Published on 25 Dec 2024
SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.
The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:
Critical | vulnerabilities with a base score of 9.0 to 10.0 |
High | vulnerabilities with a base score of 7.0 to 8.9 |
Medium | vulnerabilities with a base score of 4.0 to 6.9 |
Low | vulnerabilities with a base score of 0.1 to 3.9 |
None | vulnerabilities with a base score of 0.0 |
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2024-56326 | Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2024-56326 |
CVE-2023-4617 | Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in versions before 5.9. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-4617 |
CVE-2024-45387 | An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2024-45387 |
CVE-2024-56057 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2024-56057 |
CVE-2024-56052 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2024-56052 |
CVE-2024-56050 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.3. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2024-56050 |
CVE-2024-54148 | Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-54148 |
CVE-2024-11349 | The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-11349 |
CVE-2024-12571 | The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12571 |
CVE-2022-32203 | There is a command injection vulnerability in Huawei terminal printer product. Successful exploitation could result in the highest privileges of the printer. (Vulnerability ID: HWPSIRT-2022-51773) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32203. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32203 |
CVE-2024-56327 | pyrage is a set of Python bindings for the rage file encryption library (age in Rust). `pyrage` uses the Rust `age` crate for its underlying operations, and `age` is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to `pyrage` for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details. Versions of `pyrage` before 1.2.0 lack plugin support and are therefore **not affected**. An equivalent issue was fixed in [the reference Go implementation of age](https://github.com/FiloSottile/age), see advisory GHSA-32gq-x56h-299c. This issue has been addressed in version 1.2.3 and all users are advised to update. There are no known workarounds for this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-56327 |
CVE-2024-12728 | A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12728 |
CVE-2024-12727 | A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12727 |
CVE-2024-10244 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection.This issue affects Web Software: before 3.6. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-10244 |
CVE-2021-26102 | A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26102 |
CVE-2024-54383 | Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-54383 |
CVE-2023-34990 | A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34990 |
CVE-2024-56059 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mighty Digital Partners allows Object Injection.This issue affects Partners: from n/a through 0.2.0. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-56059 |
CVE-2024-56058 | Deserialization of Untrusted Data vulnerability in Gueststream VRPConnector allows Object Injection.This issue affects VRPConnector: from n/a through 2.0.1. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-56058 |
CVE-2024-4996 | Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP installations. This issue affects Wapro ERP Desktop versions before 8.90.0. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-4996 |
CVE-2024-4995 | Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-4995 |
CVE-2024-1610 | In OPPO Store APP, there's a possible escalation of privilege due to improper input validation. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-1610 |
CVE-2024-12287 | The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, such as administrators, granted they have access to an email. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12287 |
CVE-2024-21546 | Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-21546 |
CVE-2024-12626 | The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘a-0-o-search_field_value’ parameter in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. When used in conjunction with the plugin's import and code action feature, this vulnerability can be leveraged to execute arbitrary code. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2024-12626 |
CVE-2024-40896 | In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-40896 |
CVE-2024-54150 | cjwt is a C JSON Web Token (JWT) Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS signed token during verification, it becomes vulnerable to this kind of attack. For instance, an attacker could craft a token with the alg field set to "HS256" while the server expects an asymmetric algorithm like "RS256". The server might mistakenly use the wrong verification method, such as using a public key as the HMAC secret, leading to unauthorised access. For RSA, the key can be computed from a few signatures. For Elliptic Curve (EC), two potential keys can be recovered from one signature. This can be used to bypass the signature mechanism if an application relies on asymmetrically signed tokens. This issue has been addressed in version 2.3.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-54150 |
CVE-2024-56054 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-56054 |
CVE-2024-51466 | IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement. | 9 | https://nvd.nist.gov/vuln/detail/CVE-2024-51466 |
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2024-12881 | The PlugVersions – Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the eos_plugin_reviews_restore_version() function in all versions up to, and including, 0.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files leveraging files included locally. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12881 |
CVE-2024-12594 | The Custom Login Page Styler – Login Protected Private Site , Change wp-admin login url , WordPress login logo , Temporary admin login access , Rename login , Login customizer, Hide wp-login – Limit Login Attempts – Locked Site plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'lps_generate_temp_access_url' AJAX action in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to login as other users such as subscribers. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12594 |
CVE-2024-56201 | Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-56201 |
CVE-2024-56311 | REDCap through 15.0.0 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-56311 |
CVE-2024-56310 | REDCap through 15.0.0 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-56310 |
CVE-2024-12771 | The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' function. This makes it possible for unauthenticated attackers to reset the password of any administrator or customer account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12771 |
CVE-2024-12066 | The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12066 |
CVE-2024-37758 | Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows authenticated attackers to escalate privileges. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-37758 |
CVE-2024-12700 | There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12700 |
CVE-2024-12729 | A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12729 |
CVE-2024-47093 | Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-47093 |
CVE-2024-25131 | A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard developer user to escalate their privileges to a cluster administrator and pivot to the AWS environment. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-25131 |
CVE-2020-15934 | An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-15934 |
CVE-2024-11984 | A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-11984 |
CVE-2024-56048 | Missing Authorization vulnerability in VibeThemes WPLMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through 1.9.9. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-56048 |
CVE-2024-55088 | GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-55088 |
CVE-2024-49576 | A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-49576 |
CVE-2024-47810 | A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-47810 |
CVE-2024-39703 | In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-39703 |
CVE-2024-12259 | The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not properly validating a user's identity prior to updating their email through the wc_update_user_data AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12259 |
CVE-2022-32144 | There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32144. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-32144 |
CVE-2024-56200 | Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this software is running or placing a heavy load on the network it is using. This issue has been fixed in v12.24Q4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2024-56200 |
CVE-2024-56055 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2. | 8.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-56055 |
CVE-2024-56051 | Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS allows Code Injection.This issue affects WPLMS: from n/a before 1.9.9.5. | 8.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-56051 |
CVE-2024-56049 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2. | 8.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-56049 |
CVE-2024-56047 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3. | 8.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-56047 |
CVE-2024-55985 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ydesignservices YDS Support Ticket System allows SQL Injection.This issue affects YDS Support Ticket System: from n/a through 1.0. | 8.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-55985 |
CVE-2024-55984 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susheelhbti Saksh Escrow System allows SQL Injection.This issue affects Saksh Escrow System: from n/a through 2.4. | 8.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-55984 |
CVE-2024-55983 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Derek Hamilton PowerFormBuilder allows SQL Injection.This issue affects PowerFormBuilder: from n/a through 1.0.6. | 8.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-55983 |
CVE-2024-55975 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rohit Urane Dr Affiliate allows SQL Injection.This issue affects Dr Affiliate: from n/a through 1.2.3. | 8.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-55975 |
CVE-2024-12902 | ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine using the default credentials. | 8.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12902 |
CVE-2024-47515 | A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-47515 |
CVE-2023-31279 | The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered devices on the AirVantage platform when the owner has not disabled the AirVantage Management Service on the devices or registered the device. This could enable an attacker to configure, manage, and execute AT commands on an unsuspecting user’s devices. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-31279 |
CVE-2024-56359 | grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier (meaning for example Ctrl+click) could have their account compromised, since the link could use the javascript\: scheme and be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are advised to upgrade. Users unable to upgrade should avoid clicking on HyperLink cell links using a control modifier in documents prepared by people they do not trust. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-56359 |
CVE-2024-56358 | grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are advised to upgrade. Users unable to upgrade should avoid previewing attachments in documents prepared by people they do not trust. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-56358 |
