High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
8theme–XStore Core
 
Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8. 2024-05-17 9.8 CVE-2024-33552
[email protected]
8theme–XStore Core
 
Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8. 2024-05-17 8.2 CVE-2024-33556
[email protected]
AA-Team–WZone
 
Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10. 2024-05-17 8.8 CVE-2024-33549
[email protected]
ABB–RobotWare 6
 
An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code.  The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 * OmniCore- RobotWare 7 < 7.14 2024-05-14 7.6 CVE-2024-1913
[email protected]
AROX SOLUTION–School ERP Pro+Responsive
 
Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the ‘/SchoolERP/office_admin/’ index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the database. 2024-05-14 9.8 CVE-2024-4824
[email protected]
Abdul Hakeem–Build App Online
 
Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. 2024-05-17 8.8 CVE-2023-51479
[email protected]
Adobe–Acrobat Reader
 
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-15 7.8 CVE-2024-30284
[email protected]
Adobe–Acrobat Reader
 
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-15 7.8 CVE-2024-30310
[email protected]
Adobe–Acrobat Reader
 
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-15 7.8 CVE-2024-34094
[email protected]
Adobe–Acrobat Reader
 
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-15 7.8 CVE-2024-34095
[email protected]
Adobe–Acrobat Reader
 
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-15 7.8 CVE-2024-34096
[email protected]
Adobe–Acrobat Reader
 
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-15 7.8 CVE-2024-34097
[email protected]
Adobe–Acrobat Reader
 
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-15 7.8 CVE-2024-34098
[email protected]
Adobe–Acrobat Reader
 
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-15 7.8 CVE-2024-34099
[email protected]
Adobe–Acrobat Reader
 
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-15 7.8 CVE-2024-34100
[email protected]
Adobe–Adobe Aero Desktop
 
Adobe Aero Desktop versions 23.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 7.8 CVE-2024-30275
[email protected]
Adobe–Adobe Framemaker
 
Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 7.8 CVE-2024-30288
[email protected]
Adobe–Adobe Framemaker
 
Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 7.8 CVE-2024-30289
[email protected]
Adobe–Adobe Framemaker
 
Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 7.8 CVE-2024-30290
[email protected]
Adobe–Adobe Framemaker
 
Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 7.8 CVE-2024-30291
[email protected]
Adobe–Adobe Framemaker
 
Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 7.8 CVE-2024-30292
[email protected]
Adobe–Animate
 
Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 7.8 CVE-2024-30282
[email protected]
Adobe–Animate
 
Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 7.8 CVE-2024-30293
[email protected]
Adobe–Animate
 
Animate versions 24.0.2, 23.0.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 7.8 CVE-2024-30294
[email protected]
Adobe–Animate
 
Animate versions 24.0.2, 23.0.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 7.8 CVE-2024-30295
[email protected]
Adobe–Animate
 
Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 7.8 CVE-2024-30296
[email protected]
Adobe–Animate
 
Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 7.8 CVE-2024-30297
[email protected]
Adobe–Dreamweaver Desktop
 
Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction. 2024-05-16 9.3 CVE-2024-30314
[email protected]
Adobe–Illustrator
 
Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 7.8 CVE-2024-20791
[email protected]
Adobe–Illustrator
 
Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 7.8 CVE-2024-20792
[email protected]
Adobe–Substance3D – Painter
 
Substance3D – Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 7.8 CVE-2024-30274
[email protected]
Adobe–Substance3D – Painter
 
Substance3D – Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 7.8 CVE-2024-30307
[email protected]
Agentejo–Cockpit CMS
 
A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure. 2024-05-14 9.8 CVE-2024-4825
[email protected]
Apache Friends–XAMPP
 
Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes. 2024-05-17 7.5 CVE-2024-5055
[email protected]
Asaancart–Simple PHP Shopping Cart
 
SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability could allow an attacker to retrieve all the information stored in the database by sending a specially crafted SQL query, due to the lack of proper sanitisation of the category_id parameter in the category.php file. 2024-05-16 9.8 CVE-2024-4826
[email protected]
Astoundify–Simple Registration for WooCommerce
 
Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through 1.5.6. 2024-05-17 9.8 CVE-2024-32511
[email protected]
Averta–Phlox Portfolio
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Averta Phlox Portfolio allows PHP Local File Inclusion.This issue affects Phlox Portfolio: from n/a through 2.3.1. 2024-05-17 8.6 CVE-2023-38399
[email protected]
Averta–Phlox Shop
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Averta Phlox Shop allows PHP Local File Inclusion.This issue affects Phlox Shop: from n/a through 2.0.0. 2024-05-17 8.6 CVE-2023-39163
[email protected]
B&R Industrial Automation–Automation Studio
 
Improper DLL loading algorithms in B&R Automation Studio may allow an authenticated local attacker to execute code with elevated privileges. This issue affects Automation Studio versions before 4.12. 2024-05-14 7.2 CVE-2021-22280
[email protected]
B&R Industrial Automation–Scene Viewer
 
An authenticated local attacker who successfully exploited this vulnerability could insert and run arbitrary code using legitimate B&R software’s. An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial  Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4 could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path. This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2. 2024-05-14 7.2 CVE-2024-2637
[email protected]
BoldGrid–Total Upkeep
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8. 2024-05-17 7.5 CVE-2024-24869
[email protected]
Booking Ultra Pro–Booking Ultra Pro
 
Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12. 2024-05-17 8.8 CVE-2024-32960
[email protected]
Brainstorm Force–ConvertPlus
 
The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the ‘settings_encoded’ attribute of the ‘smile_modal’ shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-05-16 8.8 CVE-2024-4838
[email protected]
[email protected]
Brainstorm Force–Spectra Pro
 
The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for authenticated attackers, with author-level access and above, to create administrator-level accounts. 2024-05-14 8.8 CVE-2024-3828
[email protected]
[email protected]
Brainstorm Force–Ultimate Addons for Beaver Builder
 
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14. 2024-05-17 8.8 CVE-2023-51398
[email protected]
Brainstorm Force–Ultimate Addons for Elementor
 
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20. 2024-05-17 8.8 CVE-2023-50890
[email protected]
Brainstorm Force–Ultimate Addons for WPBakery Page Builder
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.14. 2024-05-17 7.1 CVE-2023-46205
[email protected]
Breakdance–Breakdance
 
The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. This is due to the plugin storing custom data in metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to edit this data via UI. As a result they can escalate their privileges or execute arbitrary code. 2024-05-14 8.8 CVE-2024-4605
[email protected]
[email protected]
By Averta–Shortcodes and extra features for Phlox theme
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.14.0. 2024-05-17 7.6 CVE-2023-37888
[email protected]
Cacti–cacti
 
Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER[‘argv’]`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc. 2024-05-14 10 CVE-2024-29895
[email protected]
[email protected]
[email protected]
[email protected]
Cacti–cacti
 
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the “Package Import” feature, allows authenticated users having the “Import Templates” permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue. 2024-05-14 9.1 CVE-2024-25641
[email protected]
[email protected]
Cacti–cacti
 
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue. 2024-05-14 9.1 CVE-2024-34340
[email protected]
Cacti–cacti
 
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var(‘filter’)` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `’filter’` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue. 2024-05-14 8.8 CVE-2024-31445
[email protected]
[email protected]
[email protected]
[email protected]
Cacti–cacti
 
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue. 2024-05-14 8 CVE-2024-31459
[email protected]
[email protected]
[email protected]
Cacti–cacti
 
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue. 2024-05-14 7.6 CVE-2024-27082
[email protected]
Cerberus FTP Enterprise–Cerberus FTP Enterprise
 
Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests. 2024-05-17 7.5 CVE-2024-5052
[email protected]
Cisco–Cisco ConfD
 
A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user. 2024-05-16 7.8 CVE-2024-20326
[email protected]
[email protected]
Cisco–Cisco ConfD
 
A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user. 2024-05-16 7.8 CVE-2024-20389
[email protected]
[email protected]
Cisco–Cisco Network Services Orchestrator
 
A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device. 2024-05-15 7.8 CVE-2024-20366
[email protected]
CodeRevolution–Demo My WordPress
 
Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1. 2024-05-17 9.8 CVE-2024-31290
[email protected]
Contemporary Control System–BASrouter BACnet BASRT-B
 
A vulnerability classified as critical was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This vulnerability affects unknown code of the component Application Protocol Data Unit. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263890 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-14 7.5 CVE-2024-4791
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
Copymatic–Copymatic AI Content Writer & Generator
 
Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6. 2024-05-17 10 CVE-2024-31351
[email protected]
Crocoblock–JetEngine
 
Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4. 2024-05-17 8.8 CVE-2023-48757
[email protected]
Crocoblock–JetFormBuilder
 
Improper Privilege Management vulnerability in Crocoblock JetFormBuilder allows Privilege Escalation.This issue affects JetFormBuilder: from n/a through 3.0.8. 2024-05-17 7.2 CVE-2023-37866
[email protected]
CyberPower–CyberPower PowerPanel Enterprise
 
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application. 2024-05-14 9.8 CVE-2024-32735
[email protected]
[email protected]
CyberPower–CyberPower PowerPanel Enterprise
 
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the “query_utask_verbose” function within MCUDBHelper. 2024-05-14 7.5 CVE-2024-32736
[email protected]
[email protected]
CyberPower–CyberPower PowerPanel Enterprise
 
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the “query_contract_result” function within MCUDBHelper. 2024-05-14 7.5 CVE-2024-32737
[email protected]
[email protected]
CyberPower–CyberPower PowerPanel Enterprise
 
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the “query_ptask_lean” function within MCUDBHelper. 2024-05-14 7.5 CVE-2024-32738
[email protected]
[email protected]
CyberPower–CyberPower PowerPanel Enterprise
 
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the “query_ptask_verbose” function within MCUDBHelper. 2024-05-14 7.5 CVE-2024-32739
[email protected]
[email protected]
CyberPower–PowerPanel business
 
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server. 2024-05-15 9.8 CVE-2024-32047
[email protected]
[email protected]
CyberPower–PowerPanel business
 
Hard-coded credentials are used by the  CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business application. 2024-05-15 9.8 CVE-2024-32053
[email protected]
[email protected]
CyberPower–PowerPanel business
 
CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication. 2024-05-15 9.8 CVE-2024-33625
[email protected]
[email protected]
CyberPower–PowerPanel business
 
CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges. 2024-05-15 9.8 CVE-2024-34025
[email protected]
[email protected]
CyberPower–PowerPanel business
 
An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code. 2024-05-15 8.8 CVE-2024-31856
[email protected]
[email protected]
CyberPower–PowerPanel business
 
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution. 2024-05-15 8.8 CVE-2024-33615
[email protected]
[email protected]
CyberPower–PowerPanel business
 
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious data. 2024-05-15 7.7 CVE-2024-31410
[email protected]
[email protected]
CycloneDX–cyclonedx-javascript-library
 
The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1. 2024-05-14 8.1 CVE-2024-34345
[email protected]
[email protected]
[email protected]
Darren Cooney–Instant Images
 
Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0. 2024-05-17 7.2 CVE-2024-33569
[email protected]
Dell–CPG BIOS
 
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution. 2024-05-17 7.5 CVE-2024-22429
[email protected]
DigiWin–EasyFlow .NET
 
DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and delete database records, as well as execute system commands. 2024-05-15 9.8 CVE-2024-4893
[email protected]
[email protected]
Elementor–Elementor Website Builder
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19.0. 2024-05-17 8.5 CVE-2024-24934
[email protected]
EnterpriseDB–EDB Postgres Advanced Server
 
All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have access. 2024-05-14 7.7 CVE-2024-4545
20be33e2-bf35-4d13-8fad-18bd2f3e3659
20be33e2-bf35-4d13-8fad-18bd2f3e3659
20be33e2-bf35-4d13-8fad-18bd2f3e3659
EverPress–Mailster
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in EverPress Mailster allows PHP Local File Inclusion.This issue affects Mailster: from n/a through 4.0.6. 2024-05-17 8.1 CVE-2024-32523
[email protected]
Favethemes–Houzez Login Register
 
Improper Privilege Management vulnerability in favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3. 2024-05-17 9.8 CVE-2023-26009
[email protected]
Favethemes–Houzez
 
Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. 2024-05-17 9.8 CVE-2023-26540
[email protected]
Fortinet–FortiOS
 
A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests. 2024-05-14 7.2 CVE-2023-46714
[email protected]
Fortinet–FortiPortal
 
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets. 2024-05-14 7.5 CVE-2024-23105
[email protected]
Fortinet–FortiSandbox
 
A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests. 2024-05-14 8.8 CVE-2024-31491
[email protected]
Fortinet–FortiVoice
 
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests. 2024-05-14 7.1 CVE-2023-40720
[email protected]
GE HealthCare–EchoPAC Software Only
 
Weak account password in GE HealthCare EchoPAC products 2024-05-14 9.6 CVE-2024-27107
171caf72-b841-4e04-a68e-93493aff2b94
GE HealthCare–EchoPAC Software Only
 
Elevation of privilege vulnerability in GE HealthCare EchoPAC products 2024-05-14 8.4 CVE-2024-27110
171caf72-b841-4e04-a68e-93493aff2b94
GE HealthCare–EchoPAC Software Only
 
Insufficiently protected credentials in GE HealthCare EchoPAC products 2024-05-14 7.6 CVE-2024-27109
171caf72-b841-4e04-a68e-93493aff2b94
GE HealthCare–Venue
 
OS command injection vulnerabilities in GE HealthCare ultrasound devices 2024-05-14 8.4 CVE-2024-1628
171caf72-b841-4e04-a68e-93493aff2b94
GE HealthCare–Venue
 
Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices 2024-05-14 7.4 CVE-2024-1486
171caf72-b841-4e04-a68e-93493aff2b94
GE HealthCare–Venue
 
Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component 2024-05-14 7.7 CVE-2024-1630
171caf72-b841-4e04-a68e-93493aff2b94
Ghost Foundation–Ghost
 
Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0. 2024-05-14 7.5 CVE-2024-34559
[email protected]
GiveWP–GiveWP
 
Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0. 2024-05-17 8.8 CVE-2023-41665
[email protected]
Glowlogix–WP Frontend Profile
 
Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1. 2024-05-17 9.8 CVE-2023-51483
[email protected]
HCL Software–Commerce
 
Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. 2024-05-14 7.1 CVE-2024-23576
[email protected]
Hamid Alinia idehweb–Login with phone number
 
Improper Privilege Management vulnerability in Hamid Alinia – idehweb Login with phone number allows Privilege Escalation.This issue affects Login with phone number: from n/a through 1.7.16. 2024-05-17 8.8 CVE-2024-32507
[email protected]
HasThemes–HT Mega
 
Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0. 2024-05-17 9.8 CVE-2023-37999
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. 2024-05-14 9.8 CVE-2024-31466
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. 2024-05-14 9.8 CVE-2024-31467
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. 2024-05-14 9.8 CVE-2024-31468
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. 2024-05-14 9.8 CVE-2024-31469
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. 2024-05-14 9.8 CVE-2024-31470
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. 2024-05-14 9.8 CVE-2024-31471
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. 2024-05-14 9.8 CVE-2024-31472
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. 2024-05-14 9.8 CVE-2024-31473
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba’s Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point 2024-05-14 8.2 CVE-2024-31474
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba’s access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point. 2024-05-14 8.2 CVE-2024-31475
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. 2024-05-14 7.2 CVE-2024-31476
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. 2024-05-14 7.2 CVE-2024-31477
[email protected]
Huawei–HarmonyOS
 
Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect availability. 2024-05-14 8.4 CVE-2024-32997
[email protected]
[email protected]
Huawei–HarmonyOS
 
Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. 2024-05-14 7.1 CVE-2023-52719
[email protected]
[email protected]
Huawei–HarmonyOS
 
Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect availability. 2024-05-14 7.5 CVE-2024-32991
[email protected]
[email protected]
Huawei–HarmonyOS
 
Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect availability. 2024-05-14 7.5 CVE-2024-32992
[email protected]
[email protected]
IBM–AIX
 
IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985. 2024-05-16 8.4 CVE-2024-27260
[email protected]
[email protected]
IBM–Security Guardium
 
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524. 2024-05-14 9.1 CVE-2023-47709
[email protected]
[email protected]
IBM–Security Guardium
 
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527. 2024-05-14 7.8 CVE-2023-47712
[email protected]
[email protected]
IBM–i
 
IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539. 2024-05-18 7.5 CVE-2024-31879
[email protected]
[email protected]
IOSS–WP MLM Unilevel
 
Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0. 2024-05-17 9.8 CVE-2023-51476
[email protected]
InstaWP Team–InstaWP Connect
 
Improper Privilege Management vulnerability in InstaWP Team InstaWP Connect allows Privilege Escalation.This issue affects InstaWP Connect: from n/a through 0.1.0.8. 2024-05-17 8.8 CVE-2024-22145
[email protected]
J.N. Breetvelt a.k.a. OpaJaap–WP Photo Album Plus
 
Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.7.01.001. 2024-05-14 10 CVE-2024-31377
[email protected]
JR King/Eran Schoellhorn–WP Masquerade
 
Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0. 2024-05-17 8.8 CVE-2024-33550
[email protected]
JS Help Desk–JS Help Desk Best Help Desk & Support Plugin
 
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7. 2024-05-17 9.1 CVE-2023-25444
[email protected]
Jordy Meow–AI Engine: ChatGPT Chatbot
 
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63. 2024-05-14 9.1 CVE-2024-34440
[email protected]
Joseph C Dolson–My Tickets
 
Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through 1.9.11. 2024-05-17 7.5 CVE-2023-23988
[email protected]
JumpDEMAND Inc.–ActiveDEMAND
 
Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through 0.2.41. 2024-05-17 10 CVE-2024-32809
[email protected]
Kioware–Kioware
 
KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges. 2024-05-14 8.4 CVE-2024-3459
[email protected]
[email protected]
[email protected]
Kioware–Kioware
 
In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs.  In order to exploit this vulnerability external applications must be left running when the KioWare software is launched. Additionally, an attacker must know the PIN set for this Kioware instance and also slow down the application with some specific task which extends the usable time window. 2024-05-14 7.4 CVE-2024-3460
[email protected]
[email protected]
[email protected]
Kognetiks–Kognetiks Chatbot for WordPress
 
Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0. 2024-05-14 10 CVE-2024-32700
[email protected]
LWS–LWS Affiliation
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in LWS LWS Affiliation allows PHP Local File Inclusion.This issue affects LWS Affiliation: from n/a through 2.2.6. 2024-05-17 9 CVE-2023-32297
[email protected]
Lenderd–1003 Mortgage Application
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75. 2024-05-17 7.7 CVE-2022-45368
[email protected]
Lenovo–Printers
 
A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request. 2024-05-16 7.5 CVE-2024-3286
[email protected]
[email protected]
MSI–MSI Afterburner
 
MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user. 2024-05-18 7.8 CVE-2024-3745
[email protected]
[email protected]
[email protected]
MainWP–MainWP Code Snippets Extension
 
Improper Control of Generation of Code (‘Code Injection’) vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2. 2024-05-17 9.9 CVE-2023-23645
[email protected]
Masteriyo–LMS
 
Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through 1.7.2. 2024-05-17 9.8 CVE-2024-24882
[email protected]
Microsoft–Azure Monitor
 
