High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — adobe_commerce |
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high. | 2024-04-10 | 9 | CVE-2024-20758 [email protected] |
adobe — adobe_commerce |
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact. | 2024-04-10 | 8.1 | CVE-2024-20759 [email protected] |
adobe — animate |
Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 7.8 | CVE-2024-20795 [email protected] |
adobe — animate |
Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 7.8 | CVE-2024-20797 [email protected] |
adobe — illustrator |
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 7.8 | CVE-2024-30271 [email protected] |
adobe — illustrator |
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 7.8 | CVE-2024-30272 [email protected] |
adobe — illustrator |
Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 7.8 | CVE-2024-30273 [email protected] |
adobe — media_encoder |
Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-10 | 7.8 | CVE-2024-20772 [email protected] |
andy_moyle — church_admin |
Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5. | 2024-04-07 | 9.9 | CVE-2024-31280 [email protected] |
binary-husky — gpt_academic |
GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version. | 2024-04-08 | 9.8 | CVE-2024-31224 [email protected] [email protected] [email protected] |
bitdefender — gravityzone_control_center_(on_premises) |
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1 | 2024-04-09 | 8.1 | CVE-2024-2223 [email protected] |
bitdefender — gravityzone_control_center_(on_premises) |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1 | 2024-04-09 | 8.1 | CVE-2024-2224 [email protected] |
britner — gutenberg_blocks_by_kadence_blocks_-_page_builder_features |
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the ‘kadence_import_get_new_connection_data’ AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2024-04-09 | 8.5 | CVE-2023-6964 [email protected] [email protected] |
campcodes — church_management_system |
A vulnerability, which was classified as critical, has been found in Campcodes Church Management System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259904. | 2024-04-10 | 7.3 | CVE-2024-3534 [email protected] [email protected] [email protected] [email protected] |
campcodes — church_management_system |
A vulnerability, which was classified as critical, was found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259905 was assigned to this vulnerability. | 2024-04-10 | 7.3 | CVE-2024-3535 [email protected] [email protected] [email protected] [email protected] |
cbutlerjr — wp-members_membership_plugin |
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page which is the edit users page. This vulnerability was partially patched in version 3.4.9.2, and was fully patched in 3.4.9.3. | 2024-04-09 | 7.2 | CVE-2024-1852 [email protected] [email protected] [email protected] [email protected] |
codeisawesome — aikit |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CodeIsAwesome AIKit.This issue affects AIKit: from n/a through 4.14.1. | 2024-04-09 | 8.5 | CVE-2024-31370 [email protected] |
contao — contao |
Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages. | 2024-04-09 | 8.3 | CVE-2024-28235 [email protected] [email protected] [email protected] [email protected] [email protected] |
conveythis — language_translate_widget_for_wordpress_conveythis |
The Language Translate Widget for WordPress – ConveyThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ parameter in all versions up to, and including, 223 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-11 | 7.2 | CVE-2023-6811 [email protected] [email protected] |
croixhaug — appointment_booking_calendar_-_simply_schedule_appointments_booking_plugin |
The Appointment Booking Calendar – Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 8.8 | CVE-2024-2341 [email protected] [email protected] |
croixhaug — appointment_booking_calendar_-_simply_schedule_appointments_booking_plugin |
The Appointment Booking Calendar – Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customer_id parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 8.8 | CVE-2024-2342 [email protected] [email protected] |
customily — customily_product_personalizer |
The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. We unfortunately could not get in touch with the vendor through various means to disclose this issue. | 2024-04-09 | 7.2 | CVE-2024-1774 [email protected] [email protected] |
cym1102 — nginxwebui |
A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability. | 2024-04-13 | 7.3 | CVE-2024-3738 [email protected] [email protected] [email protected] [email protected] |
datafeedrcom — woocommerce_cloak_affiliate_links |
The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘permalink_settings_save’ function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the affiliate permalink base, driving traffic to malicious sites via the plugin’s affiliate links. | 2024-04-09 | 7.5 | CVE-2024-1308 [email protected] [email protected] [email protected] |
dattateccom — envÂalosimple:_email_marketing_y_newsletters |
The EnvÃaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated attackers to upload malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-04-09 | 8.8 | CVE-2024-2125 [email protected] [email protected] |
dell — alienware_command_center_(awcc) |
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise. | 2024-04-10 | 7.4 | CVE-2024-22450 [email protected] |
devitemsllc — ht_mega_-_absolute_addons_for_elementor |
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2024-04-09 | 8.8 | CVE-2024-1974 [email protected] [email protected] [email protected] |
diracgrid — dirac |
DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process (e.g., when using `dirac-proxy-init`), it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a short period of time (sub-millsecond) during the generation process. Version 8.0.41 contains a patch for the issue. As a workaround, setting the `X509_USER_PROXY` environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written, it can be safely copied to the standard location (`/tmp/x509up_uNNNN`). | 2024-04-09 | 8.1 | CVE-2024-29905 [email protected] [email protected] |
eclipse_foundation — kura |
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs. This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1] | 2024-04-09 | 7.5 | CVE-2024-3046 [email protected] |
elextensions — elex_woocommerce_dynamic_pricing_and_discounts |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts allows Reflected XSS.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. | 2024-04-07 | 7.1 | CVE-2024-31255 [email protected] |
esphome — esphome |
ESPHome is a system to control microcontrollers remotely through Home Automation systems. API endpoints in dashboard component of ESPHome version 2023.12.9 (command line installation) are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to carry out attacks against a logged user of the dashboard to perform operations on configuration files (create, edit, delete). It is possible for a malicious actor to create a specifically crafted web page that triggers a cross site request against ESPHome, this allows bypassing the authentication for API calls on the platform. This vulnerability allows bypassing authentication on API calls accessing configuration file operations on the behalf of a logged user. In order to trigger the vulnerability, the victim must visit a weaponized page. In addition to this, it is possible to chain this vulnerability with GHSA-9p43-hj5j-96h5/ CVE-2024-27287 to obtain a complete takeover of the user account. Version 2024.3.0 contains a patch for this issue. | 2024-04-11 | 8.1 | CVE-2024-29019 [email protected] [email protected] |
fastify — fastify-secure-session |
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is destroyed. When an encrypted cookie with matching session name is provided with subsequent requests, it will decrypt the ciphertext to get the data. The plugin then creates a new session with the data in the ciphertext. Thus theoretically the web instance is still accessing the data from a server-side session, but technically that session is generated solely from a user provided cookie (which is assumed to be non-craftable because it is encrypted with a secret key not known to the user). The issue exists in the session removal process. In the delete function of the code, when the session is deleted, it is marked for deletion. However, if an attacker could gain access to the cookie, they could keep using it forever. Version 7.3.0 contains a patch for the issue. As a workaround, one may include a “last update” field in the session, and treat “old sessions” as expired. | 2024-04-10 | 7.4 | CVE-2024-31999 [email protected] [email protected] |
flipped-aurora — gin-vue-admin |
gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System -> Plugin Template feature, an attacker can perform directory traversal by manipulating the `plugName` parameter. They can create specific folders such as `api`, `config`, `global`, `model`, `router`, `service`, and `main.go` function within the specified traversal directory. Moreover, the Go files within these folders can have arbitrary code inserted based on a specific PoC parameter. The main reason for the existence of this vulnerability is the controllability of the PlugName field within the struct. Pseudoversion 0.0.0-20240409100909-b1b7427c6ea6, corresponding to commit b1b7427c6ea6c7a027fa188c6be557f3795e732b, contains a patch for the issue. As a workaround, one may manually use a filtering method available in the GitHub Security Advisory to rectify the directory traversal problem. | 2024-04-09 | 7.7 | CVE-2024-31457 [email protected] [email protected] [email protected] |
fortinet — forticlientlinux |
An improper control of generation of code (‘code injection’) in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website | 2024-04-09 | 9.6 | CVE-2023-45590 [email protected] |
fortinet — forticlientmac |
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. | 2024-04-10 | 8.2 | CVE-2024-31492 [email protected] |
fortinet — fortios |
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack | 2024-04-09 | 7.5 | CVE-2023-41677 [email protected] |
fortinet — fortisandbox |
A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. | 2024-04-09 | 8.8 | CVE-2024-21755 [email protected] |
fortinet — fortisandbox |
A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. | 2024-04-09 | 8.8 | CVE-2024-21756 [email protected] |
fortinet — fortisandbox |
A improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 2024-04-09 | 8.1 | CVE-2024-23671 [email protected] |
funnelkit — funnelkit_checkout |
Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. | 2024-04-11 | 7.5 | CVE-2023-51672 [email protected] |
gitlab — gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims. | 2024-04-12 | 8.7 | CVE-2024-2279 [email protected] [email protected] |
gitlab — gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims. | 2024-04-12 | 8.7 | CVE-2024-3092 [email protected] [email protected] |
gowebsmarty — wp_encryption_-_one_click_free_ssl_certificate_&_ssl_/_https_redirect_to_force_https,_security+ |
The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to extract sensitive data including TLS Certificate Private Keys | 2024-04-09 | 7.5 | CVE-2023-7046 [email protected] [email protected] |
honeywell — c300 |
C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | 2024-04-11 | 7.5 | CVE-2023-5392 [email protected] |
honeywell — experion_server |
Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | 2024-04-11 | 7.4 | CVE-2023-5393 [email protected] |
honeywell — experion_server |
Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | 2024-04-11 | 7.4 | CVE-2023-5394 [email protected] |
ibm — security_verify_access_appliance |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306. | 2024-04-10 | 7.5 | CVE-2024-31871 [email protected] [email protected] |
ibm — security_verify_access_appliance |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. | 2024-04-10 | 7.5 | CVE-2024-31872 [email protected] [email protected] |
ibm — security_verify_access_appliance |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. | 2024-04-10 | 7.5 | CVE-2024-31873 [email protected] [email protected] |
infotheme — wp_poll_maker |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1. | 2024-04-10 | 7.7 | CVE-2024-31240 [email protected] |
iosix — io-1020_micro_eld |
IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code. | 2024-04-12 | 9.6 | CVE-2024-28878 [email protected] |
iosix — io-1020_micro_eld |
IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device. | 2024-04-12 | 7.4 | CVE-2024-30210 [email protected] |
iosix — io-1020_micro_eld |
IO-1020 Micro ELD web server uses a default password for authentication. | 2024-04-12 | 7.4 | CVE-2024-31069 [email protected] |
irontec — sngrep |
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of ‘Call-ID’ and ‘X-Call-ID’ SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages. | 2024-04-10 | 9 | CVE-2024-3119 41c37e40-543d-43a2-b660-2fee83ea851a 41c37e40-543d-43a2-b660-2fee83ea851a 41c37e40-543d-43a2-b660-2fee83ea851a |
irontec — sngrep |
A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying ‘Content-Length’ and ‘Warning’ headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages. | 2024-04-10 | 9 | CVE-2024-3120 41c37e40-543d-43a2-b660-2fee83ea851a 41c37e40-543d-43a2-b660-2fee83ea851a 41c37e40-543d-43a2-b660-2fee83ea851a |
j.n._breetvelt_a.k.a._opajaap — wp_photo_album_plus |
Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005. | 2024-04-07 | 9.9 | CVE-2024-31286 [email protected] |
jokr — network_summary |
The Network Summary plugin for WordPress is vulnerable to SQL Injection via the ‘category’ parameter in all versions up to, and including, 2.0.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 9.8 | CVE-2024-2804 [email protected] [email protected] |
jordy_meow — ai_engine:_chatgpt_chatbot |
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98. | 2024-04-12 | 10 | CVE-2023-51409 [email protected] |
jtsternberg — cmb2 |
The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the text_datetime_timestamp_timezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Please note that the plugin is a developer toolkit. For the vulnerability to become exploitable, the presence of a metabox activation in your code (via functions.php for example) is required. | 2024-04-09 | 7.5 | CVE-2024-1792 [email protected] [email protected] |
juniper_networks — junos_os |
An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects Juniper Networks Junos OS: * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2; Junos OS Evolved: * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO; * 21.2-EVO versions earlier than 21.2R3-S7-EVO; * 21.3-EVO versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S3-EVO; * 22.3-EVO versions earlier than 22.3R3-S1-EVO; * 22.4-EVO versions earlier than 22.4R3-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO; This issue does not affect Juniper Networks * Junos OS versions earlier than 20.4R1; * Junos OS Evolved versions earlier than 20.4R1-EVO. This is a related but separate issue than the one described in JSA79095. | 2024-04-12 | 7.5 | CVE-2024-21598 [email protected] [email protected] |
juniper_networks — junos_os |
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS). This issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below). This issue affects: Junos OS: * all versions before 20.4R3-S10, * from 21.2 before 21.2R3-S8, * from 21.3 before 21.3R3, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2; Junos OS Evolved: * all versions before 21.2R3-S8-EVO, * from 21.3 before 21.3R3-EVO, * from 21.4 before 21.4R3-EVO, * from 22.1 before 22.1R2-EVO. | 2024-04-12 | 7.5 | CVE-2024-30382 [email protected] [email protected] |
juniper_networks — junos_os |
A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S6, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S3, * from 22.2 before 22.2R3-S1, * from 22.3 before 22.3R2-S2, 22.3R3, * from 22.4 before 22.4R2-S1, 22.4R3. | 2024-04-12 | 7.5 | CVE-2024-30392 [email protected] [email protected] |
juniper_networks — junos_os |
A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received via BGP, rpd crashes and restarts. Continuous receipt of this specific route will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * all versions before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S2-EVO, * from 22.3-EVO before 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. | 2024-04-12 | 7.5 | CVE-2024-30394 [email protected] [email protected] |
juniper_networks — junos_os |
An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R1-S2, 23.2R2. Junos OS Evolved: * all versions before 21.2R3-S7-EVO, * from 21.3-EVO before 21.3R3-S5-EVO, * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO. This is a related but separate issue than the one described in JSA75739 | 2024-04-12 | 7.5 | CVE-2024-30395 [email protected] [email protected] |
juniper_networks — junos_os |
An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail. This CPU utilization of pkid can be checked using this command: root@srx> show system processes extensive | match pkid xxxxx  root  103  0  846M  136M  CPU1  1 569:00 100.00% pkid This issue affects: Juniper Networks Junos OS All versions prior to 20.4R3-S10; 21.2 versions prior to 21.2R3-S7; 21.4 versions prior to 21.4R3-S5; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S3; 22.3 versions prior to 22.3R3-S1; 22.4 versions prior to 22.4R3; 23.2 versions prior to 23.2R1-S2, 23.2R2. | 2024-04-12 | 7.5 | CVE-2024-30397 [email protected] [email protected] |
juniper_networks — junos_os |
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a high amount of specific traffic is received on a SRX4600 device, due to an error in internal packet handling, a consistent rise in CPU memory utilization occurs. This results in packet drops in the traffic and eventually the PFE crashes. A manual reboot of the PFE will be required to restore the device to original state. This issue affects Junos OS: 21.2 before 21.2R3-S7, 21.4 before 21.4R3-S6, 22.1 before 22.1R3-S5, 22.2 before 22.2R3-S3, 22.3 before 22.3R3-S2, 22.4 before 22.4R3, 23.2 before 23.2R1-S2, 23.2R2. | 2024-04-12 | 7.5 | CVE-2024-30398 [email protected] [email protected] |
juniper_networks — junos_os |
An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. This issue affects: Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled. * All versions earlier than 21.2R3-S7; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2. | 2024-04-12 | 7.5 | CVE-2024-30405 [email protected] [email protected] |
juniper_networks — paragon_active_assurance |
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The “netrounds-probe-login” daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center. This issue affects Paragon Active Assurance: 4.1.0, 4.2.0. | 2024-04-12 | 8.4 | CVE-2024-30381 [email protected] [email protected] |
juniper_networks_inc. — crpd |
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected. This issue affects Juniper Networks JCNR: * All versions before 23.4. This issue affects Juniper Networks cRPD: * All versions before 23.4R1. | 2024-04-12 | 8.1 | CVE-2024-30407 [email protected] [email protected] [email protected] |
levelfourstorefront — shopping_cart_&_ecommerce_store |
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the ‘productid’ attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-12 | 8.8 | CVE-2024-3211 [email protected] [email protected] |
lg — webos |
A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 – 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB * webOS 7.3.1-43 (mullet-mebin) – 03.33.85 running on OLED55A23LA | 2024-04-09 | 9.1 | CVE-2023-6318 [email protected] |
lg — webos |
A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. * webOS 4.9.7 – 5.30.40 running on LG43UM7000PLA * webOS 5.5.0 – 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB * webOS 7.3.1-43 (mullet-mebin) – 03.33.85 running on OLED55A23LA | 2024-04-09 | 9.1 | CVE-2023-6319 [email protected] |
lg — webos |
A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 – 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB | 2024-04-09 | 9.1 | CVE-2023-6320 [email protected] |
lg — webos |
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 – 5.30.40 running on LG43UM7000PLA webOS 5.5.0 – 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB webOS 7.3.1-43 (mullet-mebin) – 03.33.85 running on OLED55A23LA | 2024-04-09 | 7.2 | CVE-2023-6317 [email protected] |
link_whisper — link_whisper_free |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Link Whisper Link Whisper Free allows Reflected XSS.This issue affects Link Whisper Free: from n/a through 0.6.8. | 2024-04-11 | 7.1 | CVE-2024-27992 [email protected] |