CVE-2024-56357 | grist-core is a spreadsheet hosting server. A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the `javascript\:` scheme with custom widget URLs and form redirect URLs. This issue has been patched in version 1.3.1. Users are advised to upgrade. Users unable to upgrade should avoid visiting documents or forms prepared by people they do not trust. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-56357 |
CVE-2021-32589 | A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32589 |
CVE-2024-54270 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axeptio Axeptio allows PHP Local File Inclusion.This issue affects Axeptio: from n/a through 2.5.3. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-54270 |
CVE-2024-56174 | In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-56174 |
CVE-2024-12432 | The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generate_key' function not producing a sufficiently random value. This makes it possible for authenticated attackers, with Subscriber-level access and above, to log in as site administrators, granted they have triggered the ajax_login() function which generates a unique key that can be used to log in. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-12432 |
CVE-2024-12746 | A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12746 |
CVE-2024-12745 | A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12745 |
CVE-2024-12744 | A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12744 |
CVE-2024-40695 | IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2024-40695 |
CVE-2024-12111 | In a specific scenario a LDAP user can abuse the authentication process in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5) | 8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12111 |
CVE-2024-56363 | APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. In 1.0, there is a vulnerability in the web application's handling of user-supplied input that is incorporated into a Jinja2 template. Specifically, when user input is improperly sanitized or validated, an attacker can inject Jinja2 syntax into the template, causing the server to execute arbitrary code. For example, an attacker might be able to inject expressions like {{ config }}, {{ self.class.mro[1].subclasses() }}, or more dangerous payloads that trigger execution of arbitrary Python code. The vulnerability can be reproduced by submitting crafted input to all the template fields handled by ckeditor, that are passed directly to a Jinja2 template. If the input is rendered without sufficient sanitization, it results in the execution of malicious Jinja2 code on the server. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-56363 |
CVE-2024-53256 | Rizin is a UNIX-like reverse engineering framework and command-line toolset. `rizin.c` still had an old snippet of code which suffered a command injection due the usage of `rz_core_cmdf` to invoke the command `m` which was removed in v0.1.x. A malicious binary defining `bclass` (part of RzBinInfo) is executed if `rclass` (part of RzBinInfo) is set to `fs`; the vulnerability can be exploited by any bin format where `bclass` and `rclass` are user defined. This vulnerability is fixed in 0.7.4. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-53256 |
CVE-2024-12903 | Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12903 |
CVE-2024-56334 | systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID can be executed as OS commands. This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation. This issue has been addressed in version 5.23.7 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-56334 |
CVE-2024-12677 | Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12677 |
CVE-2024-12786 | A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. This product is not affiliated with the company Adobe. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12786 |
CVE-2021-26115 | An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26115 |
CVE-2024-4230 | External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-4230 |
CVE-2024-4229 | Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-4229 |
CVE-2024-35141 | IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-35141 |
CVE-2022-27595 | An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windows 2.0.0.1316 and later QVPN Windows 2.0.0.1310 and later | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27595 |
CVE-2022-44520 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44520 |
CVE-2022-44518 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44518 |
CVE-2022-44514 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44514 |
CVE-2022-44513 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44513 |
CVE-2022-44512 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44512 |
CVE-2024-12741 | A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress 5.1 and prior versions. Please note that DAQExpress is an EOL product and will not receive any updates. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-12741 |
CVE-2024-47480 | Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-47480 |
CVE-2024-56335 | vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's account has admin or owner permissions in an unrelated organization. 3. The attacker knows the target organization's UUID and the target group's UUID. Note that this vulnerability is related to group functionality and as such is only applicable for servers who have enabled the `ORG_GROUPS_ENABLED` setting, which is disabled by default. This attack can lead to different situations: 1. Denial of service, the attacker can limit users from accessing the organization's data by removing their membership from the group. 2. Privilege escalation, if the attacker is part of the victim organization, they can escalate their own privileges by joining a group they wouldn't normally have access to. For attackers that aren't part of the organization, this shouldn't lead to any possible plain-text data exfiltration as all the data is encrypted client side. This vulnerability is patched in Vaultwarden `1.32.7`, and users are recommended to update as soon as possible. If it's not possible to update to `1.32.7`, some possible workarounds are: 1. Disabling `ORG_GROUPS_ENABLED`, which would disable groups functionality on the server. 2. Disabling `SIGNUPS_ALLOWED`, which would not allow an attacker to create new accounts on the server. | 7.6 | https://nvd.nist.gov/vuln/detail/CVE-2024-56335 |
CVE-2024-56053 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3. | 7.6 | https://nvd.nist.gov/vuln/detail/CVE-2024-56053 |
CVE-2024-49202 | Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0. | 7.6 | https://nvd.nist.gov/vuln/detail/CVE-2024-49202 |
CVE-2024-56375 | An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a Manifest RPKI object containing an empty fileList. Fort dereferences (and, shortly afterwards, writes to) this array during a shuffle attempt, before the validation that would normally reject it when empty. This out-of-bounds access is caused by an integer underflow that causes the surrounding loop to iterate infinitely. Because the product is permanently stuck attempting to overshuffle an array that doesn't actually exist, a crash is nearly guaranteed. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-56375 |
CVE-2024-55470 | Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the issue, as the application relies on client-side information for authentication. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-55470 |
CVE-2024-12014 | Path Traversal and Insecure Direct Object Reference (IDOR) vulnerabilities in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-12014 |
CVE-2024-21549 | Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file.\r\r**Note:**\r\rThis is a bypass of the fix for [CVE-2024-21544](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-21549 |
CVE-2024-44231 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. A person with physical access to a Mac may be able to bypass Login Window during a software update. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-44231 |
CVE-2024-44211 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-44211 |
CVE-2024-44195 | A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to read arbitrary files. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-44195 |
CVE-2022-34159 | Huawei printers have an input verification vulnerability. Successful exploitation of this vulnerability may cause device service exceptions. (Vulnerability ID: HWPSIRT-2022-80078) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-34159. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34159 |
CVE-2022-32204 | There is an improper input verification vulnerability in Huawei printer product. Successful exploitation of this vulnerability may cause service abnormal. (Vulnerability ID: HWPSIRT-2022-87185) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32204. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32204 |
CVE-2024-54538 | A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, macOS Ventura 13.7.1. A remote attacker may be able to cause a denial-of-service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-54538 |
CVE-2024-53991 | Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use `FileStore::LocalStore` which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick nginx into sending the Discourse backup file with a well crafted request. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade can either 1. Download all local backups on to another storage device, disable the `enable_backups` site setting and delete all backups until the site has been upgraded to pull in the fix. Or 2. Change the `backup_location` site setting to `s3` so that backups are stored and downloaded directly from S3. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-53991 |
CVE-2024-38819 | Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-38819 |
CVE-2023-7005 | A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-7005 |
CVE-2024-54790 | A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-54790 |
CVE-2024-12569 | Disclosure of sensitive information in HikVision camera driver's log file in XProtect Device Pack allows an attacker to read camera credentials stored in the Recording Server under specific conditions. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-12569 |
CVE-2024-53270 | Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok status if the stream is already reset leading to the nullptr reference. The downstream reset can actually happen during the H/2 upstream reset. As a result envoy may crash. This issue has been addressed in releases 1.32.3, 1.31.5, 1.30.9, and 1.29.12. Users are advised to upgrade. Users unable to upgrade may disable `http1_server_abort_dispatch` load shed point and/or use a high threshold. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-53270 |
CVE-2024-56008 | Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through 1.0.4. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-56008 |
CVE-2024-11912 | The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL Injection via the ‘order_id’ parameter in all versions up to, and including, 3.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-11912 |
CVE-2024-47397 | Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be bypassed with an undocumented specific string. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-47397 |
CVE-2024-4464 | Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-4464 |
CVE-2024-21548 | Versions of the package bun before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun's APIs that accept objects. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-21548 |
CVE-2024-21547 | Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\\\. An attacker could read any file on the server by exploiting the normalization of \\ into /. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-21547 |
CVE-2024-12025 | The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, 3.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-12025 |
CVE-2024-53961 | ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-53961 |