Azure Monitor Agent Elevation of Privilege Vulnerability 2024-05-16 7.8 CVE-2024-30060
[email protected]
Microsoft–Dynamics 365
 
Dynamics 365 Customer Insights Spoofing Vulnerability 2024-05-14 7.6 CVE-2024-30047
[email protected]
Microsoft–Dynamics 365
 
Dynamics 365 Customer Insights Spoofing Vulnerability 2024-05-14 7.6 CVE-2024-30048
[email protected]
Microsoft–Microsoft SharePoint Enterprise Server 2016
 
Microsoft SharePoint Server Remote Code Execution Vulnerability 2024-05-14 7.2 CVE-2024-30044
[email protected]
Microsoft–Office Online Server
 
Microsoft Excel Remote Code Execution Vulnerability 2024-05-14 7.8 CVE-2024-30042
[email protected]
Microsoft–Windows 10 Version 1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 2024-05-14 8.8 CVE-2024-30006
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-05-14 8.8 CVE-2024-30009
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Hyper-V Remote Code Execution Vulnerability 2024-05-14 8.8 CVE-2024-30017
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Cryptographic Services Remote Code Execution Vulnerability 2024-05-14 8.1 CVE-2024-30020
[email protected]
Microsoft–Windows 10 Version 1809
 
Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability 2024-05-14 7.8 CVE-2024-29994
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Common Log File System Driver Elevation of Privilege Vulnerability 2024-05-14 7.8 CVE-2024-29996
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-05-14 7.5 CVE-2024-30014
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-05-14 7.5 CVE-2024-30015
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Kernel Elevation of Privilege Vulnerability 2024-05-14 7.8 CVE-2024-30018
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-05-14 7.5 CVE-2024-30022
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-05-14 7.5 CVE-2024-30023
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-05-14 7.5 CVE-2024-30024
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Common Log File System Driver Elevation of Privilege Vulnerability 2024-05-14 7.8 CVE-2024-30025
[email protected]
Microsoft–Windows 10 Version 1809
 
NTFS Elevation of Privilege Vulnerability 2024-05-14 7.8 CVE-2024-30027
[email protected]
Microsoft–Windows 10 Version 1809
 
Win32k Elevation of Privilege Vulnerability 2024-05-14 7.8 CVE-2024-30028
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-05-14 7.5 CVE-2024-30029
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability 2024-05-14 7.8 CVE-2024-30031
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows DWM Core Library Elevation of Privilege Vulnerability 2024-05-14 7.8 CVE-2024-30032
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows DWM Core Library Elevation of Privilege Vulnerability 2024-05-14 7.8 CVE-2024-30035
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Common Log File System Driver Elevation of Privilege Vulnerability 2024-05-14 7.5 CVE-2024-30037
[email protected]
Microsoft–Windows 10 Version 1809
 
Win32k Elevation of Privilege Vulnerability 2024-05-14 7.8 CVE-2024-30038
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability 2024-05-14 7.8 CVE-2024-30049
[email protected]
Microsoft–Windows 10 Version 21H2
 
Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability 2024-05-14 7.8 CVE-2024-26238
[email protected]
Microsoft–Windows Server 2008 Service Pack 2
 
Win32k Elevation of Privilege Vulnerability 2024-05-14 7.8 CVE-2024-30030
[email protected]
Microsoft–Windows Server 2019
 
Windows Hyper-V Remote Code Execution Vulnerability 2024-05-14 8.8 CVE-2024-30010
[email protected]
Microsoft–Windows Server 2022, 23H2 Edition (Server Core installation)
 
Microsoft Brokering File System Elevation of Privilege Vulnerability 2024-05-14 8.8 CVE-2024-30007
[email protected]
Microsoft–Windows Server 2022
 
Windows Search Service Elevation of Privilege Vulnerability 2024-05-14 7 CVE-2024-30033
[email protected]
MongoDB Inc–MongoDB Server
 
Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25. 2024-05-14 7.5 CVE-2024-3372
[email protected]
N/A–Pk Favicon Manager
 
Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through 2.1. 2024-05-14 9.1 CVE-2024-34416
[email protected]
N/A–VMware Workstation
 
VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition. 2024-05-14 7.1 CVE-2024-22268
[email protected]
N/A–VMware Workstation
 
VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. 2024-05-14 7.1 CVE-2024-22269
[email protected]
N/A–VMware Workstation
 
VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. 2024-05-14 7.1 CVE-2024-22270
[email protected]
NA–VMware Workstation
 
VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. 2024-05-14 9.3 CVE-2024-22267
[email protected]
NI–FlexLogger
 
A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger 2024 Q1 and prior versions as well as NI InstrumentStudio 2024 Q1 and prior versions. 2024-05-14 7.8 CVE-2024-4044
[email protected]
Netflix–Genie
 
A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18 2024-05-14 9.9 CVE-2024-4701
[email protected]
Nota-Info–Bookly
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1. 2024-05-17 7.7 CVE-2023-26526
[email protected]
Nozomi Networks–Arc
 
Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via ‘zip slip’ attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to have arbitrary files extracted to arbitrary filesystem locations. Leveraging this issue, an attacker may be able to overwrite arbitrary files on the target filesystem and cause critical impacts on the system (e.g., arbitrary command execution on the victim’s machine). 2024-05-15 8 CVE-2023-5938
[email protected]
Nozomi Networks–Arc
 
When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself. A malicious local user or process, during a window of opportunity when the local web interface is active, may be able to extract sensitive information or change Arc’s configuration. This could also lead to arbitrary code execution if a malicious update package is installed. 2024-05-15 7.4 CVE-2023-5935
[email protected]
Nozomi Networks–Arc
 
On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges. By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges. 2024-05-15 7.8 CVE-2023-5936
[email protected]
OceanWP–OceanWP
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1. 2024-05-17 7.6 CVE-2023-23700
[email protected]
OctoPrint–OctoPrint
 
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` option is enabled within `config.yaml`, even if they come from networks that are not configured as `localNetworks`, spoofing their IP via the `X-Forwarded-For` header. If autologin is not enabled, this vulnerability does not have any impact. The vulnerability has been patched in version 1.10.1. Until the patch has been applied, OctoPrint administrators who have autologin enabled on their instances should disable it and/or to make the instance inaccessible from potentially hostile networks like the internet. 2024-05-14 7.1 CVE-2024-32977
[email protected]
[email protected]
OpenText–iManager
 
Remote Code Execution has been discovered in OpenTextâ„¢ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues. 2024-05-15 7.8 CVE-2024-3483
[email protected]
OpenText–iManager
 
XML External Entity injection vulnerability found in OpenTextâ„¢ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution. 2024-05-15 7.8 CVE-2024-3486
[email protected]
OpenText–iManager
 
Remote Code Execution has been discovered in OpenTextâ„¢ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization. 2024-05-15 7.6 CVE-2024-3967
[email protected]
OpenText–iManager
 
Remote Code Execution has been discovered in OpenTextâ„¢ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task. 2024-05-15 7.8 CVE-2024-3968
[email protected]
Owlet–Cam v2
 
A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. 2024-05-15 7.2 CVE-2023-6321
[email protected]
P-THEMES–Porto Theme – Functionality
 
The Porto Theme – Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the ‘porto_portfolios’ shortcode ‘portfolio_layout’ attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. 2024-05-14 8.8 CVE-2024-3808
[email protected]
[email protected]
P-THEMES–Porto Theme – Functionality
 
The Porto Theme – Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the ‘slideshow_type’ post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. 2024-05-14 8.8 CVE-2024-3809
[email protected]
[email protected]
P-THEMES–Porto
 
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the ‘porto_ajax_posts’ function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. 2024-05-14 9.8 CVE-2024-3806
[email protected]
[email protected]
P-THEMES–Porto
 
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via ‘porto_page_header_shortcode_type’, ‘slideshow_type’ and ‘post_layout’ post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. This was partially patched in version 7.1.0 and fully patched in version 7.1.1. 2024-05-14 8.8 CVE-2024-3807
[email protected]
[email protected]
PHOENIX CONTACT–CHARX SEC-3000
 
A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges.  2024-05-14 7.8 CVE-2024-28133
[email protected]
PHOENIX CONTACT–CHARX SEC-3000
 
An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected.  2024-05-14 7 CVE-2024-28134
[email protected]
PHOENIX CONTACT–CHARX SEC-3000
 
A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service. 2024-05-14 7.8 CVE-2024-28136
[email protected]
PHOENIX CONTACT–CHARX SEC-3000
 
A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability. 2024-05-14 7.8 CVE-2024-28137
[email protected]
PHPGurukul–Online Course Registration System
 
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264922 is the identifier assigned to this vulnerability. 2024-05-17 7.3 CVE-2024-5063
[email protected]
[email protected]
[email protected]
[email protected]
PHPGurukul–Online Course Registration System
 
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264923. 2024-05-17 7.3 CVE-2024-5064
[email protected]
[email protected]
[email protected]
[email protected]
PHPGurukul–Online Course Registration System
 
A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Affected is an unknown function of the file /onlinecourse/. The manipulation of the argument regno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264924. 2024-05-17 7.3 CVE-2024-5065
[email protected]
[email protected]
[email protected]
[email protected]
POSIMYTH Innovation–The Plus Addons for Elementor Pro
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through 5.2.8. 2024-05-17 8.6 CVE-2023-47178
[email protected]
Phoenix–SecureCore for Intel Gemini Lake
 
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCoreâ„¢ for Intel Gemini Lake.This issue affects: SecureCoreâ„¢ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567. 2024-05-14 7.5 CVE-2024-1598
22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de
Phoenix–SecureCore for Intel Kaby Lake
 
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCoreâ„¢ for select Intel platforms This issue affects: Phoenix SecureCoreâ„¢ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCoreâ„¢ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCoreâ„¢ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323; Phoenix SecureCoreâ„¢ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287; Phoenix SecureCoreâ„¢ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236; Phoenix SecureCoreâ„¢ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184; Phoenix SecureCoreâ„¢ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269; Phoenix SecureCoreâ„¢ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218; Phoenix SecureCoreâ„¢ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15. 2024-05-14 7.5 CVE-2024-0762
22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de
Phoenix–WinFlash Driver
 
Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0. 2024-05-14 7.8 CVE-2023-35841
22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de
22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de
22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de
PluginOps–Landing Page Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.8. 2024-05-17 7.1 CVE-2024-34752
[email protected]
PluginUS–HUSKY Products Filter for WooCommerce (formerly WOOF)
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Improper Control of Generation of Code (‘Code Injection’) vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.2. 2024-05-17 8.8 CVE-2024-32680
[email protected]
Podlove–Podlove Podcast Publisher
 
Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14. 2024-05-14 7.5 CVE-2024-32712
[email protected]
PowerDNS–DNSdist
 
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default. 2024-05-14 7.5 CVE-2024-25581
[email protected]
Premmerce–Premmerce Permalink Manager for WooCommerce
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through 2.3.10. 2024-05-17 8.3 CVE-2024-27971
[email protected]
PrestaShop–PrestaShop
 
PrestaShop is an open source e-commerce web application. A cross-site scripting (XSS) vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled through the front-office contact form, a hacker can upload a malicious file containing an XSS that will be executed when an admin opens the attached file in back office. The script injected can access the session and the security token, which allows it to perform any authenticated action in the scope of the administrator’s right. This vulnerability is patched in 8.1.6. A workaround is to disable the customer-thread feature-flag. 2024-05-14 9.6 CVE-2024-34716
[email protected]
[email protected]
ProfilePress Membership Team–ProfilePress
 
Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1. 2024-05-17 8.6 CVE-2023-41954
[email protected]
Progress Software Corporation–Telerik Reporting
 
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. 2024-05-15 7.7 CVE-2024-4200
[email protected]
Progress Software Corporation–Telerik Reporting
 
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. 2024-05-15 7.7 CVE-2024-4202
[email protected]
Progress Software Corporation–Telerik UI for WinForms
 
A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system. 2024-05-15 7.2 CVE-2024-3892
[email protected]
Proofpoint–Enterprise Protection
 
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker’s control.  These accounts are able to send spoofed email to any users within the domains configured by the Administrator. 2024-05-14 7.5 CVE-2024-3676
[email protected]
Propovoice–Propovoice CRM
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Propovoice Propovoice CRM allows Stored XSS.This issue affects Propovoice CRM: from n/a through 1.7.6.2. 2024-05-14 7.1 CVE-2024-4747
[email protected]
QuanticaLabs–Chauffeur Taxi Booking System for WordPress
 
Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 6.9. 2024-05-17 8.2 CVE-2024-32692
[email protected]
Qube One Ltd.–Redirection for Contact Form 7
 
Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through 2.7.0. 2024-05-17 7.6 CVE-2023-23990
[email protected]
Rank Math–Rank Math SEO
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through 1.0.107.2. 2024-05-17 7.6 CVE-2023-23888
[email protected]
Red Hat–Migration Toolkit for Containers
 
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. 2024-05-14 8.3 CVE-2024-3727
[email protected]
[email protected]
Repute Infosystems–ARMember
 
Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10. 2024-05-17 8.8 CVE-2023-51356
[email protected]
Roku–Indoor Camera SE
 
A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability. 2024-05-15 7.2 CVE-2023-6322
[email protected]
Room 34 Creative Services, LLC–ICS Calendar
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through 10.12.0.3. 2024-05-17 8.2 CVE-2023-46784
[email protected]
SAASPROJECT Booking Package–Booking Package
 
Improper Privilege Management vulnerability in SAASPROJECT Booking Package Booking Package allows Privilege Escalation.This issue affects Booking Package: from n/a through 1.5.98. 2024-05-17 8.8 CVE-2023-37389
[email protected]
SAP_SE–SAP BusinessObjects Business Intelligence Platform
 
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application 2024-05-14 8.1 CVE-2024-28165
[email protected]
[email protected]
SAP_SE–SAP NetWeaver Application Server ABAP and ABAP Platform
 
An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system.  2024-05-14 9.6 CVE-2024-33006
[email protected]
[email protected]
SUBNET–PowerSYSTEM Center
 
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center. 2024-05-15 8.4 CVE-2024-28042
[email protected]
SailPoint–Identity Security Cloud
 
An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host. 2024-05-15 9.1 CVE-2024-3319
[email protected]
Saleswonder Team–WebinarIgnition
 
Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0. 2024-05-17 9.8 CVE-2023-51424
[email protected]
SiAdmin–SiAdmin
 
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php parameter in nama_lengkap. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it. 2024-05-16 9.8 CVE-2024-4991
[email protected]
SiAdmin–SiAdmin
 
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php parameter in nim. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it. 2024-05-16 9.8 CVE-2024-4992
[email protected]
Siemens–CPC80 Central Processing/Communication
 
A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30). The affected device firmwares contain an improper null termination vulnerability while parsing a specific HTTP header. This could allow an attacker to execute code in the context of the current process or lead to denial of service condition. 2024-05-14 7.8 CVE-2024-31484
[email protected]
Siemens–CPCI85 Central Processing/Communication
 
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. 2024-05-14 7.2 CVE-2024-31485
[email protected]
Siemens–JT2Go
 
A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain a stack overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process. 2024-05-14 7.8 CVE-2024-34085
[email protected]
Siemens–JT2Go
 
A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted CGM file. This could allow an attacker to execute code in the context of the current process. 2024-05-14 7.8 CVE-2024-34086
[email protected]
Siemens–PS/IGES Parasolid Translator Component
 
A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. 2024-05-14 7.8 CVE-2024-32055
[email protected]
Siemens–PS/IGES Parasolid Translator Component
 
A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21562) 2024-05-14 7.8 CVE-2024-32057
[email protected]
Siemens–PS/IGES Parasolid Translator Component
 
A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application is vulnerable to memory corruption while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21563) 2024-05-14 7.8 CVE-2024-32058
[email protected]
Siemens–PS/IGES Parasolid Translator Component
 
A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21564) 2024-05-14 7.8 CVE-2024-32059
[email protected]
Siemens–PS/IGES Parasolid Translator Component
 
A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21565) 2024-05-14 7.8 CVE-2024-32060
[email protected]
Siemens–PS/IGES Parasolid Translator Component
 
A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21566) 2024-05-14 7.8 CVE-2024-32061
[email protected]
Siemens–PS/IGES Parasolid Translator Component
 
A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21568) 2024-05-14 7.8 CVE-2024-32062
[email protected]
Siemens–PS/IGES Parasolid Translator Component
 
A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21573) 2024-05-14 7.8 CVE-2024-32063
[email protected]
Siemens–PS/IGES Parasolid Translator Component
 
A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21575) 2024-05-14 7.8 CVE-2024-32064
[email protected]
Siemens–PS/IGES Parasolid Translator Component
 
A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21577) 2024-05-14 7.8 CVE-2024-32065
[email protected]
Siemens–PS/IGES Parasolid Translator Component
 
A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21578) 2024-05-14 7.8 CVE-2024-32066
[email protected]
Siemens–Parasolid V35.1
 
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.210), Parasolid V36.1 (All versions < V36.1.185). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T part file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-23468) 2024-05-14 7.8 CVE-2024-31980
[email protected]
Siemens–Parasolid V35.1
 
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.208), Parasolid V36.1 (All versions < V36.1.173). The affected applications contain an out of bounds read past the unmapped memory region while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. 2024-05-14 7.8 CVE-2024-32635
[email protected]
Siemens–Parasolid V35.1
 
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.208), Parasolid V36.1 (All versions < V36.1.173). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. 2024-05-14 7.8 CVE-2024-32636
[email protected]
Siemens–RUGGEDCOM CROSSBOW
 
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges. 2024-05-14 9.8 CVE-2024-27939
[email protected]
Siemens–RUGGEDCOM CROSSBOW
 
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database. 2024-05-14 8.8 CVE-2024-27940
[email protected]
Siemens–RUGGEDCOM CROSSBOW
 
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database. 2024-05-14 8.8 CVE-2024-27941
[email protected]
Siemens–RUGGEDCOM CROSSBOW
 
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of service situation. 2024-05-14 7.5 CVE-2024-27942
[email protected]
Siemens–RUGGEDCOM CROSSBOW
 
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. 2024-05-14 7.2 CVE-2024-27943
[email protected]
Siemens–RUGGEDCOM CROSSBOW
 
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. 2024-05-14 7.2 CVE-2024-27944
[email protected]
Siemens–RUGGEDCOM CROSSBOW
 
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. 2024-05-14 7.2 CVE-2024-27945
[email protected]
Siemens–SIMATIC CN 4100
 
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device. 2024-05-14 10 CVE-2024-32741
[email protected]
Siemens–SIMATIC CN 4100
 
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network. 2024-05-14 9.8 CVE-2024-32740
[email protected]
Siemens–SIMATIC CN 4100
 
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write access to the filesystem. 2024-05-14 7.6 CVE-2024-32742
[email protected]
Siemens–SIMATIC RTLS Locating Manager
 
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected systems use symmetric cryptography with a hard-coded key to protect the communication between client and server. This could allow an unauthenticated remote attacker to compromise confidentiality and integrity of the communication and, subsequently, availability of the system. A successful exploit requires the attacker to gain knowledge of the hard-coded key and to be able to intercept the communication between client and server on the network. 2024-05-14 10 CVE-2024-30207
[email protected]
Siemens–SIMATIC RTLS Locating Manager
 