linkwhspr — link_whisper_free |
The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the ‘mfn-page-items’ post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-04-09 | 8.8 | CVE-2024-2693 [email protected] [email protected] |
makeplane — plane |
Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. The impact of this vulnerability includes, but is not limited to, unauthorized access to internal services accessible from the server, potential leakage of sensitive information from internal services, manipulation of internal systems by interacting with internal APIs. Version 0.17-dev contains a patch for this issue. Those who are unable to update immediately may mitigate the issue by restricting outgoing network connections from servers hosting the application to essential services only and/or implementing strict input validation on URLs or parameters that are used to generate server-side requests. | 2024-04-10 | 9.1 | CVE-2024-31461 [email protected] [email protected] [email protected] [email protected] [email protected] |
mervb1 — easy_property_listings |
The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘property_status’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 8.8 | CVE-2024-1893 [email protected] [email protected] [email protected] |
metagauss — registrationmagic_-_custom_registration_forms_user_registration_payment,_and_user_login | The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator | 2024-04-09 | 8.8 | CVE-2024-1991 [email protected] [email protected] [email protected] |
metagauss — registrationmagic_-_custom_registration_forms_user_registration_payment,_and_user_login |
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 8.8 | CVE-2024-1990 [email protected] [email protected] [email protected] |
microsoft — azure_ai_search |
Azure AI Search Information Disclosure Vulnerability | 2024-04-09 | 7.3 | CVE-2024-29063 [email protected] |
microsoft — azure_cyclecloud_8.6.0 |
Azure CycleCloud Elevation of Privilege Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29993 [email protected] |
microsoft — azure_kubernetes_service |
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | 2024-04-09 | 9 | CVE-2024-29990 [email protected] |
microsoft — azure_monitor |
Azure Monitor Agent Elevation of Privilege Vulnerability | 2024-04-09 | 8.4 | CVE-2024-29989 [email protected] |
microsoft — microsoft_365_apps_for_enterprise |
Microsoft Excel Remote Code Execution Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26257 [email protected] |
microsoft — microsoft_defender_for_iot |
Microsoft Defender for IoT Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-21323 [email protected] |
microsoft — microsoft_defender_for_iot |
Microsoft Defender for IoT Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29053 [email protected] |
microsoft — microsoft_defender_for_iot |
Microsoft Defender for IoT Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-21322 [email protected] |
microsoft — microsoft_defender_for_iot |
Microsoft Defender for IoT Elevation of Privilege Vulnerability | 2024-04-09 | 7.2 | CVE-2024-21324 [email protected] |
microsoft — microsoft_defender_for_iot |
Microsoft Defender for IoT Elevation of Privilege Vulnerability | 2024-04-09 | 7.2 | CVE-2024-29054 [email protected] |
microsoft — microsoft_defender_for_iot |
Microsoft Defender for IoT Elevation of Privilege Vulnerability | 2024-04-09 | 7.2 | CVE-2024-29055 [email protected] |
microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28908 [email protected] |
microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28910 [email protected] |
microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28911 [email protected] |
microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28913 [email protected] |
microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28915 [email protected] |
microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28929 [email protected] |
microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28930 [email protected] |
microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28935 [email protected] |
microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28939 [email protected] |
microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29044 [email protected] |
microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29047 [email protected] |
microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29048 [email protected] |
microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29982 [email protected] |
microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29983 [email protected] |
microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 7.5 | CVE-2024-29045 [email protected] |
microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28927 [email protected] |
microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28937 [email protected] |
microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28940 [email protected] |
microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28941 [email protected] |
microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28943 [email protected] |
microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28944 [email protected] |
microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28945 [email protected] |
microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29046 [email protected] |
microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29984 [email protected] |
microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29985 [email protected] |
microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28906 [email protected] |
microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28909 [email protected] |
microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28912 [email protected] |
microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28914 [email protected] |
microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28926 [email protected] |
microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28931 [email protected] |
microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28932 [email protected] |
microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28934 [email protected] |
microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28936 [email protected] |
microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28938 [email protected] |
microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28942 [email protected] |
microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29043 [email protected] |
microsoft — microsoft_visual_studio_2019_version_16.11_(includes_16.0_-_16.10) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28933 [email protected] |
microsoft — microsoft_visual_studio_2022_version_17.9 |
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 2024-04-09 | 7.3 | CVE-2024-21409 [email protected] |
microsoft — outlook_for_windows |
Outlook for Windows Spoofing Vulnerability | 2024-04-09 | 8.1 | CVE-2024-20670 [email protected] |
microsoft — windows_10_version_1809 |
Remote Procedure Call Runtime Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-20678 [email protected] |
microsoft — windows_10_version_1809 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26179 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 8 | CVE-2024-26180 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 8 | CVE-2024-26189 [email protected] |
microsoft — windows_10_version_1809 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26200 [email protected] |
microsoft — windows_10_version_1809 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26205 [email protected] |
microsoft — windows_10_version_1809 |
Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26210 [email protected] |
microsoft — windows_10_version_1809 |
Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26214 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 8 | CVE-2024-26240 [email protected] |
microsoft — windows_10_version_1809 |
Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26244 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 8 | CVE-2024-28925 [email protected] |
microsoft — windows_10_version_1809 |
Windows Cryptographic Services Remote Code Execution Vulnerability | 2024-04-09 | 8.4 | CVE-2024-29050 [email protected] |
microsoft — windows_10_version_1809 |
SmartScreen Prompt Security Feature Bypass Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29988 [email protected] |
microsoft — windows_10_version_1809 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-20693 [email protected] |
microsoft — windows_10_version_1809 |
Microsoft Install Service Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26158 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26175 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.4 | CVE-2024-26194 [email protected] |
microsoft — windows_10_version_1809 |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26208 [email protected] |
microsoft — windows_10_version_1809 |
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26211 [email protected] |
microsoft — windows_10_version_1809 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26218 [email protected] |
microsoft — windows_10_version_1809 |
HTTP.sys Denial of Service Vulnerability | 2024-04-09 | 7.5 | CVE-2024-26219 [email protected] |
microsoft — windows_10_version_1809 |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 2024-04-09 | 7.3 | CVE-2024-26232 [email protected] |
microsoft — windows_10_version_1809 |
Windows Defender Credential Guard Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26237 [email protected] |
microsoft — windows_10_version_1809 |
Windows Telephony Server Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26239 [email protected] |
microsoft — windows_10_version_1809 |
Win32k Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26241 [email protected] |
microsoft — windows_10_version_1809 |
Windows Telephony Server Elevation of Privilege Vulnerability | 2024-04-09 | 7 | CVE-2024-26242 [email protected] |
microsoft — windows_10_version_1809 |
Windows SMB Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26245 [email protected] |
microsoft — windows_10_version_1809 |
Windows Kerberos Elevation of Privilege Vulnerability | 2024-04-09 | 7.5 | CVE-2024-26248 [email protected] |
microsoft — windows_10_version_1809 |
Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability | 2024-04-09 | 7.5 | CVE-2024-26254 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.5 | CVE-2024-28896 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.8 | CVE-2024-28920 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.8 | CVE-2024-29061 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.1 | CVE-2024-29062 [email protected] |
microsoft — windows_11_version_22h2 |
libarchive Remote Code Execution Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26256 [email protected] |
microsoft — windows_server_2012 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.1 | CVE-2024-20688 [email protected] |
microsoft — windows_server_2012 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.1 | CVE-2024-20689 [email protected] |
microsoft — windows_server_2019 |
DHCP Server Service Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26195 [email protected] |
microsoft — windows_server_2019 |
DHCP Server Service Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26202 [email protected] |
microsoft — windows_server_2019 |
DHCP Server Service Denial of Service Vulnerability | 2024-04-09 | 7.5 | CVE-2024-26212 [email protected] |
microsoft — windows_server_2019 |
DHCP Server Service Denial of Service Vulnerability | 2024-04-09 | 7.5 | CVE-2024-26215 [email protected] |
microsoft — windows_server_2019 |
Windows File Server Resource Management Service Elevation of Privilege Vulnerability | 2024-04-09 | 7.3 | CVE-2024-26216 [email protected] |
microsoft — windows_server_2019 |
Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26221 [email protected] |
microsoft — windows_server_2019 |
Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26222 [email protected] |
microsoft — windows_server_2019 |
Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26223 [email protected] |
microsoft — windows_server_2019 |
Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26224 [email protected] |
microsoft — windows_server_2019 |
Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26227 [email protected] |
microsoft — windows_server_2019 |
Windows Cryptographic Services Security Feature Bypass Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26228 [email protected] |
microsoft — windows_server_2019 |
Windows CSC Service Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26229 [email protected] |
microsoft — windows_server_2019 |
Windows Telephony Server Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26230 [email protected] |
microsoft — windows_server_2019 |
Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26231 [email protected] |
microsoft — windows_server_2019 |
Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26233 [email protected] |
microsoft — windows_server_2019 |
Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-29066 [email protected] |
microsoft — windows_server_2022,_23h2_edition_(server_core_installation) |
Microsoft Brokering File System Elevation of Privilege Vulnerability | 2024-04-09 | 7 | CVE-2024-26213 [email protected] |
microsoft — windows_server_2022,_23h2_edition_(server_core_installation) |
Windows Update Stack Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26235 [email protected] |
microsoft — windows_server_2022,_23h2_edition_(server_core_installation) |
Windows Update Stack Elevation of Privilege Vulnerability | 2024-04-09 | 7 | CVE-2024-26236 [email protected] |
microsoft — windows_server_2022,_23h2_edition_(server_core_installation) |
Microsoft Brokering File System Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-28904 [email protected] |
microsoft — windows_server_2022,_23h2_edition_(server_core_installation) |
Microsoft Brokering File System Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-28905 [email protected] |
microsoft — windows_server_2022,_23h2_edition_(server_core_installation) |
Microsoft Brokering File System Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-28907 [email protected] |
microsoft — windows_server_2022 |
Windows Authentication Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-21447 [email protected] |
microsoft — windows_server_2022 |
Windows USB Print Driver Elevation of Privilege Vulnerability | 2024-04-09 | 7 | CVE-2024-26243 [email protected] |
microsoft — windows_server_2022 |
Windows Storage Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-29052 [email protected] |
moove_agency — import_xml_and_rss_feeds |
Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5. | 2024-04-07 | 7.2 | CVE-2024-31292 [email protected] |
n/a — csmock |
A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers. | 2024-04-10 | 7.6 | CVE-2024-2243 [email protected] [email protected] |
n/a — eap |
A flaw was found in JBoss EAP. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in OidcSessionTokenStore when determining if a cached token should be used or not. This logic needs to be updated to take into account the new “provider-url” option in addition to the “realm” option. | 2024-04-10 | 7.3 | CVE-2023-6236 [email protected] [email protected] |
n/a — eap |
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability. | 2024-04-09 | 7.3 | CVE-2024-1233 [email protected] [email protected] |
n/a — mysql2 |
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. | 2024-04-11 | 9.8 | CVE-2024-21508 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
n/a — ofono |
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver(). | 2024-04-10 | 8.1 | CVE-2023-2794 [email protected] |
n/a — qemu |
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host. | 2024-04-09 | 8.2 | CVE-2024-3446 [email protected] [email protected] [email protected] |
nerdpressteam — hubbub_lite_-_fast_reliable_social_sharing_buttons |
The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the ‘dpsp_maybe_unserialize’ function. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-04-09 | 7.5 | CVE-2024-2501 [email protected] [email protected] [email protected] [email protected] |
netdata — netdata |
Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-04-12 | 8.8 | CVE-2024-32019 [email protected] [email protected] |
nozomi_networks — guardian |
Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation. | 2024-04-10 | 7.2 | CVE-2023-6916 [email protected] |
nozomi_networks — guardian |
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets. Network traffic may not be analyzed until the IDS module is restarted. | 2024-04-10 | 7.5 | CVE-2024-0218 [email protected] |
nvidia — chatrtx |
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering | 2024-04-08 | 8.2 | CVE-2024-0082 [email protected] |
octopus_deploy — octopus_server |
A race condition was identified through which privilege escalation was possible in certain configurations. | 2024-04-09 | 8.8 | CVE-2024-2975 [email protected] |
opengnsys — opengnsys |
SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database. | 2024-04-12 | 9.8 | CVE-2024-3704 [email protected] |
opengnsys — opengnsys |
Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint ‘/opengnsys/images/M_Icons.php’ modifying the file extension, due to lack of file extension verification, resulting in a webshell injection. | 2024-04-12 | 8.8 | CVE-2024-3705 [email protected] |
opentext — arcsight_management_center |
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited. | 2024-04-08 | 8.7 | CVE-2024-2834 [email protected] |
palo_alto_networks — pan-os |
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | 2024-04-12 | 10 | CVE-2024-3400 [email protected] [email protected] [email protected] |
palo_alto_networks — pan-os |
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled. | 2024-04-10 | 7.5 | CVE-2024-3382 [email protected] |
palo_alto_networks — pan-os |
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules. | 2024-04-10 | 7.4 | CVE-2024-3383 [email protected] |
palo_alto_networks — pan-os |
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. | 2024-04-10 | 7.5 | CVE-2024-3384 [email protected] |
palo_alto_networks — pan-os |
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: – PA-5400 Series firewalls – PA-7000 Series firewalls | 2024-04-10 | 7.5 | CVE-2024-3385 [email protected] |
pencidesign — soledad |
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. | 2024-04-09 | 7.1 | CVE-2024-31367 [email protected] |
phpgurukul — small_crm |
A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260480. | 2024-04-12 | 7.3 | CVE-2024-3691 [email protected] [email protected] [email protected] [email protected] |
pickplugins — product_designer |
Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32. | 2024-04-07 | 8.7 | CVE-2024-31277 [email protected] |
planet — igs-4215-16t2s |
Information exposure vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to access some administrative resources due to lack of proper management of the Switch web interface. | 2024-04-11 | 7.7 | CVE-2024-2740 [email protected] |
planet — igs-4215-16t2s
|
Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to trick some authenticated users into performing actions in their session, such as adding or updating accounts through the Switch web interface. | 2024-04-11 | 7.1 | CVE-2024-2741 [email protected] |
presstigers — simple_job_board |
The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the job_board_applicant_list_columns_value function. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code when a submitted job application is viewed. | 2024-04-09 | 9.8 | CVE-2024-1813 [email protected] [email protected] |
rapidload — rapidload_power-up_for_autoptimize |
Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize.This issue affects RapidLoad Power-Up for Autoptimize: from n/a through 2.2.11. | 2024-04-07 | 7.2 | CVE-2024-31288 [email protected] |
redisbloom — redisbloom |
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. | 2024-04-09 | 7 | CVE-2024-25115 [email protected] [email protected] |
redon-tech — redon-hub |
Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch. | 2024-04-08 | 8.8 | CVE-2024-31442 [email protected] [email protected] |
reservation_diary — redi_restaurant_reservation |
Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Cross-Site Scripting (XSS).This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. | 2024-04-10 | 7.1 | CVE-2024-31299 [email protected] |
rust-lang — rust |
