatbot
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the update_assistant, add_new_assistant, and delete_assistant functions. This makes it possible for unauthenticated attackers to modify assistants via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2024-11-13
4.3
Landray--EKP
A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.​
2024-11-15​
6.5
Landray--EKP
A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument folder leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-11-15
5.4
leevio -- happy_addons_for_elementor
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget in all versions up to, and including, 3.12.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-11-12​
5.4
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the ExamplePlugin enable, if java script code is inside the device's Notes, its will be trigger. This vulnerability is fixed in 24.10.0.
2024-11-15
4.8
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Manage User Access" page allows authenticated users to inject arbitrary JavaScript through the "bill_name" parameter when creating a new bill. This vulnerability can lead to the execution of malicious code when visiting the "Bill Access" dropdown in the user's "Manage Access" page, potentially compromising user sessions and allowing unauthorized actions. This vulnerability is fixed in 24.10.0.​
2024-11-15​
4.8
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This vulnerability results in the execution of malicious code when the "Capture Debug Information" page is visited, redirecting the user and sending non-httponly cookies to an attacker-controlled domain. This vulnerability is fixed in 24.10.0.
2024-11-15
4.8
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results in the execution of malicious code when the "Port Settings" page is visited after the affected Port Group is added to a device, potentially compromising user sessions and allowing unauthorized actions. This vulnerability is fixed in 24.10.0.​
2024-11-15​
4.8
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious "section" parameter, potentially compromising their session and enabling unauthorized actions. The issue arises from a lack of sanitization in the "report_this()" function. This vulnerability is fixed in 24.10.0.
2024-11-15
4.8
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.​
2024-11-15​
4.8
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input in the device Display Name, if java script code is inside the name of the device Display Name, its can be trigger from different sources. This vulnerability is fixed in 24.10.0.
2024-11-15
4.8
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when editing a device's port settings. This vulnerability can lead to the execution of malicious code when the "Port Settings" page is visited, potentially compromising the user's session and allowing unauthorized actions. This vulnerability is fixed in 24.10.0.​
2024-11-15​
4.8
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwrite_ip" parameter when editing a device. This vulnerability results in the execution of malicious code when the device overview page is visited, potentially compromising the accounts of other users. This vulnerability is fixed in 24.10.0.
2024-11-15
4.8
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability in the "metric" parameter of the "/wireless" and "/health" endpoints allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious "metric" parameter, potentially compromising their session and allowing unauthorized actions. This vulnerability is fixed in 24.10.0.​
2024-11-15​
4.8
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.
2024-11-15
4.8
librenms--librenms
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.​
2024-11-15​
4.8
linux -- linux_kernel

In the Linux kernel, the following vulnerability has been resolved:

fork: only invoke khugepaged, ksm hooks if no error

There is no reason to invoke these hooks early against an mm that is in an
incomplete state.

The change in commit d24062914837 ("fork: use __mt_dup() to duplicate
maple tree in dup_mmap()") makes this more pertinent as we may be in a
state where entries in the maple tree are not yet consistent.

Their placement early in dup_mmap() only appears to have been meaningful
for early error checking, and since functionally it'd require a very small
allocation to fail (in practice 'too small to fail') that'd only occur in
the most dire circumstances, meaning the fork would fail or be OOM'd in
any case.

Since both khugepaged and KSM tracking are there to provide optimisations
to memory performance rather than critical functionality, it doesn't
really matter all that much if, under such dire memory pressure, we fail
to register an mm with these.

As a result, we follow the example of commit d2081b2bf819 ("mm:
khugepaged: make khugepaged_enter() void function") and make ksm_fork() a
void function also.

We only expose the mm to these functions once we are done with them and
only if no error occurred in the fork operation.
2024-11-11
5.5
lqd -- liquid_blocks
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LIQUID DESIGN Ltd. LIQUID BLOCKS allows Stored XSS.This issue affects LIQUID BLOCKS: from n/a through 1.2.0.​
2024-11-11​
5.4
lsquared -- l_squared_hub
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in L Squared Support L Squared Hub WP allows SQL Injection.This issue affects L Squared Hub WP: from n/a through 1.0.
2024-11-11
6.5
mailmunch--Constant Contact Forms by MailMunch
The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-11-13​
6.1
mapster--Mapster WP Maps
The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-11-16
6.4
MasterBip--MasterBip para Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MasterBip MasterBip para Elementor allows DOM-Based XSS.This issue affects MasterBip para Elementor: from n/a through 1.6.3.​
2024-11-11​
6.5
matrix-org--matrix-appservice-irc
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in matrix-appservice-irc version 3.0.3.
2024-11-14
5.4
Matthew Lillistone--ML Responsive Audio player with playlist Shortcode
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Matthew Lillistone ML Responsive Audio player with playlist Shortcode allows Stored XSS.This issue affects ML Responsive Audio player with playlist Shortcode: from n/a through 0.2.​
2024-11-11​
6.5
maxwellberkel--WP Log Viewer
The WP Log Viewer plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access logs, update plugin-related user settings and general plugin settings.
2024-11-16
5.4
mendix -- mendix
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.15 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The basic authentication implementation of affected applications contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures.​
2024-11-12​
4.8
michelwppi--xili-tidy-tags
The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-11-12
6.1
microsoft -- visual_studio_2022
Visual Studio Elevation of Privilege Vulnerability​
2024-11-12​
6.7
microsoft -- windows_10_1507
NTLM Hash Disclosure Spoofing Vulnerability
2024-11-12
6.5
Microsoft--Microsoft Edge (Chromium-based)
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability​
2024-11-14​
5.4
Microsoft--Windows 10 Version 1809
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
2024-11-12
6.8
Microsoft--Windows 10 Version 1809
Windows USB Video Class System Driver Elevation of Privilege Vulnerability​
2024-11-12​
6.8
Microsoft--Windows 10 Version 1809
Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
2024-11-12
6.7
Microsoft--Windows 11 version 22H2
Windows Hyper-V Denial of Service Vulnerability​
2024-11-12​
6.5
Microsoft--Windows Server 2022
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
2024-11-12
6.7
Microsoft--Windows Server 2025
Windows Package Library Manager Information Disclosure Vulnerability​
2024-11-12​
6.2
Microsoft--Windows Server 2025
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
2024-11-12
6.8
Microsoft--Windows Server 2025
Windows USB Video Class System Driver Elevation of Privilege Vulnerability​
2024-11-12​
6.8
Microsoft--Windows Server 2025
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
2024-11-12
6.7
Microsoft--Windows Server 2025
Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability​
2024-11-12​
5.9
miloco -- postcasa_shortcode
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andrew Milo Postcasa Shortcode allows DOM-Based XSS.This issue affects Postcasa Shortcode: from n/a through 1.0.
2024-11-11
5.4
MongoDB Inc--MongoDB Server
An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2.​
2024-11-14​
6.8
moodle--moodle
A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information.
2024-11-11
5.3
moodle--moodle
A flaw was found in moodle. External API access to Quiz can override contained insufficient access control.​
2024-11-11​
5.3
moodle--moodle
A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
2024-11-11
5.3
moodle--moodle
A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users.​
2024-11-11​
5.3
moodle--moodle
A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary.
2024-11-11
5.3
moodle--moodle
A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk.​
2024-11-11​
5.4
mutt -- mutt
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.
2024-11-12
5.9
mutt -- mutt
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.​
2024-11-12​
5.3
mutt -- mutt
In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.
2024-11-12
5.3
n/a--4th and 5th Generation Intel(R) Xeon(R) Processors
Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access.​
2024-11-13​
4.7
n/a--ACAT software maintained by Intel(R) for Windows
Uncontrolled search path for some ACAT software maintained by Intel(R) for Windows before version 3.11.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
6.7
n/a--BigDL software maintained by Intel(R)
Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable denial of service via adjacent access.​
2024-11-13​
5.4
n/a--BigDL software maintained by Intel(R)
Improper access control for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
2024-11-13
5.5
n/a--EyouCMS
A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.​
2024-11-14​
5.4
n/a--EyouCMS
A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-11-14
4.7
n/a--Harbor

Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn't have access to.Â

By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn't have access to, it was possible to revoke the robot account permissions.
2024-11-14​
6.4
n/a--Harbor

Harbor fails to validate the user permissions when updating tag immutability policies.Â

By sending a request to update a tag immutability policy with an id that belongs to a
project that the currently authenticated user doesn't have access to, the attacker could
modify tag immutability policies configured in other projects.
2024-11-14
6.4
n/a--Intel(R) Advanced Link Analyzer Standard Edition software installer
Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
6.7
n/a--Intel(R) Arc(TM) Pro Graphics for Windows drivers
Improper access control for some Intel(R) Arc(TM) Pro Graphics for Windows drivers before version 31.0.101.5319 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
2024-11-13
6.8
n/a--Intel(R) Binary Configuration Tool software for Windows
Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
6.7
n/a--Intel(R) Binary Configuration Tool software for Windows
Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
6.7
n/a--Intel(R) CIP software
Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
6.7
n/a--Intel(R) CST software
Uncaught exception for some Intel(R) CST software before version 8.7.10803 may allow an authenticated user to potentially enable denial of service via local access.
2024-11-13
5.5
n/a--Intel(R) Distribution for Python software
Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
6.7
n/a--Intel(R) Distribution of OpenVINO(TM) Model Server software
Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before version 2024.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
2024-11-13
6.5
n/a--Intel(R) DSA software
Insecure inherited permissions for some Intel(R) DSA software before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
6.7
n/a--Intel(R) Fortran Compiler Classic software
Uncontrolled search path for some Intel(R) Fortran Compiler Classic software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
6.7
n/a--Intel(R) Granulate(TM) software
Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
4.4
n/a--Intel(R) Graphics Driver installers
Uncontrolled search path in the Intel(R) Graphics Driver installers for versions 15.40 and 15.45 may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
6.7
n/a--Intel(R) Graphics Drivers
Improper buffer restrictions in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access.​
2024-11-13​
6.6
n/a--Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows
Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
6.7
n/a--Intel(R) Graphics software
Improper buffer restrictions in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
5.3
n/a--Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software
Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
6.7
n/a--Intel(R) IPP software for Windows
Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
6.7
n/a--Intel(R) MAS software
Uncontrolled search path element in some Intel(R) MAS software before version 2.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
6.7
n/a--Intel(R) Neural Compressor software
Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.​
2024-11-13​
5.5
n/a--Intel(R) oneAPI DPC++/C++ Compiler
Uncontrolled search path in some Intel(R) oneAPI DPC++/C++ Compiler before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
6.7
n/a--Intel(R) oneAPI Math Kernel Library software for Windows
Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
6.7
n/a--Intel(R) Optane(TM) PMem Management software versions
NULL pointer dereference in some Intel(R) Optane(TM) PMem Management software versions before CR_MGMT_02.00.00.4040, CR_MGMT_03.00.00.0499 may allow a authenticated user to potentially enable denial of service via local access.
2024-11-13
6.1
n/a--Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products
Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.​
2024-11-13​
6.6
n/a--Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products
Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
2024-11-13
5.7
n/a--Intel(R) PROSet/Wireless WiFi software for Windows
Uncontrolled search path element in some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
6.7
n/a--Intel(R) PROSet/Wireless WiFi software for Windows
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an unauthenticated user to potentially enable denial of service via network access.
2024-11-13
4.3
n/a--Intel(R) QAT Engine for OpenSSL software
Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.​
2024-11-13​
5.9
n/a--Intel(R) QAT Engine for OpenSSL software
Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.
2024-11-13
5.9
n/a--Intel(R) QAT Engine for OpenSSL software
Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.​
2024-11-13​
5.9
n/a--Intel(R) Quartus(R) Prime Pro Edition software for Windows
Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition software for Windows before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
6.7
n/a--Intel(R) Quartus(R) Prime Standard Edition software for Windows
Uncontrolled search path for some Intel(R) Quartus(R) Prime Standard Edition software for Windows before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
6.7
n/a--Intel(R) Rendering Toolkit software
Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
6.7
n/a--Intel(R) SDP Tool for Windows software
Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access.​
2024-11-13​
6.7
n/a--Intel(R) SDP Tool for Windows software
Uncontrolled search path in the Intel(R) SDP Tool for Windows software all version may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
6.7
n/a--Intel(R) Server Board S2600ST Family BIOS and Firmware Update software
Uncontrolled search path for the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
6.7
n/a--Intel(R) Server M20NTP BIOS
Use after free in the UEFI firmware of some Intel(R) Server M20NTP BIOS may allow a privileged user to potentially enable escalation of privilege via local access.
2024-11-13
6.4
n/a--Intel(R) Server M20NTP Family
Improper access control in UEFI firmware in some Intel(R) Server M20NTP Family may allow a privileged user to potentially enable information disclosure via local access.​
2024-11-13​
5.3
n/a--Intel(R) Server M20NTP Family UEFI
Improper input validation in firmware for some Intel(R) Server M20NTP Family UEFI may allow a privileged user to potentially enable escalation of privilege via local access.
2024-11-13
6.3
n/a--Intel(R) SGX SDK software
Out-of-bounds write in some Intel(R) SGX SDK software may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
4.5
n/a--Intel(R) TDX Seamldr module software
Sensitive information in resource not removed before reuse in some Intel(R) TDX Seamldr module software before version 1.5.02.00 may allow a privileged user to potentially enable escalation of privilege via local access.
2024-11-13
6
n/a--Intel(R) VPL software
Integer overflow for some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
4.8
n/a--Intel(R) VPL software
Improper buffer restrictions in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
4.2
n/a--Intel(R) VROC software
Insufficient control flow management in some Intel(R) VROC software before version 8.6.0.3001 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
6.8
n/a--Intel(R) VTune(TM) Profiler software
Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
6.7
n/a--Intel(R) VTune(TM) Profiler software
Improper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable denial of service via local access.​
2024-11-13​
6.1
n/a--Intel(R) Wireless Bluetooth(R) products for Windows
Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
2024-11-13
6.5
n/a--JAM STAPL Player software
Improper access control in some JAM STAPL Player software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
6.7
n/a--n/a
Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via a crafted payload to the WiFi SSID Name field.
2024-11-12
6.6
n/a--n/a
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both s->data_count and the size of s->fifo_buffer are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.​
2024-11-14​
6
n/a--n/a
A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file.
2024-11-14
6.5
n/a--n/a
A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file.​
2024-11-14​
6.5
n/a--n/a
A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file.
2024-11-14
6.5
n/a--n/a
Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixed in versions 10.3.3.67, 10.4.42, and 10.5.29.​
2024-11-11​
6.1
n/a--n/a
A Reflected Cross Site Scriptng (XSS) vulnerability was found in /omrs/user/search.php in PHPGurukul Online Marriage Registration System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter.
2024-11-11
6.1
n/a--n/a
Cross Site Scripting vulnerability in Online Shop Store v.1.0 allows a remote attacker to execute arbitrary code via the login.php component.​
2024-11-11​
6.1
n/a--n/a
Sercomm Model Etisalat Model S3- AC2100 is affected by Cross Site Scripting (XSS) via the firmware update page.
2024-11-12
5.4
n/a--n/a
A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of service.​
2024-11-14​
5.5
n/a--n/a
A buffer overflow in the ngap_amf_handle_pdu_session_resource_setup_response function of oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a PDU Session Resource Setup Response with an empty Response Item list.
2024-11-15
5.3
n/a--n/a
Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending a PDU Session Resource Setup Response with a suffciently large FailedToSetupList IE.​
2024-11-15​
5.3
n/a--n/a
Cross Site Scripting vulnerability in Virtuozzo Hybrid Server for WHMCS Open Source v.1.7.1 allows a remote attacker to obtain sensitive information via modification of the hostname parameter.
2024-11-14
5.4
n/a--n/a
A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files.​
2024-11-11​
5.4
n/a--n/a
The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component.
2024-11-11
5.4
n/a--n/a
Cross Site Scripting vulnerability in M2000 Smart4Web before v.5.020241004 allows a remote attacker to execute arbitrary code via the error parameter in URL​
2024-11-15​
5.4
n/a--n/a
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters.
2024-11-14
5.4
n/a--n/a
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters.​
2024-11-14​
5.4
n/a--n/a
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters.
2024-11-14
5.4
n/a--n/a
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.​
2024-11-14​
5.4
n/a--n/a
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and title parameters.
2024-11-14
5.4
n/a--n/a
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter.​
2024-11-14​
5.4
n/a--n/a
A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via /loginsystem/assets.
2024-11-14
5.3
n/a--n/a
The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field.​
2024-11-11​
5.4
n/a--n/a
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file.
2024-11-15
5.4
n/a--n/a
A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.​
2024-11-14​
4
n/a--n/a
The web interface in RSA NetWitness 11.7.2.0 allows Cross-Site Scripting (XSS) via the Where textbox on the Reports screen during new rule creation.
2024-11-15
4.6
n/a--n/a
A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGurukul User Management System v1.0, which allows remote attackers to execute arbitrary code via the "fname" POST request parameter​
2024-11-11​
4.8
n/a--n/a
A Cross Site Scriptng (XSS) vulnerability was found in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter.
2024-11-11
4.8
n/a--n/a
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page.​
2024-11-11​
4.8
n/a--n/a
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page.
2024-11-11
4.8
n/a--n/a
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page.​
2024-11-11​
4.8
n/a--n/a
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page.
2024-11-11
4.8
n/a--PostgreSQL
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.​
2024-11-14​
4.2
n/a--PostgreSQL
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
2024-11-14
4.2
n/a--Thunderbolt(TM) Share software
Improper Access Control in some Thunderbolt(TM) Share software before version 1.0.49.9 may allow an authenticated user to potentially enable escalation of privilege via local access.​
2024-11-13​
6.7
n/a--ZZCMS
A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ad_list.php?action=pass of the component Keyword Filtering. The manipulation of the argument keyword leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2024-11-15
4.7
nasirahmed--AFI The Easiest Integration Plugin
The AFI - The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-11-13​
6.1
NetSclaer--NetScaler ADC
Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled
2024-11-12
5.3
netty--netty
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.​
2024-11-12​
5.5
nextcloud--security-advisories
Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no access to. It is recommended that the Nextcloud Tables is upgraded to 0.8.0.
2024-11-15
6.3
nextcloud--security-advisories
Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview the other file instead. It is recommended that the Nextcloud Server is upgraded to 27.1.10, 28.0.6 or 29.0.1 and Nextcloud Enterprise Server is upgraded to 24.0.12.15, 25.0.13.10, 26.0.13.4, 27.1.10, 28.0.6 or 29.0.1.​
2024-11-15​
5.7
nextcloud--security-advisories
Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7.
2024-11-15
5.7
nextcloud--security-advisories
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Desktop client is upgraded to 3.14.2 or later.​
2024-11-15​
4.2
nextcloud--security-advisories
Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files depending on the user access control rules. It is recommended that the Nextcloud Server is upgraded to 27.1.9, 28.0.5 or 29.0.0 and Nextcloud Enterprise Server is upgraded to 21.0.9.18, 22.2.10.23, 23.0.12.18, 24.0.12.14, 25.0.13.9, 26.0.13.3, 27.1.9, 28.0.5 or 29.0.0.
2024-11-15
4.1
nextcloud--security-advisories
Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1.​
2024-11-15​
4.6
nextcloud--security-advisories
Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.
2024-11-15
4.4
nextcloud--security-advisories
Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2 and Nextcloud Enterprise Server is upgraded to 25.0.13.14, 26.0.13.10, 27.1.11.10, 28.0.12, 29.0.9 or 30.0.2.​
2024-11-15​
4.6
nicejob--NiceJob
The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes (nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories) in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-11-13
6.4
ninjateam--WP Chat App
The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajax_install_plugin() function in all versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the filebird plugin.​
2024-11-16​
4.3
northmule--Buy one click WooCommerce
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export plugin settings.
2024-11-13
4.3
northmule--Buy one click WooCommerce
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete Buy one click WooCommerce orders.​
2024-11-13​
4.3
northmule--Buy one click WooCommerce
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import plugin settings.
2024-11-13
4.3
olland -- horsemanager
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Olland.Biz Horsemanager allows Blind SQL Injection.This issue affects Horsemanager: from n/a through 1.3.​
2024-11-11​
6.5
opensuse -- mirrorcache
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the REGEX and P parameters.
This issue affects MirrorCache before 1.083.
2024-11-13
6.1
OpenText--ALM Octane Management