CVE-2024-49363 | Misskey is an open source, federated social media platform. In affected versions FileServerService (media proxy) in github.com/misskey-dev/misskey 2024.10.1 or earlier did not detect proxy loops, which allows remote actors to execute a self-propagating reflected/amplified distributed denial-of-service via a maliciously crafted note. FileServerService.prototype.proxyHandler did not check incoming requests are not coming from another proxy server. An attacker can execute an amplified denial-of-service by sending a nested proxy request to the server and end the request with a malicious redirect back to another nested proxy request. Leading to unbounded recursion until the original request is timed out. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. Users unable to upgrade may configure the reverse proxy to block requests to the proxy with an empty User-Agent header or one containing Misskey/. An attacker can not effectively modify the User-Agent header without making another request to the server. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-49363 |
CVE-2024-12899 | A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/course_action.php. The manipulation of the argument course_code leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12899 |
CVE-2024-12884 | A vulnerability was found in Codezips E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12884 |
CVE-2024-11977 | The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-11977 |
CVE-2024-12792 | A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12792 |
CVE-2024-12791 | A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12791 |
CVE-2024-12788 | A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file signinpost.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12788 |
CVE-2024-12787 | A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/check_student_login.php. The manipulation of the argument student_emailid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12787 |
CVE-2024-12782 | A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12782 |
CVE-2021-26093 | An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-26093 |
CVE-2024-11740 | The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-11740 |
CVE-2023-23354 | A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-23354 |
CVE-2024-12721 | The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2024-12721 |
CVE-2024-55086 | In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2024-55086 |
CVE-2024-48889 | An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2024-48889 |
CVE-2024-54457 | Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to enable telnet service. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2024-54457 |
CVE-2024-53688 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to execute an arbitrary OS command using a crafted HTTP request. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2024-53688 |
CVE-2024-12582 | A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the "admin" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-12582 |
CVE-2024-56362 | Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-56362 |
CVE-2024-51532 | Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-51532 |
CVE-2024-43106 | A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-43106 |
CVE-2024-42220 | A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-42220 |
CVE-2024-42004 | A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-42004 |
CVE-2024-41165 | A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-41165 |
CVE-2024-41159 | A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-41159 |
CVE-2024-41145 | A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-41145 |
CVE-2024-41138 | A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-41138 |
CVE-2024-39804 | A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-39804 |
CVE-2024-53271 | Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-53271 |
CVE-2024-54381 | Missing Authorization vulnerability in theDotstore Advance Menu Manager.This issue affects Advance Menu Manager: from n/a through 3.1.1. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-54381 |
CVE-2024-56016 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPTooling Image Mapper allows Reflected XSS.This issue affects Image Mapper: from n/a through 0.2.5.3. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-56016 |
CVE-2024-56010 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy / PerfOps One Device Detector allows Reflected XSS.This issue affects Device Detector: from n/a through 4.2.0. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-56010 |
CVE-2024-54350 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HJYL hmd allows Stored XSS.This issue affects hmd: from n/a through 2.0. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-54350 |
CVE-2024-51646 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saoshyant Saoshyant Element allows Reflected XSS.This issue affects Saoshyant Element: from n/a through 1.2. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-51646 |
CVE-2024-49677 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Cramer Bootstrap Buttons allows Reflected XSS.This issue affects Bootstrap Buttons: from n/a through 1.2. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-49677 |
CVE-2024-28767 | IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-28767 |
CVE-2024-7726 | There exists an unauthenticated accessible JTAG port on the Kioxia PM6, PM7 and CM6 devices - On the Kioxia CM6, PM6 and PM7 disk drives it was discovered that the 2 main CPU cores of the SoC can be accessed via an open JTAG debug port that is exposed on the drive’s circuit board. Due to the wide cutout of the enclosures, the JTAG port can be accessed without having to open the disk enclosure. Utilizing the JTAG debug port, an attacker with (temporary) physical access can get full access to the firmware and memory on the 2 main CPU cores within the drive including the execution of arbitrary code, the modification of firmware execution flow and data or bypassing the firmware signature verification during boot-up. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-7726 |
CVE-2024-52794 | Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-52794 |
CVE-2022-27600 | An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2277 and later QTS 4.5.4.2280 build 20230112 and later QuTS hero h5.0.1.2277 build 20230112 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27600 |
CVE-2024-45082 | IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-45082 |
CVE-2024-47104 | IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-47104 |
CVE-2022-21505 | In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-21505 |
CVE-2024-12686 | A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2024-12686 |
CVE-2024-11726 | The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpress_form' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-11726 |
CVE-2024-10856 | The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the `id` parameter in the “wpdevart_booking_calendar” shortcode in versions up to, and including, 3.2.19 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. The vulnerability requires the “delete_prev_date” theme option being enabled. This makes it possible for authenticated attackers, with contributor-level access or above, to append additional SQL queries into already existing query that can be used to extract sensitive information such as passwords from the database. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-10856 |
CVE-2024-12031 | The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floating_content_duplicate_post' function in all versions up to, and including, 3.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-12031 |
CVE-2024-12266 | The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the elex_dp_export_rules() and elex_dp_import_rules() functions in all versions up to, and including, 2.1.7. This makes it possible for unauthenticated attackers to import and export product rules along with obtaining phpinfo() data | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-12266 |
CVE-2024-12558 | The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive information from the database, such as the hashed administrator password. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-12558 |
CVE-2024-12635 | The WP Docs plugin for WordPress is vulnerable to time-based SQL Injection via the 'dir_id' parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The vulnerability was partially patched in version 2.2.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-12635 |
CVE-2024-55471 | Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-55471 |
CVE-2024-12678 | Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-12678 |
CVE-2024-7139 | Due to an unchecked buffer length, a specially crafted L2CAP packet can cause a buffer overflow. This buffer overflow triggers an assert, which results in a temporary denial of service. If a watchdog timer is not enabled, a hard reset is required to recover the device. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-7139 |
CVE-2024-7138 | An assert may be triggered, causing a temporary denial of service when a peer device sends a specially crafted malformed L2CAP packet. If a watchdog timer is not enabled, a hard reset is required to recover the device. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-7138 |
CVE-2024-7137 | The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Receiving a packet that exceeds the restricted buffer length may cause a crash. A hard reset is required to recover the crashed device. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-7137 |
CVE-2024-49336 | IBM Security Guardium 11.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-49336 |
CVE-2024-37962 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Fusion allows Stored XSS.This issue affects Fusion: from n/a through 1.6.1. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-37962 |
CVE-2024-10548 | The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List ('/wp-json/pm/v2/projects/1/task-lists') REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the hashed passwords of project owners (e.g. adminstrators). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-10548 |
CVE-2024-51470 | IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-51470 |
CVE-2024-55997 | Missing Authorization vulnerability in Web Chunky Order Delivery & Pickup Location Date Time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery & Pickup Location Date Time: from n/a through 1.1.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-55997 |
CVE-2024-52485 | Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Menu Image: from n/a through 2.2. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-52485 |
CVE-2024-11926 | The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item', and '__userDenyEachInfo' functions in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify posts, delete posts and pages, approve arbitrary orders, insert orders with arbitrary prices, and deny user information. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-11926 |
CVE-2024-12698 | An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487) where only unauthenticated streams were protected, not streams created by authenticated sources. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-12698 |
CVE-2024-12268 | The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsive-block-editor-addons/portfolio' block in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12268 |
CVE-2024-8721 | The Tracking Code Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tracking code field in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-8721 |
CVE-2024-11896 | The Text Prompter – Unlimited chatgpt text prompts for openai tasks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'text_prompter' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11896 |
CVE-2024-12814 | The Loan Comparison plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'loancomparison' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12814 |
CVE-2024-12622 | The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_cart_button' and 'wp_cart_display_product' shortcodes in all versions up to, and including, 5.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12622 |