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected. The `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument. On Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it’s up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted. One exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution. Due to the complexity of `cmd.exe`, we didn’t identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an `InvalidInput` error when it cannot safely escape an argument. This error will be emitted when spawning the process. The fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library’s escaping logic. | 2024-04-09 | 10 | CVE-2024-24576 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
saleswonder.biz — 5_stars_rating_funnel |
Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating Funnel.This issue affects 5 Stars Rating Funnel: from n/a through 1.2.67. | 2024-04-10 | 7.5 | CVE-2024-31358 [email protected] |
sap_se — sap_asset_accounting |
SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API’s. Thus, causing a considerable impact on confidentiality, integrity and availability of the application. | 2024-04-09 | 7.2 | CVE-2024-27901 [email protected] [email protected] |
sap_se — sap_businessobjects_web_intelligence |
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application. | 2024-04-09 | 7.7 | CVE-2024-25646 [email protected] [email protected] |
sap_se — sap_netweaver_as_java_user_management_engine |
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability. | 2024-04-09 | 8.8 | CVE-2024-27899 [email protected] [email protected] |
sc0ttkclark — pods_-_custom_content_types_and_fields |
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 8.8 | CVE-2023-6967 [email protected] [email protected] [email protected] |
sc0ttkclark — pods_-_custom_content_types_and_fields |
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access or higher, to execute code on the server. | 2024-04-09 | 8.8 | CVE-2023-6999 [email protected] [email protected] [email protected] |
searchiq — searchiq |
Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5. | 2024-04-10 | 7.5 | CVE-2024-31259 [email protected] |
shapedplugin — carousel,_slider_gallery_by_wp_carousel_-_image_carousel_&_photo_gallery_post_carousel_&_post_grid_product_carousel_&_product_grid_for_woocommerce |
The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the ‘shortcode’ parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-04-10 | 7.2 | CVE-2024-3020 [email protected] [email protected] |
siemens — parasolid_v35.1 |
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. | 2024-04-09 | 7.8 | CVE-2024-26275 [email protected] |
siemens — scalance_w1748-1_m12 |
A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0). This CVE refers to Scenario 3 “Override client’s security context” of CVE-2022-47522. Affected devices can be tricked into associating a newly negotiated, attacker-controlled, security context with frames belonging to a victim. This could allow a physically proximate attacker to decrypt frames meant for the victim. | 2024-04-09 | 8.4 | CVE-2024-30191 [email protected] |
siemens — sinec_nms |
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system. | 2024-04-09 | 7.6 | CVE-2024-31978 [email protected] |
sizam — rehub_framework |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Sizam REHub Framework.This issue affects REHub Framework: from n/a before 19.6.2. | 2024-04-07 | 8.5 | CVE-2024-31234 [email protected] |
sizam — rehub
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Sizam Rehub.This issue affects Rehub: from n/a through 19.6.1. | 2024-04-07 | 8.5 | CVE-2024-31233 [email protected] |
skymoonlabs — moveto |
Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | 2024-04-11 | 9.8 | CVE-2024-25912 [email protected] |
smartersite — wp_compress_-_image_optimizer_[all-in-one] |
The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wps_local_compress::__construct’ function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset the CDN region and set a malicious URL to deliver images. | 2024-04-09 | 7.5 | CVE-2024-1934 [email protected] [email protected] [email protected] |
solwin_infotech — user_activity_log |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Solwin Infotech User Activity Log.This issue affects User Activity Log: from n/a through 1.8. | 2024-04-10 | 7.6 | CVE-2024-31356 [email protected] |
sonaar_music — mp3_audio_player_for_music_radio_&_podcast_by_sonaar |
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1. | 2024-04-10 | 7.5 | CVE-2024-31343 [email protected] |
sourcecodester — prison_management_system |
A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /Admin/login.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259691. | 2024-04-08 | 7.3 | CVE-2024-3438 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — prison_management_system |
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Account/login.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259692. | 2024-04-08 | 7.3 | CVE-2024-3439 [email protected] [email protected] [email protected] [email protected] |
specialk — simple_ajax_chat_-_add_a_fast,_secure_chat_box |
The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field in all versions up to, and including, 20240216 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 7.2 | CVE-2024-2957 [email protected] [email protected] |
stylemix — masterstudy_lms_wordpress_plugin_-_for_online_courses_and_education |
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the ‘template’ parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-04-09 | 9.8 | CVE-2024-3136 [email protected] [email protected] [email protected] |
subnet_solutions — powersystem_server |
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server 2021. | 2024-04-09 | 8.4 | CVE-2024-3313 [email protected] |
sukhchain_singh — auto_poster |
Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2. | 2024-04-07 | 9.1 | CVE-2024-31345 [email protected] |
techlabpro1 — classified_listing_-_classified_ads_&_business_directory_plugin |
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the ‘rtcl_update_user_account’ function. This makes it possible for unauthenticated attackers to change the administrator user’s password and email address via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This locks the administrator out of the site and prevents them from resetting their password, while granting the attacker access to their account. | 2024-04-09 | 8.8 | CVE-2024-1315 [email protected] [email protected] [email protected] |
themefusion — avada_|_website_builder_for_wordpress_&_woocommerce |
The Avada theme for WordPress is vulnerable to SQL Injection via the ‘entry’ parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticted attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 7.2 | CVE-2024-2344 [email protected] [email protected] [email protected] |
themify — post_type_builder_(ptb) |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a through 2.0.8. | 2024-04-09 | 7.1 | CVE-2024-31365 [email protected] |
themify — post_type_builder_(ptb) |
Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8. | 2024-04-09 | 7.1 | CVE-2024-31366 [email protected] |
thimpress — learnpress_export_import |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3. | 2024-04-07 | 7.6 | CVE-2024-31241 [email protected] |
tooltip — wordpress_tooltips |
Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3. | 2024-04-11 | 7.1 | CVE-2024-31285 [email protected] |
tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point. | 2024-04-09 | 8.1 | CVE-2023-49133 [email protected] |
tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point. | 2024-04-09 | 8.1 | CVE-2023-49134 [email protected] |
tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device’s web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability. | 2024-04-09 | 7.5 | CVE-2023-48724 [email protected] |
tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability. | 2024-04-09 | 7.4 | CVE-2023-49074 [email protected] |
tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x0045ab7c` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225. | 2024-04-09 | 7.2 | CVE-2023-49906 [email protected] |
tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225. | 2024-04-09 | 7.2 | CVE-2023-49907 [email protected] |
tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x0045abc8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225. | 2024-04-09 | 7.2 | CVE-2023-49908 [email protected] |
tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x0045ab38` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225. | 2024-04-09 | 7.2 | CVE-2023-49909 [email protected] |
tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. | 2024-04-09 | 7.2 | CVE-2023-49910 [email protected] |
tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. | 2024-04-09 | 7.2 | CVE-2023-49911 [email protected] |
tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. | 2024-04-09 | 7.2 | CVE-2023-49912 [email protected] |
tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. | 2024-04-09 | 7.2 | CVE-2023-49913 [email protected] |
traccar — traccar |
Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file extension, and partial control over the file name. While it’s not for an attacker to overwrite an existing file, an attacker can create new files with certain names and attacker-controlled extensions anywhere on the file system. This can potentially lead to remote code execution, XSS, DOS, etc. The default install of Traccar makes this vulnerability more severe. Self-registration is enabled by default, allowing anyone to create an account to exploit this vulnerability. Traccar also runs by default with root/system privileges, allowing files to be placed anywhere on the file system. Version 6.0 contains a fix for the issue. One may also turn off self-registration by default, as that would make most vulnerabilities in the application much harder to exploit by default and reduce the severity considerably. | 2024-04-10 | 9.6 | CVE-2024-31214 [email protected] [email protected] [email protected] [email protected] |
traccar — traccar |
Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vulnerability to upload files with the prefix `device.` under any folder. Attackers can use this vulnerability for phishing, cross-site scripting attacks, and potentially execute arbitrary commands on the server. Version 6.0 contains a patch for the issue. | 2024-04-10 | 8.5 | CVE-2024-24809 [email protected] [email protected] |
traefik — traefik |
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the “Content-length” request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option. | 2024-04-12 | 7.5 | CVE-2024-28869 [email protected] [email protected] [email protected] [email protected] [email protected] |
tribulant — slideshow_gallery |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | 2024-04-10 | 8.5 | CVE-2024-31355 [email protected] |
undsgn — uncode_core |
Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8. | 2024-04-12 | 8.8 | CVE-2023-51515 [email protected] |
webinarpress — webinarpress |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebinarPress allows Reflected XSS.This issue affects WebinarPress: from n/a through 1.33.9. | 2024-04-07 | 7.1 | CVE-2024-31256 [email protected] |
wedevs — wp_erp_|_complete_hr_solution_with_recruitment_&_job_listings_|_woocommerce_crm_&_accounting |
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with accounting manager or admin privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 7.2 | CVE-2024-0952 [email protected] [email protected] |
welotec — tk515l |
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. | 2024-04-09 | 9.8 | CVE-2023-1083 [email protected] |
welotec — tk515l |
An remote attacker with low privileges can perform a command injection which can lead to root access. | 2024-04-09 | 8.8 | CVE-2023-1082 [email protected] |
wintercms — wn-dusk-plugin |
wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk browser testing into Winter CMS. The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment (such as headless Chrome) to act as a user in the Backend or User plugin without having to go through authentication. This route is `[[URL]]/_dusk/login/[[USER ID]]/[[MANAGER]]` – where `[[URL]]` is the base URL of the site, `[[USER ID]]` is the ID of the user account and `[[MANAGER]]` is the authentication manager (either `backend` for Backend, or `user` for the User plugin). If a configuration of a site using the Dusk plugin is set up in such a way that the Dusk plugin is available publicly and the test cases in Dusk are run with live data, this route may potentially be used to gain access to any user account in either the Backend or User plugin without authentication. As indicated in the `README`, this plugin should only be used in development and should *NOT* be used in a production instance. It is specifically recommended that the plugin be installed as a development dependency only in Composer. In order to remediate this issue, the special routes used above will now no longer be registered unless the `APP_ENV` environment variable is specifically set to `dusk`. Since Winter by default does not use this environment variable and it is not populated by default, it will only exist if Dusk’s automatic configuration is used (which won’t exhibit this vulnerability) or if a developer manually specifies it in their configuration. The automatic configuration performed by the Dusk plugin has also been hardened by default to use sane defaults and not allow external environment variables to leak into this configuration. This will only affect users in which the Winter CMS installation meets ALL the following criteria: 1. The Dusk plugin is installed in the Winter CMS instance. 2. The application is in production mode (ie. the `debug` config value is set to `true` in `config/app.php`). 3. The Dusk plugin’s automatic configuration has been overridden, either by providing a custom `.env.dusk` file or by providing custom configuration in the `config/dusk` folder, or by providing configuration environment variables externally. 4. The environment has been configured to use production data in the database for testing, and not the temporary SQLite database that Dusk uses by default. 5. The application is connectable via the web. This issue has been fixed in version 2.1.0. Users are advised to upgrade. | 2024-04-12 | 8.8 | CVE-2024-32003 [email protected] [email protected] |
wisdmlabs — edwiser_bridge |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.2. | 2024-04-07 | 7.6 | CVE-2024-31260 [email protected] |
wpeverest — everest_forms_-_build_contact_forms_surveys_polls_quizzes_newsletter_&_application_forms_and_many_more_with_ease! |
The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the ‘font_url’ parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2024-04-09 | 7.2 | CVE-2024-1812 [email protected] [email protected] |
wpexperts — wholesale_for_woocommerce |
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. | 2024-04-10 | 7.5 | CVE-2024-31297 [email protected] |
wpmudev — forminator_-_contact_form,_payment_form_&_custom_form_builder |
The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 7.2 | CVE-2024-1794 [email protected] [email protected] |
wpvividplugins — migration_backup_staging_-_wpvivid |
WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This is due to the plugin not providing sufficient path validation on the tree_node[node][id] parameter. This makes it possible for authenticated attackers, with admin-level access and above, to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-04-12 | 7.2 | CVE-2024-3054 [email protected] [email protected] |
wpwhitesecurity — wp_activity_log_premium |
The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. One demonstrated attack included the injection of a PHP Object. | 2024-04-09 | 8.8 | CVE-2024-2018 [email protected] [email protected] |
xibosignage — xibo-cms |
Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request headers are not correctly sanitised when stored in the session and display tables. These headers can be used to inject a malicious script into the session page to exfiltrate session IDs and User Agents. These session IDs / User Agents can subsequently be used to hijack active sessions. A malicious script can be injected into the display grid to exfiltrate information related to displays. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Upgrading to a fixed version is necessary to remediate. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this issue. | 2024-04-12 | 8.8 | CVE-2024-29022 [email protected] [email protected] [email protected] [email protected] |
xibosignage — xibo-cms |
Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session. Users must be granted access to the session page, or be a super admin. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this vulnerability. | 2024-04-12 | 7.2 | CVE-2024-29023 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
xwiki — xwiki-commons |
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn’t escape `{`, which, when used in certain places, allows XWiki syntax injection and thereby remote code execution. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9 RC1. Apart from upgrading, there is no generic workaround. However, replacing `$escapetool.html` by `$escapetool.xml` in XWiki documents fixes the vulnerability. In a standard XWiki installation, the maintainers are only aware of the document `Panels.PanelLayoutUpdate` that exposes this vulnerability, patching this document is thus a workaround. Any extension could expose this vulnerability and might thus require patching, too. | 2024-04-10 | 10 | CVE-2024-31996 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki’s database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki. | 2024-04-10 | 10 | CVE-2024-31982 [email protected] [email protected] [email protected] [email protected] [email protected] |
xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the document `XWiki.SearchSuggestSourceSheet`. | 2024-04-10 | 9.9 | CVE-2024-31465 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically used on the instance, an administrator can create the document `XWiki.PDFClass` and block its edition, after making sure that it does not contain a `style` attribute. Otherwise, there are no known workarounds aside from upgrading. | 2024-04-10 | 9.9 | CVE-2024-31981 [email protected] [email protected] [email protected] [email protected] [email protected] |
xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting in version 4.3-milestone-2 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, this can be exploited for remote code execution if the translation value is not properly escaped where it is used. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may restrict edit rights on documents that contain translations. | 2024-04-10 | 9.9 | CVE-2024-31983 [email protected] [email protected] [email protected] [email protected] [email protected] |
xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the `Main.SolrSpaceFacet` page. | 2024-04-10 | 9.9 | CVE-2024-31984 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page. | 2024-04-10 | 9 | CVE-2024-31986 [email protected] [email protected] [email protected] [email protected] [email protected] |
xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote code execution. This has been patched in XWiki 14.10.19, 15.5.4 and 15.10RC1. No known workarounds are available except for upgrading. | 2024-04-10 | 9.9 | CVE-2024-31987 [email protected] [email protected] [email protected] [email protected] [email protected] |
xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user to either visit a crafted URL or to view an image with this URL that could be in a comment, the attacker can get the admin to execute arbitrary XWiki syntax including scripting macros with Groovy or Python code. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9. As a workaround, one may update `RTFrontend.ConvertHTML` manually with the patch. This will, however, break some synchronization processes in the realtime editor, so upgrading should be the preferred way on installations where this editor is used. | 2024-04-10 | 9.6 | CVE-2024-31988 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user’s own profile can create UI extensions. This allows remote code execution and thereby impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9-RC1. No known workarounds are available. | 2024-04-10 | 9.9 | CVE-2024-31997 [email protected] [email protected] [email protected] [email protected] [email protected] |
yt-dlp — yt-dlp |
yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `–exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `–exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2024.04.09 fixes this issue by properly escaping `%`. It replaces them with `%%cd:~,%`, a variable that expands to nothing, leaving only the leading percent. It is recommended to upgrade yt-dlp to version 2024.04.09 as soon as possible. Also, always be careful when using `–exec`, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade, avoid using any output template expansion in `–exec` other than `{}` (filepath); if expansion in `–exec` is needed, verify the fields you are using do not contain `”`, `|` or `&`; and/or instead of using `–exec`, write the info json and load the fields from it instead. | 2024-04-09 | 8.3 | CVE-2024-22423 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
zauberzeug — nicegui |
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the `/_nicegui/{__version__}/resources/{key}/{path:path}` route. As a result any file on the backend filesystem which the web server has access to can be read by an attacker with access to the NiceUI leaflet website. This vulnerability has been addressed in version 1.4.21. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-04-12 | 8.2 | CVE-2024-32005 [email protected] [email protected] [email protected] |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
10web — form_maker_by_10web_-_mobile-friendly_drag_&_drop_contact_form_builder |
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive data including user signatures. | 2024-04-09 | 5.9 | CVE-2024-2112 [email protected] [email protected] |
adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-20778 [email protected] |
adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-20779 [email protected] |
adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-20780 [email protected] |
adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26046 [email protected] |
adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26047 [email protected] |
adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26076 [email protected] |
adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26079 [email protected] |
adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26084 [email protected] |
adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26087 [email protected] |
adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26097 [email protected] |
adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26098 [email protected] |
adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26122 [email protected] |
adobe — after_effects |
After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-10 | 5.5 | CVE-2024-20737 [email protected] |
adobe — animate |
Animate versions 23.0.4, 24.0.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause a system crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 5.5 | CVE-2024-20794 [email protected] |
adobe — animate |
Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 5.5 | CVE-2024-20796 [email protected] |
adobe — bridge |
Bridge versions 13.0.6, 14.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 5.5 | CVE-2024-20771 [email protected] |
adobe — illustrator |
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 5.5 | CVE-2024-20798 [email protected] |
adobe — indesign_desktop |
InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-10 | 5.5 | CVE-2024-20766 [email protected] |
adobe — photoshop_desktop |
Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-10 | 5.5 | CVE-2024-20770 [email protected] |
aerin — loan_repayment_calculator_and_application_form |
Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4. | 2024-04-12 | 5.4 | CVE-2024-31263 [email protected] |
alex_tselegidis — easy!appointments |
Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.2. | 2024-04-11 | 6.3 | CVE-2023-32295 [email protected] |
aminur_islam — wp_login_and_logout_redirect |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aminur Islam WP Login and Logout Redirect allows Stored XSS.This issue affects WP Login and Logout Redirect: from n/a through 1.2. | 2024-04-11 | 5.9 | CVE-2024-31927 [email protected] |
appcheap.io — app_builder |
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7. | 2024-04-10 | 4.7 | CVE-2024-31282 [email protected] |
apppresser_team — apppresser |
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. | 2024-04-12 | 4.3 | CVE-2024-31268 [email protected] |
arnan_de_gans — no-bot_registration |
Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1. | 2024-04-12 | 4.3 | CVE-2024-31372 [email protected] |
athemes — sydney_toolbox |
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3208 [email protected] [email protected] |
automatic1111 — stable-diffusion-webui |
stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access. | 2024-04-12 | 6.3 | CVE-2024-31462 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
automattic — woocommerce |
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2. | 2024-04-07 | 4.3 | CVE-2024-22155 [email protected] |
automattic — wp_job_manager |
Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0. | 2024-04-12 | 5.3 | CVE-2023-52211 [email protected] |
ayecode_ltd — userswp |
Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6. | 2024-04-11 | 5.4 | CVE-2024-31936 [email protected] |
bdthemes — element_pack_elementor_addons_(header_footer,_template_library,_dynamic_grid_&_carousel,_remote_arrows) |
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the element_pack_ajax_search function. This makes it possible for unauthenticated attackers to extract sensitive data including password protected post details. | 2024-04-11 | 5.3 | CVE-2024-2966 [email protected] [email protected] |
bdthemes — prime_slider_-_addons_for_elementor |
Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.11.10. | 2024-04-11 | 4.3 | CVE-2024-24883 [email protected] |
bdthemes — ultimate_store_kit_elementor_addons |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.5.2. | 2024-04-08 | 6.5 | CVE-2024-31357 [email protected] |
beaver_builder — beaver_themer |
The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2023-6694 [email protected] [email protected] |
beaver_builder — beaver_themer |
The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the ‘wpbb’ shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary user_meta values. | 2024-04-09 | 6.5 | CVE-2023-6695 [email protected] [email protected] |
bestwebsoft — contact_form_by_bestwebsoft_-_advanced_contact_us_form_builder_for_wordpress | The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_subject’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-09 | 6.1 | CVE-2024-2200 [email protected] [email protected] |
bestwebsoft — contact_form_by_bestwebsoft_-_advanced_contact_us_form_builder_for_wordpress |
The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_address’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-09 | 6.1 | CVE-2024-2198 [email protected] [email protected] |
bfintal — stackable_-_page_builder_gutenberg_blocks |
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2039 [email protected] [email protected] |
blazethemes — newsmatic |
The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the ‘newsmatic_filter_posts_load_tab_content’. This makes it possible for unauthenticated attackers to view draft posts and post content. | 2024-04-09 | 5.3 | CVE-2024-1587 [email protected] [email protected] |
blocksmarket — gradient_text_widget_for_elementor |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Blocksmarket Gradient Text Widget for Elementor allows Stored XSS.This issue affects Gradient Text Widget for Elementor: from n/a through 1.0.1. | 2024-04-07 | 6.5 | CVE-2024-31346 [email protected] |
bogdanfix — wp_sendfox |
Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0. | 2024-04-11 | 5.4 | CVE-2024-27970 [email protected] |
boldthemes — bold_page_builder |
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2734 [email protected] [email protected] |
boldthemes — bold_page_builder |
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price List’ element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2735 [email protected] [email protected] |
boldthemes — bold_page_builder |
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2736 [email protected] [email protected] |
boldthemes — bold_page_builder |
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3266 [email protected] [email protected] |
boldthemes — bold_page_builder |
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3267 [email protected] [email protected] |
boldthemes — bold_page_builder |
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s “Separator” element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 5.4 | CVE-2024-2733 [email protected] [email protected] |
bosch — ams |
A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user. | 2024-04-11 | 4.6 | CVE-2023-32228 [email protected] |
bracketspace — advanced_cron_manager_-_debug_&_control |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BracketSpace Advanced Cron Manager – debug & control allows Stored XSS.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.2. | 2024-04-11 | 5.9 | CVE-2024-31926 [email protected] |
bracketspace — simple_post_notes |
Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6. | 2024-04-11 | 4.3 | CVE-2024-31935 [email protected] |
bradvin — best_wordpress_gallery_plugin_-_foogallery |
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2081 [email protected] [email protected] [email protected] |
brainstormforce — astra |
The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user’s display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2347 [email protected] [email protected] |
brainstormforce — cards_for_beaver_builder |
The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2305 [email protected] [email protected] |
brainstormforce — spectra_-_wordpress_gutenberg_blocks |
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2023-6486 [email protected] [email protected] [email protected] [email protected] |
brechtvds — wp_recipe_maker |
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe dashboard (which is administrator-only by default but can be assigned to arbitrary capabilities), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 4.4 | CVE-2024-1571 [email protected] [email protected] |
bricksforge — bricksforge |
Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17. | 2024-04-10 | 5.3 | CVE-2024-31242 [email protected] |
britner — gutenberg_blocks_by_kadence_blocks_-_page_builder_features |
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-04-09 | 4.4 | CVE-2024-0598 [email protected] [email protected] [email protected] |
britner — gutenberg_blocks_by_kadence_blocks_page_builder_features |
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget’s anchor style parameter in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1999 [email protected] [email protected] [email protected] |
bunny.net — bunny.net |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bunny.Net allows Stored XSS.This issue affects bunny.Net: from n/a through 2.0.1. | 2024-04-11 | 5.9 | CVE-2024-31361 [email protected] |
byzoro — smart_s80_management_platform |
A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-09 | 4.7 | CVE-2024-3521 [email protected] [email protected] [email protected] [email protected] |
campcodes — church_management_system |
A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/delete_log.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259906 is the identifier assigned to this vulnerability. | 2024-04-10 | 6.3 | CVE-2024-3536 [email protected] [email protected] [email protected] [email protected] |
campcodes — church_management_system |
A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/admin_user.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259907. | 2024-04-10 | 6.3 | CVE-2024-3537 [email protected] [email protected] [email protected] [email protected] |
campcodes — church_management_system |
A vulnerability was found in Campcodes Church Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/addTithes.php. The manipulation of the argument na leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259908. | 2024-04-10 | 6.3 | CVE-2024-3538 [email protected] [email protected] [email protected] [email protected] |
campcodes — church_management_system |
A vulnerability was found in Campcodes Church Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addgiving.php. The manipulation of the argument amount leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259909 was assigned to this vulnerability. | 2024-04-10 | 6.3 | CVE-2024-3539 [email protected] [email protected] [email protected] [email protected] |
campcodes — church_management_system |
A vulnerability was found in Campcodes Church Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_sundaysch.php. The manipulation of the argument Gender leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259910 is the identifier assigned to this vulnerability. | 2024-04-10 | 6.3 | CVE-2024-3540 [email protected] [email protected] [email protected] [email protected] |
campcodes — house_rental_management_system |
A vulnerability was found in Campcodes House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260483. | 2024-04-12 | 6.3 | CVE-2024-3696 [email protected] [email protected] [email protected] [email protected] |
campcodes — house_rental_management_system |
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260484. | 2024-04-12 | 6.3 | CVE-2024-3697 [email protected] [email protected] [email protected] [email protected] |
campcodes — house_rental_management_system |
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_payment.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260485 was assigned to this vulnerability. | 2024-04-12 | 6.3 | CVE-2024-3698 [email protected] [email protected] [email protected] [email protected] |
campcodes — house_rental_management_system |
A vulnerability, which was classified as critical, was found in Campcodes House Rental Management System 1.0. This affects an unknown part of the file ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260571. | 2024-04-13 | 6.3 | CVE-2024-3719 [email protected] [email protected] [email protected] [email protected] |
campcodes — online_event_management_system |
A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0. This affects an unknown part of the file /api/process.php. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259893 was assigned to this vulnerability. | 2024-04-09 | 6.3 | CVE-2024-3522 [email protected] [email protected] [email protected] [email protected] |
campcodes — online_event_management_system |
A vulnerability classified as critical was found in Campcodes Online Event Management System 1.0. This vulnerability affects unknown code of the file /views/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259894 is the identifier assigned to this vulnerability. | 2024-04-09 | 6.3 | CVE-2024-3523 [email protected] [email protected] [email protected] [email protected] |
catch_plugins — generate_child_theme |
Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Generate Child Theme.This issue affects Generate Child Theme: from n/a through 2.0. | 2024-04-12 | 5.4 | CVE-2024-31279 [email protected] |
celomitan — gum_elementor_addon |
The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2348 [email protected] [email protected] [email protected] |
clavaque — s2member_-_best_membership_plugin_for_all_kinds_of_memberships_content_restriction_paywalls_&_member_access_subscriptions |
The s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This makes it possible for unauthenticated attackers to see the contents of those posts and pages. | 2024-04-09 | 5.3 | CVE-2024-0899 [email protected] [email protected] |
coded_commerce,_llc — benchmark_email_lite |
Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through 4.1. | 2024-04-12 | 4.3 | CVE-2024-31360 [email protected] |
codepeople — contact_form_email |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44. | 2024-04-10 | 5.3 | CVE-2024-31302 [email protected] |
collizo4sky — paid_membership_plugin_ecommerce,_user_registration_form,_login_form_user_profile_&_restrict_content_-_profilepress |
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘reg-single-checkbox’ shortcode in all versions up to, and including, 4.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-3210 [email protected] [email protected] |
colorlibplugins — fancybox_for_wordpress |
The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-04-09 | 4.4 | CVE-2024-0662 [email protected] [email protected] |
connekthq — wordpress_infinite_scroll_-_ajax_load_more |
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the ‘type’ parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. This is limited to Windows instances. | 2024-04-09 | 4.9 | CVE-2024-1790 [email protected] [email protected] [email protected] [email protected] |
contao — contao |
Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files (back end and front end), which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, remove upload fields from frontend forms and disable uploads for untrusted back end users. | 2024-04-09 | 5.4 | CVE-2024-28190 [email protected] [email protected] [email protected] [email protected] |
contao — contao |
Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me token, changing the password would not be enough to reclaim control over the account. Version 4.13.40 contains a fix for the issue. As a workaround, disable “Allow auto login” in the login module. | 2024-04-09 | 5.9 | CVE-2024-30262 [email protected] [email protected] |
contao — contao |
Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable BBCode for comments. | 2024-04-09 | 4.3 | CVE-2024-28234 [email protected] [email protected] [email protected] [email protected] |
convertkit — convertkit |
Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5. | 2024-04-10 | 5.3 | CVE-2024-31245 [email protected] |
cp_plus — wi-fi_camera |
A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected by this vulnerability is an unknown functionality of the component User Management. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259615. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-08 | 5.4 | CVE-2024-3434 [email protected] [email protected] [email protected] [email protected] |
creativeminds — invitation_code_content_restriction_plugin_from_creativeminds |
The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘target_id’ parameter in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-09 | 6.1 | CVE-2022-4965 [email protected] [email protected] |
creativethemes — blocksy_companion |
Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28. | 2024-04-11 | 5.4 | CVE-2024-31932 [email protected] |
cssigniterteam — elements_plus! |
The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2335 [email protected] [email protected] |
cym1102 — nginxwebui |
A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260578 is the identifier assigned to this vulnerability. | 2024-04-13 | 6.3 | CVE-2024-3739 [email protected] [email protected] [email protected] [email protected] |
cym1102 — nginxwebui |
A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260579. | 2024-04-13 | 6.3 | CVE-2024-3740 [email protected] [email protected] [email protected] [email protected] [email protected] |
cym1102 — nginxwebui |
A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575. | 2024-04-13 | 4.3 | CVE-2024-3736 [email protected] [email protected] [email protected] [email protected] |
danieliser — popup_maker_-_popup_for_opt-ins_lead_gen_&_more |
The Popup Maker – Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2336 [email protected] [email protected] |
dataease — dataease |
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform’s database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading. | 2024-04-08 | 5.3 | CVE-2024-30269 [email protected] [email protected] |
dell — alienware_command_center_(awcc) |
Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. | 2024-04-10 | 6.7 | CVE-2024-0159 [email protected] |
dell — cpg_bios |
Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service. | 2024-04-10 | 4.7 | CVE-2024-22448 [email protected] |
dell — dell_storage_resource_manager |
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user’s application session. | 2024-04-12 | 5.9 | CVE-2024-0157 [email protected] |
devitemsllc — shoplentor_-_woocommerce_builder_for_elementor_&_gutenberg_+12_modules_-_all_in_one_solution_(formerly_woolentor) |
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1960 [email protected] [email protected] [email protected] [email protected] |
devitemsllc — shoplentor_-_woocommerce_builder_for_elementor_&_gutenberg_+12_modules_-_all_in_one_solution_(formerly_woolentor) |
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2946 [email protected] [email protected] |
devowl — real_media_library:_media_library_folder_&_file_manager |
The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its style attributes in all versions up to, and including, 4.22.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2027 [email protected] [email protected] |