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected systems transmit client-side resources without proper cryptographic protection. This could allow an attacker to eavesdrop on and modify resources in transit. A successful exploit requires an attacker to be in the network path between the RTLS Locating Manager server and a client (MitM). 2024-05-14 9.6 CVE-2024-30209
[email protected]
Siemens–SIMATIC RTLS Locating Manager
 
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected application assigns incorrect permissions to a user management component. This could allow a privileged attacker to escalate their privileges from the Administrators group to the Systemadministrator group. 2024-05-14 9.1 CVE-2024-33499
[email protected]
Siemens–SIMATIC RTLS Locating Manager
 
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Clients do not properly check the integrity of update files. This could allow an unauthenticated remote attacker to alter update files in transit and trick an authorized user into installing malicious code. A successful exploit requires the attacker to be able to modify the communication between server and client on the network. 2024-05-14 8.8 CVE-2024-30206
[email protected]
Siemens–Simcenter Nastran 2306
 
A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.90). The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current process. 2024-05-14 7.8 CVE-2024-33577
[email protected]
Siemens–Solid Edge
 
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. 2024-05-14 7.8 CVE-2024-33489
[email protected]
Siemens–Solid Edge
 
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. 2024-05-14 7.8 CVE-2024-33490
[email protected]
Siemens–Solid Edge
 
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. 2024-05-14 7.8 CVE-2024-33491
[email protected]
Siemens–Solid Edge
 
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. 2024-05-14 7.8 CVE-2024-33492
[email protected]
Siemens–Solid Edge
 
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. 2024-05-14 7.8 CVE-2024-33493
[email protected]
Siemens–Solid Edge
 
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. 2024-05-14 7.8 CVE-2024-34771
[email protected]
Siemens–Solid Edge
 
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. 2024-05-14 7.8 CVE-2024-34772
[email protected]
Siemens–Solid Edge
 
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. 2024-05-14 7.8 CVE-2024-34773
[email protected]
Siemens–Tecnomatix Plant Simulation V2302
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0011). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22974) 2024-05-14 7.8 CVE-2024-32639
[email protected]
Sirv–Sirv
 
Improper Privilege Management vulnerability in Sirv allows Privilege Escalation.This issue affects Sirv: from n/a through 7.2.2. 2024-05-17 8.8 CVE-2024-32959
[email protected]
Sizam Design–Rehub
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1. 2024-05-17 9 CVE-2024-31231
[email protected]
Sizam Design–Rehub
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1. 2024-05-17 8 CVE-2024-31232
[email protected]
Snow Software AB–Snow License Manager
 
Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows a networked attacker to perform an Authentication Bypass if Active Directory Authentication is enabled.This issue affects Snow License Manager: from 9.33.2 through 9.34.0. 2024-05-14 8.8 CVE-2024-4129
[email protected]
SolarWinds–Access Rights Manager
 
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. 2024-05-14 9 CVE-2024-28075
[email protected]
[email protected]
[email protected]
SolarWinds–Access Rights Manager
 
The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. 2024-05-14 8.6 CVE-2024-23473
[email protected]
[email protected]
Sonatype–Nexus Repository
 
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. 2024-05-16 7.5 CVE-2024-4956
103e4ec9-0a87-450b-af77-479448ddef11
SourceCodester–Best House Rental Management System
 
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265072. 2024-05-18 7.3 CVE-2024-5093
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Best House Rental Management System
 
A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265073 was assigned to this vulnerability. 2024-05-18 7.3 CVE-2024-5094
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Online Discussion Forum Site
 
A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file registerH.php. The manipulation of the argument ima leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264455. 2024-05-16 7.3 CVE-2024-4920
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Online Examination System
 
A vulnerability was found in SourceCodester Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264743. 2024-05-17 7.3 CVE-2024-5046
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–SchoolWebTech
 
A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has been classified as critical. Affected is an unknown function of the file /improve/home.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-264534 is the identifier assigned to this vulnerability. 2024-05-16 7.3 CVE-2024-4966
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Student Management System
 
A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264744. 2024-05-17 7.3 CVE-2024-5047
[email protected]
[email protected]
[email protected]
[email protected]
StylemixThemes–Consulting
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in StylemixThemes Consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through 6.5.6. 2024-05-17 7.3 CVE-2023-37385
[email protected]
Tenable–Nessus Agent
 
A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. – CVE-2024-3292 2024-05-17 8.2 CVE-2024-3292
[email protected]
Tenable–Nessus Agent
 
When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. 2024-05-17 7.8 CVE-2024-3291
[email protected]
Tenable–Nessus
 
A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host 2024-05-17 8.2 CVE-2024-3290
[email protected]
Tenable–Nessus
 
When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. 2024-05-17 7.8 CVE-2024-3289
[email protected]
Teplitsa of social technologies–Leyka
 
Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2. 2024-05-14 8.8 CVE-2023-33327
[email protected]
ThemeKraft–BuddyForms
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8. 2024-05-17 8.6 CVE-2024-32830
[email protected]
ThemeNectar–Salient Core
 
The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the ‘nectar_icon’ shortcode ‘icon_linea’ attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. 2024-05-18 7.5 CVE-2024-3812
[email protected]
[email protected]
ThemeNectar–Salient Shortcodes
 
The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the ‘icon’ shortcode ‘image’ attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. 2024-05-18 8.8 CVE-2024-3810
[email protected]
[email protected]
Themify–Themify Ultra
 
Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5. 2024-05-17 8.8 CVE-2023-46145
[email protected]
Thomas Scholl–canvasio3D Light
 
Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.This issue affects canvasio3D Light: from n/a through 2.5.0. 2024-05-14 9.9 CVE-2024-34411
[email protected]
Thrive Themes–Thrive Theme Builder
 
Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0. 2024-05-17 8.8 CVE-2023-47782
[email protected]
ThroughTek–Kalay SDK
 
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity 2024-05-15 8.1 CVE-2023-6324
[email protected]
Timber Team & Contributors–Timber
 
Deserialization of Untrusted Data vulnerability in Timber Team & Contributors Timber.This issue affects Timber: from n/a through 1.23.0. 2024-05-14 8 CVE-2024-29800
[email protected]
Tips and Tricks HQ–WP Express Checkout (Accept PayPal Payments)
 
Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through 2.3.7. 2024-05-17 7.5 CVE-2024-30527
[email protected]
Trellix–ePolicy Orchestrator
 
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on. 2024-05-16 7.5 CVE-2024-4844
[email protected]
URBAN BASE–Z-Downloads
 
Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3. 2024-05-14 9.1 CVE-2024-34555
[email protected]
UkrSolution–Barcode Scanner with Inventory & Order Manager
 
Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. 2024-05-17 9.8 CVE-2024-33567
[email protected]
Vova Anokhin–Shortcodes Ultimate
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6. 2024-05-17 7.1 CVE-2023-25050
[email protected]
WP Automatic–Automatic
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0. 2024-05-17 9.3 CVE-2024-27954
[email protected]
WP Automatic–Automatic
 
Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0. 2024-05-17 8.3 CVE-2024-27955
[email protected]
WP Hive–Events Rich Snippets for Google
 
Cross-Site Request Forgery (CSRF) vulnerability in WP Hive Events Rich Snippets for Google allows Exploitation of Trusted Credentials.This issue affects Events Rich Snippets for Google: from n/a through 1.8. 2024-05-17 7.1 CVE-2023-44478
[email protected]
WP Sharks–s2Member Pro
 
Improper Privilege Management vulnerability in WP Sharks s2Member Pro allows Privilege Escalation.This issue affects s2Member Pro: from n/a through 240315. 2024-05-17 7.5 CVE-2024-31237
[email protected]
WP-etracker–WP etracker
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP-etracker WP etracker allows Reflected XSS.This issue affects WP etracker: from n/a through 1.0.2. 2024-05-14 7.1 CVE-2024-34431
[email protected]
WPCustomify–Customify Site Library
 
Improper Control of Generation of Code (‘Code Injection’) vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9. 2024-05-17 9.9 CVE-2024-33644
[email protected]
WPDeveloper–Essential Addons for Elementor
 
Improper Privilege Management vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.This issue affects Essential Addons for Elementor: from n/a through 5.8.8. 2024-05-17 8.8 CVE-2023-41955
[email protected]
WPFactory–EAN for WooCommerce
 
Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9. 2024-05-17 7.2 CVE-2024-34370
[email protected]
WPvivid Team–WPvivid Backup and Migration
 
Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90. 2024-05-17 8.8 CVE-2023-41243
[email protected]
WatchGuard–AuthPoint Password Manager
 
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application. This issue affects AuthPoint Password Manager for MacOS versions before 1.0.6. 2024-05-16 7.8 CVE-2024-1417
5d1c2695-1a31-4499-88ae-e847036fd7e3
WebToffee–WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
 
Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1. 2024-05-17 7.2 CVE-2023-51546
[email protected]
WebWizards–SalesKing
 
Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15. 2024-05-17 9.8 CVE-2024-22157
[email protected]
WebinarPress–WebinarPress
 
Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress.This issue affects WebinarPress: from n/a through 1.33.17. 2024-05-14 7.1 CVE-2024-34818
[email protected]
WhatArmy–WatchTowerHQ
 
Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16. 2024-05-17 9.8 CVE-2023-25701
[email protected]
Wholesale–WholesaleX
 
Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2. 2024-05-17 9.8 CVE-2024-30542
[email protected]
Woo product importer–Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy
 
Missing Authorization vulnerability in Woo product importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1. 2024-05-14 7.5 CVE-2024-32724
[email protected]
WooCommerce–WooCommerce One Page Checkout
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in WooCommerce WooCommerce One Page Checkout allows PHP Local File Inclusion.This issue affects WooCommerce One Page Checkout: from n/a through 2.3.0. 2024-05-17 7.6 CVE-2023-35881
[email protected]
XTemos–Woodmart Core
 
Improper Privilege Management vulnerability in XTemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36. 2024-05-17 9.8 CVE-2023-32244
[email protected]
YARPP–YARPP
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4. 2024-05-17 7.7 CVE-2022-45374
[email protected]
YMS–VIS Pro
 
YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks can lead to unauthorised access and execution of operations based on assigned user permissions. This vulnerability affects VIS Pro in versions <= 3.3.0.6. This vulnerability has been mitigated by changes in authentication mechanisms and implementation of additional authentication layer and strong password policies. 2024-05-14 9.8 CVE-2024-3263
[email protected]
[email protected]
ZTE–ZXUN-ePDG
 
ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked. 2024-05-14 8.3 CVE-2024-22064
[email protected]
Zabbix–Zabbix
 
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to “Audit Log”. Due to “clientip” field is not sanitized, it is possible to injection SQL into “clientip” and exploit time based blind SQL injection. 2024-05-17 9.1 CVE-2024-22120
[email protected]
abetlen–llama-cpp-python
 
llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-python` depends on class `Llama` in `llama.py` to load `.gguf` llama.cpp or Latency Machine Learning Models. The `__init__` constructor built in the `Llama` takes several parameters to configure the loading and running of the model. Other than `NUMA, LoRa settings`, `loading tokenizers,` and `hardware settings`, `__init__` also loads the `chat template` from targeted `.gguf` ‘s Metadata and furtherly parses it to `llama_chat_format.Jinja2ChatFormatter.to_chat_handler()` to construct the `self.chat_handler` for this model. Nevertheless, `Jinja2ChatFormatter` parse the `chat template` within the Metadate with sandbox-less `jinja2.Environment`, which is furthermore rendered in `__call__` to construct the `prompt` of interaction. This allows `jinja2` Server Side Template Injection which leads to remote code execution by a carefully constructed payload. 2024-05-14 9.6 CVE-2024-34359
[email protected]
[email protected]
alttextai–Alt Text AI Automatically generate image alt text for SEO and accessibility
 
The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to generic SQL Injection via the ‘last_post_id’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-05-15 8.8 CVE-2024-4847
[email protected]
[email protected]
[email protected]
[email protected]
appscreo–Easy Social Share Buttons
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in appscreo Easy Social Share Buttons allows PHP Local File Inclusion.This issue affects Easy Social Share Buttons: from n/a through 9.4. 2024-05-17 8.5 CVE-2024-31300
[email protected]
artbees–JupiterX
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in artbees JupiterX allows PHP Local File Inclusion.This issue affects JupiterX: from n/a through 3.0.0. 2024-05-17 7.6 CVE-2023-32110
[email protected]
aws–amazon-redshift-jdbc-driver
 
The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code which has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default, extended query mode. Note that `preferQueryMode` is not a supported parameter in Redshift JDBC driver, and is inherited code from Postgres JDBC driver. Users who do not override default settings to utilize this unsupported query mode are not affected. This issue is patched in driver version 2.1.0.28. As a workaround, do not use the connection property `preferQueryMode=simple`. (NOTE: Those who do not explicitly specify a query mode use the default of extended query mode and are not affected by this issue.) 2024-05-15 10 CVE-2024-32888
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
dataease–dataease
 
DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19. 2024-05-14 7.5 CVE-2024-31441
[email protected]
dotmesh-io–dotmesh
 
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder. The routine `untarFile` attempts to guard against creating symbolic links that point outside the directory a tar archive is extracted to. However, a malicious tarball first linking `subdir/parent` to `..` (allowed, because `subdir/..` falls within the archive root) and then linking `subdir/parent/escapes` to `..` results in a symbolic link pointing to the tarball’s parent directory, contrary to the routine’s goals. This issue may lead to arbitrary file write (with same permissions as the program running the unpack operation) if the attacker can control the archive file. Additionally, if the attacker has read access to the unpacked files, they may be able to read arbitrary system files the parent process has permissions to read. As of time of publication, no patch for this issue is available. 2024-05-14 8.1 CVE-2020-26312
[email protected]
[email protected]
eProsima–Fast-DDS
 
FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed `RTPS` packet, the subscriber crashes when creating `pthread`. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue. 2024-05-14 8.2 CVE-2024-30258
[email protected]
[email protected]
[email protected]
eProsima–Fast-DDS
 
FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue. 2024-05-14 8.2 CVE-2024-30259
[email protected]
[email protected]
[email protected]
freescout-helpdesk–freescout
 
FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application’s mailbox. This vulnerability arises from improper handling of HTML content within incoming emails, allowing attackers to embed malicious HTML code in the context of the application’s domain. Unauthenticated attackers can exploit this vulnerability to inject malicious HTML content into emails. This could lead to various attacks such as form hijacking, application defacement, or data exfiltration via CSS injection. Although unauthenticated attackers are limited to HTML injection, the consequences can still be severe. Version 1.8.139 implements strict input validation and sanitization mechanisms to ensure that any HTML content received via emails is properly sanitized to prevent malicious HTML injections. 2024-05-14 7.6 CVE-2024-34697
[email protected]
[email protected]
froxlor–Froxlor
 
Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on the Login attempt, which will then be executed when viewed by the Administrator in the System Logs. By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. This vulnerability is fixed in 2.1.9. 2024-05-14 9.6 CVE-2024-34070
[email protected]
[email protected]
getgrav–grav
 
Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files – `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account and read any file in the web server by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. A low privileged user may also perform a full account takeover of other registered users including Administrators. Version 1.7.46 contains a patch. 2024-05-15 8.5 CVE-2024-34082
[email protected]
[email protected]
git–git
 
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule’s worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config –global core.symlinks false`), the described attack won’t work. As always, it is best to avoid cloning repositories from untrusted sources. 2024-05-14 9 CVE-2024-32002
[email protected]
[email protected]
[email protected]
[email protected]
git–git
 
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources. 2024-05-14 8.1 CVE-2024-32004
[email protected]
[email protected]
[email protected]
git–git
 
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone –no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources. 2024-05-14 7.3 CVE-2024-32465
[email protected]
[email protected]
[email protected]
[email protected]
google — chrome
 
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) 2024-05-14 9.6 CVE-2024-4671
[email protected]
[email protected]
hakeemnala–Build App Online
 
The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.21. This is due to missing authentication checking in the ‘set_user_cart’ function with the ‘user_id’ header value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. 2024-05-18 9.8 CVE-2024-3658
[email protected]
[email protected]
hoppscotch–hoppscotch-extension
 
The Hoppscotch Browser Extension is a browser extension for Hoppscotch, a community-driven end-to-end open-source API development ecosystem. Due to an oversight during a change made to the extension in the commit d4e8e4830326f46ba17acd1307977ecd32a85b58, a critical check for the origin list was missed and allowed for messages to be sent to the extension which the extension gladly processed and responded back with the results of, while this wasn’t supposed to happen and be blocked by the origin not being present in the origin list. This vulnerability exposes Hoppscotch Extension users to sites which call into Hoppscotch Extension APIs internally. This fundamentally allows any site running on the browser with the extension installed to bypass CORS restrictions if the user is running extensions with the given version. This security hole was patched in the commit 7e364b928ab722dc682d0fcad713a96cc38477d6 which was released along with the extension version `0.35`. As a workaround, Chrome users can use the Extensions Settings to disable the extension access to only the origins that you want. Firefox doesn’t have an alternative to upgrading to a fixed version. 2024-05-14 7.6 CVE-2024-34714
[email protected]
[email protected]
[email protected]
[email protected]
icegram–Email Subscribers by Icegram Express Email Marketing, Newsletters, Automation for WordPress & WooCommerce
 
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to cause a loss of confidentiality, integrity, and availability, by performing multiple unauthorized actions. Some of these actions could also be leveraged to conduct PHP Object Injection and SQL Injection attacks. 2024-05-15 8.8 CVE-2024-4010
[email protected]
[email protected]
jetmonsters–Hotel Booking Lite
 
The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-05-14 9.8 CVE-2024-4413
[email protected]
[email protected]
[email protected]
jottlieb–Last Viewed Posts by WPBeginner
 
The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-05-14 9.8 CVE-2024-3070
[email protected]
[email protected]
kognetiks–Kognetiks Chatbot for WordPress
 
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers, with to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-05-14 9.8 CVE-2024-4560
[email protected]
[email protected]
lobehub–lobe-chat
 
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause Server-Side Request Forgery without logging in, attack intranet services, and leak sensitive information. 2024-05-14 9 CVE-2024-32964
[email protected]
[email protected]
mantisbt–mantisbt
 
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user’s password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password. A brute-force attack calling account_update.php with increasing user IDs is possible. A successful takeover would grant the attacker full access to the compromised account, including sensitive information and functionalities associated with the account, the extent of which depends on its privileges and the data it has access to. Version 2.26.2 contains a patch for the issue. As a workaround, one may mitigate the risk by reducing the verification token’s validity (change the value of the `TOKEN_EXPIRY_AUTHENTICATED` constant in `constants_inc.php`). 2024-05-14 7.3 CVE-2024-34077
[email protected]
[email protected]
[email protected]
metaphorcreations–Ditty Responsive News Tickers, Sliders, and Lists
 
The Ditty plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.1.38 via deserialization of untrusted input when adding a new ditty. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-05-14 8.8 CVE-2024-3954
[email protected]
[email protected]
micromatch–braces
 
The NPM package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends “imbalanced braces” as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash. 2024-05-14 7.5 CVE-2024-4068
596c5446-0ce5-4ba2-aa66-48b3b757a647
596c5446-0ce5-4ba2-aa66-48b3b757a647
596c5446-0ce5-4ba2-aa66-48b3b757a647
micromatch–micromatch
 