CVE-2024-11885 | The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'njtele_button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11885 |
CVE-2024-12518 | The ShMapper by Teplitsa plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shmMap' shortcode in all versions up to, and including, 1.4.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12518 |
CVE-2024-12507 | The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12507 |
CVE-2024-11230 | The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.6.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11230 |
CVE-2024-12591 | The MagicPost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wb_share_social shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12591 |
CVE-2024-10453 | The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-10453 |
CVE-2024-9545 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_contact_box and aux_gmaps shortcodes in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-9545 |
CVE-2024-12588 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12588 |
CVE-2024-12697 | The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12697 |
CVE-2024-11938 | The One Click Upsell Funnel for WooCommerce – Funnel Builder for WordPress, Create WooCommerce Upsell, Post-Purchase Upsell & Cross Sell Offers that Boost Sales & Increase Profits with Sales Funnel Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wps_wocuf_pro_yes shortcode in all versions up to, and including, 3.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11938 |
CVE-2024-11196 | The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mctagmap shortcode in all versions up to, and including, 17.0.33 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11196 |
CVE-2024-9619 | The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-9619 |
CVE-2024-12509 | The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embed_twine' shortcode in all versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12509 |
CVE-2024-12506 | The NACC WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nacc' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12506 |
CVE-2024-11893 | The Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spoki_button' shortcode in all versions up to, and including, 2.15.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11893 |
CVE-2024-11878 | The Category Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'category-post-slider' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11878 |
CVE-2024-11784 | The Sell Tickets Online – TicketSource Ticket Shop for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11784 |
CVE-2024-11783 | The Financial Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'finance_calculator' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11783 |
CVE-2024-11775 | The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11775 |
CVE-2024-11774 | The Outdooractive Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11774 |
CVE-2024-11411 | The Spotlightr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11411 |
CVE-2024-11776 | The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode in all versions up to, and including, 1.4.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11776 |
CVE-2024-52579 | Misskey is an open source, federated social media platform. Some APIs using `HttpRequestService` do not properly check the target host. This vulnerability allows an attacker to send POST or GET requests to the internal server, which may result in a SSRF attack.It allows an attacker to send POST or GET requests (with some controllable URL parameters) to private IPs, enabling further attacks on internal servers. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-52579 |
CVE-2024-12449 | The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_player_html' shortcode in all versions up to, and including, 2.6.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12449 |
CVE-2024-12513 | The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RF_CONTEST' shortcode in all versions up to, and including, 2.0.65 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12513 |
CVE-2024-12500 | The Philantro – Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12500 |
CVE-2024-11881 | The Easy Waveform Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11881 |
CVE-2024-11748 | The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'taeggie-feed' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11748 |
CVE-2024-11439 | The ScanCircle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'scancircle' shortcode in all versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11439 |
CVE-2018-25106 | A vulnerability, which was classified as critical, has been found in webuidesigning NebulaX Theme up to 5.0 on WordPress. This issue affects the function nebula_send_to_hubspot of the file libs/Legacy/Legacy.php. The manipulation leads to sql injection. The attack may be initiated remotely. The patch is named 41230a81db0f671c570c2644bc2f80565ca83c5a. It is recommended to apply a patch to fix this issue. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-25106 |
CVE-2024-12900 | A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12900 |
CVE-2024-12898 | A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/faculty_action.php. The manipulation of the argument faculty_course_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12898 |
CVE-2024-12895 | A vulnerability has been found in TreasureHuntGame TreasureHunt up to 963e0e0 and classified as critical. Affected by this vulnerability is the function console_log of the file TreasureHunt/checkflag.php. The manipulation of the argument problema leads to sql injection. The attack can be launched remotely. The identifier of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12895 |
CVE-2024-12894 | A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0. Affected is an unknown function of the file TreasureHunt/acesso.php. The manipulation of the argument usuario leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12894 |
CVE-2024-12891 | A vulnerability classified as critical has been found in code-projects Online Exam Mastering System 1.0. Affected is an unknown function of the file /account.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12891 |
CVE-2024-12890 | A vulnerability was found in code-projects Online Exam Mastering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /update.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12890 |
CVE-2024-56351 | In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-56351 |
CVE-2024-12794 | A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12794 |
CVE-2024-12789 | A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.4 is able to address this issue. It is recommended to upgrade the affected component. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12789 |
CVE-2024-12785 | A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file sendmail.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12785 |
CVE-2024-12784 | A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been classified as critical. Affected is an unknown function of the file editbill.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12784 |
CVE-2024-52897 | IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | 6.2 | https://nvd.nist.gov/vuln/detail/CVE-2024-52897 |
CVE-2024-52896 | IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | 6.2 | https://nvd.nist.gov/vuln/detail/CVE-2024-52896 |
CVE-2024-12468 | The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdp_get_selected_datepicker' parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-12468 |
CVE-2024-12405 | The Export Customers Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't' parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-12405 |
CVE-2024-12100 | The Bitcoin Lightning Publisher for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-12100 |
CVE-2024-12096 | The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-12096 |
CVE-2024-12710 | The WP-Appbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-12710 |
CVE-2024-53276 | Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, an open CORS policy in app.js may allow an attacker to view the images of home-gallery when it is using the default settings. The following express middleware allows any website to make a cross site request to home-gallery, thus allowing them to read any endpoint on home-gallery. Home-gallery is mostly safe from cross-site requests due to most of its pages requiring JavaScript, and cross-site requests such as fetch() do not render javascript. If an attacker is able to get the path of the preview images which are randomized, an attacker will be able to view such a photo. If any static files or endpoints are introduced in the future that contain sensitive information, they will be accessible to an attacker website. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-53276 |
CVE-2024-12408 | The WP on AWS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST data in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-12408 |
CVE-2024-11688 | The LaTeX2HTML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ver' or 'date' parameter in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-11688 |
CVE-2024-11808 | The Pingmeter Uptime Monitoring plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-11808 |
CVE-2024-12262 | The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-12262 |
CVE-2024-11975 | The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.10. This is due to missing or incorrect nonce validation affecting the _wpnonce parameter. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-11975 |
CVE-2024-11682 | The G Web Pro Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-11682 |
CVE-2024-11287 | The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8001. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-11287 |
CVE-2024-11811 | The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-11811 |
CVE-2024-11812 | The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.091. This is due to missing or incorrect nonce validation on the SeoPilot_Admin_Options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-11812 |
CVE-2024-11806 | The PKT1 Centro de envios plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'success' and 'error' parameters in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-11806 |
CVE-2024-11331 | The استخراج محصولات ووکامرس برای آیسی plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-11331 |
CVE-2024-55492 | Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-55492 |
CVE-2024-12454 | The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-12454 |
CVE-2024-56175 | In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-56175 |
CVE-2024-11254 | The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqus_name parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-11254 |
CVE-2024-23945 | Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation. The vulnerable CookieSigner logic was introduced in Apache Hive by HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following: * org.apache.hive:hive-service * org.apache.spark:spark-hive-thriftserver_2.11 * org.apache.spark:spark-hive-thriftserver_2.12 | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2024-23945 |
CVE-2024-11722 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This requires an unauthenticated user to have been given permission to view form submissions, and the form submission shortcode be added to a page. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2024-11722 |
CVE-2024-56356 | In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2024-56356 |
CVE-2021-39081 | IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-39081 |
CVE-2024-56140 | Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the `security.checkOrigin` configuration option is set to `true`, Astro middleware will perform a CSRF check. However, a vulnerability exists that can bypass this security. A semicolon-delimited parameter is allowed after the type in `Content-Type`. Web browsers will treat a `Content-Type` such as `application/x-www-form-urlencoded; abc` as a `simple request` and will not perform preflight validation. In this case, CSRF is not blocked as expected. Additionally, the `Content-Type` header is not required for a request. This issue has been addressed in version 4.16.17 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2024-56140 |