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText⢠ALM Octane Management allows Stored XSS. The vulnerability could result in a remote code execution attack.

This issue affects ALM Octane Management: from 16.2.100 through 24.4.
2024-11-12​
5.9
orchidsoftware--platform
Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platform's asynchronous modal functionality, affecting users of Orchid Platform version 8 through 14.42.x. Attackers could exploit this vulnerability to call arbitrary methods within the Screen class, leading to potential brute force of database tables, validation checks against user credentials, and disclosure of the server's real IP address. The issue has been patched in the latest release, version 14.43.0, released on November 6, 2024. Users should upgrade to version 14.43.0 or later to address this vulnerability. If upgrading to version 14.43.0 is not immediately possible, users can mitigate the vulnerability by implementing middleware to intercept and validate requests to asynchronous modal endpoints, allowing only approved methods and parameters.
2024-11-11
4.1
peprodev--PeproDev WooCommerce Receipt Uploader
The PeproDev WooCommerce Receipt Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.6.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-11-16​
6.1
Peter Shaw--LH QR Codes
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Peter Shaw LH QR Codes allows Stored XSS.This issue affects LH QR Codes: from n/a through 1.06.
2024-11-11
6.5
petrichorpost--SVGPlus
The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.​
2024-11-16​
6.4
phpipam--phpipam/phpipam
phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get_user_ip()' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the 'X-Forwarded-For' header is checked and used instead of 'REMOTE_ADDR'. This vulnerability allows attackers to perform brute force attacks on user accounts, including the admin account. The issue is fixed in version 1.7.0.
2024-11-15
5.3
Progress Software Corporation--WS_FTP Server
In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.​
2024-11-12​
6.5
Progress Software--Telerik Document Processing Libraries
In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.
2024-11-13
6.5
Project Worlds--Free Download Online Shopping System
A vulnerability was found in Project Worlds Free Download Online Shopping System up to 192.168.1.88. It has been rated as critical. This issue affects some unknown processing of the file /online-shopping-webvsite-in-php-master/success.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.​
2024-11-11​
6.3
publiccms -- publiccms
A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue.
2024-11-13
4.8
pyload--pyload/pyload
An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.​
2024-11-15​
4.6
qriouslad--Admin and Site Enhancements (ASE)
The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. This feature must be enabled, and for specific roles in order to be exploitable.
2024-11-12
5.4
razormist -- student_record_management_system
A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main Menu. The manipulation leads to infinite loop. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.​
2024-11-12​
5.5
razorpay--Razorpay Payment Button Elementor Plugin
The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-11-13
6.1
razorpay--Razorpay Payment Button Plugin
The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-11-13​
6.1
rclone--rclone
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.
2024-11-15
5.5
realmag777--WOLF
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in realmag777 WOLF allows Path Traversal.This issue affects WOLF: from n/a through 1.0.8.3.​
2024-11-14​
4.9
Red Hat--Red Hat Ansible Automation Platform 2
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.
2024-11-12
5.5
Red Hat--Red Hat build of Debezium
A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data.​
2024-11-17​
5.9
Red Hat--Red Hat OpenShift Container Platform 4
A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.
2024-11-15
4.9
Red Hat--Red Hat OpenStack Platform 17.1 for RHEL 8
A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.​
2024-11-17​
5.5
Salt--SALT
The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.
2024-11-14
6.7
SAP_SE--SAP NetWeaver Application Server ABAP
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the file in question was previously opened or downloaded in an application based on SAP GUI for HTML Technology. This will not compromise the application's integrity or availability.​
2024-11-12​
4.3
SAP_SE--SAP NetWeaver Application Server for ABAP and ABAP Platform
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity.
2024-11-12
5.3
SAP_SE--SAP NetWeaver Application Server Java (Logon Application)
SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability.​
2024-11-12​
5.3
SAP_SE--SAP NetWeaver AS Java (System Landscape Directory)
Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application.
2024-11-12
6.5
SAP_SE--SAP NetWeaver Java (Software Update Manager)
In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the logs. This leads to a high impact on confidentiality, with no impact on integrity or availability.​
2024-11-12​
4.7
Schneider Electric--Modicon M340 CPU (part numbers BMXP34*)
CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory
after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper
with memory.
2024-11-13
6.5
Schneider Electric--Modicon M340 CPU (part numbers BMXP34*)
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could
cause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by sending a
crafted Modbus function call to tamper with memory area involved in the authentication process.​
2024-11-13​
6.5
sharethepractice -- christian_science_bible_lesson_subjects
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gabriel Serafini Christian Science Bible Lesson Subjects allows DOM-Based XSS.This issue affects Christian Science Bible Lesson Subjects: from n/a through 2.0.
2024-11-11
5.4
siemens -- ozw672_firmware
A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks.