The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn’t find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won’t start backtracking the regular expression due to greedy matching. 2024-05-14 7.5 CVE-2024-4067
596c5446-0ce5-4ba2-aa66-48b3b757a647
596c5446-0ce5-4ba2-aa66-48b3b757a647
596c5446-0ce5-4ba2-aa66-48b3b757a647
596c5446-0ce5-4ba2-aa66-48b3b757a647
microsoft — windows_10_1507
 
Windows MSHTML Platform Security Feature Bypass Vulnerability 2024-05-14 8.8 CVE-2024-30040
[email protected]
microsoft — windows_10_1507
 
Windows DWM Core Library Elevation of Privilege Vulnerability 2024-05-14 7.8 CVE-2024-30051
[email protected]
miniOrange–WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)
 
Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.6. 2024-05-17 8 CVE-2023-47683
[email protected]
monetizemore–Advanced Ads  Ad Manager & AdSense
 
The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the ‘placement_slug’ parameter. This makes it possible for authenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-05-14 7.2 CVE-2024-2290
[email protected]
[email protected]
[email protected]
n/a–Intel(R) Arc(TM) & Iris(R) Xe Graphics software
 
Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access. 2024-05-16 7.8 CVE-2024-21864
[email protected]
n/a–Intel(R) BIOS Guard firmware
 
Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. 2024-05-16 7.2 CVE-2023-27504
[email protected]
n/a–Intel(R) BIOS Guard firmware
 
Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. 2024-05-16 7.2 CVE-2023-28402
[email protected]
n/a–Intel(R) DTT software installers
 
Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 7.9 CVE-2024-21813
[email protected]
n/a–Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware
 
Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access. 2024-05-16 7.2 CVE-2022-37341
[email protected]
n/a–Intel(R) GPA Framework software installers
 
Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 7.8 CVE-2023-43748
[email protected]
n/a–Intel(R) GPA software installers
 
Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 8.2 CVE-2023-24460
[email protected]
n/a–Intel(R) GPA software installers
 
Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 7.3 CVE-2023-40071
[email protected]
n/a–Intel(R) GPA software installers
 
Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 7.8 CVE-2023-43629
[email protected]
n/a–Intel(R) Neural Compressor software
 
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access. 2024-05-16 10 CVE-2024-22476
[email protected]
n/a–Intel(R) Power Gadget software for Windows
 
Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 8.8 CVE-2023-38581
[email protected]
n/a–Intel(R) Power Gadget software for Windows
 
Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 8.8 CVE-2023-42773
[email protected]
n/a–Intel(R) Power Gadget software for Windows
 
Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 8.8 CVE-2023-45217
[email protected]
n/a–Intel(R) Power Gadget software for Windows
 
Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 7.9 CVE-2023-46691
[email protected]
n/a–Intel(R) Power Gadget software for macOS
 
Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 8.8 CVE-2023-40070
[email protected]
n/a–Intel(R) Power Gadget software for macOS
 
Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 8.8 CVE-2023-46689
[email protected]
n/a–Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs
 
Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access. 2024-05-16 7.6 CVE-2023-41092
[email protected]
n/a–Intel(R) TDX module software
 
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. 2024-05-16 7.9 CVE-2023-45745
[email protected]
n/a–Intel(R) Thunderbolt driver software
 
Improper access control for some Intel(R) Thunderbolt driver software before version 89 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 7 CVE-2022-37410
[email protected]
n/a–PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products
 
Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. 2024-05-16 7.5 CVE-2024-22382
[email protected]
n/a–UEFI firmware for some Intel(R) Server D50DNP Family products
 
Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. 2024-05-16 7.2 CVE-2024-22095
[email protected]
n/a–UEFI firmware for some Intel(R) Server D50DNP Family products
 
Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. 2024-05-16 7.5 CVE-2024-23487
[email protected]
n/a–UEFI firmware for some Intel(R) Server D50FCP Family products
 
Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access. 2024-05-16 7.5 CVE-2024-23980
[email protected]
n/a–UEFI firmware for some Intel(R) Server M50FCP Family products
 
Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access. 2024-05-16 7.5 CVE-2024-24981
[email protected]
n/a–n/a
 
An issue was discovered in the installer in Samsung Portable SSD for T5 1.6.10 on Windows. Because it is possible to tamper with the directory and DLL files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (An attacker must already have user privileges) 2024-05-14 7.3 CVE-2024-31954
[email protected]
n/a–some Intel(R) PROSet/Wireless WiFi software for Windows
 
Improper input validation for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2024-05-16 8.2 CVE-2023-38654
[email protected]
nautobot–nautobot
 
Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically on the login page in the case of `BANNER_LOGIN`) but it was reported that an admin user can make use of these settings to inject arbitrary HTML, potentially exposing Nautobot users to security issues such as cross-site scripting (stored XSS). The vulnerability is fixed in Nautobot 1.6.22 and 2.2.4. 2024-05-14 7.5 CVE-2024-34707
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
nocodb–nocodb
 
NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of “urls” whose contents are processed by the function replaceUrlsWithLink(). This function recognizes the pattern URI::(XXX) and creates a hyperlink tag <a> with href=XXX. However, it leaves all the other contents outside of the pattern URI::(XXX) unchanged. This vulnerability is fixed in 0.202.9. 2024-05-14 7.3 CVE-2023-49781
[email protected]
[email protected]
npgsql–npgsql
 
Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()` method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs` uses `int` variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is too small when constructing a Postgres protocol message to send it over the network to the database. When parsing the message, the database will only read a small number of bytes and treat any following bytes as new messages while they belong to the old message. Attackers can abuse this to inject arbitrary Postgres protocol messages into the connection, leading to the execution of arbitrary SQL statements on the application’s behalf. This vulnerability is fixed in 4.0.14, 4.1.13, 5.0.18, 6.0.11, 7.0.7, and 8.0.3. 2024-05-14 8.1 CVE-2024-32655
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
nvidia–ChatRTX
 
NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. 2024-05-14 7.5 CVE-2024-0096
[email protected]
nvidia–ChatRTX
 
NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. 2024-05-14 7.5 CVE-2024-0097
[email protected]
nvidia–NVIDIA Triton Inference Server
 
NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. 2024-05-14 9 CVE-2024-0087
[email protected]
pencidesign–Penci Soledad Data Migrator
 
The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the ‘data’ parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is limited to just PHP files. 2024-05-17 9.8 CVE-2024-3551
[email protected]
[email protected]
plainware–ShiftController Employee Shift Scheduling
 
The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the `hc3_session`-cookie in versions up to, and including, 4.9.57. This makes it possible for an authenticated attacker with contributor access-level or above to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-05-16 7.5 CVE-2024-4733
[email protected]
[email protected]
plugins360–All-in-One Video Gallery
 
The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. 2024-05-15 8.8 CVE-2024-4670
[email protected]
[email protected]
powerfulwp–Local Delivery Drivers for WooCommerce
 
Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0. 2024-05-17 9.8 CVE-2023-51481
[email protected]
ravanh–XML Sitemap & Google News
 
The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the ‘feed’ parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. 2024-05-14 8.1 CVE-2024-4441
[email protected]
[email protected]
smp7, wp.insider–Simple Membership
 
Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4. 2024-05-17 8.8 CVE-2023-41956
[email protected]
smp7, wp.insider–Simple Membership
 
Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4. 2024-05-17 8.6 CVE-2023-41957
[email protected]
spacemeshos–go-spacemesh
 
go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions (ATXs) which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an identity. Allowing Smeshers to reference an earlier (but not the latest) ATX as previous breaks this protocol rule and can serve as an attack vector where Nodes are rewarded for holding their PoST data for less than one epoch but still being eligible for rewards. This vulnerability is fixed in go-spacemesh 1.5.2-hotfix1 and Spacemesh API 1.37.1. 2024-05-14 8.2 CVE-2024-34360
[email protected]
[email protected]
[email protected]
spoonthemes–Adifier System
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in spoonthemes Adifier System allows PHP Local File Inclusion.This issue affects Adifier System: from n/a before 3.1.4. 2024-05-17 7.5 CVE-2023-49753
[email protected]
stalwartlabs–mail-server
 
Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, attackers who achieved Arbitrary Code Execution as the stalwart-mail user (including web interface admins) can gain complete root access to the system. Usually, system services are run as a separate user (not as root) to isolate an attacker with Arbitrary Code Execution to the current service. Therefore, other system services and the system itself remains protected in case of a successful attack. stalwart-mail runs as a separate user, but it can give itself full privileges again in a simple way, so this protection is practically ineffective. Server admins who handed out the admin credentials to the mail server, but didn’t want to hand out complete root access to the system, as well as any attacked user when the attackers gained Arbitrary Code Execution using another vulnerability, may be vulnerable. Version 0.8.0 contains a patch for the issue. 2024-05-16 9.1 CVE-2024-35187
[email protected]
strongSwan–strongSwan
 
strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client’s certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136). 2024-05-14 7.7 CVE-2022-4967
[email protected]
[email protected]
[email protected]
supsystic.com–Popup by Supsystic
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19. 2024-05-17 8.8 CVE-2023-46197
[email protected]
techjewel–Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
 
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin’s settings and features. This also makes it possible for unauthenticated attackers to delete manager accounts. 2024-05-18 9.8 CVE-2024-2771
[email protected]
[email protected]
techjewel–Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
 
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to modify all of the plugin’s settings. 2024-05-18 7.5 CVE-2024-2782
[email protected]
[email protected]
techjewel–Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
 
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, and access granted by an administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-18 7.2 CVE-2024-4709
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
themeisle–Visualizer: Tables and Charts Manager for WordPress
 
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform arbitrary SQL queries that can be leveraged for privilege escalation among many other actions. 2024-05-16 8.8 CVE-2024-3750
[email protected]
[email protected]
[email protected]
[email protected]
themeum–Tutor LMS eLearning and online course solution
 
The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data. 2024-05-16 9.8 CVE-2024-4223
[email protected]
[email protected]
themeum–Tutor LMS eLearning and online course solution
 
The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-05-16 8.8 CVE-2024-4318
[email protected]
[email protected]
[email protected]
[email protected]
themium–Tutor LMS Pro
 
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the ‘authenticate’ function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account. 2024-05-16 8.8 CVE-2024-4351
[email protected]
[email protected]
themium–Tutor LMS Pro
 
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the ‘get_calendar_materials’ function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-05-16 8.8 CVE-2024-4352
[email protected]
[email protected]
themium–Tutor LMS Pro
 
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options. 2024-05-16 7.3 CVE-2024-4222
[email protected]
[email protected]
thimpress–LearnPress WordPress LMS Plugin
 
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-05-14 9.8 CVE-2024-4434
[email protected]
[email protected]
[email protected]
[email protected]
thimpress–LearnPress WordPress LMS Plugin
 
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘save_post_materials’ function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-05-14 8.8 CVE-2024-4397
[email protected]
[email protected]
[email protected]
unitecms–Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
 
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.102 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-05-14 8.8 CVE-2024-3055
[email protected]
[email protected]
[email protected]
unitecms–Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
 
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of template attributes during the creation of HTML for custom widgets This makes it possible for authenticated attackers, with administrator-level access and above, to execute arbitrary commands on the server. 2024-05-14 7.2 CVE-2024-2662
[email protected]
[email protected]
valtimo-platform–valtimo-frontend-libraries
 
Valtimo is an open source business process and case management platform. When opening a form in Valtimo, the access token (JWT) of the user is exposed to `api.form.io` via the the `x-jwt-token` header. An attacker can retrieve personal information from this token, or use it to execute requests to the Valtimo REST API on behalf of the logged-in user. This issue is caused by a misconfiguration of the Form.io component. The following conditions have to be met in order to perform this attack: An attacker needs to have access to the network traffic on the `api.form.io` domain; the content of the `x-jwt-token` header is logged or otherwise available to the attacker; an attacker needs to have network access to the Valtimo API; and an attacker needs to act within the time-to-live of the access token. The default TTL in Keycloak is 5 minutes. Versions 10.8.4, 11.1.6 and 11.2.2 have been patched. 2024-05-14 9.8 CVE-2024-34706
[email protected]
[email protected]
[email protected]
[email protected]
vendor or project–product name
 
A potential vulnerability has been identified for OpenText Operations Bridge Reporter. The vulnerability could be exploited to inject malicious SQL queries. An attack requires to be an authenticated administrator of OBR with network access to the OBR web application. 2024-05-17 7.2 CVE-2021-22508
[email protected]
vercel–next.js
 
Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to be exploitable, the affected route also had to be making use of the [rewrites](https://nextjs.org/docs/app/api-reference/next-config-js/rewrites) feature in Next.js. The vulnerability is resolved in Next.js `13.5.1` and newer. 2024-05-14 7.5 CVE-2024-34350
[email protected]
vercel–next.js
 
Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`. 2024-05-14 7.5 CVE-2024-34351
[email protected]
[email protected]
[email protected]
weDevs–WP User Frontend
 
Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5. 2024-05-17 7.2 CVE-2023-47682
[email protected]
wpForo–wpForo Forum
 
Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3. 2024-05-17 7.3 CVE-2023-47868
[email protected]

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
10Web Form Builder Team–Form Maker by 10Web
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.24. 2024-05-14 5.9 CVE-2024-34437
[email protected]
1Panel-dev–1Panel
 
1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol `>` can be used to achieve arbitrary file writing. This vulnerability is fixed in v1.10.3-lts. 2024-05-14 6.5 CVE-2024-34352
[email protected]
ABB–RobotWare 6
 
An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 * OmniCore- RobotWare 7 < 7.14 2024-05-14 6.5 CVE-2024-1914
[email protected]
AREOI–All Bootstrap Blocks
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AREOI All Bootstrap Blocks allows Stored XSS.This issue affects All Bootstrap Blocks: from n/a through 1.3.15. 2024-05-14 5.9 CVE-2024-35169
[email protected]
AROX SOLUTION–School ERP Pro+Responsive
 
Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in ‘/index.php’. This vulnerability allows an attacker to partially take control of the victim’s browser session. 2024-05-14 6.5 CVE-2024-4822
[email protected]
AROX SOLUTION–School ERP Pro+Responsive
 
Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index ‘/schoolerp/office_admin/’ in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session. 2024-05-14 6.5 CVE-2024-4823
[email protected]
Academy LMS–Academy LMS
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25. 2024-05-14 5.3 CVE-2024-35171
[email protected]
Adam DeHaven–Perfect Pullquotes
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Adam DeHaven Perfect Pullquotes allows Stored XSS.This issue affects Perfect Pullquotes: from n/a through 1.7.5. 2024-05-14 6.5 CVE-2024-33951
[email protected]
Adobe–Acrobat Reader
 
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-15 5.5 CVE-2024-30311
[email protected]
Adobe–Acrobat Reader
 
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-15 5.5 CVE-2024-30312
[email protected]
Adobe–Acrobat Reader
 
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-15 5.5 CVE-2024-34101
[email protected]
Adobe–Adobe Framemaker
 
Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 5.5 CVE-2024-30283
[email protected]
Adobe–Adobe Framemaker
 
Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 5.5 CVE-2024-30286
[email protected]
Adobe–Adobe Framemaker
 
Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 5.5 CVE-2024-30287
[email protected]
Adobe–Animate
 
Animate versions 24.0.2, 23.0.5 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 5.5 CVE-2024-30298
[email protected]
Adobe–Illustrator
 
Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 5.5 CVE-2024-20793
[email protected]
Adobe–Substance3D – Designer
 
Substance3D – Designer versions 13.1.1 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 5.5 CVE-2024-30281
[email protected]
Adobe–Substance3D – Painter
 
Substance3D – Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 5.5 CVE-2024-30308
[email protected]
Adobe–Substance3D – Painter
 
Substance3D – Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-05-16 5.5 CVE-2024-30309
[email protected]
Aleksei Polechin (alek)–Archives Calendar Widget
 
Administrator Cross Site Scripting (XSS) in Archives Calendar Widget <= 1.0.15 versions. 2024-05-14 5.9 CVE-2024-33950
[email protected]
AlexaCRM–Dynamics 365 Integration
 
Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17. 2024-05-14 5.3 CVE-2024-34550
[email protected]
Andy Moyle–Church Admin
 
Missing Authorization vulnerability in Andy Moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.1.6. 2024-05-17 6.3 CVE-2024-31281
[email protected]
Andy Moyle–Church Admin
 
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.32. 2024-05-14 4.3 CVE-2024-34828
[email protected]
AppPresser Team–AppPresser
 
Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. 2024-05-14 6.5 CVE-2024-32776
[email protected]
Artbees–SellKit
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Artbees SellKit allows Relative Path Traversal.This issue affects SellKit: from n/a through 1.8.1. 2024-05-17 6.5 CVE-2024-30509
[email protected]
Atanas Yonkov–Pliska
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Atanas Yonkov Pliska allows Stored XSS.This issue affects Pliska: from n/a through 0.3.5. 2024-05-14 6.5 CVE-2024-33954
[email protected]
Automattic–WP Job Manager
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.2.2. 2024-05-14 5.3 CVE-2024-34549
[email protected]
BdThemes–Ultimate Store Kit Elementor Addons
 
Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.6.2. 2024-05-14 5.4 CVE-2024-4606
[email protected]
Benoti–Brozzme Scroll Top
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Benoti Brozzme Scroll Top allows Stored XSS.This issue affects Brozzme Scroll Top: from n/a through 1.8.5. 2024-05-14 5.9 CVE-2024-34426
[email protected]
BestWebSoft–Captcha by BestWebSoft
 
Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft allows Functionality Bypass.This issue affects Captcha by BestWebSoft: from n/a through 5.2.0. 2024-05-17 5.3 CVE-2024-31295
[email protected]
BetterAddons–Better Elementor Addons
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BetterAddons Better Elementor Addons better-elementor-addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.4.4. 2024-05-14 6.5 CVE-2024-34432
[email protected]
Bootstrapped Ventures–Easy Affiliate Links
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bootstrapped Ventures Easy Affiliate Links allows Stored XSS.This issue affects Easy Affiliate Links: from n/a through 3.7.2. 2024-05-14 6.5 CVE-2024-34441
[email protected]
Brainstorm Force–Ultimate Addons for Beaver Builder
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.13. 2024-05-17 6.3 CVE-2023-51401
[email protected]
Byzoro–Smart S200 Management Platform
 
A vulnerability was found in Byzoro Smart S200 Management Platform up to 20240507. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264437 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-15 6.3 CVE-2024-4904
[email protected]
[email protected]
[email protected]
[email protected]
CRM Perks–Integration for Contact Form 7 HubSpot
 
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 HubSpot.This issue affects Integration for Contact Form 7 HubSpot: from n/a through 1.3.1. 2024-05-17 4.3 CVE-2024-34756
[email protected]
CRM Perks–Integration for Contact Form 7 and Salesforce
 
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through 1.3.9. 2024-05-17 4.3 CVE-2024-34755
[email protected]
CRM Perks–Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms
 
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.0. 2024-05-14 4.3 CVE-2024-34817
[email protected]
Cacti–cacti
 
Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit a38b9046e9772612fda847b46308f9391a49891e. 2024-05-14 6.1 CVE-2024-30268
[email protected]
[email protected]
[email protected]
Cacti–cacti
 
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue. 2024-05-14 6.5 CVE-2024-31460
[email protected]
[email protected]
Cacti–cacti
 
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. Version 1.2.27 fixes this issue. 2024-05-14 5.4 CVE-2024-29894
[email protected]
[email protected]
Cacti–cacti
 
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue. 2024-05-14 5.7 CVE-2024-31443
[email protected]
[email protected]
Cacti–cacti
 