CVE-2024-47119 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2024-47119 |
CVE-2020-6923 | The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-6923 |
CVE-2024-52361 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2024-52361 |
CVE-2024-56354 | In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-56354 |
CVE-2024-56353 | In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-56353 |
CVE-2024-44298 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about a user's contacts. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-44298 |
CVE-2024-44293 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may be able to view sensitive user information. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-44293 |
CVE-2024-44292 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-44292 |
CVE-2023-23356 | A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QuFirewall 2.3.3 ( 2023/03/27 ) and later and later | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23356 |
CVE-2023-21586 | Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21586 |
CVE-2022-44519 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44519 |
CVE-2022-44517 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44517 |
CVE-2022-44516 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44516 |
CVE-2022-44515 | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44515 |
CVE-2024-10584 | The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. When DirectoryPress Frontend is installed, this can be exploited by unauthenticated users. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-10584 |
CVE-2024-12617 | The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and modify history data. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12617 |
CVE-2024-9427 | A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-9427 |
CVE-2024-56364 | SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-56364 |
CVE-2024-56314 | A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-56314 |
CVE-2024-56313 | A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-56313 |
CVE-2024-56312 | A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-56312 |
CVE-2024-51463 | IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-51463 |
CVE-2024-5955 | Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orchestrator. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-5955 |
CVE-2024-11108 | The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-11108 |
CVE-2020-12820 | Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-12820 |
CVE-2020-12819 | A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled. Arbitrary code execution may be theoretically possible, albeit practically very difficult to achieve in this context | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-12819 |
CVE-2024-12121 | The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12121 |
CVE-2021-20553 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-20553 |
CVE-2024-41752 | IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-41752 |
CVE-2024-25042 | IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-25042 |
CVE-2024-12554 | The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the cas_register_post() function. This makes it possible for unauthenticated attackers to blacklist emails via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12554 |
CVE-2024-10892 | The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-10892 |
CVE-2024-12103 | The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eos_dyn_get_content action due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12103 |
CVE-2024-12034 | The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not utilizing a strong unique key when generating an unblock request. This makes it possible for unauthenticated attackers to unblock their IP after being locked out due to too many bad password attempts | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12034 |
CVE-2024-12901 | A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12901 |
CVE-2024-12896 | A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222 and classified as problematic. Affected by this issue is some unknown functionality of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor assesses that "the information disclosed in the URL is not sensitive or poses any risk to the user". | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12896 |
CVE-2023-31280 | An AirVantage online Warranty Checker tool vulnerability could allow an attacker to perform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial Number in addition to the warranty status when the Serial Number or IMEI is used to look up warranty status. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-31280 |
CVE-2024-56349 | In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-56349 |
CVE-2024-11297 | The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-11297 |
CVE-2024-49765 | Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-49765 |
CVE-2024-51471 | IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-51471 |
CVE-2024-11768 | The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-11768 |
CVE-2023-30443 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30443 |
CVE-2024-56128 | Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism (SCRAM) did not fully adhere to the requirements of RFC 5802 [1]. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the nonce sent by the server in its first message. However, Kafka's SCRAM implementation did not perform this validation. Impact: This vulnerability is exploitable only when an attacker has plaintext access to the SCRAM authentication exchange. However, the usage of SCRAM over plaintext is strongly discouraged as it is considered an insecure practice [2]. Apache Kafka recommends deploying SCRAM exclusively with TLS encryption to protect SCRAM exchanges from interception [3]. Deployments using SCRAM with TLS are not affected by this issue. How to Detect If You Are Impacted: If your deployment uses SCRAM authentication over plaintext communication channels (without TLS encryption), you are likely impacted. To check if TLS is enabled, review your server.properties configuration file for listeners property. If you have SASL_PLAINTEXT in the listeners, then you are likely impacted. Fix Details: The issue has been addressed by introducing nonce verification in the final message of the SCRAM authentication exchange to ensure compliance with RFC 5802. Affected Versions: Apache Kafka versions 0.10.2.0 through 3.9.0, excluding the fixed versions below. Fixed Versions: 3.9.0 3.8.1 3.7.2 Users are advised to upgrade to 3.7.2 or later to mitigate this issue. Recommendations for Mitigation: Users unable to upgrade to the fixed versions can mitigate the issue by: - Using TLS with SCRAM Authentication: Always deploy SCRAM over TLS to encrypt authentication exchanges and protect against interception. - Considering Alternative Authentication Mechanisms: Evaluate alternative authentication mechanisms, such as PLAIN, Kerberos or OAuth with TLS, which provide additional layers of security. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-56128 |
CVE-2024-11291 | The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-11291 |
CVE-2024-11295 | The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-11295 |
CVE-2024-12250 | The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. This makes it possible for unauthenticated attackers to extract configuration data which can be used to aid in other attacks. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12250 |
CVE-2021-29827 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | 5.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-29827 |
CVE-2024-12840 | A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner. | 5 | https://nvd.nist.gov/vuln/detail/CVE-2024-12840 |
CVE-2022-40733 | An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service. | 5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40733 |
CVE-2022-40732 | An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service. | 5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40732 |
CVE-2024-50570 | A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector | 5 | https://nvd.nist.gov/vuln/detail/CVE-2024-50570 |
CVE-2024-12850 | The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the database_backup_ajax_download() function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2024-12850 |
CVE-2024-12875 | The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2024-12875 |
CVE-2024-10706 | The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-10706 |
CVE-2024-10555 | The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2024-10555 |
CVE-2023-23357 | A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23357 |
CVE-2024-55341 | A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2024-55341 |
CVE-2024-55342 | A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2024-55342 |
CVE-2024-8968 | The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2024-8968 |
CVE-2024-56173 | In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2024-56173 |
CVE-2024-56355 | In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2024-56355 |
CVE-2024-56352 | In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2024-56352 |
CVE-2022-33954 | IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-33954 |
CVE-2024-53269 | Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration. | 4.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-53269 |
CVE-2023-50956 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-50956 |
CVE-2024-12210 | The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcdn_remove_shoplogo' AJAX action in all versions up to, and including, 5.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove the shop's logo. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12210 |
CVE-2024-53275 | Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vulnerable to DNS rebinding. Home-gallery is set up without TLS and user authentication by default, leaving it vulnerable to DNS rebinding. In this attack, an attacker will ask a user to visit their website. The attacker website will then change the DNS records of their domain from their IP address to the internal IP address of the home-gallery instance. To tell which IP addresses are valid, we can rebind a subdomain to each IP address we want to check, and see if there is a response. Once potential candidates have been found, the attacker can launch the attack by reading the response of the web server after the IP address has changed. When the attacker domain is fetched, the response will be from the home-gallery instance, not the attacker website, because the IP address has been changed. Due to a lack of authentication, home-gallery photos can then be extracted by the attacker website. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-53275 |
CVE-2024-12897 | A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12897 |
CVE-2024-11852 | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function in all versions up to, and including, 5.10.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain a detailed listing of layout templates. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-11852 |
CVE-2024-51464 | IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-51464 |
CVE-2024-12883 | A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /_email.php. The manipulation of the argument email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12883 |
CVE-2024-10797 | The Full Screen Menu for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.7 via the Full Screen Menu Elementor Widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-10797 |
CVE-2024-12846 | A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of the argument siteurl/icon leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12846 |