This could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker.​
2024-11-12​
5.4
siemens -- ruggedcom_rm1224_lte\(4g\)_eu_firmware
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly sanitize the filenames before uploading. This could allow an authenticated remote attacker to compromise of integrity of the system.
2024-11-12
6.1
siemens -- ruggedcom_rm1224_lte\(4g\)_eu_firmware
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices improperly manage access control for read-only users. This could allow an attacker to cause a temporary denial of service condition.​
2024-11-12​
4.3
siemens -- ruggedcom_rm1224_lte\(4g\)_eu_firmware
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate the filenames of the certificate. This could allow an authenticated remote attacker to append arbitrary values which will lead to compromise of integrity of the system.
2024-11-12
4.3
siemens -- ruggedcom_rm1224_lte\(4g\)_eu_firmware
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices truncates usernames longer than 15 characters when accessed via SSH or Telnet. This could allow an attacker to compromise system integrity.​
2024-11-12​
4.3
siemens -- sinec_ins
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files.
2024-11-12
5.3
siemens -- sinec_nms
A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system.
This could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system.​
2024-11-12​
6.5
Siemens--SINEC INS
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.
2024-11-12
6.3
Siemens--SINEC INS
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition.​
2024-11-12​
5.3
Simple Goods--Simple Goods
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Simple Goods allows Stored XSS.This issue affects Simple Goods: from n/a through 0.1.3.
2024-11-11
6.5
simpleform--SimpleForm Contact form made simple
The SimpleForm - Contact form made simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-11-16​
6.1
simpleform--SimpleForm Contact Form Submissions
The SimpleForm Contact Form Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-11-16
6.1
smartwpress--Music Player for Elementor Audio Player & Podcast Player
The Music Player for Elementor - Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() function in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import templates.​
2024-11-15​
4.3
smub--WPForms Easy Form Builder for WordPress Contact Forms, Payment Forms, Surveys, & More
The WPForms - Easy Form Builder for WordPress - Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6. This is due to missing or incorrect nonce validation on the process_admin_ui function. This makes it possible for unauthenticated attackers to delete WPForm logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2024-11-13
4.3
SoftBank Corp.--Mesh Wi-Fi router RP562B
Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alter the settings of the device .​
2024-11-12​
4.6
Sonatype--Nexus Repository

A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2.Â

This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.
2024-11-14
4.3
Sonatype--Nexus Repository

A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2

This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.
2024-11-14​
4.6
Sound Research--SECOMN64 Driver
Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities.
2024-11-12
6
SourceCodester--Best Employee Management System
A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetch_product_details.php. The manipulation of the argument barcode leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.​
2024-11-14​
6.3
SourceCodester--Best Employee Management System
A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2024-11-14
4.7
SourceCodester--Best Employee Management System
A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes.​
2024-11-14​
4.7
SourceCodester--Hospital Management System
A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0. This affects an unknown part of the file /vm/patient/delete-account.php. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2024-11-11
4.3
SourceCodester--Student Record Management System
A vulnerability, which was classified as critical, was found in SourceCodester Student Record Management System 1.0. Affected is an unknown function of the file StudentRecordManagementSystem.cpp of the component Number of Students Menu. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.​
2024-11-15​
5.3
SourceCodester--Student Record Management System
A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as critical. Affected by this vulnerability is the function main of the component View All Student Marks. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
2024-11-15
5.3
starverte--Steel
The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-11-16​
6.4
staxwp--BuddyPress Builder for Elementor BuddyBuilder
The BuddyPress Builder for Elementor - BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts crated by Elementor that they should not have access to.
2024-11-13
4.3
stevehenty--Drop Shadow Boxes
The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.​
2024-11-16​
6.3
themes4wp--Popularis Extra
The Popularis Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.7 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to.
2024-11-16
4.3
themeum--Tutor LMS Elementor Addons
The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install Elementor or Tutor LMS. Please note the impact of this issue is incredibly limited due to the fact that these two plugins will likely already be installed as a dependency of the plugin.​
2024-11-15​
4.3
thimpress--LearnPress Export Import WordPress extension for LearnPress
The LearnPress Export Import - WordPress extension for LearnPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'learnpress_import_form_server' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-11-15
6.1
thinkaquamarine--Aqua SVG Sprite
The Aqua SVG Sprite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.​
2024-11-13​
6.4
TIBCO Software Inc--TIBCO Hawk
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence
2024-11-12
5.2
TIBCO Software Inc--TIBCO Hawk
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence​
2024-11-12​
5.2
tychesoftwares--Product Delivery Date for WooCommerce Lite
The Product Delivery Date for WooCommerce - Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-11-13
6.1
Unknown--Jobs for WordPress
The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks​
2024-11-15​
5.9
Unknown--RSS Feed Widget
The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
2024-11-12
5.9
Unknown--RSS Feed Widget
The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers​
2024-11-12​
4.8
Unknown--Secure Custom Fields
The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions.
2024-11-15
6.6
Unknown--Simple File List
The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins.​
2024-11-14​
5.4
unopim--unopim
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to the potential theft of session cookies. This vulnerability is fixed in 0.1.5.
2024-11-13
6.5
VaeMendis--VaeMendis Ubooquity version 2.1.2
VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)​
2024-11-14​
4.5
VIWIS--LMS
A vulnerability was found in VIWIS LMS 9.11. It has been classified as critical. Affected is an unknown function of the component Print Handler. The manipulation leads to missing authorization. It is possible to launch the attack remotely. A user with the role learner can use the administrative print function with an active session before and after an exam slot to access the entire exam including solutions in the web application. It is recommended to apply a patch to fix this issue.
2024-11-13
5.3
webangon -- the_pack_elementor_addons
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webangon The Pack Elementor addons allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through 2.1.0.​
2024-11-11​
5.4
westi--PJW Mime Config
The PJW Mime Config plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-11-16
6.4
wpdevteam--Essential Addons for Elementor Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor - Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nomore_items_text' parameter in all versions up to, and including, 6.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-11-15​
6.4
wpdevteam--Essential Addons for Elementor Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor - Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_register_user_email_controls' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Login | Register Form widget, as long as that user opens the email notification for successful registration.
2024-11-15
5.7
wpeka-club--WP AdCenter Ad Manager & Adsense Ads
The WP AdCenter - Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-11-15​
6.4
wpmariocom--Exclusive Divi Divi Preloader, Modules for Divi & Extra Theme
The Exclusive Divi - Divi Preloader, Modules for Divi & Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-11-16
6.4
wpmonks--Styler for Ninja Forms
The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users. Note: This issue can also be used to add arbitrary options with an empty value.​
2024-11-13​
6.5
wpplugin -- contact_form_7_redirect_\&_thank_you_page
The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-11-12
6.1
wproyal--Royal Elementor Addons and Templates
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-11-13​
6.4
wproyal--Royal Elementor Addons and Templates
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-11-13
6.4
wproyal--Royal Elementor Addons and Templates
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
2024-11-13​
6.4
wpslickstream--Slickstream: Engagement and Conversions
The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-11-12
6.4
yotpo--Yotpo: Product & Photo Reviews for WooCommerce
The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpo_user_email' and 'yotpo_user_name' parameters in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.​
2024-11-15​
6.1
YugabyteDB--YugabyteDB Anywhere
An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access to these logs to view the LDAP bind password. An attacker with log access could exploit this vulnerability to gain unauthorized access to the LDAP server, leading to potential exposure or compromise of LDAP-managed resources
This issue affects YugabyteDB Anywhere: from 2.20.0.0 before 2.20.7.0, from 2.23.0.0 before 2.23.1.0, from 2024.1.0.0 before 2024.1.3.0.
2024-11-13
6.5
zyxel -- gs1900-8_firmware
A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request.​
2024-11-12​
6.8
zyxel -- gs1900-8_firmware
A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.
2024-11-12
4.5
zzcms -- zzcms
A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.​
2024-11-12​
4.8