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue. 2024-05-14 4.6 CVE-2024-31444
[email protected]
Cacti–cacti
 
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue. 2024-05-14 4.6 CVE-2024-31458
[email protected]
Campcodes–Complete Web-Based School Management System
 
A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_student1.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264441 was assigned to this vulnerability. 2024-05-15 6.3 CVE-2024-4906
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Complete Web-Based School Management System
 
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264442 is the identifier assigned to this vulnerability. 2024-05-15 6.3 CVE-2024-4907
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Complete Web-Based School Management System
 
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264443. 2024-05-15 6.3 CVE-2024-4908
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Complete Web-Based School Management System
 
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264444. 2024-05-15 6.3 CVE-2024-4909
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Complete Web-Based School Management System
 
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument grade leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264445 was assigned to this vulnerability. 2024-05-15 6.3 CVE-2024-4910
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Complete Web-Based School Management System
 
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument exam leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264446 is the identifier assigned to this vulnerability. 2024-05-15 6.3 CVE-2024-4911
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Legal Case Management System
 
A vulnerability, which was classified as critical, was found in Campcodes Legal Case Management System 1.0. Affected is an unknown function of the file /admin/general-setting of the component Setting Handler. The manipulation of the argument favicon/logo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263622 is the identifier assigned to this vulnerability. 2024-05-14 4.7 CVE-2024-4681
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Online Examination System
 
A vulnerability classified as critical has been found in Campcodes Online Examination System 1.0. This affects an unknown part of the file addExamExe.php. The manipulation of the argument examTitle leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264447. 2024-05-15 6.3 CVE-2024-4912
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Online Examination System
 
A vulnerability classified as critical was found in Campcodes Online Examination System 1.0. This vulnerability affects unknown code of the file exam.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264448. 2024-05-15 6.3 CVE-2024-4913
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Online Examination System
 
A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. This issue affects some unknown processing of the file ranking-exam.php. The manipulation of the argument exam_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264449 was assigned to this vulnerability. 2024-05-15 6.3 CVE-2024-4914
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Online Examination System
 
A vulnerability, which was classified as critical, was found in Campcodes Online Examination System 1.0. Affected is an unknown function of the file result.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-264450 is the identifier assigned to this vulnerability. 2024-05-15 6.3 CVE-2024-4915
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Online Examination System
 
A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file selExamAttemptExe.php. The manipulation of the argument thisId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264451. 2024-05-15 6.3 CVE-2024-4916
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Online Examination System
 
A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file submitAnswerExe.php. The manipulation of the argument exmne_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264452. 2024-05-15 6.3 CVE-2024-4917
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Online Examination System
 
A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. This affects an unknown part of the file updateQuestion.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264453 was assigned to this vulnerability. 2024-05-15 6.3 CVE-2024-4918
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Online Examination System
 
A vulnerability was found in Campcodes Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/addCourseExe.php. The manipulation of the argument course_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264454 is the identifier assigned to this vulnerability. 2024-05-16 6.3 CVE-2024-4919
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Online Laundry Management System
 
A vulnerability, which was classified as critical, has been found in Campcodes Online Laundry Management System 1.0. This issue affects some unknown processing of the file /admin_class.php. The manipulation of the argument id/delete_category/delete_inv/delete_laundry/delete_supply/delete_user/login/save_inv/save_user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263891. 2024-05-14 6.3 CVE-2024-4792
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Online Laundry Management System
 
A vulnerability, which was classified as critical, was found in Campcodes Online Laundry Management System 1.0. Affected is an unknown function of the file /manage_laundry.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263892. 2024-05-14 6.3 CVE-2024-4793
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Online Laundry Management System
 
A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_receiving.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263893 was assigned to this vulnerability. 2024-05-14 6.3 CVE-2024-4794
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Online Laundry Management System
 
A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263894 is the identifier assigned to this vulnerability. 2024-05-14 6.3 CVE-2024-4795
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Online Laundry Management System
 
A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as critical. This affects an unknown part of the file /manage_inv.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263895. 2024-05-14 6.3 CVE-2024-4796
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Online Laundry Management System
 
A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manage_user.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of resource identifiers. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263938 is the identifier assigned to this vulnerability. 2024-05-14 6.3 CVE-2024-4817
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Online Laundry Management System
 
A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263939. 2024-05-14 5.3 CVE-2024-4818
[email protected]
[email protected]
[email protected]
[email protected]
Campcodes–Online Laundry Management System
 
A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file admin_class.php. The manipulation of the argument type with the input 1 leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263940. 2024-05-14 4.3 CVE-2024-4819
[email protected]
[email protected]
[email protected]
[email protected]
Cisco–Cisco AppDynamics
 
A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device. 2024-05-15 5.5 CVE-2024-20394
[email protected]
Cisco–Cisco Network Services Orchestrator
 
A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. 2024-05-15 4.7 CVE-2024-20369
[email protected]
Cisco–Cisco Secure Client
 
A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device. 2024-05-15 6.8 CVE-2024-20391
[email protected]
Cisco–Cisco Secure Email and Web Manager
 
A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could allow an authenticated, low-privileged, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to an incorrect privilege assignment when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system. 2024-05-15 4.8 CVE-2024-20383
[email protected]
Cisco–Cisco Secure Email
 
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2024-05-15 6.1 CVE-2024-20258
[email protected]
Cisco–Cisco Secure Email
 
A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input validation of some parameters that are passed to the web-based management API of the affected system. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to perform cross-site scripting (XSS) attacks, resulting in the execution of arbitrary script code in the browser of the targeted user, or could allow the attacker to access sensitive, browser-based information. 2024-05-15 6.1 CVE-2024-20392
[email protected]
Cisco–Cisco Secure Email
 
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.r This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2024-05-15 4.8 CVE-2024-20257
[email protected]
Cisco–Cisco Secure Web Appliance
 
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2024-05-15 4.8 CVE-2024-20256
[email protected]
CodeBard–Fast Custom Social Share by CodeBard
 
Cross-Site Request Forgery (CSRF) vulnerability in CodeBard Fast Custom Social Share by CodeBard.This issue affects Fast Custom Social Share by CodeBard: from n/a through 1.1.2. 2024-05-17 4.3 CVE-2024-34807
[email protected]
CodePeople–Appointment Hour Booking
 
Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Appointment Hour Booking allows Removing Important Client Functionality.This issue affects Appointment Hour Booking: from n/a through 1.4.56. 2024-05-17 5.3 CVE-2024-32720
[email protected]
CodePeople–CP Polls
 
: Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71. 2024-05-17 5.3 CVE-2024-24873
[email protected]
CodePeople–CP Polls
 
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CodePeople CP Polls allows Code Injection.This issue affects CP Polls: from n/a through 1.0.71. 2024-05-17 5.3 CVE-2024-24874
[email protected]
Codezips–E-Commerce Site
 
A vulnerability has been found in Codezips E-Commerce Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/addproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264460. 2024-05-16 6.3 CVE-2024-4923
[email protected]
[email protected]
[email protected]
[email protected]
Codezips–E-Commerce Site
 
A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264746 is the identifier assigned to this vulnerability. 2024-05-17 6.3 CVE-2024-5049
[email protected]
[email protected]
[email protected]
[email protected]
Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban–TranslatePress
 
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban TranslatePress.This issue affects TranslatePress: from n/a through 2.7.5. 2024-05-14 4.3 CVE-2024-34827
[email protected]
Cozmoslabs–Profile Builder
 
Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows Functionality Bypass.This issue affects Profile Builder: from n/a through 3.11.2. 2024-05-17 5.3 CVE-2024-31341
[email protected]
Creative Motion–Clearfy Cache
 
Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1. 2024-05-17 4.3 CVE-2024-34806
[email protected]
CriticalMoments–CMSaasStarter
 
CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 into your fork. 2024-05-14 6.5 CVE-2024-34354
[email protected]
[email protected]
[email protected]
CyberPower–PowerPanel business
 
Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any device. 2024-05-15 6.5 CVE-2024-31409
[email protected]
[email protected]
CyberPower–PowerPanel business
 
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered. 2024-05-15 4.9 CVE-2024-32042
[email protected]
[email protected]
Dassault Systmes–3DSwymer
 
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code. 2024-05-17 5.4 CVE-2023-5597
[email protected]
Dell–PowerScale OneFS
 
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service. 2024-05-14 6.1 CVE-2024-25965
[email protected]
Dell–PowerScale OneFS
 
Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. 2024-05-14 6.7 CVE-2024-25967
[email protected]
Dell–PowerScale OneFS
 
Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. 2024-05-14 6.2 CVE-2024-25969
[email protected]
Dell–PowerScale OneFS
 
Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to loss of integrity. 2024-05-14 6.5 CVE-2024-25970
[email protected]
Dell–PowerScale OneFS
 
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. 2024-05-14 5.3 CVE-2024-25966
[email protected]
Dell–PowerScale OneFS
 
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. 2024-05-14 5.9 CVE-2024-25968
[email protected]
Easy Digital Downloads–Easy Digital Downloads
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. 2024-05-14 5.3 CVE-2024-32100
[email protected]
Easy Digital Downloads–Easy Digital Downloads
 
Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. 2024-05-14 4.3 CVE-2024-31113
[email protected]
Elegant Themes–Divi Builder
 
The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-4490
[email protected]
[email protected]
[email protected]
EnvoThemes–Envo’s Elementor Templates & Widgets for WooCommerce
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in EnvoThemes Envo’s Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo’s Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.8. 2024-05-14 6.5 CVE-2024-35167
[email protected]
Eric Alli–Google Typography
 
Missing Authorization vulnerability in Eric Alli Google Typography.This issue affects Google Typography: from n/a through 1.1.2. 2024-05-14 4.3 CVE-2024-33942
[email protected]
Extend Themes–EmpowerWP
 
Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21. 2024-05-17 4.3 CVE-2024-34809
[email protected]
Felix Moira–Popup More Popups
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Felix Moira Popup More Popups allows Stored XSS.This issue affects Popup More Popups: from n/a through 2.3.1. 2024-05-17 5.9 CVE-2024-32800
[email protected]
Flothemes–Flo Forms
 
Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42. 2024-05-17 5.3 CVE-2024-35174
[email protected]
FmeAddons–Conditional Checkout Fields for WooCommerce
 
Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3. 2024-05-17 5.3 CVE-2022-45070
[email protected]
Fortinet–FortiADC
 
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins. 2024-05-14 5.5 CVE-2023-50180
[email protected]
Fortinet–FortiNAC
 
An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests. 2024-05-14 6.8 CVE-2024-31488
[email protected]
Fortinet–FortiOS
 
A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests. 2024-05-14 6.6 CVE-2023-44247
[email protected]
Fortinet–FortiOS
 
An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests. 2024-05-14 5.3 CVE-2024-26007
[email protected]
Fortinet–FortiProxy
 
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands 2024-05-14 6.7 CVE-2023-36640
[email protected]
Fortinet–FortiProxy
 
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests. 2024-05-14 6.7 CVE-2023-45583
[email protected]
Fortinet–FortiProxy
 
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets. 2024-05-14 5 CVE-2023-45586
[email protected]
GE HealthCare–EchoPAC Software Only
 
Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products 2024-05-14 6.8 CVE-2024-27108
171caf72-b841-4e04-a68e-93493aff2b94
GE HealthCare–EchoPAC Software Only
 
Vulnerable data in transit in GE HealthCare EchoPAC products 2024-05-14 5.7 CVE-2024-27106
171caf72-b841-4e04-a68e-93493aff2b94
GE HealthCare–Venue
 
Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component 2024-05-14 6.2 CVE-2024-1629
171caf72-b841-4e04-a68e-93493aff2b94
GZTimeWalker–GZCTF
 
GZ::CTF is a capture the flag platform. Prior to 0.20.1, unprivileged user can perform cross-site scripting attacks on other users by constructing malicious team names. This problem has been fixed in `v0.20.1`. 2024-05-14 6.5 CVE-2024-34699
[email protected]
[email protected]
German Mesky–GMAce
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in German Mesky GMAce allows Path Traversal.This issue affects GMAce: from n/a through 1.5.2. 2024-05-17 4.9 CVE-2023-23872
[email protected]
GhozyLab, Inc.–Popup Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 1.1.29. 2024-05-17 5.9 CVE-2024-34567
[email protected]
GitLab–GitLab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS attack on the server. 2024-05-14 6.5 CVE-2023-6682
[email protected]
[email protected]
GitLab–GitLab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server. 2024-05-14 6.5 CVE-2023-6688
[email protected]
[email protected]
GitLab–GitLab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request. 2024-05-14 6.5 CVE-2024-2454
[email protected]
[email protected]
GitLab–GitLab
 
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content. 2024-05-14 6.5 CVE-2024-2651
[email protected]
[email protected]
GitLab–GitLab
 
An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF. 2024-05-14 5.7 CVE-2024-4597
[email protected]
GitLab–GitLab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service. 2024-05-14 4.3 CVE-2024-4539
[email protected]
Google–Gvisor
 
A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox. We recommend upgrading past commit 6a112c60a257dadac59962e0bc9e9b5aee70b5b6 2024-05-15 4.8 CVE-2023-7258
[email protected]
Guido–VS Contact Form
 
Guessable CAPTCHA vulnerability in Guido VS Contact Form allows Functionality Bypass.This issue affects VS Contact Form: from n/a through 14.7. 2024-05-17 5.3 CVE-2024-30540
[email protected]
Gutenify–Gutenify
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gutenify.This issue affects Gutenify: from n/a through 1.4.0. 2024-05-14 5.3 CVE-2024-35165
[email protected]
HCL Software–BigFix Platform
 
An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. 2024-05-17 6.7 CVE-2024-23583
[email protected]
HCL Software–BigFix Platform
 
Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE). 2024-05-18 5.7 CVE-2024-23554
[email protected]
HCL Software–BigFix Platform
 
SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability. 2024-05-18 5.9 CVE-2024-23556
[email protected]
HCL Software–DRYiCE Lucy
 
HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning attacks. 2024-05-14 6.5 CVE-2023-37526
[email protected]
Harknell–AWSOM News Announcement
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Harknell AWSOM News Announcement allows Stored XSS.This issue affects AWSOM News Announcement: from n/a through 1.6.0. 2024-05-14 5.9 CVE-2024-34428
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point. 2024-05-14 5.3 CVE-2024-31478
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service. 2024-05-14 5.3 CVE-2024-31479
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service. 2024-05-14 5.3 CVE-2024-31480
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service. 2024-05-14 5.3 CVE-2024-31481
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point. 2024-05-14 5.3 CVE-2024-31482
[email protected]
Hewlett Packard Enterprise (HPE)–Aruba InstantOS and Aruba Access Points running ArubaOS 10
 
An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system. 2024-05-14 4.9 CVE-2024-31483
[email protected]
Hidden Depth–Sticky banner
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hidden Depth Sticky banner allows Stored XSS.This issue affects Sticky banner: from n/a through 1.2.0. 2024-05-14 5.9 CVE-2024-35170
[email protected]
Highfivery LLC–Zero Spam
 
Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through 5.5.6. 2024-05-17 5.3 CVE-2024-32521
[email protected]
Huawei–HarmonyOS
 
The WindowManager module has a vulnerability in permission control. Impact: Successful exploitation of this vulnerability may affect confidentiality. 2024-05-14 6.2 CVE-2023-52721
[email protected]
[email protected]
Huawei–HarmonyOS
 
Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect availability. 2024-05-14 6.1 CVE-2024-32990
[email protected]
[email protected]
Huawei–HarmonyOS
 
Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect availability. 2024-05-14 6.2 CVE-2024-32995
[email protected]
[email protected]
Huawei–HarmonyOS
 
Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect availability. 2024-05-14 6.2 CVE-2024-32996
[email protected]
[email protected]
Huawei–HarmonyOS
 
Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability. 2024-05-14 6.8 CVE-2024-32999
[email protected]
[email protected]
Huawei–HarmonyOS
 
Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability. 2024-05-14 6.4 CVE-2024-4046
[email protected]
[email protected]
Huawei–HarmonyOS
 
Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect availability. 2024-05-14 5.6 CVE-2024-32993
[email protected]
[email protected]
Huawei–HarmonyOS
 
NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect availability. 2024-05-14 5.9 CVE-2024-32998
[email protected]
[email protected]
Huawei–HarmonyOS
 
Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect availability. 2024-05-14 4.7 CVE-2023-52383
[email protected]
[email protected]
Huawei–HarmonyOS
 
Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect availability. 2024-05-14 4.7 CVE-2023-52384
[email protected]
[email protected]
Huawei–HarmonyOS
 
Race condition vulnerability in the soundtrigger module Impact: Successful exploitation of this vulnerability will affect availability. 2024-05-14 4.1 CVE-2023-52720
[email protected]
[email protected]
Huseyin Berberoglu–WP Favorite Posts
 
Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Favorite Posts.This issue affects WP Favorite Posts: from n/a through 1.6.8. 2024-05-14 4.3 CVE-2024-34427
[email protected]
IBM–App Connect Enterprise
 
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 285245. 2024-05-14 5.4 CVE-2024-28761
[email protected]
[email protected]
IBM–App Connect Enterprise
 
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244. 2024-05-14 4.3 CVE-2024-28760
[email protected]
[email protected]
IBM–QRadar SIEM
 
IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. IBM X-Force ID: 284575. 2024-05-14 6.8 CVE-2024-27269
[email protected]
[email protected]
IBM–SDK, Java Technology Edition
 
The IBM SDK, Java Technology Edition’s Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578. 2024-05-14 5.9 CVE-2023-38264
[email protected]
[email protected]
IBM–Security Guardium
 
IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690. 2024-05-16 4.4 CVE-2023-47717
[email protected]
[email protected]
IBM–Spectrum Fusion HCI
 
IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807. 2024-05-14 6.5 CVE-2023-43040
[email protected]
[email protected]
IBM–TXSeries for Multiplatforms
 
IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 280191. 2024-05-14 6.1 CVE-2024-22344
[email protected]
[email protected]
IBM–TXSeries for Multiplatforms
 
IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192. 2024-05-14 6.2 CVE-2024-22345
[email protected]
[email protected]
IBM–TXSeries for Multiplatforms
 
IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 280190. 2024-05-14 4 CVE-2024-22343
[email protected]
[email protected]
IBM–UrbanCode Deploy
 
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285654. 2024-05-14 5.4 CVE-2024-28781
[email protected]
[email protected]
ITPison–OMICARD EDM
 
ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability enables attackers to probe internal network information. 2024-05-15 5.3 CVE-2024-4894
[email protected]
[email protected]
Imran Sayed–Headless CMS
 
Missing Authorization vulnerability in Imran Sayed Headless CMS.This issue affects Headless CMS: from n/a through 2.0.3. 2024-05-17 5.3 CVE-2023-34186
[email protected]
JFrog–Artifactory
 
A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user’s account when clicking on a specially crafted URL sent to the victim’s user email. 2024-05-15 6.4 CVE-2024-2248
[email protected]
JetBrains–TeamCity
 
In JetBrains TeamCity before 2024.03.1 commit status publisher didn’t check project scope of the GitHub App token 2024-05-16 5.5 CVE-2024-35301
[email protected]
JetBrains–TeamCity
 
In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible 2024-05-16 5.4 CVE-2024-35302
[email protected]
JetBrains–YouTrack
 