CVE-2024-12844 | A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.1. Affected is an unknown function of the file /admin/store.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12844 |
CVE-2024-12843 | A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/plugin.php. The manipulation of the argument filter leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12843 |
CVE-2024-12842 | A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12842 |
CVE-2024-12841 | A vulnerability was found in Emlog Pro up to 2.4.1. It has been classified as problematic. This affects an unknown part of the file /admin/tag.php. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12841 |
CVE-2024-55186 | An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging to other users. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-55186 |
CVE-2024-56350 | In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-56350 |
CVE-2024-56348 | In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-56348 |
CVE-2024-9503 | The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wploti_add_whitelisted_roles_option', 'wploti_remove_whitelisted_roles_option', 'wploti_add_whitelisted_users_option', 'wploti_remove_whitelisted_users_option', and 'wploti_uploaded_animation_save_option' functions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify certain plugin settings. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-9503 |
CVE-2024-12793 | A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.4 is able to address this issue. It is recommended to upgrade the affected component. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12793 |
CVE-2024-12331 | The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Filebird plugin. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12331 |
CVE-2024-12560 | The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12560 |
CVE-2024-49201 | Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-49201 |
CVE-2024-12340 | The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets/content-slider.php and widgets/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12340 |
CVE-2024-12596 | The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llms_delete_cert' action in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12596 |
CVE-2024-12061 | The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naevents_elementor_template shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2024-12061 |
CVE-2024-54009 | Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information. | 4 | https://nvd.nist.gov/vuln/detail/CVE-2024-54009 |
CVE-2024-12892 | A vulnerability classified as problematic was found in code-projects Online Exam Mastering System 1.0. Affected by this vulnerability is an unknown functionality of the file /sign.php?q=account.php. The manipulation of the argument name/gender/college leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-12892 |
CVE-2024-12845 | A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-12845 |
CVE-2024-12790 | A vulnerability was found in code-projects Hostel Management Site 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file room-details.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-12790 |
CVE-2024-12783 | A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /billaction.php. The manipulation of the argument extra-cost leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-12783 |
CVE-2020-9250 | There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-9250 |
CVE-2024-12893 | A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. Affected by this issue is some unknown functionality of the file /usuarios/tipos/2 of the component Tipo de Usuário Page. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2.4 | https://nvd.nist.gov/vuln/detail/CVE-2024-12893 |
CVE-2024-52589 | Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from untrusted users. | 2.2 | https://nvd.nist.gov/vuln/detail/CVE-2024-52589 |
CVE-2019-2483 | Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | – | https://nvd.nist.gov/vuln/detail/CVE-2019-2483 |
CVE-2024-53163 | In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_420xx - fix off by one in uof_get_name() This is called from uof_get_name_420xx() where "num_objs" is the ARRAY_SIZE() of fw_objs[]. The > needs to be >= to prevent an out of bounds access. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53163 |
CVE-2024-53162 | In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_4xxx - fix off by one in uof_get_name() The fw_objs[] array has "num_objs" elements so the > needs to be >= to prevent an out of bounds read. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53162 |
CVE-2024-53161 | In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation of the SMC argument. The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any potential integer overflow, i.e. loss of data from upper 16 bits. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53161 |
CVE-2024-53160 | In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu KCSAN reports a data race when access the krcp->monitor_work.timer.expires variable in the schedule_delayed_monitor_work() function: <snip> BUG: KCSAN: data-race in __mod_timer / kvfree_call_rcu read to 0xffff888237d1cce8 of 8 bytes by task 10149 on cpu 1: schedule_delayed_monitor_work kernel/rcu/tree.c:3520 [inline] kvfree_call_rcu+0x3b8/0x510 kernel/rcu/tree.c:3839 trie_update_elem+0x47c/0x620 kernel/bpf/lpm_trie.c:441 bpf_map_update_value+0x324/0x350 kernel/bpf/syscall.c:203 generic_map_update_batch+0x401/0x520 kernel/bpf/syscall.c:1849 bpf_map_do_batch+0x28c/0x3f0 kernel/bpf/syscall.c:5143 __sys_bpf+0x2e5/0x7a0 __do_sys_bpf kernel/bpf/syscall.c:5741 [inline] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline] __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5739 x64_sys_call+0x2625/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f write to 0xffff888237d1cce8 of 8 bytes by task 56 on cpu 0: __mod_timer+0x578/0x7f0 kernel/time/timer.c:1173 add_timer_global+0x51/0x70 kernel/time/timer.c:1330 __queue_delayed_work+0x127/0x1a0 kernel/workqueue.c:2523 queue_delayed_work_on+0xdf/0x190 kernel/workqueue.c:2552 queue_delayed_work include/linux/workqueue.h:677 [inline] schedule_delayed_monitor_work kernel/rcu/tree.c:3525 [inline] kfree_rcu_monitor+0x5e8/0x660 kernel/rcu/tree.c:3643 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3310 worker_thread+0x51d/0x6f0 kernel/workqueue.c:3391 kthread+0x1d1/0x210 kernel/kthread.c:389 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Reported by Kernel Concurrency Sanitizer on: CPU: 0 UID: 0 PID: 56 Comm: kworker/u8:4 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events_unbound kfree_rcu_monitor <snip> kfree_rcu_monitor() rearms the work if a "krcp" has to be still offloaded and this is done without holding krcp->lock, whereas the kvfree_call_rcu() holds it. Fix it by acquiring the "krcp->lock" for kfree_rcu_monitor() so both functions do not race anymore. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53160 |
CVE-2024-53159 | In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix overflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtoul() results in an overflow if a large number such as 18446744073709551615 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53159 |
CVE-2024-53158 | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration. However, that check doesn't make sense on the first iteration through the loop. It leads to reading before the start of these->clk_perf_tbl[] array. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53158 |
CVE-2024-53157 | In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero. dvfs_info.opp_count may be zero on some platforms during the reboot test, and the kernel will crash after dereferencing the pointer to kcalloc(info->count, sizeof(*opp), GFP_KERNEL). | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 | Mem abort info: | ESR = 0x96000004 | Exception class = DABT (current EL), IL = 32 bits | SET = 0, FnV = 0 | EA = 0, S1PTW = 0 | Data abort info: | ISV = 0, ISS = 0x00000004 | CM = 0, WnR = 0 | user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000faefa08c | [0000000000000028] pgd=0000000000000000 | Internal error: Oops: 96000004 [#1] SMP | scpi-hwmon: probe of PHYT000D:00 failed with error -110 | Process systemd-udevd (pid: 1701, stack limit = 0x00000000aaede86c) | CPU: 2 PID: 1701 Comm: systemd-udevd Not tainted 4.19.90+ #1 | Hardware name: PHYTIUM LTD Phytium FT2000/4/Phytium FT2000/4, BIOS | pstate: 60000005 (nZCv daif -PAN -UAO) | pc : scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | lr : clk_register+0x438/0x720 | Call trace: | scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | devm_clk_hw_register+0x50/0xa0 | scpi_clk_ops_init.isra.2+0xa0/0x138 [clk_scpi] | scpi_clocks_probe+0x528/0x70c [clk_scpi] | platform_drv_probe+0x58/0xa8 | really_probe+0x260/0x3d0 | driver_probe_device+0x12c/0x148 | device_driver_attach+0x74/0x98 | __driver_attach+0xb4/0xe8 | bus_for_each_dev+0x88/0xe0 | driver_attach+0x30/0x40 | bus_add_driver+0x178/0x2b0 | driver_register+0x64/0x118 | __platform_driver_register+0x54/0x60 | scpi_clocks_driver_init+0x24/0x1000 [clk_scpi] | do_one_initcall+0x54/0x220 | do_init_module+0x54/0x1c8 | load_module+0x14a4/0x1668 | __se_sys_finit_module+0xf8/0x110 | __arm64_sys_finit_module+0x24/0x30 | el0_svc_common+0x78/0x170 | el0_svc_handler+0x38/0x78 | el0_svc+0x8/0x340 | Code: 937d7c00 a94153f3 a8c27bfd f9400421 (b8606820) | ---[ end trace 06feb22469d89fa8 ]--- | Kernel panic - not syncing: Fatal exception | SMP: stopping secondary CPUs | Kernel Offset: disabled | CPU features: 0x10,a0002008 | Memory Limit: none | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53157 |
CVE-2024-53156 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51 index 255 is out of range for type 'htc_endpoint [22]' CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: events request_firmware_work_func Call Trace: <TASK> dump_stack_lvl+0x180/0x1b0 __ubsan_handle_out_of_bounds+0xd4/0x130 htc_issue_send.constprop.0+0x20c/0x230 ? _raw_spin_unlock_irqrestore+0x3c/0x70 ath9k_wmi_cmd+0x41d/0x610 ? mark_held_locks+0x9f/0xe0 ... Since this bug has been confirmed to be caused by insufficient verification of conn_rsp_epid, I think it would be appropriate to add a range check for conn_rsp_epid to htc_connect_service() to prevent the bug from occurring. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53156 |
CVE-2024-53155 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80 ocfs2_file_read_iter+0x9a4/0xf80 __io_read+0x8d4/0x20f0 io_read+0x3e/0xf0 io_issue_sqe+0x42b/0x22c0 io_wq_submit_work+0xaf9/0xdc0 io_worker_handle_work+0xd13/0x2110 io_wq_worker+0x447/0x1410 ret_from_fork+0x6f/0x90 ret_from_fork_asm+0x1a/0x30 Uninit was created at: __alloc_pages_noprof+0x9a7/0xe00 alloc_pages_mpol_noprof+0x299/0x990 alloc_pages_noprof+0x1bf/0x1e0 allocate_slab+0x33a/0x1250 ___slab_alloc+0x12ef/0x35e0 kmem_cache_alloc_bulk_noprof+0x486/0x1330 __io_alloc_req_refill+0x84/0x560 io_submit_sqes+0x172f/0x2f30 __se_sys_io_uring_enter+0x406/0x41c0 __x64_sys_io_uring_enter+0x11f/0x1a0 x64_sys_call+0x2b54/0x3ba0 do_syscall_64+0xcd/0x1e0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Since an instance of 'struct kiocb' may be passed from the block layer with 'private' field uninitialized, introduce 'ocfs2_iocb_init_rw_locked()' and use it from where 'ocfs2_dio_end_io()' might take care, i.e. in 'ocfs2_file_read_iter()' and 'ocfs2_file_write_iter()'. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53155 |
CVE-2024-53154 | In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applnco_probe Add NULL check in applnco_probe, to handle kernel NULL pointer dereference error. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53154 |