dfactory — post_views_counter |
Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counter <= 1.4.4 versions. | 2024-04-12 | 4.3 | CVE-2024-31264 [email protected] |
dglingren — media_library_assistant |
The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode(s) in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 6.4 | CVE-2024-2871 [email protected] [email protected] [email protected] [email protected] |
digitalbazaar — zcap |
`@digitalbazaar/zcap` provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the `expires` property is not properly checked against the current date or other `date` param. This can allow invocations outside of the original intended time period. A zcap still cannot be invoked without being able to use the associated private key material. `@digitalbazaar/zcap` v9.0.1 fixes expiration checking. As a workaround, one may revoke a zcap at any time. | 2024-04-10 | 4.3 | CVE-2024-31995 [email protected] [email protected] [email protected] [email protected] |
easy_digital_downloads — easy_digital_downloads |
Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6. | 2024-04-12 | 4.3 | CVE-2024-31293 [email protected] |
ecwid — ecwid_ecommerce_shopping_cart |
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2456 [email protected] [email protected] |
elbanyaoui — woocommerce_clover_payment_gateway |
The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid. | 2024-04-09 | 5.3 | CVE-2024-0626 [email protected] [email protected] [email protected] |
elementor — hello_elementor |
Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0. | 2024-04-12 | 4.3 | CVE-2024-31289 [email protected] |
elemntor — elementor_website_builder_-_more_than_just_a_page_builder |
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2117 [email protected] [email protected] |
elextensions — elex_woocommerce_dynamic_pricing_and_discounts |
Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. | 2024-04-12 | 4.3 | CVE-2024-31364 [email protected] |
envato — template_kit_-_import |
The Template Kit – Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2334 [email protected] [email protected] [email protected] |
exactly_www — ewww_image_optimizer |
Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Image Optimizer.This issue affects EWWW Image Optimizer: from n/a through 7.2.3. | 2024-04-10 | 4.3 | CVE-2024-31924 [email protected] |
expresstech — quiz_and_survey_master |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2. | 2024-04-11 | 5.9 | CVE-2024-27966 [email protected] |
faktor_vier — f4_improvements |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FAKTOR VIER F4 Improvements allows Stored XSS.This issue affects F4 Improvements: from n/a through 1.8.0. | 2024-04-11 | 5.9 | CVE-2024-31925 [email protected] |
fetch_designs — sign-up_sheets |
Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets.This issue affects Sign-up Sheets: from n/a through 2.2.11.1. | 2024-04-12 | 4.3 | CVE-2024-31303 [email protected] |
formsite — formsite_|_embed_online_forms_to_collect_orders_registrations_leads_and_surveys |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Formsite Formsite | Embed online forms to collect orders, registrations, leads, and surveys allows Stored XSS.This issue affects Formsite | Embed online forms to collect orders, registrations, leads, and surveys: from n/a through 1.6. | 2024-04-07 | 6.5 | CVE-2024-31257 [email protected] |
fortinet — fortimanager |
A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates. | 2024-04-09 | 6.7 | CVE-2023-47542 [email protected] |
fortinet — fortios |
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, version 7.0.14 and below, version 6.4.15 and below command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests. | 2024-04-09 | 6.7 | CVE-2023-48784 [email protected] |
fortinet — fortios |
An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests. | 2024-04-09 | 5.3 | CVE-2024-23662 [email protected] |
fortinet — fortisandbox |
An improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.0.5 through 3.0.7 may allows attacker to execute unauthorized code or commands via CLI. | 2024-04-09 | 6.7 | CVE-2023-47540 [email protected] |
fortinet — fortisandbox |
An improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 and 2.3.0 through 2.3.3 and 2.2.0 through 2.2.2 and 2.1.0 through 2.1.3 and 2.0.0 through 2.0.3 allows attacker to execute unauthorized code or commands via CLI. | 2024-04-09 | 6.7 | CVE-2023-47541 [email protected] |
fortinet — fortisandbox |
A improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests. | 2024-04-09 | 5.9 | CVE-2024-31487 [email protected] |
fr-d-ric_gilles — fg_drupal_to_wordpress |
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3. | 2024-04-10 | 5.3 | CVE-2024-31247 [email protected] |
getbowtied — shopkeeper_extender |
The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘image_slide’ shortcode in all versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-12 | 6.4 | CVE-2024-2801 [email protected] [email protected] |
gitlab — gitlab |
A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature. | 2024-04-12 | 4.3 | CVE-2023-6489 [email protected] [email protected] |
gitlab — gitlab |
An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file. | 2024-04-12 | 4.3 | CVE-2023-6678 [email protected] [email protected] |
givewp — givewp |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1. | 2024-04-12 | 5.9 | CVE-2022-40211 [email protected] |
gn_themes — wp_shortcodes_plugin_-_shortcodes_ultimate |
The WP Shortcodes Plugin – Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘note_color’ shortcode in all versions up to, and including, 7.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3512 [email protected] [email protected] [email protected] [email protected] |
hcl_software — bigfix_enterprise_suite_asset_discovery |
The NMAP Importer service​ may expose data store credentials to authorized users of the Windows Registry. | 2024-04-08 | 6.6 | CVE-2024-23584 [email protected] |
hidekazu_ishikawa — x-t9 |
Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet Gridsby, TT Themes HappenStance, Marsian i-excel, Out the Box Panoramic, Modernthemesnet Sensible WP.This issue affects X-T9: from n/a through 1.19.0; Lightning: from n/a through 15.18.0; Default Mag: from n/a through 1.3.5; Namaha: from n/a through 1.0.40; CityLogic: from n/a through 1.1.29; i-max: from n/a through 1.6.2; Emmet Lite: from n/a through 1.7.5; Decode: from n/a through 3.15.3; Sliding Door: from n/a through 3.3; Shopstar!: from n/a through 1.1.33; Gridsby: from n/a through 1.3.0; HappenStance: from n/a through 3.0.1; i-excel: from n/a through 1.7.9; Panoramic: from n/a through 1.1.56; Sensible WP: from n/a through 1.3.1. | 2024-04-10 | 4.3 | CVE-2024-31386 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
i_thirteen_web_solution — wp_responsive_tabs_horizontal_vertical_and_accordion_tabs |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs allows Stored XSS.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17. | 2024-04-11 | 6.5 | CVE-2024-27989 [email protected] |
ibm — qradar_siem |
IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706. | 2024-04-11 | 5.9 | CVE-2023-50949 [email protected] [email protected] |
ibm — security_verify_access_appliance |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318. | 2024-04-10 | 6.2 | CVE-2024-31874 [email protected] [email protected] |
ibm — sterling_b2b_integrator |
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273338. | 2024-04-12 | 5.4 | CVE-2023-50307 [email protected] [email protected] |
ibm — sterling_b2b_integrator |
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280894. | 2024-04-12 | 5.4 | CVE-2024-22357 [email protected] [email protected] |
ibm — sterling_b2b_integrator |
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 268691. | 2024-04-12 | 4.8 | CVE-2023-45186 [email protected] [email protected] |
ibm — sterling_file_gateway |
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271531. | 2024-04-12 | 4.8 | CVE-2023-47714 [email protected] [email protected] |
ibm — storage_defender |
IBM Storage Defender – Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986. | 2024-04-12 | 6.4 | CVE-2024-27261 [email protected] [email protected] |
ibm — urbancode_deploy |
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896. | 2024-04-12 | 6.3 | CVE-2024-22358 [email protected] [email protected] |
ibm — urbancode_deploy |
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897. | 2024-04-12 | 6.1 | CVE-2024-22359 [email protected] [email protected] |
ibm — urbancode_deploy |
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974. | 2024-04-12 | 4.4 | CVE-2024-22334 [email protected] [email protected] |
ibm — urbancode_deploy |
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979. | 2024-04-12 | 4.3 | CVE-2024-22339 [email protected] [email protected] |
ideaboxcreations — powerpack_addons_for_elementor_(free_widgets_extensions_and_templates) |
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2492 [email protected] [email protected] |
ideaboxcreations — powerpack_lite_for_beaver_builder |
The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link in multiple elements in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2289 [email protected] [email protected] |
j_3rk — video_conferencing_with_zoom |
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the get_assign_host_id AJAX action. This makes it possible for authenticated attackers, with subscriber access or higher, to enumerate usernames, emails and IDs of all users on a site. | 2024-04-09 | 4.3 | CVE-2024-2033 [email protected] [email protected] |
jackdewey — link_library |
The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-09 | 6.1 | CVE-2024-2325 [email protected] [email protected] |
jcodex — woocommerce_checkout_field_editor_(checkout_manager) |
Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8. | 2024-04-12 | 5.4 | CVE-2024-31262 [email protected] |
jetmonsters — getwid_-_gutenberg_blocks |
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1948 [email protected] [email protected] |
jetmonsters — jetwidgets_for_elementor |
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2138 [email protected] [email protected] |
jetmonsters — jetwidgets_for_elementor |
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2507 [email protected] [email protected] |
joel_hardi — user_spam_remover |
Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0. | 2024-04-10 | 5.3 | CVE-2024-31298 [email protected] |
joomunited — wp_media_folder |
Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | 2024-04-11 | 5.4 | CVE-2024-25907 [email protected] |
joomunited — wp_media_folder |
Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | 2024-04-11 | 4.3 | CVE-2024-25908 [email protected] |
jtermaat — 360_javascript_viewer |
The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with subscriber access or higher, to update plugin settings. | 2024-04-09 | 4.3 | CVE-2024-1637 [email protected] [email protected] [email protected] |
julien_berthelot_/_mpembed.com — wp_matterport_shortcode |
Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode.This issue affects WP Matterport Shortcode: from n/a through 2.1.8. | 2024-04-11 | 4.3 | CVE-2024-32109 [email protected] |
juniper_networks — junos_os_evolved |
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps, an Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition. This issue affects Juniper Networks Junos OS Evolved: 23.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO. | 2024-04-12 | 6.5 | CVE-2024-30403 [email protected] [email protected] |
juniper_networks — junos_os_evolved |
An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS). When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO. | 2024-04-12 | 5.3 | CVE-2024-21590 [email protected] [email protected] |
juniper_networks — junos_os_evolved |
An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited Denial of Service (DoS) to the management plane. When an incoming connection was blocked because it exceeded the connections-per-second rate-limit, the system doesn’t consider existing connections anymore for subsequent connection attempts so that the connection limit can be exceeded. This issue affects Junos OS Evolved: All versions before 21.4R3-S4-EVO, 22.1-EVO versions before 22.1R3-S3-EVO, 22.2-EVO versions before 22.2R3-S2-EVO, 22.3-EVO versions before 22.3R2-S1-EVO, 22.3R3-EVO. | 2024-04-12 | 5.3 | CVE-2024-30390 [email protected] [email protected] |
juniper_networks — junos_os_evolved |
A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO. This issue does not affect releases before 23.1R1-EVO. | 2024-04-12 | 5.5 | CVE-2024-30406 [email protected] [email protected] [email protected] [email protected] |
juniper_networks — junos_os |
An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition. Circuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue. This issue only affects MX Series with MPC10, MPC11, LC9600, and MX304. This issue affects: Juniper Networks Junos OS 21.4 versions from 21.4R3 earlier than 21.4R3-S5; 22.2 versions from 22.2R2 earlier than 22.2R3-S2; 22.3 versions from 22.3R1 earlier than 22.3R2-S2; 22.3 versions from 22.3R3 earlier than 22.3R3-S1 22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3; 23.2 versions earlier than 23.2R1-S1, 23.2R2. | 2024-04-12 | 6.5 | CVE-2024-21593 [email protected] [email protected] |
juniper_networks — junos_os |
An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). Specific valid link-local traffic is not blocked on ports in STP blocked state but is instead sent to the control plane of the device. This leads to excessive resource consumption and in turn severe impact on all control and management protocols of the device. This issue affects Juniper Networks Junos OS: * 21.2 version 21.2R3-S3 and later versions earlier than 21.2R3-S6; * 22.1 version 22.1R3 and later versions earlier than 22.1R3-S4; * 22.2 version 22.2R2 and later versions earlier than 22.2R3-S2; * 22.3 version 22.3R2 and later versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. This issue does not affect Juniper Networks Junos OS 21.4R1 and later versions of 21.4. | 2024-04-12 | 6.5 | CVE-2024-21605 [email protected] [email protected] |
juniper_networks — junos_os |
A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS). If specific values for the IPsec parameters local-ip, remote-ip, remote ike-id, and traffic selectors are sent from the peer, a memory leak occurs during every IPsec SA rekey which is carried out with a specific message sequence. This will eventually result in an iked process crash and restart. The iked process memory consumption can be checked using the below command: user@host> show system processes extensive | grep iked PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 56903 root 31 0 4016M 2543M CPU0 0 2:10 10.50% iked This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. | 2024-04-12 | 6.5 | CVE-2024-21609 [email protected] [email protected] |
juniper_networks — junos_os |
An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. This issue affects: Junos OS: * from 21.4 before 21.4R3-S4, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R2-S2, 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S2-EVO, * from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. This issue does not affect: * Junos OS versions prior to 21.4R1; * Junos OS Evolved versions prior to 21.4R1-EVO. | 2024-04-12 | 6.5 | CVE-2024-21618 [email protected] [email protected] |
juniper_networks — junos_os |
A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart. This issue affects Junos OS: All versions before 20.4R3-S9, 21.2 versions before 21.2R3-S5, 21.3 versions before 21.3R3-S5, 21.4 versions before 21.4R3-S4, 22.1 versions before 22.1R3-S2, 22.2 versions before 22.2R3-S2, 22.3 versions before 22.3R2-S2, 22.3R3, 22.4 versions before 22.4R2. | 2024-04-12 | 6.5 | CVE-2024-30387 [email protected] [email protected] |
juniper_networks — junos_os |
An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss. This issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series: * 20.4 versions from 20.4R3-S4 before 20.4R3-S8, * 21.2 versions from 21.2R3-S2 before 21.2R3-S6, * 21.4 versions from 21.4R2 before 21.4R3-S4, * 22.1 versions from 22.1R2 before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R2-S2, 22.3R3, * 22.4 versions before 22.4R2-S1, 22.4R3. | 2024-04-12 | 6.5 | CVE-2024-30388 [email protected] [email protected] |
juniper_networks — junos_os |
An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can’t be established anymore. A similar behavior will be seen for telnet etc. Stuck mgd processes can be monitored by executing the following command: user@host> show system processes extensive | match mgd | match sbwait This issue affects Juniper Networks Junos OS on MX Series: All versions earlier than 20.4R3-S9; 21.2 versions earlier than 21.2R3-S7; 21.3 versions earlier than 21.3R3-S5; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S2; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2. | 2024-04-12 | 5.3 | CVE-2024-21610 [email protected] [email protected] |
juniper_networks — junos_os |
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system. On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R1-S2. Junos OS Evolved: * all versions before 21.2R3-S7-EVO, * from 21.3 before 21.3R3-S5-EVO, * from 21.4 before 21.4R3-S5-EVO, * from 22.1 before 22.1R3-S5-EVO, * from 22.2 before 22.2R3-S3-EVO, * from 22.3 before 22.3R3-S2-EVO, * from 22.4 before 22.4R3-EVO, * from 23.2 before 23.2R1-S2. | 2024-04-12 | 5 | CVE-2024-21615 [email protected] [email protected] |
juniper_networks — junos_os
|
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos). If a specific CLI command is issued, a PFE crash will occur. This will cause traffic forwarding to be interrupted until the system self-recovers. This issue affects Junos OS: All versions before 20.4R3-S10, 21.2 versions before 21.2R3-S7, 21.4 versions before 21.4R3-S6. | 2024-04-12 | 5.5 | CVE-2024-30384 [email protected] [email protected] |
juniper_networks — junos_os
|
A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). In an EVPN-VXLAN scenario, when state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control. This issue affects: Junos OS: * All versions before 20.4R3-S8, * 21.2 versions before 21.2R3-S6, * 21.3 versions before 21.3R3-S5, * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R3,, * 22.4 versions before 22.4R2; Junos OS Evolved: * All versions before 20.4R3-S8-EVO, * 21.2-EVO versions before 21.2R3-S6-EVO, * 21.3-EVO versions before 21.3R3-S5-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.1-EVO versions before 22.1R3-S3-EVO, * 22.2-EVO versions before 22.2R3-S1-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R2-EVO. | 2024-04-12 | 5.3 | CVE-2024-30386 [email protected] [email protected] |
juniper_networks — junos_os |
An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface it doesn’t recognize matching packets but permits any traffic. This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6. This issue does not affect Junos OS releases earlier than 21.4R1. | 2024-04-12 | 5.8 | CVE-2024-30389 [email protected] [email protected] |
juniper_networks — junos_os |
An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC. Through code review, it was determined that the interface definition code for aftman could read beyond a buffer boundary, leading to a stack-based buffer overflow. This issue affects Junos OS on MX Series and EX9200-15C: * from 21.2 before 21.2R3-S1, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2, * from 22.2 before 22.2R2; This issue does not affect: * versions of Junos OS prior to 20.3R1; * any version of Junos OS 20.4. | 2024-04-12 | 5.9 | CVE-2024-30401 [email protected] [email protected] |
juniper_networks — junos_os |
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition. This issue affects: Junos OS: All versions earlier than 20.4R3-S10; 21.2 versions earlier than 21.2R3-S7; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S1; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2. Junos OS Evolved: All versions earlier than 21.4R3-S5-EVO; 22.1-EVO versions earlier than 22.1R3-S4-EVO; 22.2-EVO versions earlier than 22.2R3-S3-EVO; 22.3-EVO versions earlier than 22.3R3-S1-EVO; 22.4-EVO versions earlier than 22.4R3-EVO; 23.2-EVO versions earlier than 23.2R2-EVO. | 2024-04-12 | 5.9 | CVE-2024-30402 [email protected] [email protected] |
juniper_networks — junos_os |
An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service. This issue affects Juniper Networks Junos OS: * from 22.1 before 22.1R1-S2, 22.1R2. Junos OS Evolved: * from 22.1 before 22.1R1-S2-EVO, 22.1R2-EVO. | 2024-04-12 | 5.3 | CVE-2024-30409 [email protected] [email protected] |
juniper_networks — junos_os |
A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed. This issue affects Junos OS: All versions before 20.4R3-S7, 21.1 versions before 21.1R3, 21.2 versions before 21.2R2-S1, 21.2R3, 21.3 versions before 21.3R1-S2, 21.3R2. | 2024-04-12 | 4.8 | CVE-2024-30391 [email protected] [email protected] |
juniper_networks — junos_ |
An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback (lo0) interface. The intended function is that the lo0 firewall filter takes precedence over the revenue interface firewall filter. This issue affects only IPv6 firewall filter. This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS: * All versions before 20.4R3-S10, * from 21.2 before 21.2R3-S7, * from 21.4 before 21.4R3-S6. | 2024-04-12 | 5.8 | CVE-2024-30410 [email protected] [email protected] |
junkcoder,_ristoniinemets — ajax_thumbnail_rebuild |
Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13. | 2024-04-11 | 4.3 | CVE-2022-47604 [email protected] |
kekotron — ai_post_generator_|_autowriter |
The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber access or higher, to view all posts generated with this plugin (even in non-published status), create new posts (and publish them), publish unpublished post or perform post deletions. | 2024-04-09 | 6.3 | CVE-2024-1850 [email protected] [email protected] [email protected] |
khl32 — font_farsi |
The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-04-09 | 4.4 | CVE-2024-3093 [email protected] [email protected] |
kurudrive — vk_all_in_one_expansion_unit |
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content. | 2024-04-09 | 6.5 | CVE-2024-2093 [email protected] [email protected] [email protected] |
kyivstarteam — react-native-sms-user-consent |
A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The manipulation leads to improper export of android application components. Attacking locally is a requirement. Upgrading to version 1.1.5 is able to address this issue. The name of the patch is 5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259508. | 2024-04-07 | 5.3 | CVE-2021-4438 [email protected] [email protected] [email protected] [email protected] [email protected] |
leadinfo — leadinfo |
Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.This issue affects Leadinfo: from n/a through 1.0. | 2024-04-11 | 4.3 | CVE-2024-32112 [email protected] |
leap13 — premium_addons_for_elementor |
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-0376 [email protected] [email protected] |
leap13 — premium_addons_for_elementor |
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Countdown Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2664 [email protected] [email protected] |
leap13 — premium_addons_for_elementor |
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s button in all versions up to, and including, 4.10.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.5 | CVE-2024-2665 [email protected] [email protected] |
leap13 — premium_addons_for_elementor |
The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin’s Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and attempts to edit the content. | 2024-04-10 | 5.4 | CVE-2024-2666 [email protected] [email protected] |
leap13 — premium_addons_for_elementor |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons for Elementor.This issue affects Premium Addons for Elementor: from n/a through 4.10.22. | 2024-04-10 | 4.3 | CVE-2024-31278 [email protected] |
lifterlms — lifterlms |
Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issue affects LifterLMS: from n/a through 7.5.0. | 2024-04-12 | 4.3 | CVE-2024-31363 [email protected] |
link_whisper — link_whisper_free |
Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.9. | 2024-04-11 | 4.3 | CVE-2024-31934 [email protected] |
livemesh — elementor_addons_by_livemesh |
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text_alignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1458 [email protected] [email protected] |
livemesh — elementor_addons_by_livemesh |
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Team Members widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1461 [email protected] [email protected] |
livemesh — elementor_addons_by_livemesh |
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1464 [email protected] [email protected] |
livemesh — elementor_addons_by_livemesh |
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘carousel_skin’ attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1465 [email protected] [email protected] |
livemesh — elementor_addons_by_livemesh |
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_style’ attribute of the Posts Multislider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-27986 may be a duplicate of this issue. | 2024-04-09 | 6.4 | CVE-2024-1466 [email protected] [email protected] |
livemesh — elementor_addons_by_livemesh |
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget ‘_id’ attributes in all versions up to, and including, 8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2539 [email protected] [email protected] |
livemesh — elementor_addons_by_livemesh |
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on author display names. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2655 [email protected] [email protected] |
lizardbyte — sunshine |
Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability. | 2024-04-08 | 5.9 | CVE-2024-31221 [email protected] [email protected] [email protected] [email protected] |
mailmunch — mailmunch_-_grow_your_email_list |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MailMunch MailMunch – Grow your Email List allows Stored XSS.This issue affects MailMunch – Grow your Email List: from n/a through 3.1.6. | 2024-04-07 | 6.5 | CVE-2024-31349 [email protected] |
mark_stockton — quicksand_post_filter_jquery_plugin |
Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. | 2024-04-11 | 5.3 | CVE-2024-24850 [email protected] |
matrix-org — matrix-appservice-irc |
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don’t have access to. As a precondition to the attack, the malicious user needs to know the event ID of the message they want to leak, as well as to be joined to both the Matrix room and the IRC channel it is bridged to. The message reply containing the leaked message content is visible to IRC channel members when this happens. matrix-appservice-irc 2.0.0 checks whether the user has permission to view an event before constructing a reply. Administrators should upgrade to this version. It’s possible to limit the amount of information leaked by setting a reply template that doesn’t contain the original message. See these lines `601-604` in the configuration file linked. | 2024-04-12 | 4.3 | CVE-2024-32000 [email protected] [email protected] [email protected] |
mautic — mautic |
Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available | 2024-04-10 | 5.3 | CVE-2024-2730 [email protected] |
mautic — mautic |
Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users’ names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available. | 2024-04-10 | 5.4 | CVE-2024-2731 [email protected] |
mautic — mautic |
Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available. | 2024-04-10 | 5 | CVE-2024-3448 [email protected] |
max_foundry — media_library_folders |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.8. | 2024-04-10 | 6.5 | CVE-2024-31287 [email protected] |
mbis — permalink_manager_lite |
The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-09 | 6.1 | CVE-2024-2738 [email protected] [email protected] [email protected] [email protected] |
mbis — permalink_manager_lite |
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘get_uri_editor’ function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts. | 2024-04-09 | 4.3 | CVE-2024-2543 [email protected] [email protected] [email protected] |
memberpress — memberpress |
The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and ‘error’ parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Note – the issue was partially patched in 1.11.25, but could still potentially be exploited under some circumstances. | 2024-04-09 | 6.1 | CVE-2024-1412 [email protected] [email protected] |
metagauss — profilegrid_ |
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.6. | 2024-04-07 | 4.3 | CVE-2024-31291 [email protected] |
metagauss — profilegrid_ |
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | 2024-04-12 | 4.3 | CVE-2024-31362 [email protected] |
metagauss — registrationmagic |
Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. | 2024-04-11 | 4.3 | CVE-2024-25935 [email protected] |
metaslider — slider_gallery_and_carousel_by_metaslider_-_responsive_wordpress_slideshows |
The Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘metaslider’ shortcode in all versions up to, and including, 3.70.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-11 | 6.4 | CVE-2024-3285 [email protected] [email protected] |
michael_leithold — dsgvo_all_in_one_for_wp |
Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3. | 2024-04-11 | 4.3 | CVE-2024-27967 [email protected] |
micro.company — form_to_chat_app |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Micro.Company Form to Chat App allows Stored XSS.This issue affects Form to Chat App: from n/a through 1.1.6. | 2024-04-07 | 6.5 | CVE-2024-31258 [email protected] |
microsoft — azure_arc_extension |
Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability | 2024-04-09 | 6.2 | CVE-2024-28917 [email protected] |
microsoft — azure_compute_gallery |
Azure Compute Gallery Elevation of Privilege Vulnerability | 2024-04-09 | 6.5 | CVE-2024-21424 [email protected] |
microsoft — azure_identity_library_for_.net |
Azure Identity Library for .NET Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-29992 [email protected] |
microsoft — azure_migrate |
Azure Migrate Remote Code Execution Vulnerability | 2024-04-09 | 6.4 | CVE-2024-26193 [email protected] |
microsoft — azure_private_5g_core |
Azure Private 5G Core Denial of Service Vulnerability | 2024-04-09 | 5.9 | CVE-2024-20685 [email protected] |
microsoft — microsoft_sharepoint_server_2019 |
Microsoft SharePoint Server Spoofing Vulnerability | 2024-04-09 | 6.8 | CVE-2024-26251 [email protected] |
microsoft — windows_10_version_1809 |
BitLocker Security Feature Bypass Vulnerability | 2024-04-09 | 6.1 | CVE-2024-20665 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-20669 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.8 | CVE-2024-26168 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-26171 [email protected] |
microsoft — windows_10_version_1809 |
Windows Kerberos Denial of Service Vulnerability | 2024-04-09 | 6.5 | CVE-2024-26183 [email protected] |
microsoft — windows_10_version_1809 |
Proxy Driver Spoofing Vulnerability | 2024-04-09 | 6.7 | CVE-2024-26234 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-26250 [email protected] |
microsoft — windows_10_version_1809 |
Windows rndismp6.sys Remote Code Execution Vulnerability | 2024-04-09 | 6.8 | CVE-2024-26252 [email protected] |
microsoft — windows_10_version_1809 |
Windows rndismp6.sys Remote Code Execution Vulnerability | 2024-04-09 | 6.8 | CVE-2024-26253 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.8 | CVE-2024-28897 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.3 | CVE-2024-28898 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-28903 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-28919 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-28921 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.4 | CVE-2024-28923 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-28924 [email protected] |
microsoft — windows_10_version_1809 |
Windows Hyper-V Denial of Service Vulnerability | 2024-04-09 | 6.2 | CVE-2024-29064 [email protected] |
microsoft — windows_10_version_1809 |
Windows DWM Core Library Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-26172 [email protected] |
microsoft — windows_10_version_1809 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-26207 [email protected] |
microsoft — windows_10_version_1809 |
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-26209 [email protected] |
microsoft — windows_10_version_1809 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-26217 [email protected] |
microsoft — windows_10_version_1809 |
Windows Mobile Hotspot Information Disclosure Vulnerability | 2024-04-09 | 5 | CVE-2024-26220 [email protected] |
microsoft — windows_10_version_1809 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-26255 [email protected] |
microsoft — windows_10_version_1809 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-28900 [email protected] |
microsoft — windows_10_version_1809 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-28901 [email protected] |
microsoft — windows_10_version_1809 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-28902 [email protected] |
microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 4.1 | CVE-2024-28922 [email protected] |
microsoft — windows_server_2019 |
Windows Distributed File System (DFS) Information Disclosure Vulnerability | 2024-04-09 | 6.5 | CVE-2024-26226 [email protected] |
microsoft — windows_server_2019 |
Windows Authentication Elevation of Privilege Vulnerability | 2024-04-09 | 4.3 | CVE-2024-29056 [email protected] |
mndpsingh287 — file_manager |
The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information. | 2024-04-09 | 6.8 | CVE-2024-2654 [email protected] [email protected] [email protected] |
n/a — dedecms |
A vulnerability, which was classified as critical, was found in DedeCMS 5.7.112-UTF8. Affected is an unknown function of the file stepselect_main.php. The manipulation of the argument ids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260472. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-12 | 6.3 | CVE-2024-3685 [email protected] [email protected] [email protected] [email protected] |
n/a — dedecms |
A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: ‘../filedir’. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-12 | 4.3 | CVE-2024-3686 [email protected] [email protected] [email protected] [email protected] |
n/a — eyoucms |
A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259612. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-07 | 4.7 | CVE-2024-3431 [email protected] [email protected] [email protected] [email protected] |
n/a — freeipa |
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. | 2024-04-10 | 5.3 | CVE-2024-1481 [email protected] [email protected] |
n/a — mysql2 |
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key. | 2024-04-10 | 6.5 | CVE-2024-21507 [email protected] [email protected] [email protected] [email protected] |
n/a — mysql2 |
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js. | 2024-04-10 | 6.5 | CVE-2024-21509 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
n/a — qemu |
A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition. | 2024-04-10 | 5.5 | CVE-2024-3567 [email protected] [email protected] [email protected] |
n/a — save_as_image_plugin_by_pdfcrowd |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Save as Image plugin by Pdfcrowd allows Stored XSS.This issue affects Save as Image plugin by Pdfcrowd: from n/a through 3.2.1 . | 2024-04-11 | 5.9 | CVE-2024-31931 [email protected] |
netentsec — ns-asg_application_security_gateway |
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add_postlogin.php. The manipulation of the argument SingleLoginId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259711. | 2024-04-08 | 6.3 | CVE-2024-3455 [email protected] [email protected] [email protected] [email protected] |
netentsec — ns-asg_application_security_gateway |
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/config_Anticrack.php. The manipulation of the argument GroupId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259712. | 2024-04-08 | 6.3 | CVE-2024-3456 [email protected] [email protected] [email protected] [email protected] |
netentsec — ns-asg_application_security_gateway |
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/config_ISCGroupNoCache.php. The manipulation of the argument GroupId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259713 was assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3457 [email protected] [email protected] [email protected] [email protected] |
netentsec — ns-asg_application_security_gateway |
A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /admin/add_ikev2.php. The manipulation of the argument TunnelId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259714 is the identifier assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3458 [email protected] [email protected] [email protected] [email protected] |
nextendweb — smart_slider_3 |
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files, including SVG files, which can be used to conduct stored cross-site scripting attacks. | 2024-04-13 | 6.4 | CVE-2024-3027 [email protected] [email protected] |
nick_pelton — search_keyword_redirect |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nick Pelton Search Keyword Redirect allows Stored XSS.This issue affects Search Keyword Redirect: from n/a through 1.0. | 2024-04-11 | 5.9 | CVE-2024-32080 [email protected] |
nickboss — wordpress_file_upload |
The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2847 [email protected] [email protected] |
ninjateam — wp_chat_app |
The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘imageAlt’ block attribute in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2513 [email protected] [email protected] |
nudgify — nudgify_social_proof,_sales_popup_&_fomo |
Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3. | 2024-04-12 | 4.3 | CVE-2024-31239 [email protected] |
nuknightlab — knight_lab_timeline |
The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.9.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2287 [email protected] [email protected] |
nvidia — chatrtx |
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users’ browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure. | 2024-04-08 | 6.5 | CVE-2024-0083 [email protected] |
oceanwp — ocean_extra |
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_username’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3167 [email protected] [email protected] [email protected] |
octolize — usps_shipping_for_woocommerce_-_live_rates |
Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2. | 2024-04-10 | 4.3 | CVE-2024-31943 [email protected] |
octolize — woocommerce_ups_shipping_-_live_rates_and_access_points |
Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/a through 2.2.4. | 2024-04-10 | 4.3 | CVE-2024-31944 [email protected] |
open-telemetry — opentelemetry-dotnet |
OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and `OpenTelemetry.Instrumentation.AspNetCore` writes the `url.query` attribute/tag on spans (`Activity`) when tracing is enabled for incoming http requests. These attributes are defined by the Semantic Conventions for HTTP Spans. Up until version `1.8.1` the values written by `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will pass-through the raw query string as was sent or received (respectively). This may lead to sensitive information (e.g. EUII – End User Identifiable Information, credentials, etc.) being leaked into telemetry backends (depending on the application(s) being instrumented) which could cause privacy and/or security incidents. Note: Older versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` may use different tag names but have the same vulnerability. The `1.8.1` versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will now redact by default all values detected on transmitted or received query strings. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-04-12 | 4.1 | CVE-2024-32028 [email protected] [email protected] [email protected] |
open-xchange_gmbh — ox_app_suite |
RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Potentially malicious attributes now get removed from external RSS content. No publicly available exploits are known. | 2024-04-08 | 6.1 | CVE-2024-23192 [email protected] [email protected] [email protected] [email protected] |
open-xchange_gmbh — ox_app_suite |
Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering attack to make users import external content. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-generated content has been improved. No publicly available exploits are known. | 2024-04-08 | 5.4 | CVE-2024-23189 [email protected] [email protected] [email protected] [email protected] |
open-xchange_gmbh — ox_app_suite |
Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known. | 2024-04-08 | 5.4 | CVE-2024-23190 [email protected] [email protected] [email protected] [email protected] |
open-xchange_gmbh — ox_app_suite |
Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known. | 2024-04-08 | 5.4 | CVE-2024-23191 [email protected] [email protected] [email protected] [email protected] |
opengnsys — opengnsys |
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored. | 2024-04-12 | 5.9 | CVE-2024-3706 [email protected] |
opengnsys — opengnsys |
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file. | 2024-04-12 | 5.3 | CVE-2024-3707 [email protected] |
palo_alto_networks — pan-os |
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption. | 2024-04-10 | 5.3 | CVE-2024-3386 [email protected] |
palo_alto_networks — pan-os |
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls. | 2024-04-10 | 5.3 | CVE-2024-3387 [email protected] |
palo_alto_networks — pan-os |
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets. | 2024-04-10 | 4.1 | CVE-2024-3388 [email protected] |
patrickposner — passster_-_password_protect_pages_and_content |
The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2026 [email protected] [email protected] |
pdfcrowd — save_as_pdf_plugin_by_pdfcrowd |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.1 . | 2024-04-11 | 5.9 | CVE-2024-31930 [email protected] |
peach_payments — peach_payments_gateway |
Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9. | 2024-04-11 | 5.4 | CVE-2024-25922 [email protected] |
peepso — community_by_peepso |
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1. | 2024-04-12 | 4.3 | CVE-2024-31251 [email protected] |
pencidesign — soledad |
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. | 2024-04-09 | 6.5 | CVE-2024-31368 [email protected] |
pencidesign — soledad |
Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. | 2024-04-09 | 5.4 | CVE-2024-31369 [email protected] |
phpbits_creative_studio — easy_login_styler_-_white_label_admin_login_page_for_wordpress |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Phpbits Creative Studio Easy Login Styler – White Label Admin Login Page for WordPress allows Stored XSS.This issue affects Easy Login Styler – White Label Admin Login Page for WordPress: from n/a through 1.0.6. | 2024-04-07 | 5.9 | CVE-2024-31344 [email protected] |
phpgurukul — small_crm |
A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260479. | 2024-04-12 | 6.3 | CVE-2024-3690 [email protected] [email protected] [email protected] [email protected] |
pickplugins — accordion |
The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the ‘accordions_duplicate_post_as_draft’ function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with contributor access and above, to duplicate arbitrary posts, allowing access to the contents of password-protected posts. | 2024-04-09 | 5.4 | CVE-2024-1641 [email protected] [email protected] [email protected] |
ping_identity — pingfederate |
Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests. | 2024-04-10 | 6.5 | CVE-2023-40148 [email protected] [email protected] |
planet — igs-4215-16t2s |
Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality. | 2024-04-11 | 6.4 | CVE-2024-2742 [email protected] |
pluginsware — advanced_classifieds_&_directory_pro |
The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber access or higher, to delete arbitrary media uploads. | 2024-04-09 | 4.3 | CVE-2024-2222 [email protected] [email protected] [email protected] [email protected] |
polevaultweb — intagrate_lite |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Polevaultweb Intagrate Lite allows Stored XSS.This issue affects Intagrate Lite: from n/a through 1.3.7. | 2024-04-11 | 5.9 | CVE-2024-31929 [email protected] |
popup_likebox_team — popup_like_box |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through 3.7.2. | 2024-04-11 | 5.9 | CVE-2024-31387 [email protected] |
prasunsen — watu_quiz |
The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘watu-basic-chart’ shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-0873 [email protected] [email protected] |
prasunsen — watu_quiz |
The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which can include session tokens and user emails. | 2024-04-09 | 4.3 | CVE-2024-0872 [email protected] [email protected] |
princeahmed — wp_radio_-_worldwide_online_radio_stations_directory_for_wordpress |
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as insufficient access control on the settings. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-1041 [email protected] [email protected] |
princeahmed — wp_radio_-_worldwide_online_radio_stations_directory_for_wordpress |
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber access and above, to import radio stations, remove countries, and modify the plugin’s settings, which can lead to Cross-Site Scripting, tracked separately in CVE-2024-1041. | 2024-04-10 | 6.4 | CVE-2024-1042 [email protected] [email protected] |
propertyhive — propertyhive |
Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9. | 2024-04-11 | 5.4 | CVE-2024-27985 [email protected] |
psi-4ward — psitransfer |
PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. The vulnerability allows an attacker to influence those users who come to the file distribution after them and slip the victim files with a malicious or phishing signature. Version 2.2.0 contains a patch for the issue. CVE-2024-31453 allows users to violate the integrity of a file bucket and upload new files there, while the vulnerability with the number CVE-2024-31454 allows users to violate the integrity of a single file that is uploaded by another user by writing data there and not allows you to upload new files to the bucket. Thus, vulnerabilities are reproduced differently, require different security recommendations and affect different objects of the application’s business logic. | 2024-04-09 | 6.5 | CVE-2024-31453 [email protected] [email protected] |
psi-4ward — psitransfer |
PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The vulnerability allows an attacker to influence those users who come to the file distribution after them and slip the victim files with a malicious or phishing signature. Version 2.2.0 contains a patch for this issue. CVE-2024-31454 allows users to violate the integrity of a file that is uploaded by another user. In this case, additional files are not loaded into the file bucket. Violation of integrity at the level of individual files. While the vulnerability with the number CVE-2024-31453 allows users to violate the integrity of a file bucket without violating the integrity of files uploaded by other users. Thus, vulnerabilities are reproduced differently, require different security recommendations and affect different objects of the application’s business logic. | 2024-04-09 | 6.5 | CVE-2024-31454 [email protected] [email protected] |
puneethreddyhc — event_management |
A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259613 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-07 | 5.5 | CVE-2024-3432 [email protected] [email protected] [email protected] |
qodeinteractive — qi_addons_for_elementor |
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-0826 [email protected] [email protected] [email protected] |
rainbowgeek — seopress_-_on-site_seo |
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2165 [email protected] [email protected] |
rankmath — rank_math_seo_with_ai_seo_tools |
The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo block attributes in all versions up to, and including, 1.0.214 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2536 [email protected] [email protected] |
realmag777 — wolf_-_wordpress_posts_bulk_editor_and_manager_professional |
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1. | 2024-04-10 | 4.3 | CVE-2024-31430 [email protected] [email protected] |
redisbloom — redisbloom |
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. | 2024-04-09 | 5.5 | CVE-2024-25116 [email protected] [email protected] |
relevanssi — relevanssi_-_a_better_search_(pro) |
The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS. | 2024-04-09 | 5.3 | CVE-2024-3213 [email protected] [email protected] [email protected] |
relevanssi — relevanssi_-_a_better_search_(pro) |
The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | 2024-04-09 | 5.8 | CVE-2024-3214 [email protected] [email protected] |
repute_infosystems — arforms_form_builder |
Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. | 2024-04-12 | 6.3 | CVE-2024-31272 [email protected] |
repute_infosystems — bookingpress |
Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81. | 2024-04-07 | 4.3 | CVE-2024-31296 [email protected] |
revolution_slider — slider_revolution |
The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure revslider can be extended to authors. | 2024-04-09 | 6.4 | CVE-2024-2306 [email protected] [email protected] |
rtcamp — transcoder |
Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.This issue affects Transcoder: from n/a through 1.3.5. | 2024-04-12 | 4.3 | CVE-2024-31305 [email protected] |
rubengc — gamipress_-_the_#1_gamification_plugin_to_reward_points_achievements_badges_&_ranks_in_wordpress |
The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2783 [email protected] [email protected] |
saleor — saleor |
Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string in `refreshToken` mutation, while the token persists in `JWT_REFRESH_TOKEN_COOKIE_NAME` cookie, application omits validation against CSRF token and returns valid access token. Versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19 contain a patch for the issue. As a workaround, one may replace `saleor.graphql.account.mutations.authentication.refresh_token.py.get_refresh_token`. This will fix the issue, but be aware, that it returns `JWT_MISSING_TOKEN` instead of `JWT_INVALID_TOKEN`. | 2024-04-08 | 4.2 | CVE-2024-31205 [email protected] [email protected] |
saleor — saleor |
Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. | 2024-04-11 | 4.3 | CVE-2024-32105 [email protected] |
saleswonder.biz_team — wp2leads |
Missing Authorization vulnerability in Saleswonder.Biz Team WP2LEADS.This issue affects WP2LEADS: from n/a through 3.2.7. | 2024-04-08 | 5.4 | CVE-2024-31375 [email protected] |
sap_se — sap_business_connector |
The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client side. | 2024-04-09 | 4.8 | CVE-2024-30214 [email protected] [email protected] |
sap_se — sap_business_connector |
The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. | 2024-04-09 | 4.8 | CVE-2024-30215 [email protected] [email protected] |
sap_se — sap_group_reporting_data_collection_(enter_package_data) |
SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization causing high impact on Integrity of the appliction. | 2024-04-09 | 6.5 | CVE-2024-28167 [email protected] [email protected] |
sap_se — sap_netweaver_as_abap_and_abap_platform |
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability. | 2024-04-09 | 6.5 | CVE-2024-30218 [email protected] [email protected] |
sap_se — sap_netweaver |
SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality. | 2024-04-09 | 5.3 | CVE-2024-27898 [email protected] [email protected] |
sap_se — sap_s/4_hana_(cash_management) |
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with ‘completed’ status affecting the integrity of the application. Confidentiality and Availability are not impacted. | 2024-04-09 | 4.3 | CVE-2024-30216 [email protected] [email protected] |
sap_se — sap_s/4_hana_(cash_management) |
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted. | 2024-04-09 | 4.3 | CVE-2024-30217 [email protected] [email protected] |
saumya_majumder — wp_server_health_stats |
Cross-Site Request Forgery (CSRF) vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3. | 2024-04-12 | 4.3 | CVE-2024-31250 [email protected] |
sc0ttkclark — pods_-_custom_content_types_and_fields |
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode. This makes it possible for authenticated attackers, with contributor access or higher, to create pods and users (with default role). | 2024-04-09 | 4.3 | CVE-2023-6965 [email protected] [email protected] [email protected] |
setriosoft — bizcalendar_web |
The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 1.1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-10 | 6.1 | CVE-2024-1780 [email protected] [email protected] |
shopware — shopware |
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to `POST /store-api/account/logout`, the cart will be cleared, but the User won’t be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on `CustomerLogoutEvent` and invalidates the session additionally. The problem has been fixed in Shopware 6.6.1.0 and 6.5.8.8. Those who are unable to update can install the latest version of the Shopware Security Plugin as a workaround. | 2024-04-08 | 5.3 | CVE-2024-31447 [email protected] [email protected] [email protected] |
shortpixel — shortpixel_adaptive_images |
Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2. | 2024-04-10 | 5.3 | CVE-2024-31230 [email protected] |
siemens — scalance_w1748-1_m12 |
A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0). This CVE refers to Scenario 2 “Abuse the queue for network disruptions” of CVE-2022-47522. Affected devices can be tricked into enabling its power-saving mechanisms for a victim client. This could allow a physically proximate attacker to execute disconnection and denial-of-service attacks. | 2024-04-09 | 6.1 | CVE-2024-30190 [email protected] |
siemens — scalance_w721-1_rj45 |
A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0) (All versions), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6) (All versions), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0) (All versions), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0) (All versions), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0) (All versions), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0) (All versions), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0) (All versions), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0) (All versions), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0) (All versions), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0) (All versions), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0) (All versions), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0) (All versions), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6) (All versions), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0) (All versions), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0) (All versions), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0) (All versions), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0) (All versions), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0) (All versions), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0) (All versions), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0) (All versions), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0) (All versions), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0) (All versions), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0) (All versions), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0) (All versions), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0) (All versions), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0) (All versions), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0) (All versions), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0) (All versions), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0) (All versions). This CVE refers to Scenario 1 “Leak frames from the Wi-Fi queue” of CVE-2022-47522. Affected devices queue frames in order to subsequently change the security context and leak the queued frames. This could allow a physically proximate attacker to intercept (possibly cleartext) target-destined frames. | 2024-04-09 | 6.1 | CVE-2024-30189 [email protected] |
siemens — simatic_pcs_7_v9.1 |
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions). The affected products do not properly validate the input provided in the login dialog box. An attacker could leverage this vulnerability to cause a persistent denial of service condition. | 2024-04-09 | 6.2 | CVE-2023-50821 [email protected] |
sigstore — cosign |
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other services on the machine that will not be available for the duration of the machine denial. The root cause of this issue is that Cosign reads the attachment from a remote image entirely into memory without checking the size of the attachment first. As such, a large attachment can make Cosign read a large attachment into memory; If the attachments size is larger than the machine has memory available, the machine will be denied of service. The Go runtime will make a SigKill after a few seconds of system-wide denial. This issue can allow a supply-chain escalation from a compromised registry to the Cosign user: If an attacher has compromised a registry or the account of an image vendor, they can include a malicious attachment and hurt the image consumer. Version 2.2.4 contains a patch for the vulnerability. | 2024-04-10 | 4.2 | CVE-2024-29902 [email protected] [email protected] [email protected] [email protected] [email protected] |
sigstore — cosign |
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted artifact can control the amount of memory that Cosign allocates. The exact issue is Cosign allocates excessive memory on the lines that creates a slice of the same length as the manifests. Version 2.2.4 contains a patch for the vulnerability. | 2024-04-10 | 4.2 | CVE-2024-29903 [email protected] [email protected] [email protected] [email protected] [email protected] |
silverks — graphene |
The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source. | 2024-04-09 | 5.3 | CVE-2024-1984 [email protected] [email protected] |
smub — easy_digital_downloads_-_sell_digital_files_&_subscriptions_(ecommerce_store_+_payments_made_easy) |
The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII. | 2024-04-09 | 5.3 | CVE-2024-2302 [email protected] [email protected] [email protected] |
smub — wordpress_gallery_plugin_-_nextgen_gallery |
The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin. | 2024-04-09 | 5.3 | CVE-2024-3097 [email protected] [email protected] [email protected] [email protected] |
soflyy — import_any_xml_or_csv_file_to_wordpress |
Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3. | 2024-04-10 | 4.3 | CVE-2024-31939 [email protected] |
softaculous — page_builder:_pagelayer_-_drag_and_drop_website_builder |
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attr’ parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2504 [email protected] [email protected] [email protected] |
someguy9 — lightweight_accordion |
The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2436 [email protected] [email protected] [email protected] |
sourcecodester — kortex_lite_advocate_office_management_system |
A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This issue affects some unknown processing of the file /control/deactivate_case.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260273 was assigned to this vulnerability. | 2024-04-11 | 4.7 | CVE-2024-3617 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — kortex_lite_advocate_office_management_system |
A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file /control/activate_case.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260274 is the identifier assigned to this vulnerability. | 2024-04-11 | 4.7 | CVE-2024-3618 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — kortex_lite_advocate_office_management_system |
A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /control/addcase_stage.php. The manipulation of the argument cname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260275. | 2024-04-11 | 4.7 | CVE-2024-3619 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — kortex_lite_advocate_office_management_system |
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /control/adds.php. The manipulation of the argument name/gender/dob/email/mobile/address leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260276. | 2024-04-11 | 4.7 | CVE-2024-3620 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — kortex_lite_advocate_office_management_system |
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. This affects an unknown part of the file /control/register_case.php. The manipulation of the argument title/case_no/client_name/court/case_type/case_stage/legel_acts/description/filling_date/hearing_date/opposite_lawyer/total_fees/unpaid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260277 was assigned to this vulnerability. | 2024-04-11 | 4.7 | CVE-2024-3621 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — laundry_management_system |
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259702 is the identifier assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3445 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — laundry_management_system |
A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical. This issue affects the function laporan_filter of the file /application/controller/Pelanggan.php. The manipulation of the argument jeniskelamin leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259745 was assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3464 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — laundry_management_system |
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been classified as critical. Affected is the function laporan_filter of the file /application/controller/Transaki.php. The manipulation of the argument dari/sampai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259746 is the identifier assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3465 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — laundry_management_system |
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function laporan_filter of the file /application/controller/Pengeluaran.php. The manipulation of the argument dari/sampai leads to sql injection. The associated identifier of this vulnerability is VDB-259747. | 2024-04-08 | 5.5 | CVE-2024-3466 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — online_courseware |
A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. This vulnerability affects unknown code of the file admin/editt.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259588. | 2024-04-07 | 6.3 | CVE-2024-3416 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — online_courseware |
A vulnerability, which was classified as critical, has been found in SourceCodester Online Courseware 1.0. This issue affects some unknown processing of the file admin/saveeditt.php. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259589 was assigned to this vulnerability. | 2024-04-07 | 6.3 | CVE-2024-3417 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — online_courseware |
A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259590 is the identifier assigned to this vulnerability. | 2024-04-07 | 6.3 | CVE-2024-3418 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — online_courseware |
A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/edit.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259591. | 2024-04-07 | 6.3 | CVE-2024-3419 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — online_courseware |
A vulnerability was found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/saveedit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259592. | 2024-04-07 | 6.3 | CVE-2024-3420 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — online_courseware |
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argument selector leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259593 was assigned to this vulnerability. | 2024-04-07 | 6.3 | CVE-2024-3421 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — online_courseware |
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259594 is the identifier assigned to this vulnerability. | 2024-04-07 | 6.3 | CVE-2024-3422 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — online_courseware |
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259595. | 2024-04-07 | 6.3 | CVE-2024-3423 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — online_courseware |
A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/listscore.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259596. | 2024-04-07 | 6.3 | CVE-2024-3424 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — online_courseware |
A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259597 was assigned to this vulnerability. | 2024-04-07 | 6.3 | CVE-2024-3425 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — prison_management_system |
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259630 is the identifier assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3436 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — prison_management_system |
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Employee/edit-profile.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259694 is the identifier assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3441 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — prison_management_system |
A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. This affects an unknown part of the file /Employee/delete_leave.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259695. | 2024-04-08 | 6.3 | CVE-2024-3442 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — prison_management_system |
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259631. | 2024-04-08 | 4.7 | CVE-2024-3437 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — prison_management_system |
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/edit_profile.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259693 was assigned to this vulnerability. | 2024-04-08 | 4.7 | CVE-2024-3440 [email protected] [email protected] [email protected] [email protected] |
spwebguy — responsive_tabs |
The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tabs_color value in all versions up to, and including, 4.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3514 [email protected] [email protected] [email protected] [email protected] |
stacklok — minder |
Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue is patched in pull request 2941. As a workaround, revert prior to `5c381cf`, or roll forward past `2eb94e7`. | 2024-04-09 | 4.3 | CVE-2024-31455 [email protected] [email protected] [email protected] [email protected] |
staxwp — elementor_addons_widgets_and_enhancements_-_stax |
The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘Heading’ widgets in all versions up to, and including, 1.4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3064 [email protected] [email protected] |
stephanie_leary — convert_post_types |
Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Convert Post Types.This issue affects Convert Post Types: from n/a through 1.4. | 2024-04-11 | 4.3 | CVE-2024-32108 [email protected] |
stiofansisland — userswp_-_front-end_login_form,_user_registration_user_profile_&_members_directory_plugin_for_wordpress |
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2423 [email protected] [email protected] [email protected] |
strangerstudios — paid_memberships_pro_-_content_restriction_user_registration_&_paid_subscriptions |
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-04-09 | 4.3 | CVE-2024-0588 [email protected] [email protected] |
stylemix — masterstudy_lms_wordpress_plugin__for_online_courses_and_education |
The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts. | 2024-04-09 | 4.3 | CVE-2024-1904 [email protected] [email protected] |
supportcandy — supportcandy |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3. | 2024-04-11 | 6.5 | CVE-2024-27991 [email protected] |
supsystic — easy_google_maps |
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11. | 2024-04-12 | 4.3 | CVE-2024-31269 [email protected] |
supsystic — ultimate_maps_by_supsystic |
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16. | 2024-04-12 | 4.3 | CVE-2024-31271 [email protected] |
tausworks — global_elementor_buttons |
The Global Elementor Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link URL in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2327 [email protected] [email protected] |
tbk — dvr-4104 |
A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260576. | 2024-04-13 | 6.3 | CVE-2024-3737 [email protected] [email protected] [email protected] [email protected] |
tbk –dvr-4104
|
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability. | 2024-04-13 | 6.3 | CVE-2024-3721 [email protected] [email protected] [email protected] [email protected] |
techlabpro1 — classified_listing_-_classified_ads_&_business_directory_plugin |
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms. | 2024-04-09 | 6.5 | CVE-2024-1352 [email protected] [email protected] [email protected] |
the_moneytizer — the_moneytizer |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The Moneytizer allows Stored XSS.This issue affects The Moneytizer: from n/a through 9.5.20. | 2024-04-11 | 6.5 | CVE-2024-27990 [email protected] |
the_tcpdump_group — tcpdump |
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21. | 2024-04-12 | 6.2 | CVE-2024-2397 [email protected] |
theeventscalendar — event_tickets_and_registration |
The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including emails and street addresses. | 2024-04-09 | 4.3 | CVE-2024-2261 [email protected] [email protected] |
thehappymonster — happy_addons_for_elementor |
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1498 [email protected] [email protected] [email protected] |
thehappymonster — happy_addons_for_elementor |
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2787 [email protected] [email protected] |
thehappymonster — happy_addons_for_elementor |
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2788 [email protected] [email protected] |
thehappymonster — happy_addons_for_elementor |
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2789 [email protected] [email protected] |
thehappymonster — happy_addons_for_elementor |
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on the title_tag attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 5.4 | CVE-2024-2786 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
thehappymonster — happy_addons_for_elementor |
The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access and above, to clone arbitrary posts (including private and password protected ones) which may lead to information exposure. | 2024-04-09 | 4.3 | CVE-2024-1387 [email protected] [email protected] [email protected] |
themefusion — avada_|_website_builder_for_wordpress_&_woocommerce |
The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2311 [email protected] [email protected] [email protected] [email protected] [email protected] |
themefusion — avada_|_website_builder_for_wordpress_&_woocommerce |
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2024-04-09 | 6.4 | CVE-2024-2343 [email protected] [email protected] [email protected] |
themefusion — avada_|_website_builder_for_wordpress_&_woocommerce |
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the ‘/wp-content/uploads/fusion-forms/’ directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. | 2024-04-09 | 5.3 | CVE-2024-2340 [email protected] [email protected] |
themeisle — multiple_page_generator_plugin_-_mpg |
Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. | 2024-04-12 | 5.4 | CVE-2024-31301 [email protected] |
themeisle — otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse |
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2226 [email protected] [email protected] |
themeisle — otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse |
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-11 | 6.4 | CVE-2024-3343 [email protected] [email protected] |
themeisle — otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse |
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-11 | 6.4 | CVE-2024-3344 [email protected] [email protected] |
themeisle — rss_aggregator_by_feedzy_-_feed_to_post_autoblogging_news_&_youtube_video_feeds_aggregator |
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on the Content-Type field of error messages when retrieving an invalid RSS feed. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-07 | 6.4 | CVE-2023-6877 [email protected] [email protected] |
themepoints — testimonials |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themepoints Testimonials allows Stored XSS.This issue affects Testimonials: from n/a through 3.0.5. | 2024-04-07 | 6.5 | CVE-2024-31348 [email protected] |
themepunch — essential_grid_gallery_wordpress_plugin
|
The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password protected posts that may have private or sensitive information. | 2024-04-10 | 5.3 | CVE-2024-3235 [email protected] [email protected] |
themesgrove — all-in-one_addons_for_elementor_-_widgetkit |
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Pricing Single, Pricing Icon, Pricing Tab) in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-12 | 6.4 | CVE-2024-2137 [email protected] [email protected] |
thimpress — learnpress_-_wordpress_lms_plugin |
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to obtain information on orders placed by other users and guests, which can be leveraged to sign up for paid courses that were purchased by guests. Emails of other users are also exposed. | 2024-04-09 | 6.5 | CVE-2024-1289 [email protected] [email protected] |
thimpress — learnpress_-_wordpress_lms_plugin |
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with LP Instructor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 4.4 | CVE-2024-1463 [email protected] [email protected] |
tianwell — fire_intelligent_command_platform |
A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260572. | 2024-04-13 | 6.3 | CVE-2024-3720 [email protected] [email protected] [email protected] [email protected] |
totalpressorg — custom_post_types_custom_fields_&_more |
The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2023-6993 [email protected] [email protected] |
tribulant — slideshow_gallery |
Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | 2024-04-10 | 5.3 | CVE-2024-31353 [email protected] |
tribulant — slideshow_gallery |
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | 2024-04-12 | 4.3 | CVE-2024-31354 [email protected] |
varun_kumar — easy_logo |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Varun Kumar Easy Logo allows Stored XSS.This issue affects Easy Logo: from n/a through 1.9.3. | 2024-04-11 | 5.9 | CVE-2024-32083 [email protected] |
visitor_analytics — twipla_(visitor_analytics_io) |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Visitor Analytics TWIPLA (Visitor Analytics IO) allows Stored XSS.This issue affects TWIPLA (Visitor Analytics IO): from n/a through 1.2.0. | 2024-04-11 | 5.9 | CVE-2024-31937 [email protected] |
vjinfotech — wp_import_export_lite |
Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26. | 2024-04-07 | 4.4 | CVE-2024-31308 [email protected] |
wangshen — secgate_3600 |
A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It has been classified as critical. This affects an unknown part of the file /?g=net_pro_keyword_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259701 was assigned to this vulnerability. | 2024-04-08 | 4.7 | CVE-2024-3444 [email protected] [email protected] [email protected] [email protected] |
webdevmattcrom — givewp_-_donation_plugin_and_fundraising_platform |
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1424 [email protected] [email protected] |
webdevmattcrom — givewp_-_donation_plugin_and_fundraising_platform |
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘give_form’ shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-13 | 6.4 | CVE-2024-1957 [email protected] [email protected] |
webfactory — wp_reset_-_most_advanced_wordpress_reset_tool |
The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.99 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames. | 2024-04-09 | 5.9 | CVE-2023-6799 [email protected] [email protected] |
webtechstreet — elementor_addon_elements |
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.5 | CVE-2024-2792 [email protected] [email protected] [email protected] [email protected] [email protected] |
webtoffee — wordpress_comments_import_&_export |
Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5. | 2024-04-12 | 4.3 | CVE-2024-31235 [email protected] |
wen_themes — wen_responsive_columns |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS.This issue affects WEN Responsive Columns: from n/a through 1.3.2. | 2024-04-11 | 6.5 | CVE-2024-27988 [email protected] |
woocommerce — woocommerce_shipping_per_product |
Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4. | 2024-04-12 | 4.3 | CVE-2023-51499 [email protected] |
wp_compress — wp_compress_-_image_optimizer_[all-in-one] |
Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One].This issue affects WP Compress – Image Optimizer [All-In-One]: from n/a through 6.10.35. | 2024-04-11 | 4.3 | CVE-2024-32106 [email protected] |
wp_darko — top_bar |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Darko Top Bar allows Stored XSS.This issue affects Top Bar: from n/a through 3.0.5. | 2024-04-11 | 5.9 | CVE-2024-31928 [email protected] |
wp_enhanced — free_downloads_woocommerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Enhanced Free Downloads WooCommerce allows Stored XSS.This issue affects Free Downloads WooCommerce: from n/a through 3.5.8.2. | 2024-04-11 | 6.5 | CVE-2024-27969 [email protected] |
wp_oauth_server — oauth_server |
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3. | 2024-04-10 | 4.7 | CVE-2024-31253 [email protected] |
wp_royal — royal_elementor_addons |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.93. | 2024-04-07 | 6.5 | CVE-2024-31236 [email protected] |
wp_swings — points_and_rewards_for_woocommerce |
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. | 2024-04-11 | 5.4 | CVE-2023-27607 [email protected] |
wpcalc — modal_window_-_create_popup_modal_window |
The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2457 [email protected] [email protected] |
wpclever — wpc_smart_quick_view_for_woocommerce |
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-04-13 | 4.4 | CVE-2023-6494 [email protected] [email protected] |
wpcloudgallery — wordpress_gallery_exporter |
Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3. | 2024-04-10 | 6.5 | CVE-2024-31342 [email protected] |
wpdeveloper — essential_blocks_for_gutenberg |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.5.3. | 2024-04-07 | 6.5 | CVE-2024-31306 [email protected] |
wpdevteam — betterdocs_-_best_documentation_faq_&_knowledge_base_plugin_with_ai_support_&_instant_answer_for_elementor_&_gutenberg |
The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2845 [email protected] [email protected] |
wpdevteam — embedpress_-_embed_pdf_google_docs_vimeo_wistia_embed_youtube_videos,_audios_maps_&_embed_any_documents_in_gutenberg_&_elementor |
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ’embedpress_calendar’ shortcode in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3244 [email protected] [email protected] [email protected] |
wpdevteam — essential_addons_for_elementor_-_best_elementor_templates_widgets_kits_&_woocommerce_builders |
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget in all versions up to, and including, 5.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2650 [email protected] [email protected] |
wpdevteam — essential_addons_for_elementor_best_elementor_templates,_widgets,_kits_&_woocommerce_builders |
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget’s message parameter in all versions up to, and including, 5.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2623 [email protected] [email protected] [email protected] |
wpdevteam — essential_addons_for_elementor_best_elementor_templates,_widgets,_kits_&_woocommerce_builders |
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the load_more function. This can allow unauthenticated attackers to extract sensitive data including private and draft posts. | 2024-04-09 | 5.3 | CVE-2024-2974 [email protected] [email protected] |
wpgmaps — wp_go_maps_(formerly_wp_google_maps) |
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer’s Google API key. While this does not affect the security of sites using this plugin, it allows unauthenticated attackers to make requests using this API key with the potential of exhausting requests resulting in an inability to use the map functionality offered by the plugin. | 2024-04-09 | 5.3 | CVE-2023-6777 [email protected] [email protected] |
wpkube — subscribe_to_comments_reloaded |
Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725. | 2024-04-10 | 5.3 | CVE-2024-31249 [email protected] |
wpmudev — forminator_-_contact_form_payment_form_&_custom_form_builder |
The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3053 [email protected] [email protected] |
wpzoom — beaver_builder_addons_by_wpzoom |
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2181 [email protected] [email protected] |
wpzoom — beaver_builder_addons_by_wpzoom |
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-30424 is likely a duplicate of this issue. | 2024-04-09 | 6.4 | CVE-2024-2183 [email protected] [email protected] |
wpzoom — beaver_builder_addons_by_wpzoom |
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2185 [email protected] |