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation 2024-05-16 5.9 CVE-2024-35299
[email protected]
Justin Silver–Remote Content Shortcode
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Justin Silver Remote Content Shortcode allows PHP Local File Inclusion.This issue affects Remote Content Shortcode: from n/a through 1.5. 2024-05-17 6.5 CVE-2023-45652
[email protected]
Justin Tadlock–Unique
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Justin Tadlock Unique allows Stored XSS.This issue affects Unique: from n/a through 0.3.0. 2024-05-14 6.5 CVE-2024-33952
[email protected]
Kashipara–College Management System
 
A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. This affects an unknown part of the file view_each_faculty.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263919. 2024-05-14 6.3 CVE-2024-4799
[email protected]
[email protected]
[email protected]
[email protected]
Kashipara–College Management System
 
A vulnerability has been found in Kashipara College Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file submit_student.php. The manipulation of the argument date_of_birth leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263920. 2024-05-14 6.3 CVE-2024-4800
[email protected]
[email protected]
[email protected]
[email protected]
Kashipara–College Management System
 
A vulnerability was found in Kashipara College Management System 1.0 and classified as critical. This issue affects some unknown processing of the file submit_new_faculty.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263921 was assigned to this vulnerability. 2024-05-14 6.3 CVE-2024-4801
[email protected]
[email protected]
[email protected]
[email protected]
Kashipara–College Management System
 
A vulnerability was found in Kashipara College Management System 1.0. It has been classified as critical. Affected is an unknown function of the file submit_extracurricular_activity.php. The manipulation of the argument activity_datetime leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263922 is the identifier assigned to this vulnerability. 2024-05-14 6.3 CVE-2024-4802
[email protected]
[email protected]
[email protected]
[email protected]
Kashipara–College Management System
 
A vulnerability was found in Kashipara College Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file submit_admin.php. The manipulation of the argument phone leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263923. 2024-05-14 6.3 CVE-2024-4803
[email protected]
[email protected]
[email protected]
[email protected]
Kashipara–College Management System
 
A vulnerability was found in Kashipara College Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263924. 2024-05-14 6.3 CVE-2024-4804
[email protected]
[email protected]
[email protected]
[email protected]
Kashipara–College Management System
 
A vulnerability classified as critical has been found in Kashipara College Management System 1.0. This affects an unknown part of the file edit_faculty.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263925 was assigned to this vulnerability. 2024-05-14 6.3 CVE-2024-4805
[email protected]
[email protected]
[email protected]
[email protected]
Kashipara–College Management System
 
A vulnerability classified as critical was found in Kashipara College Management System 1.0. This vulnerability affects unknown code of the file each_extracurricula_activities.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263926 is the identifier assigned to this vulnerability. 2024-05-14 6.3 CVE-2024-4806
[email protected]
[email protected]
[email protected]
[email protected]
Kashipara–College Management System
 
A vulnerability, which was classified as critical, has been found in Kashipara College Management System 1.0. This issue affects some unknown processing of the file delete_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263927. 2024-05-14 6.3 CVE-2024-4807
[email protected]
[email protected]
[email protected]
[email protected]
Kashipara–College Management System
 
A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. Affected is an unknown function of the file delete_faculty.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263928. 2024-05-14 6.3 CVE-2024-4808
[email protected]
[email protected]
[email protected]
[email protected]
Kashipara–College Management System
 
A vulnerability classified as critical has been found in Kashipara College Management System 1.0. Affected is an unknown function of the file view_students_each_detail.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-264438 is the identifier assigned to this vulnerability. 2024-05-15 6.3 CVE-2024-4905
[email protected]
[email protected]
[email protected]
[email protected]
Kiboko Labs–Arigato Autoresponder and Newsletter
 
Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter.This issue affects Arigato Autoresponder and Newsletter: from n/a through 2.7.2.3. 2024-05-14 4.3 CVE-2024-34823
[email protected]
Kioware–Kioware
 
KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number. 2024-05-14 6.2 CVE-2024-3461
[email protected]
[email protected]
[email protected]
Kubernetes–azure-file-csi-driver
 
A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag. 2024-05-15 6.5 CVE-2024-3744
[email protected]
[email protected]
Linux–Linux kernel
 
In register_device, the return value of ida_simple_get is unchecked, in witch ida_simple_get will use an invalid index value. To address this issue, index should be checked after ida_simple_get. When the index value is abnormal, a warning message should be printed, the port should be dropped, and the value should be recorded. 2024-05-14 5.3 CVE-2024-4810
[email protected]
LionScripts–IP Blocker Lite
 
Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows Functionality Bypass.This issue affects IP Blocker Lite: from n/a through 11.1.1. 2024-05-17 5.3 CVE-2024-30479
[email protected]
LizardByte–Sunshine
 
Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:Program.exe`, `C:Program.bat`, or `C:Program.cmd` on the user’s computer. This attack vector isn’t exploitable unless the user has manually loosened ACLs on the system drive. If the user’s system locale is not English, then the name of the executable will likely vary. Version 0.23.0 contains a patch for the issue. Some workarounds are available. One may identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate. Alternatively, ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory `C:`. Require that all executables be placed in write-protected directories. 2024-05-16 4.9 CVE-2024-31226
[email protected]
[email protected]
[email protected]
Matt van Andel–Adventure Journal
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Matt van Andel Adventure Journal allows Stored XSS.This issue affects Adventure Journal: from n/a through 1.7.2. 2024-05-14 6.5 CVE-2024-33953
[email protected]
Metagauss–EventPrime
 
Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6. 2024-05-17 5.3 CVE-2023-33321
[email protected]
Metagauss–ProfileGrid
 
Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.This issue affects ProfileGrid : from n/a through 5.8.2. 2024-05-17 4.3 CVE-2024-32774
[email protected]
Microchip–SAME70
 
A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71 microcontrollers allows access to the memory bus via the debug interface even if the security bit is set. 2024-05-16 6.3 CVE-2024-4760
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
Microsoft–.NET 7.0
 
Visual Studio Denial of Service Vulnerability 2024-05-14 5.9 CVE-2024-30046
[email protected]
Microsoft–.NET 8.0
 
.NET and Visual Studio Remote Code Execution Vulnerability 2024-05-14 6.3 CVE-2024-30045
[email protected]
Microsoft–Azure Migrate
 
Azure Migrate Cross-Site Scripting Vulnerability 2024-05-14 6.5 CVE-2024-30053
[email protected]
Microsoft–Microsoft Bing Search for iOS
 
Microsoft Bing Search Spoofing Vulnerability 2024-05-14 5.4 CVE-2024-30041
[email protected]
Microsoft–Microsoft Edge (Chromium-based)
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability 2024-05-14 5.4 CVE-2024-30055
[email protected]
Microsoft–Microsoft Intune Mobile Application Management
 
Microsoft Intune for Android Mobile Application Management Tampering Vulnerability 2024-05-14 6.1 CVE-2024-30059
[email protected]
Microsoft–Microsoft SharePoint Enterprise Server 2016
 
Microsoft SharePoint Server Information Disclosure Vulnerability 2024-05-14 6.5 CVE-2024-30043
[email protected]
Microsoft–PowerBI-client JS SDK
 
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability 2024-05-14 6.5 CVE-2024-30054
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-05-14 6.8 CVE-2024-29997
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-05-14 6.8 CVE-2024-29998
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-05-14 6.8 CVE-2024-29999
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-05-14 6.8 CVE-2024-30000
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-05-14 6.8 CVE-2024-30001
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-05-14 6.8 CVE-2024-30002
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-05-14 6.8 CVE-2024-30003
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-05-14 6.8 CVE-2024-30004
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-05-14 6.8 CVE-2024-30005
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-05-14 6.8 CVE-2024-30012
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-05-14 6.8 CVE-2024-30021
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows DWM Core Library Information Disclosure Vulnerability 2024-05-14 5.5 CVE-2024-30008
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Cryptographic Services Information Disclosure Vulnerability 2024-05-14 5.5 CVE-2024-30016
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability 2024-05-14 5.5 CVE-2024-30034
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Remote Access Connection Manager Information Disclosure Vulnerability 2024-05-14 5.5 CVE-2024-30039
[email protected]
Microsoft–Windows 10 Version 1809
 
Windows Mark of the Web Security Feature Bypass Vulnerability 2024-05-14 5.4 CVE-2024-30050
[email protected]
Microsoft–Windows Server 2019
 
Windows Hyper-V Denial of Service Vulnerability 2024-05-14 6.5 CVE-2024-30011
[email protected]
Microsoft–Windows Server 2019
 
DHCP Server Service Denial of Service Vulnerability 2024-05-14 6.5 CVE-2024-30019
[email protected]
Microsoft–Windows Server 2019
 
Windows Deployment Services Information Disclosure Vulnerability 2024-05-14 6.5 CVE-2024-30036
[email protected]
MongoDB Inc–MongoDB Server
 
An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5. 2024-05-14 5.3 CVE-2024-3374
[email protected]
N/A–N/A
 
The ‘WordPress RSS Aggregator’ WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the  ‘notice_id’  GET parameter. 2024-05-14 5.4 CVE-2024-4860
[email protected]
Nathan Vonnahme–Configure Login Timeout
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nathan Vonnahme Configure Login Timeout allows Stored XSS.This issue affects Configure Login Timeout: from n/a through 1.0. 2024-05-14 5.9 CVE-2024-34419
[email protected]
Ninja Team–Filebird
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird.This issue affects Filebird: from n/a through 5.6.3. 2024-05-14 5.3 CVE-2024-35166
[email protected]
OCDI–One Click Demo Import
 
Deserialization of Untrusted Data vulnerability in OCDI One Click Demo Import.This issue affects One Click Demo Import: from n/a through 3.2.0. 2024-05-14 4.4 CVE-2024-34433
[email protected]
OceanicJS–Oceanic
 
Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as `Client.rest.channels.removeBan` is not url-encoded, resulting in specially crafted input such as `../../../channels/{id}` being normalized into the url `/api/v10/channels/{id}`, and deleting a channel rather than removing a ban. Version 1.10.4 fixes this issue. Some workarounds are available. One may sanitize user input, ensuring strings are valid for the purpose they are being used for. One may also encode input with `encodeURIComponent` before providing it to the library. 2024-05-14 6.5 CVE-2024-34712
[email protected]
[email protected]
OpenText–iManager
 
Path Traversal found in OpenTextâ„¢ iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure. 2024-05-15 5.7 CVE-2024-3484
[email protected]
OpenText–iManager
 
Server Side Request Forgery vulnerability has been discovered in OpenTextâ„¢ iManager 3.2.6.0200. This could lead to senstive information disclosure. 2024-05-15 5.3 CVE-2024-3485
[email protected]
OpenText–iManager
 
File Upload vulnerability in unauthenticated session found in OpenTextâ„¢ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication. 2024-05-15 5.6 CVE-2024-3488
[email protected]
OpenText–iManager
 
Server Side Request Forgery vulnerability has been discovered in OpenTextâ„¢ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal. 2024-05-15 5.3 CVE-2024-3970
[email protected]
Orchestrated–Corona Virus (COVID-19) Banner & Live Data
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data allows Stored XSS.This issue affects Corona Virus (COVID-19) Banner & Live Data: from n/a through 1.8.0.2. 2024-05-14 5.9 CVE-2024-34429
[email protected]
PHOENIX CONTACT–CHARX SEC-3000
 
A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected. 2024-05-14 5 CVE-2024-28135
[email protected]
PHPGurukul–Online Course Registration System
 
A vulnerability classified as critical was found in PHPGurukul Online Course Registration System 3.1. Affected by this vulnerability is an unknown functionality of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264925 was assigned to this vulnerability. 2024-05-17 6.3 CVE-2024-5066
[email protected]
[email protected]
[email protected]
[email protected]
PaperCut–PaperCut NG, PaperCut MF
 
An arbitrary file deletion vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This vulnerability requires local login/console access to the PaperCut NG/MF server (eg: member of a domain admin group). 2024-05-14 6 CVE-2024-3037
eb41dac7-0af8-4f84-9f6d-0272772514f4
PaperCut–PaperCut NG, PaperCut MF
 
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This vulnerability requires local login/console access to the PaperCut NG/MF server (eg: member of a domain admin group). 2024-05-14 6 CVE-2024-4712
eb41dac7-0af8-4f84-9f6d-0272772514f4
Phil Baylog–QuickieBar
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Phil Baylog QuickieBar allows Stored XSS.This issue affects QuickieBar: from n/a through 1.8.4. 2024-05-14 5.9 CVE-2024-34425
[email protected]
PluginEver–Serial Numbers for WooCommerce License Manager
 
Missing Authorization vulnerability in PluginEver Serial Numbers for WooCommerce – License Manager.This issue affects Serial Numbers for WooCommerce – License Manager: from n/a through 1.7.3. 2024-05-17 5.3 CVE-2024-35173
[email protected]
PrestaShop–PrestaShop
 
PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available. 2024-05-14 5.3 CVE-2024-34717
[email protected]
[email protected]
Progress Software Corporation–WhatsUp Gold
 
In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold’s Issue exists in the HTTP Monitoring functionality.  Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery. 2024-05-14 5.4 CVE-2024-4562
[email protected]
[email protected]
Progress Software Corporation–WhatsUp Gold
 
In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold’s FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server. 2024-05-14 4.2 CVE-2024-4561
[email protected]
[email protected]
Progress Software–Telerik Report Server
 
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. 2024-05-15 6.5 CVE-2024-4357
[email protected]
Progress Software–Telerik Report Server
 
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability. 2024-05-15 5.3 CVE-2024-4837
[email protected]
Proofpoint–Enterprise Protection
 
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses. 2024-05-14 5 CVE-2024-0862
[email protected]
QODE Interactive–Qi Addons For Elementor
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through 1.6.3. 2024-05-17 6.4 CVE-2023-47679
[email protected]
RadiusTheme–ShopBuilder Elementor WooCommerce Builder Addons
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through 2.1.8. 2024-05-14 5.3 CVE-2024-34812
[email protected]
RafflePress–Giveaways and Contests
 
Authentication Bypass by Spoofing vulnerability in RafflePress Giveaways and Contests allows Functionality Bypass.This issue affects Giveaways and Contests: from n/a through 1.12.7. 2024-05-17 5.3 CVE-2024-32827
[email protected]
Rashed Latif–TT Custom Post Type Creator
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rashed Latif TT Custom Post Type Creator allows Stored XSS.This issue affects TT Custom Post Type Creator: from n/a through 1.0. 2024-05-14 5.9 CVE-2024-34430
[email protected]
Red Hat–Red Hat Advanced Cluster Management for Kubernetes 2
 
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster. 2024-05-17 6.6 CVE-2024-5042
[email protected]
[email protected]
[email protected]
Red Hat–Red Hat Enterprise Linux 6
 
A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). This flaw allows a malicious guest to crash the QEMU process on the host. 2024-05-14 5.5 CVE-2024-4693
[email protected]
[email protected]
Red Hat–Red Hat OpenStack Platform 16.2
 
An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs. 2024-05-14 5.5 CVE-2024-4840
[email protected]
[email protected]
Red Hat–Red Hat Satellite 6
 
A vulnerability was found in Satellite. When running a remote execution job on a host, the host’s SSH key is not being checked. When the key changes, the Satellite still connects it because it uses “-o StrictHostKeyChecking=no”. This flaw can lead to a man-in-the-middle attack (MITM), denial of service, leaking of secrets the remote execution job contains, or other issues that may arise from the attacker’s ability to forge an SSH key. This issue does not directly allow unauthorized remote execution on the Satellite, although it can leak secrets that may lead to it. 2024-05-14 6.8 CVE-2024-4871
[email protected]
[email protected]
Revmakx–WPCal.io Easy Meeting Scheduler
 
Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8. 2024-05-14 5.4 CVE-2024-34816
[email protected]
Ruijie–RG-UAC
 
A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240506. Affected is an unknown function of the file /view/networkConfig/physicalInterface/interface_commit.php. The manipulation of the argument name leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-263934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-14 6.3 CVE-2024-4813
[email protected]
[email protected]
[email protected]
[email protected]
Ruijie–RG-UAC
 
A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240506. Affected by this vulnerability is an unknown functionality of the file /view/networkConfig/RouteConfig/StaticRoute/static_route_edit_commit.php. The manipulation of the argument oldipmask/oldgateway leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263935. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-14 6.3 CVE-2024-4814
[email protected]
[email protected]
[email protected]
[email protected]
Ruijie–RG-UAC
 
A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240506. Affected by this issue is some unknown functionality of the file /view/bugSolve/viewData/detail.php. The manipulation of the argument filename leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263936. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-14 6.3 CVE-2024-4815
[email protected]
[email protected]
[email protected]
[email protected]
Ruijie–RG-UAC
 
A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240506. This affects an unknown part of the file /view/networkConfig/GRE/gre_add_commit.php. The manipulation of the argument name/remote/local/IP leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263937 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-14 6.3 CVE-2024-4816
[email protected]
[email protected]
[email protected]
[email protected]
SAP_SE–SAP BusinessObjects Business Intelligence Platform (Webservices)
 
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application. 2024-05-14 4.3 CVE-2024-33004
[email protected]
[email protected]
SAP_SE–SAP Enable Now
 
SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role ‘Learner’ could gain access to other user’s data in manager which will lead to a high impact to the confidentiality of the application. 2024-05-14 6.5 CVE-2024-32730
[email protected]
[email protected]
SAP_SE–SAP Global Label Management (GLM)
 
SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application. 2024-05-14 4.2 CVE-2024-33009
[email protected]
[email protected]
SAP_SE–SAP My Travel Requests 
 
SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality, integrity and availability of the application.  2024-05-14 5.5 CVE-2024-32731
[email protected]
[email protected]
SAP_SE–SAP NetWeaver Application Server ABAP and ABAP Platform 
 
Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify sensitive information with no impact on availability of the application 2024-05-14 6.1 CVE-2024-32733
[email protected]
[email protected]
SAP_SE–SAP NetWeaver Application server for ABAP and ABAP Platform
 
SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the system. 2024-05-14 6.5 CVE-2024-34687
[email protected]
[email protected]
SAP_SE–SAP Replication Server 
 
SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system. 2024-05-14 4.9 CVE-2024-33008
[email protected]
[email protected]
SAP_SE–SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
 
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected. 2024-05-14 4.3 CVE-2024-4138
[email protected]
[email protected]
SAP_SE–SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
 
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected. 2024-05-14 4.3 CVE-2024-4139
[email protected]
[email protected]
SAP_SE–SAP S/4HANA (Document Service Handler for DPS)
 
Document Service handler (obsolete) in Data Provisioning Service does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability with low impact on Confidentiality and Integrity of the application. 2024-05-14 6.1 CVE-2024-33002
[email protected]
[email protected]
SKT Themes–SKT Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 1.8. 2024-05-14 6.5 CVE-2024-34436
[email protected]
SKT Themes–SKT Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 1.8. 2024-05-14 6.5 CVE-2024-34445
[email protected]
SailPoint–Identity Security Cloud
 
An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants. 2024-05-15 6.5 CVE-2024-3317
[email protected]
SailPoint–Identity Security Cloud
 
A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file” attribute, which in turn allowed the user to access files uploaded for other sources. 2024-05-15 4.2 CVE-2024-3318
[email protected]
SakuraIsayeki–WOWS-Karma
 