Back to top





Low Vulnerabilities

Showing 53 of 53 total entries
Primary
Vendor
-- Product
Description
Published
CVSS Score
Source Info
Apereo--CAS
A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-11-14
3.7
code-projects--Farmacia
A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter "nome" to be affected. But further inspection indicates that other parameters might be affected as well.​
2024-11-15​
3.5
code-projects--Farmacia
A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /fornecedores.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-11-15
3.5
code-projects--Job Recruitment
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument e leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.​
2024-11-11​
3.5
dell -- smartfabric_os10
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
2024-11-12
3.3
Digistar--AG-30 Plus
A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.​
2024-11-12​
3.1
Eclipse Foundation--Open J9
In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.
2024-11-11
3.7
element-hq--element-web
Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in element-web 1.11.85.​
2024-11-12​
3.5
Fortinet--FortiAnalyzer
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests.
2024-11-12
2.3
GitLab--GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.​
2024-11-14​
3.1
HCL Software--Connections
HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios.
2024-11-14
3.7
IBPhoenix--ibWebAdmin
A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument db_login_role leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.​
2024-11-15​
3.5
n/a--DedeCMS
A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlink_add.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2024-11-12
2.7
n/a--Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi
Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information disclosure via local access.​
2024-11-13​
3.4
n/a--Intel(R) PROSet/Wireless WiFi software for Windows
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow a privileged user to potentially enable denial of service via local access.
2024-11-13
3.4
n/a--Intel(R) VPL software
NULL pointer dereference in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable denial of service via local access.​
2024-11-13​
2.2
n/a--Intel(R) VPL software
Out-of-bounds read in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable information disclosure via local access.
2024-11-13
2.2
n/a--Intel(R) VROC software
Improper Input Validation in some Intel(R) VROC software before version 8.6.0.2003 may allow an authenticated user to potentially enable denial of service via local access.​
2024-11-13​
3.9
n/a--Intel(R) Xeon(R) processor family (E-Core)
Protection mechanism failure in the SPP for some Intel(R) Xeon(R) processor family (E-Core) may allow an authenticated user to potentially enable escalation of privilege via local access.
2024-11-13
3.8
n/a--Intel(R) Xeon(R) Processors
Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access.​
2024-11-13​
3.8
n/a--n/a
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.
2024-11-17
3.4
n/a--n/a
A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party.​
2024-11-11​
3.7
n/a--n/a
A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
2024-11-14
3.5
n/a--n/a
A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.​
2024-11-14​
3.5
n/a--n/a
A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.
2024-11-14
3.5
n/a--n/a
A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.​
2024-11-14​
3.5
n/a--n/a
A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.
2024-11-14
3.5
n/a--n/a
A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.​
2024-11-14​
3.5
n/a--n/a
A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter.
2024-11-14
3.5
n/a--n/a
A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters.​
2024-11-14​
3.5
n/a--n/a
A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
2024-11-14
3.5
n/a--n/a
A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.​
2024-11-14​
3.5
n/a--n/a
A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.
2024-11-14
3.5
n/a--n/a
A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters.​
2024-11-14​
3.5
n/a--n/a
A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters.
2024-11-14
3.5
n/a--n/a
Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive information about USB and Wifi connected devices in plaintext.​
2024-11-15​
2.4
n/a--OpenCL(TM) software
Out-of-bounds read for some OpenCL(TM) software may allow an authenticated user to potentially enable denial of service via local access.
2024-11-13
3.9
n/a--PostgreSQL
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.​
2024-11-14​
3.1
nextcloud--security-advisories
Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limited to affected users. It is recommended that the Nextcloud Tables app is upgraded to 0.8.1.
2024-11-15
3.5
nextcloud--security-advisories
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2.​
2024-11-15​
3.5
nextcloud--security-advisories
user_oidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It is recommended that the Nextcloud User OIDC app is upgraded to 6.1.0.
2024-11-15
3.3
nextcloud--security-advisories
Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6.​
2024-11-15​
3
nextcloud--security-advisories
Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1.
2024-11-15
2.6
nextcloud--security-advisories
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7.​
2024-11-15​
2.7
nextcloud--security-advisories
Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing the Hash to SHA256 the probability was heavily decreased. It is recommended that the Nextcloud Server is upgraded to 28.0.10, 29.0.7 or 30.0.0.
2024-11-15
2.6
nextcloud--security-advisories
Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved in the session storage (Redis or disk), but it would allow a malicious process that gains access to the memory of the PHP process, to get access to the cleartext password of the user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.​
2024-11-15​
1.8
Sanluan--PublicCMS
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-11-11
3.5
SAP_SE--SAP Cash Management (Cash Operations)
Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application.​
2024-11-12​
3.5
SoftBank Corp.--Mesh Wi-Fi router RP562B
Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain information of the other devices connected through the Wi-Fi.
2024-11-12
3.5
SourceCodester--Hospital Management System
A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /vm/doctor/edit-doc.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.​
2024-11-12​
3.5
SourceCodester--Online Eyewear Shop
A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The manipulation of the argument brand leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
2024-11-15
3.5
themeisle -- multiple_page_generator
The Multiple Page Generator Plugin - MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with editor-level access and above, to delete limited files on the server.​
2024-11-12​
2.7
YugabyteDB--YugabyteDB Anywhere
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the yb_backup log files, exposing the SAS token in plaintext. The leakage occurs during the backup procedure, leading to potential unauthorized access to resources associated with the SAS token. This issue affects YugabyteDB Anywhere: from 2.20.0.0 before 2.20.7.0, from 2.23.0.0 before 2.23.1.0, from 2024.1.0.0 before 2024.1.3.0.
2024-11-13
3.9



Back to top





Severity Not Yet Assigned

Showing 177 of 177 total entries
[TR]
[TH]
Primary
Vendor
-- Product
[/TH]
[TH]
Description
[/TH]
[TH]
Published
[/TH]
[TH]
CVSS Score
[/TH]
[TH]
Source Info
[/TH]
[/TR]