CVE-2024-53153 | In the Linux kernel, the following vulnerability has been resolved: PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF deinit notify function pci_epc_deinit_notify() are called during the execution of qcom_pcie_perst_assert() i.e., when the host has asserted PERST#. But quickly after this step, refclk will also be disabled by the host. All of the Qcom endpoint SoCs supported as of now depend on the refclk from the host for keeping the controller operational. Due to this limitation, any access to the hardware registers in the absence of refclk will result in a whole endpoint crash. Unfortunately, most of the controller cleanups require accessing the hardware registers (like eDMA cleanup performed in dw_pcie_ep_cleanup(), powering down MHI EPF etc...). So these cleanup functions are currently causing the crash in the endpoint SoC once host asserts PERST#. One way to address this issue is by generating the refclk in the endpoint itself and not depending on the host. But that is not always possible as some of the endpoint designs do require the endpoint to consume refclk from the host (as I was told by the Qcom engineers). Thus, fix this crash by moving the controller cleanups to the start of the qcom_pcie_perst_deassert() function. qcom_pcie_perst_deassert() is called whenever the host has deasserted PERST# and it is guaranteed that the refclk would be active at this point. So at the start of this function (after enabling resources), the controller cleanup can be performed. Once finished, rest of the code execution for PERST# deassert can continue as usual. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53153 |
CVE-2024-53152 | In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF deinit notify function pci_epc_deinit_notify() are called during the execution of pex_ep_event_pex_rst_assert() i.e., when the host has asserted PERST#. But quickly after this step, refclk will also be disabled by the host. All of the tegra194 endpoint SoCs supported as of now depend on the refclk from the host for keeping the controller operational. Due to this limitation, any access to the hardware registers in the absence of refclk will result in a whole endpoint crash. Unfortunately, most of the controller cleanups require accessing the hardware registers (like eDMA cleanup performed in dw_pcie_ep_cleanup(), etc...). So these cleanup functions can cause the crash in the endpoint SoC once host asserts PERST#. One way to address this issue is by generating the refclk in the endpoint itself and not depending on the host. But that is not always possible as some of the endpoint designs do require the endpoint to consume refclk from the host. Thus, fix this crash by moving the controller cleanups to the start of the pex_ep_event_pex_rst_deassert() function. This function is called whenever the host has deasserted PERST# and it is guaranteed that the refclk would be active at this point. So at the start of this function (after enabling resources) the controller cleanup can be performed. Once finished, rest of the code execution for PERST# deassert can continue as usual. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53152 |
CVE-2024-53151 | In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: > Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data > structure") from Jun 22, 2020 (linux-next), leads to the following > Smatch static checker warning: > >\tnet/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk() >\twarn: potential user controlled sizeof overflow 'segcount * 4 * 4' > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c > 488 static bool xdr_check_write_chunk(struct svc_rdma_recv_ctxt *rctxt) > 489 { > 490 u32 segcount; > 491 __be32 *p; > 492 > 493 if (xdr_stream_decode_u32(&rctxt->rc_stream, &segcount)) > ^^^^^^^^ > > 494 return false; > 495 > 496 /* A bogus segcount causes this buffer overflow check to fail. */ > 497 p = xdr_inline_decode(&rctxt->rc_stream, > --> 498 segcount * rpcrdma_segment_maxsz * sizeof(*p)); > > > segcount is an untrusted u32. On 32bit systems anything >= SIZE_MAX / 16 will > have an integer overflow and some those values will be accepted by > xdr_inline_decode(). | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53151 |
CVE-2024-53150 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53150 |
CVE-2024-53149 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: glink: fix off-by-one in connector_status UCSI connector's indices start from 1 up to 3, PMIC_GLINK_MAX_PORTS. Correct the condition in the pmic_glink_ucsi_connector_status() callback, fixing Type-C orientation reporting for the third USB-C connector. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53149 |
CVE-2024-53148 | In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedi_buf_map_put(bm). The userspace mappings are only cleaned up later in the mmap error path. Fix it by explicitly flushing all mappings in our VMA on the error path. See commit 79a61cc3fc04 ("mm: avoid leaving partial pfn mappings around in error case"). | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53148 |
CVE-2024-53147 | In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid cluster) due to file system corruption, then the directory entry where ei->hint_femp.eidx hint is outside the directory, resulting in an out-of-bounds access, which may cause further file system corruption. This commit adds a check for start_clu, if it is an invalid cluster, the file or directory will be treated as empty. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53147 |
CVE-2024-53146 | In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decode_cb_compound4res() does not have to perform arithmetic on the unsafe length value. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53146 |
CVE-2024-53145 | In the Linux kernel, the following vulnerability has been resolved: um: Fix potential integer overflow during physmem setup This issue happens when the real map size is greater than LONG_MAX, which can be easily triggered on UML/i386. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53145 |
CVE-2024-43441 | Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-43441 |
CVE-2024-53241 | In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer using hypercall page at all, as it has shown to cause problems with speculation mitigations. This is part of XSA-466 / CVE-2024-53241. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53241 |
CVE-2024-53240 | In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen that the queues have not been setup again, causing a crash during the attempt to stop the queues another time. Fix that by checking the queues are existing before trying to stop them. This is XSA-465 / CVE-2024-53240. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53240 |
CVE-2024-41887 | Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-41887 |
CVE-2024-41886 | Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker could inject malformed data into url input parameters to reboot the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-41886 |
CVE-2024-41885 | Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-41885 |
CVE-2024-41884 | Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. If an attacker does not enter any value for a specific URL parameter, NULL pointer references will occur and the NVR will reboot. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-41884 |
CVE-2024-41883 | Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . An attacker enters a special value for a specific URL parameter, resulting in a NULL pointer reference and a reboot of the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-41883 |
CVE-2024-41882 | Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can cause a stack overflow by entering large data into URL parameters, which will result in a system reboot. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-41882 |
CVE-2024-55947 | Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-55947 |
CVE-2024-55539 | Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-55539 |
CVE-2024-54082 | home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-54082 |
CVE-2024-52321 | Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-52321 |
CVE-2024-47864 | home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-47864 |
CVE-2024-46873 | Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-46873 |
CVE-2024-45721 | home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-45721 |
CVE-2024-56378 | libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-56378 |
CVE-2024-11607 | The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-11607 |
CVE-2021-40959 | A reflected cross-site scripting vulnerability in MONITORAPP Application Insight Web Application Firewall (AIWAF) <= 4.1.6 and <=5.0 was identified on the subpage `/process_management/process_status.xhr.php`. This vulnerability allows an attacker to inject malicious scripts that execute in the context of the victim's session. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40959 |
CVE-2020-13712 | A command injection is possible through the user interface, allowing arbitrary command execution as the root user. oMG2000 running MGOS 3.15.1 or earlier is affected. MG90 running MGOS 4.2.1 or earlier is affected. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-13712 |
CVE-2024-55509 | SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-55509 |
CVE-2024-40875 | There is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.52. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are high, user interaction required is none. The impact to confidentiality is none, the impact to availability is low, and the impact to system integrity is high. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-40875 |
CVE-2024-56333 | Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential consequences such as unauthorized access to other user environments and denial of service attacks. This issue has been patched in api versions 4.2.0, 3.1.1, and 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-56333 |
CVE-2024-56330 | Stardust is a platform for streaming isolated desktop containers. With this exploit, inter container communication (ICC) is not disabled. This would allow users within a container to access another containers agent, therefore compromising access.The problem has been patched in any Stardust build past 12/20/24. Users are advised to upgrade. Users may also manually disable ICC if they are unable to upgrade. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-56330 |
CVE-2024-56329 | Socialstream is a third-party package for Laravel Jetstream. It replaces the published authentication and profile scaffolding provided by Laravel Jetstream, with scaffolding that has support for Laravel Socialite. When linking a social account to an already authenticated user, the lack of a confirmation step introduces a security risk. This is exacerbated if ->stateless() is used in the Socialite configuration, bypassing state verification and making the exploit easier. Developers should ensure that users explicitly confirm account linking and avoid configurations that skip critical security checks. Socialstream v6.2 introduces a new custom route that requires a user to "Confirm" or "Deny" a request to link a social account. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-56329 |
CVE-2024-12867 | Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-12867 |
CVE-2024-56337 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat: - running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true) - running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false) - running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed) Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-56337 |
CVE-2024-10385 | Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution. This issue has been fixed in version 1.668 of DirectAdmin Evolution Skin. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-10385 |
CVE-2024-44223 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-44223 |
CVE-2023-42867 | This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42867 |
CVE-2024-12832 | Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportEntry class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the www-data user. Was ZDI-CAN-24325. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-12832 |
CVE-2024-12831 | Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the uvm_login module. The issue results from incorrect authorization. An attacker can leverage this to escalate privileges to resources normally protected from the user. Was ZDI-CAN-24324. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-12831 |
CVE-2024-12830 | Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the custom_handler method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-24019. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-12830 |
CVE-2024-12829 | Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecManagerImpl class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24015. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-12829 |
CVE-2024-54663 | An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI) vulnerability exists in the /h/rest endpoint, allowing authenticated remote attackers to include and access sensitive files in the WebRoot directory. Exploitation requires a valid auth token and involves crafting a malicious request targeting specific file paths. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-54663 |
CVE-2024-54984 | An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-54984 |
CVE-2024-54983 | An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a crafted NAS message. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-54983 |
CVE-2024-54982 | An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass authentication via a crafted NAS message. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-54982 |
CVE-2024-2201 | A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-2201 |
CVE-2024-12672 | A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-12672 |
CVE-2024-12175 | Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-12175 |
CVE-2024-11364 | Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-11364 |
CVE-2024-11157 | A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-11157 |
CVE-2024-55196 | Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-55196 |
CVE-2024-55081 | An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-55081 |
CVE-2024-12801 | Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-12801 |
CVE-2021-22501 | Improper Restriction of XML External Entity Reference vulnerability in OpenText™ Operations Bridge Manager allows Input Data Manipulation. The vulnerability could be exploited to confidential information This issue affects Operations Bridge Manager: 2017.05, 2017.11, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-22501 |
CVE-2024-9154 | A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. This issue affects Ewon Flexy 205: through 14.8s0 (#2633). | – | https://nvd.nist.gov/vuln/detail/CVE-2024-9154 |
CVE-2024-55082 | A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-55082 |
CVE-2024-38864 | Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-38864 |
CVE-2024-12798 | ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto and including version 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious logback configuration files can allow the attacker to execute arbitrary code using the JaninoEventEvaluator extension. A successful attack requires the user to have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privilege. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-12798 |
CVE-2024-9102 | phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-9102 |
CVE-2024-9101 | A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-9101 |
CVE-2024-45819 | PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is left with its prior contents. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-45819 |
CVE-2024-45818 | The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it. This behavior results in a problem when emulating an instruction with two memory accesses, both of which touch VGA memory (plus some further constraints which aren't relevant here). When emulating the 2nd access, the lock that is already being held would be attempted to be re-acquired, resulting in a deadlock. This deadlock was already found when the code was first introduced, but was analysed incorrectly and the fix was incomplete. Analysis in light of the new finding cannot find a way to make the existing locking discipline work. In staging, this logic has all been removed because it was discovered to be accidentally disabled since Xen 4.7. Therefore, we are fixing the locking problem by backporting the removal of most of the feature. Note that even with the feature disabled, the lock would still be acquired for any accesses to the VGA MMIO region. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-45818 |
CVE-2024-11616 | Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes argument to ExAllocatePoolWithTag, and the Length argument for RtlCopyMemory, both independently dereference their value from the user supplied input buffer inside the EpdlpSetUsbAction function, known as a double-fetch. If this length value grows to a higher value in between these two calls, it will result in the RtlCopyMemory call copying user-supplied memory contents outside the range of the allocated buffer, resulting in a heap overflow. A malicious attacker will need admin privileges to exploit the issue. This issue affects Endpoint DLP version below R119. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-11616 |
CVE-2024-56319 | In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before e3277eb, unlimited user label appends in a userlabel cluster can lead to a denial of service (resource exhaustion). | – | https://nvd.nist.gov/vuln/detail/CVE-2024-56319 |
CVE-2024-56318 | In raw\\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-56318 |
CVE-2024-56317 | In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-56317 |
CVE-2024-56116 | A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-56116 |
CVE-2024-56115 | A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to take measures to neutralize special elements. It allows remote attackers to conduct a Cross-Site Scripting (XSS) attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-56115 |
CVE-2024-55506 | An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-55506 |
CVE-2024-55461 | SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext(). | – | https://nvd.nist.gov/vuln/detail/CVE-2024-55461 |
CVE-2024-55239 | A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-55239 |
CVE-2024-53580 | iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-53580 |
CVE-2024-37649 | Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user credentials. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-37649 |
CVE-2024-55505 | An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-55505 |
CVE-2024-55232 | An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete another user's information. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-55232 |
CVE-2024-55231 | An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's information. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-55231 |
CVE-2024-12695 | Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2024-12695 |
CVE-2024-12694 | Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2024-12694 |
CVE-2024-12693 | Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2024-12693 |
CVE-2024-12692 | Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2024-12692 |
CVE-2024-56145 | Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-56145 |
CVE-2024-45338 | An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-45338 |
CVE-2024-52593 | Misskey is an open source, federated social media platform.In affected versions missing validation in `NoteCreateService.insertNote`, `ApPersonService.createPerson`, and `ApPersonService.updatePerson` allows an attacker to control the target of any "origin" links (such as the "view on remote instance" banner). Any HTTPS URL can be set, even if it belongs to a different domain than the note / user. Vulnerable Misskey instances will use the unverified URL for several clickable links, allowing an attacker to conduct phishing or other attacks against remote users. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-52593 |
CVE-2024-52592 | Misskey is an open source, federated social media platform. In affected versions missing validation in `ApInboxService.update` allows an attacker to modify the result of polls belonging to another user. No authentication is required, except for a valid signature from any actor on any remote instance. Vulnerable Misskey instances will accept spoofed updates for remote polls. Local polls are unaffected. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-52592 |
CVE-2024-52591 | Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet` and `HttpRequestService.getActivityJson` allows an attacker to create fake user profiles and forged notes. The spoofed users will appear to be from a different instance than the one where they actually exist, and the forged notes will appear to be posted by a different user. Vulnerable Misskey instances will accept the spoofed objects as valid, allowing an attacker to impersonate other users and instances. The attacker retains full control of the spoofed user / note and can interact like a real account. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-52591 |
CVE-2024-52590 | Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet` allows an attacker to create fake user profiles that appear to be from a different instance than the one where they actually exist. These profiles can be used to impersonate existing users from the target instance. Vulnerable Misskey instances will accept spoofed users as valid, allowing an attacker to impersonate users on another instance. Attackers have full control of the spoofed user and can post, renote, or otherwise interact like a real account. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-52590 |
CVE-2024-36694 | OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-36694 |
CVE-2024-55953 | DataEase is an open source business analytics tool. Authenticated users can read and deserialize arbitrary files through the background JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. This vulnerability has been fixed in v1.18.27. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-55953 |
CVE-2024-55952 | DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. Constructing the host as ip:5432/test/?socketFactory=org.springframework.context.support.ClassPathXmlApplicationContext&socketFactoryArg=http://ip:5432/1.xml&a= can trigger the ClassPathXmlApplicationContext construction method. The vulnerability has been fixed in v1.18.27. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-55952 |
CVE-2024-47040 | There is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-47040 |
CVE-2024-47039 | In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-47039 |
CVE-2024-47038 | In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. This could lead to localcescalation of privilege with no additional execution privileges needed. Usercinteraction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-47038 |
CVE-2024-55089 | Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-55089 |
CVE-2024-12373 | A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-12373 |
CVE-2024-12372 | A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-12372 |
CVE-2024-12371 | A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-12371 |
CVE-2024-11614 | An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-11614 |
CVE-2024-56170 | A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent replays, accidental or otherwise. Manifests contain the manifestNumber and thisUpdate fields, which can be used to gauge the relevance of a given manifest, when compared to other manifests. The former is a serial-like sequential number, and the latter is the date on which the manifest was created. However, the product does not compare the up-to-dateness of the most recently fetched manifest against the cached manifest. As such, it's prone to a rollback to a previous version if it's served a valid outdated manifest. This leads to outdated route origin validation. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-56170 |
CVE-2024-56169 | A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently uses its cache merely as a bandwidth saving tool (because fetching is performed through deltas). If a fetch fails midway or yields incorrect files, there is no viable fallback. This leads to incomplete route origin validation data. | – | https://nvd.nist.gov/vuln/detail/CVE-2024-56169 |