WOWS Karma is a reputation system for Wargaming’s World of Warships. A user is able to click multiple times on “create” on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously requests bypasses the cooldown validation, however are not refreshing a user’s metrics more than once, due to concurrent karma updates. This issue is fixed in 0.17.4.1. 2024-05-14 6.3 CVE-2024-34695
[email protected]
[email protected]
[email protected]
Salon Booking System–Salon booking system
 
Improper Privilege Management vulnerability in Salon Booking System Salon booking system allows Privilege Escalation.This issue affects Salon booking system: from n/a through 8.6. 2024-05-17 6.8 CVE-2023-48319
[email protected]
Samsung Open Source–Escargot
 
Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. However, it occurs in the test code and does not include in the release. This issue affects escargot: 4.0.0. 2024-05-14 5.3 CVE-2024-32669
[email protected]
Samsung Open Source–Escargot
 
A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input. This issue affects Escargot: 4.0.0. 2024-05-14 5.3 CVE-2024-32672
[email protected]
Samuel Marshall–JCH Optimize
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.2.0. 2024-05-16 4.3 CVE-2024-34808
[email protected]
ShortPixel–ShortPixel Adaptive Images
 
Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.3. 2024-05-14 4.4 CVE-2024-35172
[email protected]
ShortPixel–ShortPixel Adaptive Images
 
Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.3. 2024-05-14 4.3 CVE-2024-4689
[email protected]
SiAdmin–SiAdmin
 
Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php query parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and thereby steal their cookie session credentials. 2024-05-16 6.3 CVE-2024-4993
[email protected]
Siemens–OPUPI0 AMQP/MQTT
 
A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss. 2024-05-14 5.3 CVE-2024-31486
[email protected]
Siemens–Polarion ALM
 
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user’s allowed projects. 2024-05-14 6.5 CVE-2024-33647
[email protected]
Siemens–RUGGEDCOM CROSSBOW
 
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges. 2024-05-14 6.5 CVE-2024-27946
[email protected]
Siemens–RUGGEDCOM CROSSBOW
 
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client. 2024-05-14 5.3 CVE-2024-27947
[email protected]
Siemens–S7-PCT
 
A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC Unified PC Runtime (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions), SIMATIC WinCC V8.0 (All versions), SINAMICS Startdrive (All versions < V19 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel. 2024-05-14 6.5 CVE-2023-46280
[email protected]
Siemens–SIMATIC RTLS Locating Manager
 
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The “DBTest” tool of SIMATIC RTLS Locating Manager does not properly enforce access restriction. This could allow an authenticated local attacker to extract sensitive information from memory. 2024-05-14 6.3 CVE-2024-30208
[email protected]
Siemens–SIMATIC RTLS Locating Manager
 
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected components do not properly authenticate heartbeat messages. This could allow an unauthenticated remote attacker to affected the availability of secondary RTLS systems configured using a TeeRevProxy service and potentially cause loss of data generated during the time the attack is ongoing. 2024-05-14 6.5 CVE-2024-33494
[email protected]
Siemens–SIMATIC RTLS Locating Manager
 
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected application does not properly limit the size of specific logs. This could allow an unauthenticated remote attacker to exhaust system resources by creating a great number of log entries which could potentially lead to a denial of service condition. A successful exploitation requires the attacker to have access to specific SIMATIC RTLS Locating Manager Clients in the deployment. 2024-05-14 6.5 CVE-2024-33495
[email protected]
Siemens–SIMATIC RTLS Locating Manager
 
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role. 2024-05-14 6.3 CVE-2024-33496
[email protected]
Siemens–SIMATIC RTLS Locating Manager
 
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Track Viewer Client do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role. 2024-05-14 6.3 CVE-2024-33497
[email protected]
Siemens–SIMATIC RTLS Locating Manager
 
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected applications do not properly release memory that is allocated when handling specifically crafted incoming packets. This could allow an unauthenticated remote attacker to cause a denial of service condition by crashing the service when it runs out of memory. The service is restarted automatically after a short time. 2024-05-14 5.3 CVE-2024-33498
[email protected]
SourceCodester–Best Courier Management System
 
A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file view_parcel.php. The manipulation of the argument id leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264480. 2024-05-16 4.3 CVE-2024-4945
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Employee and Visitor Gate Pass Logging System
 
A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /employee_gatepass/classes/Users.php?f=ssave. The manipulation of the argument img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264456. 2024-05-16 6.3 CVE-2024-4921
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Gas Agency Management System
 
A vulnerability has been found in SourceCodester Gas Agency Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file edituser.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264748. 2024-05-17 6.3 CVE-2024-5051
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Interactive Map with Marker
 
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264535. 2024-05-16 6.3 CVE-2024-4967
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Online Art Gallery Management System
 
A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/adminHome.php. The manipulation of the argument sliderpic leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264481 was assigned to this vulnerability. 2024-05-16 6.3 CVE-2024-4946
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Online Birth Certificate Management System
 
A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264742 is the identifier assigned to this vulnerability. 2024-05-17 5.3 CVE-2024-5045
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Online Computer and Laptop Store
 
A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263918 is the identifier assigned to this vulnerability. 2024-05-14 6.3 CVE-2024-4798
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Online Computer and Laptop Store
 
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263941 was assigned to this vulnerability. 2024-05-14 6.3 CVE-2024-4820
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Open Source Clinic Management System
 
A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file setting.php. The manipulation of the argument logo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263929 was assigned to this vulnerability. 2024-05-14 6.3 CVE-2024-4809
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–School Intramurals Student Attendance Management System
 
A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /intrams_sams/manage_course.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264461 was assigned to this vulnerability. 2024-05-16 6.3 CVE-2024-4925
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–School Intramurals Student Attendance Management System
 
A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /intrams_sams/manage_student.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-264462 is the identifier assigned to this vulnerability. 2024-05-16 6.3 CVE-2024-4926
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Simple Online Bidding System
 
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264463. 2024-05-16 6.3 CVE-2024-4927
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Simple Online Bidding System
 
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=delete_category. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264464. 2024-05-16 6.3 CVE-2024-4928
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Simple Online Bidding System
 
A vulnerability classified as critical was found in SourceCodester Simple Online Bidding System 1.0. This vulnerability affects unknown code of the file /simple-online-bidding-system/index.php?page=view_prod. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264466 is the identifier assigned to this vulnerability. 2024-05-16 6.3 CVE-2024-4930
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Simple Online Bidding System
 
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0. This issue affects some unknown processing of the file /simple-online-bidding-system/admin/index.php?page=view_udet. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264467. 2024-05-16 6.3 CVE-2024-4931
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Simple Online Bidding System
 
A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0. Affected is an unknown function of the file /simple-online-bidding-system/admin/index.php?page=manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264468. 2024-05-16 6.3 CVE-2024-4932
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Simple Online Bidding System
 
A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/index.php?page=manage_product. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264469 was assigned to this vulnerability. 2024-05-16 6.3 CVE-2024-4933
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Simple Online Bidding System
 
A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264465 was assigned to this vulnerability. 2024-05-16 4.3 CVE-2024-4929
[email protected]
[email protected]
[email protected]
[email protected]
SourceCodester–Simple Online Mens Salon Management System
 
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Mens Salon Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264926 is the identifier assigned to this vulnerability. 2024-05-17 6.3 CVE-2024-5069
[email protected]
[email protected]
[email protected]
[email protected]
Sparkle WP–Editorialmag
 
Missing Authorization vulnerability in Sparkle WP Editorialmag editorialmag.This issue affects Editorialmag: from n/a through 1.1.9. 2024-05-17 4.3 CVE-2023-32129
[email protected]
Stefano Lissa & The Newsletter Team–Newsletter
 
Authentication Bypass by Spoofing vulnerability in Stefano Lissa & The Newsletter Team Newsletter allows Functionality Bypass.This issue affects Newsletter: from n/a through 8.2.0. 2024-05-17 5.3 CVE-2024-30522
[email protected]
Strategy11 Form Builder Team–Formidable Forms
 
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7. 2024-05-17 5.3 CVE-2024-23522
[email protected]
StylemixThemes–Cost Calculator Builder PRO
 
Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the send_demo_webhook() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. 2024-05-17 6.4 CVE-2024-4789
[email protected]
[email protected]
Supsystic–Pricing Table by Supsystic
 
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Supsystic Pricing Table by Supsystic allows Code Injection.This issue affects Pricing Table by Supsystic: from n/a through 1.9.12. 2024-05-17 4.3 CVE-2024-32790
[email protected]
Swift Ideas–Swift Framework
 
The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sf_edit_directory_item() function in all versions up to, and including, 2.7.31. This makes it possible for unauthenticated attackers to update arbitrary posts with arbitrary content. Unfortunately, we did not receive a response from the vendor to send over the vulnerability details. 2024-05-14 5.3 CVE-2024-3915
[email protected]
[email protected]
Swift Ideas–Swift Framework
 
The Swift Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin’s shortcodes in all versions up to, and including, 2.7.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Unfortunately, we did not receive a response from the vendor to send over the vulnerability details. 2024-05-14 5.3 CVE-2024-3916
[email protected]
[email protected]
Sylius–Sylius
 
Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The code will be executed while using an autocomplete field with one of the listed entities in the Admin Panel. Also for the taxons in the category tree on the product form.The issue is fixed in versions: 1.12.16, 1.13.1. 2024-05-14 6.1 CVE-2024-34349
[email protected]
[email protected]
Synaptics–Synaptics Fingerprint Driver
 
Missing lock check in SynHsaService may create a use-after-free condition which causes abnormal termination of the service, resulting in denial of service for the Synaptics Hardware Support App. 2024-05-14 5.5 CVE-2023-5447
[email protected]
TIBCO–Hawk
 
Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user’s Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files. 2024-05-15 6.5 CVE-2024-3182
[email protected]
TYPO3–typo3
 
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1 fix the problem described. 2024-05-14 5.4 CVE-2024-34356
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
TYPO3–typo3
 
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the `ShowImageController` (`_eID tx_cms_showpic_`) is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to file entities. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described. 2024-05-14 5.4 CVE-2024-34357
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
TYPO3–typo3
 
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the `ShowImageController` (`_eID tx_cms_showpic_`) lacks a cryptographic HMAC-signature on the `frame` HTTP query parameter (e.g. `/index.php?eID=tx_cms_showpic?file=3&…&frame=12345`). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described. 2024-05-14 5.3 CVE-2024-34358
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
Tech9logy Creators–WPCS ( WordPress Custom Search )
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tech9logy Creators WPCS ( WordPress Custom Search ) allows Stored XSS.This issue affects WPCS ( WordPress Custom Search ): from n/a through 1.1. 2024-05-14 5.9 CVE-2024-34418
[email protected]
The Events Calendar–BookIt
 
Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0. 2024-05-17 6.5 CVE-2024-24715
[email protected]
Theme Freesia–Freesia Empire
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Theme Freesia Freesia Empire allows Stored XSS.This issue affects Freesia Empire: from n/a through 1.4.1. 2024-05-14 6.5 CVE-2024-33955
[email protected]
ThemeFuse–Unyson
 
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFuse Unyson.This issue affects Unyson: from n/a through 2.7.29. 2024-05-14 5.4 CVE-2024-34814
[email protected]
ThemeLocation–Custom WooCommerce Checkout Fields Editor
 
Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0. 2024-05-14 4.3 CVE-2024-33956
[email protected]
ThemeNectar–Salient Shortcodes
 
The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘icon’ shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-18 6.4 CVE-2024-3811
[email protected]
[email protected]
ThimPress–Thim Elementor Kit
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThimPress Thim Elementor Kit allows Stored XSS.This issue affects Thim Elementor Kit: from n/a through 1.1.8. 2024-05-14 6.5 CVE-2024-34415
[email protected]
ThroughTek–Kalay SDK
 
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server. 2024-05-15 4.3 CVE-2023-6323
[email protected]
Toidicode.com (thanhtaivtt)–Viet Nam Affiliate
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Toidicode.Com (thanhtaivtt) Viet Nam Affiliate allows Stored XSS.This issue affects Viet Nam Affiliate: from n/a through 1.0.0. 2024-05-14 5.9 CVE-2024-34417
[email protected]
Tongda–OA
 
A vulnerability was found in Tongda OA 2017. It has been declared as critical. This vulnerability affects unknown code of the file /general/meeting/manage/delete.php. The manipulation of the argument M_ID_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264436. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-15 6.3 CVE-2024-4903
[email protected]
[email protected]
[email protected]
[email protected]
Trellix–ePolicy Orchestrator
 
ePO doesn’t allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege. 2024-05-16 4.3 CVE-2024-4843
[email protected]
UkrSolution–Barcode Scanner with Inventory & Order Manager
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.4. 2024-05-14 5.3 CVE-2024-34556
[email protected]
UkrSolution–Barcode Scanner with Inventory & Order Manager
 
Cross-Site Request Forgery (CSRF) vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.4. 2024-05-14 4.3 CVE-2024-34557
[email protected]
Uniform Server Zero–Uniform Server Zero
 
vulnerability in Uniform Server Zero, version 10.2.5, consisting of an XSS through the /us_extra/phpinfo.php page. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and partially take over their session details. 2024-05-14 6.3 CVE-2023-5052
[email protected]
Valiano–Unite Gallery Lite
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59. 2024-05-17 6 CVE-2023-33310
[email protected]
ValvePress–WordPress Automatic Plugin
 
The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-18 6.4 CVE-2024-4849
[email protected]
[email protected]
VeronaLabs–WP SMS
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.5.1. 2024-05-14 5.9 CVE-2024-34811
[email protected]
Visualmodo–Borderless Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Visualmodo Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg allows Stored XSS.This issue affects Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg: from n/a through 1.5.3. 2024-05-17 6.5 CVE-2024-34757
[email protected]
W3 Eden Inc.–Download Manager
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through 3.2.82. 2024-05-17 5.3 CVE-2024-32131
[email protected]
WBSAirback–White Bear Solutions
 
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 disks (/admin/DeviceS3). Exploitation of this vulnerability could allow a remote user to execute arbitrary code. 2024-05-14 6.6 CVE-2024-3787
[email protected]
WBSAirback–White Bear Solutions
 
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through License (/admin/CDPUsers). Exploitation of this vulnerability could allow a remote user to execute arbitrary code. 2024-05-14 6.6 CVE-2024-3788
[email protected]
WBSAirback–White Bear Solutions
 
Uncontrolled resource consumption vulnerability in White Bear Solutions WBSAirback, version 21.02.04. This vulnerability could allow an attacker to send multiple command injection payloads to influence the amount of resources consumed. 2024-05-14 6.5 CVE-2024-3789
[email protected]
WBSAirback–White Bear Solutions
 
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. 2024-05-14 4.8 CVE-2024-3790
[email protected]
WBSAirback–White Bear Solutions
 
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. 2024-05-14 4.8 CVE-2024-3791
[email protected]
WBSAirback–White Bear Solutions
 
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/DeviceReplication, execution range field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. 2024-05-14 4.8 CVE-2024-3792
[email protected]
WBSAirback–White Bear Solutions
 
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. 2024-05-14 4.8 CVE-2024-3793
[email protected]
WBSAirback–White Bear Solutions
 
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/AdvancedSystem, description field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. 2024-05-14 4.8 CVE-2024-3794
[email protected]
WBSAirback–White Bear Solutions
 
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupTemplate, name / description fields. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. 2024-05-14 4.8 CVE-2024-3795
[email protected]
WBSAirback–White Bear Solutions
 
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupSchedule, description field. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. 2024-05-14 4.8 CVE-2024-3796
[email protected]
WP Club Manager–WP Club Manager
 
Missing Authorization vulnerability in WP Club Manager.This issue affects WP Club Manager: from n/a through 2.2.11. 2024-05-14 5.3 CVE-2024-32719
[email protected]
WP Happy Coders–Comments Like Dislike
 
Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through 1.2.2. 2024-05-17 4.3 CVE-2024-25906
[email protected]
WP Royal–Royal Elementor Addons
 
Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through 1.3.93. 2024-05-17 5.3 CVE-2024-32786
[email protected]
WPBlockart–Magazine Blocks
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPBlockart Magazine Blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through 1.3.6. 2024-05-16 5.9 CVE-2024-34760
[email protected]
WPDeveloper–SchedulePress
 
Missing Authorization vulnerability in WPDeveloper SchedulePress.This issue affects SchedulePress: from n/a through 5.0.8. 2024-05-14 6.5 CVE-2024-32717
[email protected]
WPMU DEV–Defender Security
 
Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. 2024-05-17 5 CVE-2022-44581
[email protected]
WPMU DEV–Defender Security
 
Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1. 2024-05-17 5.3 CVE-2024-25595
[email protected]
Wangshen–SecGate 3600
 
A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=log_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-264747. 2024-05-17 6.3 CVE-2024-5050
[email protected]
[email protected]
[email protected]
[email protected]
Warfare Plugins–Social Warfare
 
Cross-Site Request Forgery (CSRF) vulnerability in Warfare Plugins Social Warfare.This issue affects Social Warfare: from n/a through 4.4.5.1. 2024-05-14 4.3 CVE-2024-34825
[email protected]
Web-Settler–Landing Page Builder Free Landing Page Templates
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Web-Settler Landing Page Builder – Free Landing Page Templates allows Path Traversal.This issue affects Landing Page Builder – Free Landing Page Templates: from n/a through 3.1.9.9. 2024-05-17 6.8 CVE-2023-24379
[email protected]
WebToffee–Order Export & Order Import for WooCommerce
 
Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.9. 2024-05-16 4.4 CVE-2024-34751
[email protected]
Webvitaly–iFrame
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0. 2024-05-16 6.5 CVE-2024-34805
[email protected]
Wireshark Foundation–Wireshark
 
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file 2024-05-14 6.4 CVE-2024-4854
[email protected]
[email protected]
[email protected]
[email protected]
WordPlus–BP Better Messages
 
Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32. 2024-05-17 5.3 CVE-2024-32802
[email protected]
Wpmet–Wp Ultimate Review
 
Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.3.2. 2024-05-17 5.3 CVE-2024-21746
[email protected]
Wpmet–Wp Ultimate Review
 
Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.2.5. 2024-05-17 5.3 CVE-2024-32685
[email protected]
Zoom Video Communications, Inc.–Zoom Workplace VDI App for Windows
 
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access. 2024-05-15 6.7 CVE-2024-27244
[email protected]
Zoom Video Communications, Inc.–see references
 
Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access. 2024-05-15 6.5 CVE-2024-27243
[email protected]
abuhayat–HTML5 Audio Player- Best WordPress Audio Player Plugin
 
The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-4398
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
aio-libs–aiosmtpd
 
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue. 2024-05-18 5.4 CVE-2024-34083
[email protected]
[email protected]
[email protected]
argoproj–argo-cd
 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and 2.8.16. 2024-05-14 6.5 CVE-2024-32476
[email protected]
[email protected]
[email protected]
[email protected]
asterisk–asterisk
 
Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1. 2024-05-17 5.8 CVE-2024-35190
[email protected]
[email protected]
[email protected]
[email protected]
athemes–Sydney Toolbox
 
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the “aThemes: Portfolio” widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-4473
[email protected]
[email protected]
automattic–Jetpack WP Security, Backup, Speed, & Growth
 
The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpvideo shortcode in all versions up to, and including, 13.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-4392
[email protected]
[email protected]
avimegladon–Custom Post Type Attachment
 