[TR]
[TD]
Acronis--Acronis Backup plugin for cPanel & WHM
[/TD]
[TD]
Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818, Acronis Backup extension for Plesk (Linux) before build 599, Acronis Backup plugin for DirectAdmin (Linux) before build 181.
[/TD]
[TD]
2024-11-11
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Acronis--Acronis Backup plugin for cPanel & WHM
[/TD]
[TD]
Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818.​
[/TD]
[TD]
2024-11-11​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Arm--SCP-Firmware
[/TD]
[TD]
The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
BudgetControl--Gateway
[/TD]
[TD]
Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
chatwoot--chatwoot/chatwoot
[/TD]
[TD]
A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom JavaScript code is executed, leading to potential security risks.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
chatwoot--chatwoot/chatwoot
[/TD]
[TD]
A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and opened in a new tab, it can trigger the SSRF, potentially leading to host redirection.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Cisco--Cisco Catalyst SD-WAN Manager
[/TD]
[TD]
A vulnerability in the web-based management interface of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device.
This vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the file system and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the file system of the underlying operating system.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Citrix--Citrix Session Recording
[/TD]
[TD]
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain​
[/TD]
[TD]
2024-11-12​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Cloud Foundry--Cloud Foundry
[/TD]
[TD]

Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller.

The Cloud Foundry project recommends upgrading the following releases:

  • Upgrade capi release version to 1.194.0 or greater
  • Upgrade cf-deployment version to v44.1.0 or greater. This includes a patched capi release
[/TD]

[TD]
2024-11-11
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
craigk5n--craigk5n/webcalendar
[/TD]
[TD]
A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report, potentially leading to the theft of user accounts and cookies.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
dataease--dataease
[/TD]
[TD]
DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Dataprom Informatics--Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS)
[/TD]
[TD]
Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection.This issue affects Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS): before 2024.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Devolutions--DVLS (Devolutions Server)
[/TD]
[TD]
Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission.
[/TD]
[TD]
2024-11-12
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
dolibarr--dolibarr/dolibarr
[/TD]
[TD]
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
dompdf--dompdf/dompdf
[/TD]
[TD]
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
dompdf--dompdf/dompdf
[/TD]
[TD]
An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to false. It allows attackers to perform SSRF, disclose internal image files, and cause PHAR deserialization attacks.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
FreeBSD--FreeBSD
[/TD]
[TD]
The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator.
[/TD]
[TD]
2024-11-12
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
FreeBSD--FreeBSD
[/TD]
[TD]
The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value.​
[/TD]
[TD]
2024-11-12​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
FreeBSD--FreeBSD
[/TD]
[TD]
The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition.
[/TD]
[TD]
2024-11-12
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
FreeBSD--FreeBSD
[/TD]
[TD]
A guest can trigger an infinite loop in the hda audio driver.​
[/TD]
[TD]
2024-11-12​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
FreeBSD--FreeBSD
[/TD]
[TD]
The hda driver is vulnerable to a buffer over-read from a guest-controlled value.
[/TD]
[TD]
2024-11-12
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
FreeBSD--FreeBSD
[/TD]
[TD]
The NVMe driver queue processing is vulernable to guest-induced infinite loops.​
[/TD]
[TD]
2024-11-12​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Giskard-AI--giskard
[/TD]
[TD]
Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected.
[/TD]
[TD]
2024-11-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Gliffy--Gliffy Online
[/TD]
[TD]
In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Ather Iqbal.​
[/TD]
[TD]
2024-11-11​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
glpi-project--glpi
[/TD]
[TD]
GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any user will try to see the document contents. Upgrade to 10.0.17.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Google--Android
[/TD]
[TD]
In the autofill service, the package name that is provided by the app process is trusted inappropriately. Â This could lead to information disclosure with no additional execution privileges needed. Â User interaction is not needed for exploitation.​
[/TD]
[TD]
2024-11-14​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Google--Android
[/TD]
[TD]
In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Google--Android
[/TD]
[TD]
In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Google--Android
[/TD]
[TD]
In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Google--Android
[/TD]
[TD]
In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Google--Android
[/TD]
[TD]
In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Google--Android
[/TD]
[TD]
In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Google--Android
[/TD]
[TD]
In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Google--Android
[/TD]
[TD]
In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Grafana Labs--Grafana OSS and Enterprise
[/TD]
[TD]
A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will only affect users who utilize the Organizations feature to isolate resources on their Grafana instance.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Helix--Helix Core
[/TD]
[TD]
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Wi?sek.​
[/TD]
[TD]
2024-11-11​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Helix--Helix Core
[/TD]
[TD]
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Wi?sek.
[/TD]
[TD]
2024-11-11
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Helix--Helix Core
[/TD]
[TD]
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Wi?sek.​
[/TD]
[TD]
2024-11-11​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Hewlett Packard Enterprise (HPE)--Cray System Management Software
[/TD]
[TD]
A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Hewlett Packard Enterprise (HPE)--SGI CXFS
[/TD]
[TD]
A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
imartinez--imartinez/privategpt
[/TD]
[TD]
A Python command injection vulnerability exists in the SagemakerLLM class's complete() method within ./private_gpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval() function to parse a string received from a remote AWS SageMaker LLM endpoint into a dictionary. This method of parsing is unsafe as it can execute arbitrary Python code contained within the response. An attacker can exploit this vulnerability by manipulating the response from the AWS SageMaker LLM endpoint to include malicious Python code, leading to potential execution of arbitrary commands on the system hosting the application. The issue is fixed in version 0.6.0.
[/TD]
[TD]
2024-11-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
ITG Computer Technology--vSRM Supplier Relationship Management System
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ITG Computer Technology vSRM Supplier Relationship Management System allows Reflected XSS, Cross-Site Scripting (XSS).This issue affects vSRM Supplier Relationship Management System: before 28.08.2024.​
[/TD]
[TD]
2024-11-14​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--Connect Secure
[/TD]
[TD]
An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--Connect Secure
[/TD]
[TD]
An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--Connect Secure
[/TD]
[TD]
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--Connect Secure
[/TD]
[TD]
Argument injection in Ivanti Connect Secure before version 22.7R2 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--Connect Secure
[/TD]
[TD]
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--Connect Secure
[/TD]
[TD]
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--EPM
[/TD]
[TD]
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--EPM
[/TD]
[TD]
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--EPM
[/TD]
[TD]
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--EPM
[/TD]
[TD]
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--EPM
[/TD]
[TD]
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--EPM
[/TD]
[TD]
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--EPM
[/TD]
[TD]
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--EPM
[/TD]
[TD]
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--EPM
[/TD]
[TD]
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--Secure Access Client
[/TD]
[TD]
Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ivanti--Secure Access Client
[/TD]
[TD]
Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
janeczku--janeczku/calibre-web
[/TD]
[TD]
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
janeczku--janeczku/calibre-web
[/TD]
[TD]
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the create_shelf method in shelf.py not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
janeczku--janeczku/calibre-web
[/TD]
[TD]
A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file edit_books.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization, allowing attackers to execute arbitrary JavaScript code. This can lead to various attacks, including stealing cookies. The issue is present in the code handling the #btn-upload-cover change event.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Jenkins Project--Jenkins Pipeline: Groovy Plugin
[/TD]
[TD]
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
laravel--framework
[/TD]
[TD]
Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.​
[/TD]
[TD]
2024-11-12​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
lunary-ai--lunary-ai/lunary
[/TD]
[TD]
In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project without having the necessary permissions or being assigned to that project. This issue was fixed in version 1.2.7.
[/TD]
[TD]
2024-11-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
lunary-ai--lunary-ai/lunary
[/TD]
[TD]
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of GET /v1/users/me and GET /v1/users/me/org API endpoints. These tokens, intended for sensitive operations such as password resets or account verification, are exposed to unauthorized actors, potentially allowing them to perform actions on behalf of the user. This issue was addressed in version 1.2.6, where the exposure of single-use tokens in user-facing queries was mitigated.​
[/TD]
[TD]
2024-11-14​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
lunary-ai--lunary-ai/lunary
[/TD]
[TD]
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. This issue occurs when authenticated users inspect responses from GET /v1/users/me and GET /v1/users/me/org endpoints. The exposed account recovery hashes, while not directly related to user passwords, represent sensitive information that should not be accessible to unauthorized parties. Exposing these hashes could potentially facilitate account recovery attacks or other malicious activities. The vulnerability was addressed in version 1.2.6.
[/TD]
[TD]
2024-11-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
lunary-ai--lunary-ai/lunary
[/TD]
[TD]
In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability. Attackers can exploit this by automating forgot password requests to flood targeted user accounts with a high volume of password reset emails. This not only overwhelms the victim's mailbox, making it difficult to manage and locate legitimate emails, but also significantly impacts mail servers by consuming their resources. The increased load can cause performance degradation and, in severe cases, make the mail servers unresponsive or unavailable, disrupting email services for the entire organization.​
[/TD]
[TD]
2024-11-14​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
matrix-org--matrix-js-sdk
[/TD]
[TD]
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1.
[/TD]
[TD]
2024-11-12
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
MDaemon--Email Server
[/TD]
[TD]

An XSS issue was discovered in

MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message
with
JavaScript in an img tag. This could
allow a remote attacker

to load arbitrary JavaScript code in the context of a webmail user's browser window.
[/TD]

[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Microsoft--Windows 10 Version 1809
[/TD]
[TD]
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
[/TD]
[TD]
2024-11-12
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Mozilla--Thunderbird
[/TD]
[TD]
Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Certain Cypress (and Broadcom) Wireless Combo chips such as CYW43455, when a 2021-01-26 Bluetooth firmware update is not present, allow a Bluetooth outage via a "Spectra" attack.
[/TD]
[TD]
2024-11-11
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify user, delete user, etc.​
[/TD]
[TD]
2024-11-12​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery (CSRF) via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add/Modify any random user data by sending a crafted CSRF request.
[/TD]
[TD]
2024-11-12
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Appspace 6.2.4 is affected by Incorrect Access Control via the Appspace Web Portal password reset page.​
[/TD]
[TD]
2024-11-12​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Cross Site Scripting vulnerability in Cyber Cafe Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the adminname parameter.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is "evaluating support for RFC 7606 as a future feature" and believes that "customers that have chosen to not require or implement RFC 7606 have done so willingly and with knowledge of what is needed to defend against these types of attacks."​
[/TD]
[TD]
2024-11-11​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub.
[/TD]
[TD]
2024-11-12
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain an out-of-bounds read in the amf_as_establish_req function at /tasks/amf/amf_as.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 allow attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
An uninitialized pointer dereference in OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialContextSetupResponse message sent to the AMF.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage message sent to the AMF.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Driver Booster v10.6 was discovered to contain a buffer overflow via the Host parameter under the Customize proxy module.
[/TD]
[TD]
2024-11-11
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
SuperScan v4.1 was discovered to contain a buffer overflow via the Hostname/IP parameter.​
[/TD]
[TD]
2024-11-11​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module.
[/TD]
[TD]
2024-11-11
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request.​
[/TD]
[TD]
2024-11-12​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module.
[/TD]
[TD]
2024-11-12
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option.​
[/TD]
[TD]
2024-11-12​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
A misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS v2.85.4, allows attackers to bypass authentication when adding a new fingerprint.
[/TD]
[TD]
2024-11-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version 05.46.19; kernel 5.5, version 05.54.19; kernel 5.6, version 05.61.19.​
[/TD]
[TD]
2024-11-14​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to obtain the root path of the application via unspecified vectors.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
A stored cross-site scripting (XSS) vulnerability in the Create Customer API in Incognito Service Activation Center (SAC) UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName parameter.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter.​
[/TD]
[TD]
2024-11-11​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
The create user function in baltic-it TOPqw Webportal 1.35.287.1 (fixed in version1.35.291), in /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, is vulnerable to SQL injection. The JSON object username allows the manipulation of SQL queries.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
The login form of baltic-it TOPqw Webportal v1.35.283.2 (fixed in version 1.35.283.4) at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection. The vulnerability exists in the POST parameter txtUsername, which allows for manipulation of SQL queries.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock other user or unlock the own account, change the password of other users, create new users or delete existing users and view, manipulate and delete reference data.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 (fixed in version 1.35.291), in /Apps/TOPqw/qwStammdaten.aspx, is vulnerable to persistent Cross-Site Scripting (XSS).
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
The file upload function in the "QWKalkulation" tool of baltic-it TOPqw Webportal v1.35.287.1 (fixed in version 1.35.291), in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx, is vulnerable to Cross-Site Scripting (XSS). To exploit the persistent XSS vulnerability, an attacker has to be authenticated to the application that uses the "TOPqw Webportal" as a software. When authenticated, the attacker can persistently place the malicious JavaScript code in the "QWKalkulation" menu.'​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZEDMAIL has to be modified to prevent this vulnerability.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
By default, dedicated folders of ORIZON for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ORIZON has to be modified to prevent this vulnerability.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
By default, dedicated folders of CRYHOD for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of CRYHOD has to be modified to prevent this vulnerability.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
By default, dedicated folders of ZONECENTRAL for Windows up to 2024.3 or up to Q.2021.2 (ANSSI qualification submission) can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZONECENTRAL has to be modified to prevent this vulnerability.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
By default, dedicated folders of ZONEPOINT for Windows up to 2024.1 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZONEPOINT has to be modified to prevent this vulnerability.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
A cross-site scripting (XSS) vulnerability in Shenzhen Landray Software Co.,LTD Landray EKP v16 and earlier allows attackers to execute arbitrary web scripts or HTML via a crafted payload.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL 09.09.24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message.
[/TD]
[TD]
2024-11-12
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary scripts via the searchkey parameter in a POST HTTP request.​
[/TD]
[TD]
2024-11-14​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 (SR4) enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data.​
[/TD]
[TD]
2024-11-11​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads to Local Escalation of Privileges.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). This vulnerability arises because PyMOL treats .PYM files as Python scripts without properly validating or restricting the commands within the script, enabling attackers to run unauthorized commands in the context of the user running the application.​
[/TD]
[TD]
2024-11-11​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through https://ip:port/api/myapp/index/user/info?id=1 And modify the ID value to obtain sensitive user information beyond authorization.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Users can bypass the front-end restriction of only being able to claim coupons once by capturing packets and sending a large number of data packets for coupon collection, achieving unlimited coupon collection.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which allows attackers to write malicious JavaScript code in published articles.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
KASO v9.0 was discovered to contain a SQL injection vulnerability via the person_id parameter at /cardcase/editcard.jsp.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters.
[/TD]
[TD]
2024-11-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
An issue in how XINJE XD5E-24R and XL5E-16T v3.5.3b handles TCP protocol messages allows attackers to cause a Denial of Service (DoS) via a crafted TCP message.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
A buffer overflow in the RecvSocketData function of Inovance HCPLC_AM401-CPU1608TPTN 21.38.0.0, HCPLC_AM402-CPU1608TPTN 41.38.0.0, and HCPLC_AM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted Modbus message.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or Create/Edit Student User sections.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Ruijie NBR800G gateway NBR_RGOS_11.1(6)B4P9 is vulnerable to command execution in /itbox_pi/networksafe.php via the province parameter.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information via the captcha feature in the password reset function.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.​
[/TD]
[TD]
2024-11-12​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be executed, allowing the attacker to exfiltrate internal system data from the CSV file to a remote server.
[/TD]
[TD]
2024-11-12
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'.​
[/TD]
[TD]
2024-11-14​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local attacker to execute arbitrary code via Inter-process communication (IPC) mechanism between Cura application and CuraEngine processes, localhost network stack, printing settings and G-code processing and transmission components, Ultimaker 3D Printers.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
A heap-based buffer under-read in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) via a crafted MOV video file.
[/TD]
[TD]
2024-11-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
In Flagsmith before 2.134.1, it is possible to bypass the ALLOW_REGISTRATION_WITHOUT_INVITE setting.​
[/TD]
[TD]
2024-11-17​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
In Flagsmith before 2.134.1, the get_document endpoint is not correctly protected by permissions.
[/TD]
[TD]
2024-11-17
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
n/a--n/a
[/TD]
[TD]
Holy Stone Remote ID Module HSRID01, firmware distributed with the Drone Go2 mobile application before 1.1.8, allows unauthenticated "remote power off" actions (in broadcast mode) via multiple read operations on the ASTM Remote ID (0xFFFA) GATT.​
[/TD]
[TD]
2024-11-17​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
OpenAFS--OpenAFS
[/TD]
[TD]
A local user can bypass the OpenAFS PAG (Process Authentication Group)
throttling mechanism in Unix clients, allowing the user to create a PAG using
an existing id number, effectively joining the PAG and letting the user steal
the credentials in that PAG.
[/TD]
[TD]
2024-11-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
OpenAFS--OpenAFS
[/TD]
[TD]
An authenticated user can provide a malformed ACL to the fileserver's StoreACL
RPC, causing the fileserver to crash, possibly expose uninitialized memory, and
possibly store garbage data in the audit log.
Malformed ACLs provided in responses to client FetchACL RPCs can cause client
processes to crash and possibly expose uninitialized memory into other ACLs
stored on the server.​
[/TD]
[TD]
2024-11-14​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
OpenAFS--OpenAFS
[/TD]
[TD]
A malicious server can crash the OpenAFS cache manager and other client
utilities, and possibly execute arbitrary code.
[/TD]
[TD]
2024-11-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
openemr--openemr/openemr
[/TD]
[TD]
A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
openSUSE--Tumbleweed
[/TD]
[TD]
Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
OsamaTaher--Java-springboot-codebase
[/TD]
[TD]
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE).​
[/TD]
[TD]
2024-11-14​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Palo Alto Networks--Cloud NGFW
[/TD]
[TD]
A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.
[/TD]
[TD]
2024-11-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Palo Alto Networks--Cloud NGFW
[/TD]
[TD]
A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.​
[/TD]
[TD]
2024-11-14​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Palo Alto Networks--Cloud NGFW
[/TD]
[TD]
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.
[/TD]
[TD]
2024-11-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Palo Alto Networks--Cloud NGFW
[/TD]
[TD]
A server-side request forgery in PAN-OS software enables an unauthenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.​
[/TD]
[TD]
2024-11-14​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Palo Alto Networks--Cloud NGFW
[/TD]
[TD]
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."
[/TD]
[TD]
2024-11-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Palo Alto Networks--Cloud NGFW
[/TD]
[TD]
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.​
[/TD]
[TD]
2024-11-14​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Palo Alto Networks--Cloud NGFW
[/TD]
[TD]
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser.
[/TD]
[TD]
2024-11-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Palo Alto Networks--Cloud NGFW
[/TD]
[TD]

A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.

Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected.

This issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS:

  • 10.2.7-h12
  • 10.2.8-h10
  • 10.2.9-h9
  • 10.2.9-h11
  • 10.2.10-h2
  • 10.2.10-h3
  • 10.2.11
  • 10.2.11-h1
  • 10.2.11-h2
  • 10.2.11-h3
  • 11.1.2-h9
  • 11.1.2-h12
  • 11.1.3-h2
  • 11.1.3-h4
  • 11.1.3-h6
  • 11.2.2
  • 11.2.2-h1
[/TD]

[TD]
2024-11-14​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
phpipam--phpipam/phpipam
[/TD]
[TD]
A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include import-vlan-preview.php, import-subnets-preview.php, import-vrf-preview.php, import-ipaddr-preview.php, import-devtype-preview.php, import-devices-preview.php, and import-l2dom-preview.php. The vulnerability can be exploited by uploading a specially crafted spreadsheet file containing malicious JavaScript payloads, which are then executed in the context of the victim's browser. This can lead to defacement of websites, execution of malicious JavaScript code, stealing of user cookies, and unauthorized access to user accounts.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
pimcore--pimcore/pimcore
[/TD]
[TD]
A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Ping Identity--PingAccess
[/TD]
[TD]
Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.
[/TD]
[TD]
2024-11-11
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Poznan Supercomputing and Networking Center--DInGO dLIbra
[/TD]
[TD]
Improper Neutralization of Input During Web Page Generation vulnerability in DInGO dLibra software in the parameter 'filter' in the endpoint 'indexsearch' allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects DInGO dLibra software in versions from 6.0 before 6.3.20.​
[/TD]
[TD]
2024-11-14​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
psf--psf/requests
[/TD]
[TD]
An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of trustworthiness, and potential further attacks if the bucket is used to host malicious content or as a pivot point for further attacks.
[/TD]
[TD]
2024-11-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Python Software Foundation--CPython
[/TD]
[TD]
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts ([]), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.​
[/TD]
[TD]
2024-11-12​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Stirling-Tools--Stirling-PDF
[/TD]
[TD]
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input (file name) and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code in the context of the user. The issue stems to the code starting at Line 24 in src/main/resources/static/js/merge.js. The file name is directly being input into InnerHTML with no sanitization on the file name, allowing a malicious user to be able to upload files with names containing HTML tags. As HTML tags can include JavaScript code, this can be used to execute JavaScript code in the context of the user. This is a self-injection style attack and relies on a user uploading the malicious file themselves and it impact only them, not other users. A user might be social engineered into running this to launch a phishing attack. Nevertheless, this breaks the expected security restrictions in place by the application. This issue has been addressed in version 0.32.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
[/TD]
[TD]
2024-11-11
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
SUSE--openSUSE Tumbleweed
[/TD]
[TD]
grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.​
[/TD]
[TD]
2024-11-13​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
sylius--sylius/sylius
[/TD]
[TD]
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
TCL--Camera
[/TD]
[TD]
The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user's external storage.​
[/TD]
[TD]
2024-11-14​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
tobychui--zoraxy
[/TD]
[TD]
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In HandleCreateProxySession the request to create an SSH session is handled. An attacker can exploit the username variable to escape from the bash command and inject arbitrary commands into sshCommand. This is possible, because, unlike hostname and port, the username is not validated or sanitized.
[/TD]
[TD]
2024-11-12
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
unclebob--FitNesse
[/TD]
[TD]
Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
unclebob--FitNesse
[/TD]
[TD]
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specific conditions.
[/TD]
[TD]
2024-11-15
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
usememos--usememos/memos
[/TD]
[TD]
A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
Vektor,Inc.--VK All in One Expansion Unit
[/TD]
[TD]
Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product.
[/TD]
[TD]
2024-11-13
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
wallabag--wallabag/wallabag
[/TD]
[TD]
wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4.​
[/TD]
[TD]
2024-11-15​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD][/TD]
[/TR]
[TR]
[TD]
zenml-io--zenml-io/zenml
[/TD]
[TD]
zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the absence of rate-limiting on the '/api/v1/current-user' endpoint, which does not restrict the number of attempts an attacker can make to guess the current password. Successful exploitation results in the attacker being able to change the password and take control of the account.
[/TD]
[TD]
2024-11-14
[/TD]
[TD]
not yet calculated
[/TD]
[TD][/TD]
[/TR]

Continue reading...