The Custom Post Type Attachment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘pdf_attachment’ shortcode in all versions up to, and including, 3.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-16 6.4 CVE-2024-4546
[email protected]
[email protected]
bdthemes–Prime Slider Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
 
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-4339
[email protected]
[email protected]
blakeblackshear–frigate
 
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no limitation set on the length of the filename and the costy use of the Unicode normalization with the form NFKD under the hood of `secure_filename()`. 2024-05-14 6.8 CVE-2024-32874
[email protected]
[email protected]
blocksera–Image Hover Effects Elementor Addon
 
The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Image Hover Effects Widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-1166
[email protected]
[email protected]
boldgrid–Post and Page Builder by BoldGrid Visual Drag and Drop Editor
 
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-16 6.4 CVE-2024-4400
[email protected]
[email protected]
brainstormforce–Elementor Header & Footer Builder
 
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-16 6.4 CVE-2024-4634
[email protected]
[email protected]
[email protected]
brainstormforce–Elementor Header & Footer Builder
 
The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary HTML in pages that will be shown whenever a user accesses an injected page. 2024-05-16 5 CVE-2024-2619
[email protected]
[email protected]
[email protected]
[email protected]
brainstormforce–Starter Templates Elementor, WordPress & Beaver Builder Templates
 
The Starter Templates – Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-4630
[email protected]
[email protected]
[email protected]
brainstormforce–Starter Templates Elementor, WordPress & Beaver Builder Templates
 
The Starter Templates – Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. 2024-05-14 4.3 CVE-2024-1467
[email protected]
[email protected]
[email protected]
britner–Gutenberg Blocks with AI by Kadence WP Page Builder Features
 
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-15 6.4 CVE-2024-4208
[email protected]
[email protected]
britner–Gutenberg Blocks with AI by Kadence WP Page Builder Features
 
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-4209
[email protected]
[email protected]
[email protected]
britner–Gutenberg Blocks with AI by Kadence WP Page Builder Features
 
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute of the plugin’s blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-4481
[email protected]
[email protected]
britner–Gutenberg Blocks with AI by Kadence WP Page Builder Features
 
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘Testimonial’, ‘Progress Bar’, ‘Lottie Animations’, ‘Row Layout’, ‘Google Maps’, and ‘Advanced Gallery’ blocks in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-15 5.4 CVE-2024-3189
[email protected]
[email protected]
[email protected]
[email protected]
buddypress–BuddyPress
 
The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-3974
[email protected]
[email protected]
[email protected]
[email protected]
carazo–Import and export users and customers
 
The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-15 4.4 CVE-2024-4656
[email protected]
[email protected]
carazo–Import and export users and customers
 
The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-05-15 4.4 CVE-2024-4734
[email protected]
[email protected]
code-projects–Budget Management
 
A vulnerability classified as critical was found in code-projects Budget Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument edit leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264745 was assigned to this vulnerability. 2024-05-17 6.3 CVE-2024-5048
[email protected]
[email protected]
[email protected]
[email protected]
code-projects–Simple Chat System
 
A vulnerability classified as critical has been found in code-projects Simple Chat System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264537 was assigned to this vulnerability. 2024-05-16 6.3 CVE-2024-4972
[email protected]
[email protected]
[email protected]
[email protected]
code-projects–Simple Chat System
 
A vulnerability classified as critical was found in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of the argument name/number/address leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264538 is the identifier assigned to this vulnerability. 2024-05-16 6.3 CVE-2024-4973
[email protected]
[email protected]
[email protected]
[email protected]
codename065–Sliding Widgets
 
Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).This issue affects Sliding Widgets: from n/a through 1.5.0. 2024-05-14 6.5 CVE-2024-33938
[email protected]
codewoogeek–Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro
 
The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1. This is due to the plugin for WordPress allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. 2024-05-14 6.5 CVE-2024-4038
[email protected]
[email protected]
creativethemeshq–Blocksy Companion
 
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-4487
[email protected]
[email protected]
[email protected]
creativethemeshq–Blocksy
 
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-4158
[email protected]
[email protected]
croixhaug–Appointment Booking Calendar Simply Schedule Appointments Booking Plugin
 
The Appointment Booking Calendar – Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-16 6.4 CVE-2024-4288
[email protected]
[email protected]
[email protected]
daext–Soccer Engine Soccer Plugin for WordPress
 
The Soccer Engine – Soccer Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation when saving match and team settings. This makes it possible for unauthenticated attackers to change plugin settings as well as teams, players, etc. via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-05-14 4.3 CVE-2024-4312
[email protected]
[email protected]
davidanderson–Testimonial Slider
 
The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘testimonialcategory’ shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-4193
[email protected]
[email protected]
deTheme–DethemeKit For Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.2. 2024-05-17 6.5 CVE-2024-34575
[email protected]
detheme–DethemeKit For Elementor
 
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-18 6.4 CVE-2024-4374
[email protected]
[email protected]
devitemsllc–HT Mega Absolute Addons For Elementor
 
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-3989
[email protected]
[email protected]
devitemsllc–HT Mega Absolute Addons For Elementor
 
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip & Popover Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-3990
[email protected]
[email protected]
[email protected]
[email protected]
devitemsllc–ShopLentor WooCommerce Builder for Elementor & Gutenberg +12 Modules All in One Solution (formerly WooLentor)
 
The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchased in the past week, along with the users that purchased them. 2024-05-14 5.3 CVE-2023-6327
[email protected]
[email protected]
[email protected]
directus–directus
 
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.0, session tokens function like the other JWT tokens where they are not actually invalidated when logging out. The `directus_session` gets destroyed and the cookie gets deleted but if the cookie value is captured, it will still work for the entire expiry time which is set to 1 day by default. Making it effectively a long lived unrevokable stateless token instead of the stateful session token it was meant to be. This vulnerability is fixed in 10.11.0. 2024-05-14 5.4 CVE-2024-34709
[email protected]
[email protected]
directus–directus
 
Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the `alias` functionality on the API. Normally, these redacted fields will return `**********` however if we change the request to `?alias[workaround]=redacted` we can instead retrieve the plain text value for the field. This can be avoided by removing permission to view the sensitive fields entirely from users or roles that should not be able to see them. This vulnerability is fixed in 10.11.0. 2024-05-14 4.9 CVE-2024-34708
[email protected]
[email protected]
divSpot–DS Site Message
 
Cross-Site Request Forgery (CSRF) vulnerability in divSpot DS Site Message.This issue affects DS Site Message: from n/a through 1.14.4. 2024-05-14 4.3 CVE-2024-34439
[email protected]
envothemes–Envo Extra
 
The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-16 6.4 CVE-2024-4385
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
fluxcd–source-controller
 
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to version 1.2.5, when source-controller was configured to use an Azure SAS token when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access to the Azure Blob Storage until the token expires. This vulnerability was fixed in source-controller v1.2.5. There is no workaround for this vulnerability except for using a different auth mechanism such as Azure Workload Identity. 2024-05-15 5.1 CVE-2024-31216
[email protected]
[email protected]
[email protected]
frappe–frappe
 
Frappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used by malicious actors for phishing. This vulnerability is fixed in 15.26.0 and 14.74.0. 2024-05-14 6.1 CVE-2024-34074
[email protected]
[email protected]
[email protected]
freescout-helpdesk–freescout
 
FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the `/public/js/main.js` source file. The Prototype Pollution arises because the `getQueryParam` Function recursively merges an object containing user-controllable properties into an existing object (For URL Query Parameters Parsing), without first sanitizing the keys. This can allow an attacker to inject a property with a key `__proto__`, along with arbitrarily nested properties. The merge operation assigns the nested properties to the `params` object’s prototype instead of the target object itself. As a result, the attacker can pollute the prototype with properties containing harmful values, which are then inherited by user-defined objects and subsequently used by the application dangerously. The vulnerability lets an attacker control properties of objects that would otherwise be inaccessible. If the application subsequently handles an attacker-controlled property in an unsafe way, this can potentially be chained with other vulnerabilities like DOM-based XSS, Open Redirection, Cookie Manipulation, Link Manipulation, HTML Injection, etc. Version 1.8.139 contains a patch for the issue. 2024-05-14 4.6 CVE-2024-34698
[email protected]
[email protected]
giuliopanda–ADFO Custom data in admin dashboard
 
The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dbp_id’ parameter in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-05-14 6.1 CVE-2024-4104
[email protected]
[email protected]
[email protected]
giuliopanda–ADFO Custom data in admin dashboard
 
The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0. This is due to missing or incorrect nonce validation on several functions hooked via the controller() function. This makes it possible for unauthenticated attackers to edit the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-05-14 4.3 CVE-2024-4103
[email protected]
[email protected]
https://elementor.com/–Elementor Website Builder Pro
 
The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-4107
[email protected]
[email protected]
iePlexus–Featured Content Gallery
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in iePlexus Featured Content Gallery allows Stored XSS.This issue affects Featured Content Gallery: from n/a through 3.2.0. 2024-05-14 5.9 CVE-2024-34424
[email protected]
iqonicdesign–Graphina Elementor Charts and Graphs
 
The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-4574
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
ithemelandco–Bulk Posts Editing For WordPress
 
The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin’s AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to invoke their corresponding functions. This may lead to post creation and duplication, post content retrieval, post taxonomy manipulation. 2024-05-15 4.3 CVE-2024-4199
[email protected]
[email protected]
ithemelandco–Bulk Posts Editing For WordPress
 
The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to missing or incorrect nonce validation on the plugin’s AJAX actions.. This makes it possible for unauthenticated attackers to create and duplicate posts, retrieve post content, and modify post taxonomy among other things via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-05-16 4.3 CVE-2024-4204
[email protected]
[email protected]
justinbusa–Beaver Builder WordPress Page Builder
 
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_target parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-3923
[email protected]
[email protected]
[email protected]
justinbusa–Beaver Builder WordPress Page Builder
 
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the photo widget crop attribute in all versions up to, and including, 2.8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-4430
[email protected]
[email protected]
[email protected]
kraftplugins–Mega Elements Addons for Elementor
 
The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-15 6.4 CVE-2024-4702
[email protected]
[email protected]
levelfourstorefront–Shopping Cart & eCommerce Store
 
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order details such as payment details, addresses and other PII. 2024-05-14 5.3 CVE-2024-4213
[email protected]
[email protected]
litonice13–Master Addons Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
 
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-16 6.4 CVE-2024-3134
[email protected]
[email protected]
litonice13–Master Addons Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
 
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-16 6.4 CVE-2024-4580
[email protected]
[email protected]
[email protected]
[email protected]
mantisbt–mantisbt
 
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field’s name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (`bug_change_status_page.php`) belonging to a project linking said custom field, viewing issues (`view_all_bug_page.php`) when the custom field is displayed as a column, or printing issues (`print_all_bug_page.php`) when the custom field is displayed as a column. Version 2.26.2 contains a patch for the issue. As a workaround, ensure Custom Field Names do not contain HTML tags. 2024-05-14 6.6 CVE-2024-34081
[email protected]
[email protected]
[email protected]
mantisbt–mantisbt
 
MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn’t have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. This can result in disclosure of the existence of the note, the note author name, the note creation timestamp, and the issue id the note belongs to. Version 2.26.2 contains a patch for the issue. No known workarounds are available. 2024-05-14 5.3 CVE-2024-34080
[email protected]
[email protected]
[email protected]
[email protected]
matrix-org–matrix-sdk-crypto
 
The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side `key backup` stores encrypted copies of Matrix message keys. This facilitates key sharing between a user’s devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric cryptography, with each server-side key backup assigned a unique public-private key pair. Due to a logic bug introduced in commit 71136e44c03c79f80d6d1a2446673bc4d53a2067, matrix-sdk-crypto version 0.7.0 will sometimes log the private part of the backup key pair to Rust debug logs (using the `tracing` crate). This issue has been resolved in matrix-sdk-crypto version 0.7.1. No known workarounds are available. 2024-05-14 5.5 CVE-2024-34353
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
matter-labs–era-compiler-solidity
 
era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the `DAGCombine` phase while visiting the XOR operation. The issue arises when attempting to fold the expression `!(x cc y)` into `(x !cc y)`. To perform this transformation, the second operand of XOR should be a constant representing the true value. However, it was incorrectly assumed that -1 represents the true value, when in fact, 1 is the correct representation, so this transformation for this case should be skipped. This vulnerability is fixed in 1.4.1. 2024-05-14 5.9 CVE-2024-34704
[email protected]
mgibbs189–Custom Field Suite
 
The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cfs[fields][*][name]’ parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-05-14 4.4 CVE-2024-3068
[email protected]
[email protected]
[email protected]
mihdan–Mihdan: Yandex Turbo Feed
 
The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-4411
[email protected]
[email protected]
miraheze–CreateWiki
 
CreateWiki is Miraheze’s MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made. This allows them to go to that request entry’s on Special:RequestWikiQueue on the wiki where their local user ID matches and take any actions that the wiki requester is allowed to take from there. Commit 02e0f298f8d35155c39aa74193cb7b867432c5b8 fixes the issue. Important note about the fix: This vulnerability has been fixed by disabling access to the REST API and special pages outside of the wiki configured as the “global wiki” in `$wgCreateWikiGlobalWiki` in a user’s MediaWiki settings. As a workaround, it is possible to disable the special pages outside of one’s own global wiki by doing something similar to `miraheze/mw-config` commit e5664995fbb8644f9a80b450b4326194f20f9ddc that is adapted to one’s own setup. As for the REST API, before the fix, there wasn’t any REST endpoint that allowed one to make writes. Regardless, it is possible to also disable it outside of the global wiki by using `$wgCreateWikiDisableRESTAPI` and `$wgConf` in the configuration for one’s own wiki farm.. 2024-05-14 5.9 CVE-2024-34701
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
monetizemore–Advanced Ads  Ad Manager & AdSense
 
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Ad widget in all versions up to, and including, 1.52.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-3952
[email protected]
[email protected]
[email protected]
mra13–Simple Membership
 
The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘swpm_paypal_subscription_cancel_link’ shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 6.4 CVE-2024-4383
[email protected]
[email protected]
[email protected]
n/a–DedeCMS
 
A vulnerability classified as problematic has been found in DedeCMS 5.7.114. This affects an unknown part of the file /sys_verifies.php?action=view. The manipulation of the argument filename with the input ../../../../../etc/passwd leads to path traversal: ‘../filedir’. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263889 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-14 4.3 CVE-2024-4790
[email protected]
[email protected]
[email protected]
[email protected]
n/a–Emlog Pro
 
A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264740. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-17 4.7 CVE-2024-5043
[email protected]
[email protected]
[email protected]
[email protected]
n/a–Endurance Gaming Mode software installers
 
Incorrect default permissions in some Endurance Gaming Mode software installers before version 1.3.937.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2023-42433
[email protected]
n/a–Intel(R) Advisor software
 
Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2024-21772
[email protected]
n/a–Intel(R) BIOS PPAM firmware
 
Improper conditions check in some Intel(R) BIOS PPAM firmware may allow a privileged user to potentially enable escalation of privilege via local access. 2024-05-16 6.1 CVE-2023-28383
[email protected]
n/a–Intel(R) CST software
 
Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2023-40155
[email protected]
n/a–Intel(R) CST software
 
Improper access control for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 4.4 CVE-2023-39433
[email protected]
n/a–Intel(R) CST software
 
Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access. 2024-05-16 4.4 CVE-2023-41082
[email protected]
n/a–Intel(R) CST
 
Improper access control in some Intel(R) CST before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access. 2024-05-16 4.7 CVE-2023-43487
[email protected]
n/a–Intel(R) Chipset Device Software
 
Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2024-21814
[email protected]
n/a–Intel(R) Computing Improvement Program software
 
Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2024-21843
[email protected]
n/a–Intel(R) Core(TM) Ultra Processors
 
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. 2024-05-16 4.7 CVE-2023-46103
[email protected]
n/a–Intel(R) DLB driver software
 
Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local access. 2024-05-16 6.5 CVE-2024-22015
[email protected]
n/a–Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors
 
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access. 2024-05-16 6.4 CVE-2024-21823
[email protected]
n/a–Intel(R) DSA software uninstallers
 
Uncontrolled search path in some Intel(R) DSA software uninstallers before version 23.4.39.10 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2023-45743
[email protected]
n/a–Intel(R) Data Center GPU Max Series 1100 and 1550 products
 
Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local access. 2024-05-16 6 CVE-2023-47165
[email protected]
n/a–Intel(R) Distribution for GDB software
 
Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2024-21841
[email protected]
n/a–Intel(R) Ethernet Controller Administrative Tools software
 
Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2024-21828
[email protected]
n/a–Intel(R) FPGA products
 
Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information disclosure. 2024-05-16 5.7 CVE-2023-49614
[email protected]
n/a–Intel(R) FPGA products
 
Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of service. 2024-05-16 4.4 CVE-2024-22390
[email protected]
n/a–Intel(R) GPA Framework software
 
Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2023-35192
[email protected]
n/a–Intel(R) GPA Framework software
 
Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2024-21861
[email protected]
n/a–Intel(R) GPA software
 
Uncontrolled search path in some Intel(R) GPA software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2023-41961
[email protected]
n/a–Intel(R) GPA software
 
Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2024-21788
[email protected]
n/a–Intel(R) Graphics Windows DCH driver software
 
Uncontrolled search path in Intel(R) Graphics Command Center Service bundled in some Intel(R) Graphics Windows DCH driver software before versions 31.0.101.3790/31.0.101.2114 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2023-43751
[email protected]
n/a–Intel(R) Inspector software
 
Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2024-22379
[email protected]
n/a–Intel(R) Media SDK software
 
Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. 2024-05-16 5.9 CVE-2023-48368
[email protected]
n/a–Intel(R) Media SDK
 
Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 4.8 CVE-2023-45221
[email protected]
n/a–Intel(R) Neural Compressor software
 
Time-of-check Time-of-use race condition in Intel(R) Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access. 2024-05-16 4.7 CVE-2024-21792
[email protected]
n/a–Intel(R) PCM software
 
Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2024-21818
[email protected]
n/a–Intel(R) PROSet/Wireless WiFi software for Windows
 
Race condition for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2024-05-16 4.3 CVE-2023-40536
[email protected]
n/a–Intel(R) PROSet/Wireless WiFi software for linux
 
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2024-05-16 4.7 CVE-2023-47210
[email protected]
n/a–Intel(R) PROSet/Wireless WiFi software
 
Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2024-05-16 4.3 CVE-2023-38417
[email protected]
n/a–Intel(R) Power Gadget software for Windows
 
Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2023-45736
[email protected]
n/a–Intel(R) Power Gadget software for Windows
 
NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access. 2024-05-16 5 CVE-2023-41234
[email protected]
n/a–Intel(R) Power Gadget software for Windwos
 
Improper initialization in some Intel(R) Power Gadget software for Windwos all versions may allow an authenticated user to potentially enable denial of service via local access. 2024-05-16 5.5 CVE-2023-45315
[email protected]
n/a–Intel(R) Power Gadget software for macOS
 
Incomplete cleanup in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable denial of service via local access. 2024-05-16 5.5 CVE-2023-45846
[email protected]
n/a–Intel(R) Processor Diagnostic Tool software
 
Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-05-16 6.7 CVE-2024-21831
[email protected]
n/a–Intel(R) Processor Identification Utility software
 
Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially en