US-CERT Vulnerability Summary for the Week of July 22, 2024
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
202ecommerce–paypal | In the module “PayPal Official” for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during the capture of a payment in case of disabled webhooks can be exploited to create an accepted order. This could allow a threat actor to confirm an order with a fraudulent payment support. Versions 6.4.2 and 3.18.1 contain a patch for the issue. Additionally, users enable webhooks and check they are callable. | 2024-07-26 | 7.5 | CVE-2024-41670 [email protected] |
ABB–Advant MOD 300 AdvaBuild | AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2. | 2024-07-23 | 8.8 | CVE-2020-11640 [email protected] |
ABB–Advant MOD 300 AdvaBuild | An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing the product to store wrong information or act on wrong data or display wrong information. This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2. For an attack to be successful, the attacker must have local access to a node in the system and be able to start a specially crafted application that disrupts the communication. An attacker who successfully exploited the vulnerability would be able to manipulate the data in such way as allowing reads and writes to the controllers or cause Windows processes in 800xA for MOD 300 and AdvaBuild to crash. | 2024-07-23 | 7.8 | CVE-2020-11639 [email protected] |
Absolute Security–Secure Access | There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the vulnerable component. This could be used to manipulate process tokens to elevate the privilege of a normal process to System. The scope is changed, the impact to system confidentiality and integrity is high, the impact to the availability of the effected component is none. | 2024-07-25 | 8.4 | CVE-2024-40872 [email protected] |
Acronis — Acronis Cyber Infrastructure | Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132. | 2024-07-24 | 9.8 | CVE-2023-45249 [email protected] |
Adrian Tobey–FormLift for Infusionsoft Web Forms | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17. | 2024-07-22 | 9.3 | CVE-2024-38773 [email protected] |
Ankitects–Anki | An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability. | 2024-07-22 | 9.6 | CVE-2024-26020 [email protected] |
Ankitects–Anki | An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability. | 2024-07-22 | 7.4 | CVE-2024-32484 [email protected] |
argoproj–argo-cd | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to service disruption by triggering an Out Of Memory (OOM) kill. The issue poses a high risk to the availability of Argo CD deployments. This vulnerability is fixed in 2.11.6, 2.10.15, and 2.9.20. | 2024-07-22 | 7.5 | CVE-2024-40634 [email protected] [email protected] [email protected] [email protected] |
Berqier Ltd–BerqWP | Server-Side Request Forgery (SSRF) vulnerability in Berqier Ltd BerqWP.This issue affects BerqWP: from n/a through 1.7.5. | 2024-07-22 | 7.2 | CVE-2024-37942 [email protected] |
Bi Admin 2020–UiPress lite | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06. | 2024-07-22 | 7.6 | CVE-2024-38788 [email protected] |
Canonical Ltd.–Ubuntu Desktop Provision | An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege. | 2024-07-23 | 8.8 | CVE-2024-6714 [email protected] [email protected] [email protected] |
cBioPortal–cbioportal | The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBioPortal could allow someone to perform a Server Side Request Forgery (SSRF) attack. Logged in users could do the same on private instances. A fix has been released in version 6.0.12. As a workaround, one might be able to disable `/proxy` endpoint entirely via, for example, nginx. | 2024-07-23 | 8.3 | CVE-2024-41668 [email protected] [email protected] [email protected] [email protected] [email protected] |
ChurchCRM–CRM | ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to `/GetText.php`. Version 5.9.2 patches the issue. | 2024-07-26 | 8.8 | CVE-2024-39304 [email protected] [email protected] |
ckp267–MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles | The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maxi_remove_custom_image_size and maxi_add_custom_image_size functions in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | 2024-07-23 | 8.1 | CVE-2024-6885 [email protected] [email protected] [email protected] [email protected] |
danocmx–node-tf2-item-format | TF2 Item Format helps users format TF2 items to the community standards. Versions of `tf2-item-format` since at least `4.2.6` and prior to `5.9.14` are vulnerable to a Regular Expression Denial of Service (ReDoS) attack when parsing crafted user input. This vulnerability can be exploited by an attacker to perform DoS attacks on any service that uses any `tf2-item-format` to parse user input. Version `5.9.14` contains a fix for the issue. | 2024-07-23 | 7.5 | CVE-2024-41655 [email protected] [email protected] [email protected] |
davidanderson–Redux Framework | The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the Redux_Color_Scheme_Import function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can be used to conduct stored cross-site scripting attacks and, in some rare cases, when the wp_filesystem fails to initialize – to Remote Code Execution. | 2024-07-23 | 7.2 | CVE-2024-6828 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
Designinvento–DirectoryPress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10. | 2024-07-22 | 8.5 | CVE-2024-38755 [email protected] |
dnsjava–dnsjava | dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0. | 2024-07-22 | 8.9 | CVE-2024-25638 [email protected] [email protected] |
duckdb–duckdb | DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using `sniff_csv`, even with `enable_external_access=false`. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other similar functions do NOT provide access. There seem to be two vectors to this vulnerability. First, access to files that should otherwise not be allowed. Second, the content from a file can be read (e.g. `/etc/hosts`, `proc/self/environ`, etc) even though that doesn’t seem to be the intent of the sniff_csv function. A fix for this issue is available in commit c9b7c98aa0e1cd7363fe8bb8543a95f38e980d8a and is expected to be part of version 1.1.0. | 2024-07-24 | 7.5 | CVE-2024-41672 [email protected] [email protected] [email protected] |
F-logic–DataCube3 | A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/config_time_sync.php of the component HTTP POST Request Handler. The manipulation of the argument ntp_server leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272347. | 2024-07-24 | 7.3 | CVE-2024-7066 [email protected] [email protected] [email protected] [email protected] |
FishAudio–Bert-VITS2 | Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the resample function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier. | 2024-07-22 | 9.8 | CVE-2024-39685 [email protected] [email protected] [email protected] |
FishAudio–Bert-VITS2 | Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier. | 2024-07-22 | 9.8 | CVE-2024-39686 [email protected] [email protected] [email protected] |
ForIP Tecnologia–Administrao PABX | A vulnerability, which was classified as critical, has been found in ForIP Tecnologia Administração PABX 1.x. This issue affects some unknown processing of the file /login of the component Authentication Form. The manipulation of the argument usuario leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272423. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-25 | 7.3 | CVE-2024-7101 [email protected] [email protected] [email protected] |
getsentry–sentry | Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subsequent rendering them on the Issues page. Self-hosted Sentry users may be impacted in case of untrustworthy Integration platform integrations sending external issues from their side to Sentry. A patch has been released in Sentry 24.7.1. For Sentry SaaS customers, no action is needed. This has been patched on July 23, and even prior to the fix, the exploitation was not possible due to the strict Content Security Policy deployed on sentry.io site. For self-hosted users, the maintainers of Sentry strongly recommend upgrading Sentry to the latest version. If it is not possible, one could enable CSP on one’s self-hosted installation with `CSP_REPORT_ONLY = False` (enforcing mode). This will mitigate the risk of cross-site scripting. | 2024-07-23 | 7.1 | CVE-2024-41656 [email protected] [email protected] [email protected] [email protected] |
GitLab–GitLab | A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user. | 2024-07-25 | 7.7 | CVE-2024-7047 [email protected] |
HashiCorp–Nomad | HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2. | 2024-07-23 | 7.7 | CVE-2024-6717 [email protected] |
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking EdgeConnect SD-WAN | A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | 2024-07-24 | 7.2 | CVE-2024-33519 [email protected] |
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking EdgeConnect SD-WAN | A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway’s Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise | 2024-07-24 | 7.2 | CVE-2024-41133 [email protected] |
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking EdgeConnect SD-WAN | A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway’s Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise | 2024-07-24 | 7.2 | CVE-2024-41134 [email protected] |
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking EdgeConnect SD-WAN | A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway’s Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise | 2024-07-24 | 7.2 | CVE-2024-41135 [email protected] |
Hewlett Packard Enterprise — HPE Aruba Networking EdgeConnect SD-WAN Orchestrator | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. | 2024-07-24 | 9 | CVE-2024-41914 [email protected] |
Hewlett Packard Enterprise — HPE Aruba Networking EdgeConnect SD-WAN Orchestrator | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | 2024-07-24 | 8.8 | CVE-2024-22443 [email protected] |
Hewlett Packard Enterprise — HPE Aruba Networking EdgeConnect SD-WAN Orchestrator | An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 2024-07-24 | 8.8 | CVE-2024-41136 [email protected] |
Huawei — HarmonyOS | Memory request logic vulnerability in the memory module. Impact: Successful exploitation of this vulnerability will affect integrity and availability. | 2024-07-25 | 7.1 | CVE-2024-39672 [email protected] |
Huawei — HarmonyOS | Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-07-25 | 7.1 | CVE-2024-39673 [email protected] |
ISC–BIND 9 | A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1. | 2024-07-23 | 7.5 | CVE-2024-0760 [email protected] [email protected] |
ISC–BIND 9 | Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1. | 2024-07-23 | 7.5 | CVE-2024-1737 [email protected] [email protected] [email protected] |
ISC–BIND 9 | If a server hosts a zone containing a “KEY” Resource Record, or a resolver DNSSEC-validates a “KEY” Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1. | 2024-07-23 | 7.5 | CVE-2024-1975 [email protected] [email protected] |
ISC–BIND 9 | Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1. | 2024-07-23 | 7.5 | CVE-2024-4076 [email protected] [email protected] |
itsourcecode — Online Blood Bank Management System | A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php of the component Login. The manipulation of the argument user/pass leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272120. | 2024-07-22 | 9.8 | CVE-2024-6966 [email protected] [email protected] [email protected] [email protected] |
itsourcecode — Online Blood Bank Management System | A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file /staffcatadd.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272124. | 2024-07-22 | 9.8 | CVE-2024-6970 [email protected] [email protected] [email protected] [email protected] |
itsourcecode — Online Blood Bank Management System | A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file expcatadd.php. The manipulation of the argument title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272366 is the identifier assigned to this vulnerability. | 2024-07-24 | 9.8 | CVE-2024-7081 [email protected] [email protected] [email protected] [email protected] |
JetBrains–TeamCity | In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration | 2024-07-22 | 7.4 | CVE-2024-41827 [email protected] |
kirilkirkov — Ecommerce-Laravel-Bootstrap | A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. It has been rated as critical. Affected by this issue is the function getCartProductsIds of the file app/Cart.php. The manipulation of the argument laraCart leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is a02111a674ab49f65018b31da3011b1e396f59b1. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-272348. | 2024-07-24 | 8.8 | CVE-2024-7067 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
Lenovo–XClarity Controller | A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request. | 2024-07-26 | 7.2 | CVE-2024-38508 [email protected] |
Lenovo–XClarity Controller | A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command. | 2024-07-26 | 7.2 | CVE-2024-38509 [email protected] |
Lenovo–XClarity Controller | A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. | 2024-07-26 | 7.2 | CVE-2024-38510 [email protected] |
Lenovo–XClarity Controller | A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. | 2024-07-26 | 7.2 | CVE-2024-38511 [email protected] |
Lenovo–XClarity Controller | A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. | 2024-07-26 | 7.2 | CVE-2024-38512 [email protected] |
ManageEngine–Exchange Reporter Plus | Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. | 2024-07-26 | 8.3 | CVE-2024-38871 0fc0942c-577d-436f-ae8e-945763c79b02 |
ManageEngine–Exchange Reporter Plus | Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. | 2024-07-26 | 8.3 | CVE-2024-38872 0fc0942c-577d-436f-ae8e-945763c79b02 |
Microsoft–GroupMe | An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. | 2024-07-23 | 9.6 | CVE-2024-38164 [email protected] |
Microsoft–GroupMe | An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. | 2024-07-23 | 8.1 | CVE-2024-38176 [email protected] |
mnetadmanager–Media.net Ads Manager | The Media.net Ads Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and missing capability check in the ‘sendMail’ function in all versions up to, and including, 2.10.13. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site’s server which may make remote code execution possible. The vulnerability is only exploitable if anyone has ever logged in through the API. | 2024-07-27 | 8.8 | CVE-2024-6431 [email protected] [email protected] |
moby–moby | Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable. docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.0, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege. | 2024-07-24 | 9.9 | CVE-2024-41110 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
N/A — MasterStudy LMS WordPress Plugin | The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn’t have. | 2024-07-22 | 8.8 | CVE-2024-5973 [email protected] |
N/A — MasterStudy LMS WordPress Plugin | The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | 2024-07-22 | 8.8 | CVE-2024-6244 [email protected] |
n/a–SuperAGI | All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary code execution on the SuperAGI application server. | 2024-07-22 | 9.8 | CVE-2024-21552 [email protected] [email protected] |
NI–IO Trace Tool | A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file. The NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products.? Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy. | 2024-07-23 | 7.8 | CVE-2024-5602 [email protected] |
NI–LabVIEW | An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. | 2024-07-23 | 7.8 | CVE-2024-4079 [email protected] |
NI–LabVIEW | A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. | 2024-07-23 | 7.8 | CVE-2024-4080 [email protected] |
NI–LabVIEW | A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects NI LabVIEW 2024 Q1 and prior versions. | 2024-07-23 | 7.8 | CVE-2024-4081 [email protected] |
NI–SystemLink Server | An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service. | 2024-07-22 | 7.8 | CVE-2024-6121 [email protected] |
NI–VeriStand | A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions. | 2024-07-22 | 9.8 | CVE-2024-6793 [email protected] |
NI–VeriStand | A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions. | 2024-07-22 | 9.8 | CVE-2024-6794 [email protected] |
NI–VeriStand | The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. These missing checks may result in remote code execution. This affects NI VeriStand 2024 Q2 and prior versions. | 2024-07-22 | 9.8 | CVE-2024-6806 [email protected] |
NI–VeriStand | A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects VeriStand 2024 Q2 and prior versions. | 2024-07-22 | 7.8 | CVE-2024-6675 [email protected] |
NI–VeriStand | A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnerability affects VeriStand 2024 Q2 and prior versions. | 2024-07-22 | 7.8 | CVE-2024-6791 [email protected] |
NI–VeriStand | The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. These missing checks may result in information disclosure or remote code execution. This affects NI VeriStand 2024 Q2 and prior versions. | 2024-07-22 | 7.5 | CVE-2024-6805 [email protected] |
Nimble Commander–Nimble Commander | Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as the root user, such as changing permissions and ownership, obtaining a handle (file descriptor) of an arbitrary file, and terminating processes, among other operations. | 2024-07-26 | 8.8 | CVE-2024-7062 41c37e40-543d-43a2-b660-2fee83ea851a |
Okta–Okta Browser Plugin | Okta Browser Plugin versions 6.5.0 through 6.31.0 (Chrome/Edge/Firefox/Safari) are vulnerable to cross-site scripting. This issue occurs when the plugin prompts the user to save these credentials within Okta Personal. A fix was implemented to properly escape these fields, addressing the vulnerability. Importantly, if Okta Personal is not added to the plugin to enable multi-account view, the Workforce Identity Cloud plugin is not affected by this issue. The vulnerability is fixed in Okta Browser Plugin version 6.32.0 for Chrome/Edge/Safari/Firefox. | 2024-07-23 | 7.1 | CVE-2024-0981 [email protected] |
opengeos–streamlit-geospatial | streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 380, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. | 2024-07-26 | 9.8 | CVE-2024-41112 [email protected] [email protected] [email protected] [email protected] |
opengeos–streamlit-geospatial | streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 383 or line 390 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 395, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. | 2024-07-26 | 9.8 | CVE-2024-41113 [email protected] [email protected] [email protected] [email protected] [email protected] |
opengeos–streamlit-geospatial | streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 430 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 435, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. | 2024-07-26 | 9.8 | CVE-2024-41114 [email protected] [email protected] [email protected] [email protected] |
opengeos–streamlit-geospatial | streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 488 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 493, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. | 2024-07-26 | 9.8 | CVE-2024-41115 [email protected] [email protected] [email protected] [email protected] |
opengeos–streamlit-geospatial | streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 1254 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 1345, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. | 2024-07-26 | 9.8 | CVE-2024-41116 [email protected] [email protected] [email protected] [email protected] |
opengeos–streamlit-geospatial | streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 115 in `pages/10_ðŸŒÂ_Earth_Engine_Datasets.py` takes user input, which is later used in the `eval()` function on line 126, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. | 2024-07-26 | 9.8 | CVE-2024-41117 [email protected] [email protected] [email protected] [email protected] |
opengeos–streamlit-geospatial | streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 80 in `8_ðŸÂœï¸Â_Raster_Data_Visualization.py` takes user input, which is later used in the `eval()` function on line 86, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. | 2024-07-26 | 9.8 | CVE-2024-41119 [email protected] [email protected] [email protected] [email protected] |
opengeos–streamlit-geospatial | streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 63 of `pages/9_ðŸâ€Â²_Vector_Data_Visualization.py` takes user input, which is later passed to the `gpd.read_file` method. `gpd.read_file` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. | 2024-07-26 | 9.8 | CVE-2024-41120 [email protected] [email protected] [email protected] [email protected] |
opengeos–streamlit-geospatial | streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 47 of `pages/7_📦_Web_Map_Service.py` takes user input, which is passed to `get_layers` function, in which `url` is used with `get_wms_layer` method. `get_wms_layer` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. | 2024-07-26 | 7.5 | CVE-2024-41118 [email protected] [email protected] [email protected] [email protected] [email protected] |
OpenIdentityPlatform–OpenAM | OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to override the default PingOne Advanced Identity Cloud login page,they did not restrict the `CustomLoginUrlTemplate`, allowing it to be set freely. Commit fcb8432aa77d5b2e147624fe954cb150c568e0b8 introduces `TemplateClassResolver.SAFER_RESOLVER` to disable the resolution of commonly exploited classes in FreeMarker template injection. As of time of publication, this fix is expected to be part of version 15.0.4. | 2024-07-24 | 8.8 | CVE-2024-41667 [email protected] [email protected] |
openobserve–openobserve | The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. It has been noted that the front-end uses `DOMPurify` or Vue templating to escape cross-site scripting (XSS) extensively, however certain areas of the front end lack this XSS protection. When combining the missing protection with the insecure authentication handling that the front-end uses, a malicious user may be able to take over any victim’s account provided they meet the exploitation steps. As of time of publication, no patched version is available. | 2024-07-25 | 8.8 | CVE-2024-41808 [email protected] |
openobserve–openobserve | OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of `openobserve/web/src/views/MemberSubscription.vue`. Version 0.10.0 sanitizes incoming html. | 2024-07-25 | 7.2 | CVE-2024-41809 [email protected] [email protected] [email protected] [email protected] |
Progress Software Corporation — Telerik Reporting | In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. | 2024-07-24 | 9.8 | CVE-2024-6096 [email protected] |
Progress Software Corporation — Telerik Reporting | In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. | 2024-07-24 | 9.8 | CVE-2024-6327 [email protected] [email protected] |
Seraphinite Solutions–Seraphinite Post .DOCX Source | Server-Side Request Forgery (SSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9. | 2024-07-22 | 7.2 | CVE-2024-38728 [email protected] |
Siemens–CPCI85 Central Processing/Communication | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications. | 2024-07-22 | 9.8 | CVE-2024-37998 [email protected] |
SixLabors–ImageSharp | ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9. | 2024-07-22 | 7.5 | CVE-2024-41131 [email protected] [email protected] [email protected] [email protected] [email protected] |
Softaculous–Webuzo | Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user. | 2024-07-25 | 9.8 | CVE-2024-24621 [email protected] |
Softaculous–Webuzo | Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. | 2024-07-25 | 8.8 | CVE-2024-24622 [email protected] |
Softaculous–Webuzo | Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. | 2024-07-25 | 8.8 | CVE-2024-24623 [email protected] |
SourceCodester — Clinics Patient Management System | A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /print_patients_visits.php. The manipulation of the argument from/to leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272122 is the identifier assigned to this vulnerability. | 2024-07-22 | 7.5 | CVE-2024-6968 [email protected] [email protected] [email protected] [email protected] |
SourceCodester — Clinics Patient Management System | A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ajax/get_patient_history.php. The manipulation of the argument patient_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272123. | 2024-07-22 | 7.5 | CVE-2024-6969 [email protected] [email protected] [email protected] [email protected] |
SourceCodester — Employee and Visitor Gate Pass Logging System | A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. This affects an unknown part of the file /employee_gatepass/admin/?page=employee/manage_employee. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272121 was assigned to this vulnerability. | 2024-07-22 | 7.5 | CVE-2024-6967 [email protected] [email protected] [email protected] [email protected] |
SourceCodester — Employee and Visitor Gate Pass Logging System | A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. This issue affects some unknown processing of the file /employee_gatepass/classes/Master.php?f=delete_department. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272351. | 2024-07-24 | 7.5 | CVE-2024-7069 [email protected] [email protected] [email protected] [email protected] |
SourceCodester — Insurance Management System | A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /E-Insurance/. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272365 was assigned to this vulnerability. | 2024-07-24 | 7.5 | CVE-2024-7080 [email protected] [email protected] [email protected] [email protected] |
Spiffy Plugins–Spiffy Calendar | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11. | 2024-07-22 | 7.6 | CVE-2024-38692 [email protected] |
Spring–Spring Cloud Data Flow | In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server | 2024-07-25 | 9.8 | CVE-2024-37084 [email protected] |
starship–starship | Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with custom commands, so the scope is limited, and without knowledge of others’ commands, it could be hard to successfully target someone. Version 1.20.0 fixes the vulnerability. | 2024-07-26 | 7.4 | CVE-2024-41815 [email protected] [email protected] [email protected] |
tenda –O3 | A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272116. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-22 | 8.8 | CVE-2024-6962 [email protected] [email protected] [email protected] [email protected] |
tenda –O3 | A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272117 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-22 | 8.8 | CVE-2024-6963 [email protected] [email protected] [email protected] [email protected] |
tenda –O3 | A vulnerability, which was classified as critical, was found in Tenda O3 1.0.0.10. Affected is the function fromDhcpSetSer. The manipulation of the argument dhcpEn/startIP/endIP/preDNS/altDNS/mask/gateway leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272118 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-22 | 8.8 | CVE-2024-6964 [email protected] [email protected] [email protected] [email protected] |
tenda –O3 | A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Affected by this vulnerability is the function fromVirtualSet. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272119. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-22 | 8.8 | CVE-2024-6965 [email protected] [email protected] [email protected] [email protected] |
Tenda–O3 | A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of the argument remark leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-27 | 8.8 | CVE-2024-7151 [email protected] [email protected] [email protected] [email protected] |
Tenda–O3 | A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-27 | 8.8 | CVE-2024-7152 [email protected] [email protected] [email protected] [email protected] |
thimpress–LearnPress WordPress LMS Plugin | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the ‘render_content_block_template’ function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-07-25 | 8.8 | CVE-2024-6589 [email protected] [email protected] [email protected] [email protected] |
TxtDot–txtdot | txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery (SSRF) vulnerability in the `/get` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.7.0 prevents displaying the response of forged requests, but the requests can still be sent. For complete mitigation, a firewall between txtdot and other internal network resources should be set. | 2024-07-26 | 7.5 | CVE-2024-41812 [email protected] [email protected] [email protected] |
TxtDot–txtdot | txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery (SSRF) vulnerability in the `/proxy` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.6.1 patches the issue. | 2024-07-26 | 7.5 | CVE-2024-41813 [email protected] [email protected] [email protected] |
UkrSolution–Barcode Scanner with Inventory & Order Manager | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows SQL Injection.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.6.1. | 2024-07-22 | 8.5 | CVE-2024-38708 [email protected] |
Uncanny Owl–Uncanny Toolkit Pro for LearnDash | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Reflected XSS.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a before 4.1.4.1. | 2024-07-22 | 7.1 | CVE-2024-37436 [email protected] |
vnotex–vnote | VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code through which remote code execution can be achieved. A patch for this issue is available at commit f1af78573a0ef51d6ef6a0bc4080cddc8f30a545. Other mitigation strategies include implementing rigorous input sanitization for all Markdown content and utilizing a secure Markdown parser that appropriately escapes or strips potentially dangerous content. | 2024-07-24 | 8.6 | CVE-2024-41662 [email protected] [email protected] |
wptexture–Flipbox Builder | The Flipbox Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5 via deserialization of untrusted input in the flipbox_builder_Flipbox_ShortCode function. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-07-27 | 8.8 | CVE-2024-6152 [email protected] [email protected] |
WPWeb–Social Auto Poster | The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘wpw_auto_poster_get_image_path’ function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Contributor-level and above permissions, to upload arbitrary files on the affected site’s server which may make remote code execution possible. An attacker can use CVE-2024-6754 to exploit with subscriber-level access. | 2024-07-24 | 8.8 | CVE-2024-6756 [email protected] [email protected] |
WPWeb–Social Auto Poster | The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options. | 2024-07-24 | 7.3 | CVE-2024-6750 [email protected] [email protected] |
WPWeb–Social Auto Poster | The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the ‘wpw_auto_poster_map_wordpress_post_type’ AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-07-24 | 7.2 | CVE-2024-6753 [email protected] [email protected] |
WPWeb–WooCommerce – PDF Vouchers | The WooCommerce – PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing Voucher Vendor user on the site, if they have access to the user id. | 2024-07-24 | 7.3 | CVE-2024-7027 [email protected] [email protected] |
yogeshojha–rengine | reNgine is an automated reconnaissance framework for web applications. In versions 1.2.0 through 2.1.1, an authenticated command injection vulnerability in the WAF detection tool allows an authenticated attacker to remotely execute arbitrary commands as root user. The URL query parameter `url` is passed to `subprocess.check_output` without any sanitization, resulting in a command injection vulnerability. This API endpoint is accessible by authenticated users with any use role. Because the process runs as `root`, an attacker has root access. Commit edd3c85ee16f93804ad38dac5602549d2d30a93e contains a patch for the issue. | 2024-07-23 | 8.8 | CVE-2024-41661 [email protected] [email protected] [email protected] [email protected] |
N/A — N/A | ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: ‘”‘ + ExpandConstant(‘{autopf}\Proton\Drive’) + ‘”‘ in Setup/setup.iss. | 2024-07-22 | 9.8 | CVE-2024-37391 [email protected] [email protected] |
N/A — N/A | The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system. | 2024-07-24 | 9.1 | CVE-2024-40422 [email protected] [email protected] [email protected] |
N/A — N/A | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function. | 2024-07-23 | 9.8 | CVE-2024-41319 [email protected] [email protected] |
N/A — N/A | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex. | 2024-07-24 | 9.8 | CVE-2024-41459 [email protected] |
N/A — N/A | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic. | 2024-07-24 | 9.8 | CVE-2024-41460 [email protected] |
N/A — N/A | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient. | 2024-07-24 | 9.8 | CVE-2024-41461 [email protected] |
N/A — N/A | CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= . | 2024-07-24 | 9.8 | CVE-2024-41551 [email protected] |
N/A — N/A | LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed version release has started in PR 3363.) | 2024-07-22 | 9.8 | CVE-2024-41703 [email protected] [email protected] |
N/A — N/A | LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a fixed version release has started in PR 3363.) | 2024-07-22 | 9.8 | CVE-2024-41704 [email protected] [email protected] |
N/A — N/A | AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with root-level privileges. An attacker can exploit this window to gain unauthorized root access by either modifying the existing admin account or creating a new account with equivalent privileges. This vulnerability allows attackers to execute arbitrary commands. | 2024-07-24 | 8.8 | CVE-2024-31970 [email protected] [email protected] |
N/A — N/A | Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.5.5.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility. | 2024-07-24 | 8.8 | CVE-2024-31977 [email protected] [email protected] [email protected] |
N/A — N/A | Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account’s token. | 2024-07-24 | 8.8 | CVE-2024-36541 [email protected] |
N/A — N/A | AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final octet. This allows network-adjacent attackers to derive the support user’s SSH password by decrementing the final octet of the connected gateway address or via the BSSID. An attacker can then execute arbitrary OS commands with root-level privileges. | 2024-07-24 | 7.2 | CVE-2024-39345 [email protected] [email protected] |
N/A — N/A | go-chart v2.1.1 was discovered to contain an infinite loop via the drawCanvas() function. | 2024-07-23 | 7.5 | CVE-2024-40060 [email protected] |
N/A — N/A | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient. | 2024-07-24 | 7.5 | CVE-2024-41462 [email protected] |
N/A — N/A | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/addressNat. | 2024-07-24 | 7.5 | CVE-2024-41463 [email protected] |
N/A — N/A | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic | 2024-07-24 | 7.5 | CVE-2024-41464 [email protected] |
N/A — N/A | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/setcfm. | 2024-07-24 | 7.5 | CVE-2024-41465 [email protected] |
N/A — N/A | Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting. | 2024-07-24 | 7.5 | CVE-2024-41466 [email protected] |
N/A — N/A | A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14.P4 (6.14.0.4) and 6.13 P4 (6.13.0.4) are also fixed releases. This vulnerability is similar to, but not identical to, CVE-2023-30639. | 2024-07-25 | 7.1 | CVE-2024-41705 [email protected] [email protected] |
N/A — N/A | A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P4 (6.14.0.4) is also a fixed release. | 2024-07-25 | 7.3 | CVE-2024-41706 [email protected] [email protected] |
Medium Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
1Panel-dev–KubePi | KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the key is detected to be empty in the configuration file reading logic, the key is empty during actual verification. Using an empty key to generate a JWT token can bypass the login verification and directly take over the back end. Version 1.8.0 contains a patch for this issue. | 2024-07-25 | 6.3 | CVE-2024-36111 [email protected] |
Absolute Security–Secure Access | There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07. Attackers with system administrator permissions can interfere with another system administrator’s use of the publishing UI when the administrators are editing the same management object. The scope is unchanged, there is no loss of confidentiality. Impact to system availability is none, impact to system integrity is high. | 2024-07-25 | 4.5 | CVE-2024-40873 [email protected] |
Academy LMS–Academy LMS | Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4. | 2024-07-22 | 4.3 | CVE-2024-38701 [email protected] |
Adobe–Adobe Experience Manager | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-07-23 | 5.4 | CVE-2024-34128 [email protected] |
Adobe–Adobe Experience Manager | Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | 2024-07-23 | 4.1 | CVE-2024-41839 [email protected] |
Adobe–InDesign Desktop | InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-07-23 | 5.5 | CVE-2024-41836 [email protected] |
AF themes — WP Post Author | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in AF themes WP Post Author allows Stored XSS.This issue affects WP Post Author: from n/a through 3.6.7. | 2024-07-22 | 5.4 | CVE-2024-37101 [email protected] |
aguidrevitch–WP Meteor Website Speed Optimization Addon | The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-07-24 | 5.3 | CVE-2024-6553 [email protected] [email protected] |
Ali2Woo Team — Ali2Woo Lite | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5. | 2024-07-22 | 6.1 | CVE-2024-37211 [email protected] |
amans2k–Funnel Builder for WordPress by FunnelKit Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells | The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in all versions up to, and including, 3.4.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to update multiple settings, including templates, designs, checkouts, and other plugin settings. | 2024-07-24 | 4.3 | CVE-2024-6836 [email protected] [email protected] [email protected] |
ampache–ampache | Ampache, a web based audio/video streaming application and file manager, has a stored cross-site scripting (XSS) vulnerability in versions prior to 6.6.0. This vulnerability exists in the “Playlists – Democratic – Configure Democratic Playlist” feature. An attacker with Content Manager permissions can set the Name field to `<svg onload=alert(8)>`. When any administrator or user accesses the Democratic functionality, they will be affected by this stored XSS vulnerability. The attacker can exploit this vulnerability to obtain the cookies of any user or administrator who accesses the `democratic.php` file. Version 6.6.0 contains a patch for the issue. | 2024-07-23 | 5.5 | CVE-2024-41665 [email protected] |
Ankitects–Anki | An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability. | 2024-07-22 | 5.3 | CVE-2024-29073 [email protected] |
aramex–Aramex Shipping WooCommerce | The Aramex Shipping WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.21. This is due the plugin not preventing direct access to the composer-setup.php file which also has display_errors enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-07-27 | 5.3 | CVE-2024-6566 [email protected] [email protected] |
argoproj–argo-cd | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to the user `p, role:myrole, exec, create, */*, allow`, even if the user revokes this permission, the user can still perform operations in the container, as long as the user keeps the terminal view open for a long time. Although the token expiration and revocation of the user are fixed, however, the fix does not address the situation of revocation of only user `p, role:myrole, exec, create, */*, allow` permissions, which may still lead to the leakage of sensitive information. A patch for this vulnerability has been released in Argo CD versions 2.11.7, 2.10.16, and 2.9.21. | 2024-07-24 | 4.7 | CVE-2024-41666 [email protected] [email protected] [email protected] [email protected] [email protected] |
Atarim — Atarim | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Atarim allows Stored XSS.This issue affects Atarim: from n/a through 3.31. | 2024-07-22 | 4.8 | CVE-2024-37434 [email protected] |
athemes–aThemes Starter Sites | The aThemes Starter Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-07-27 | 6.4 | CVE-2024-6897 [email protected] [email protected] [email protected] [email protected] |
AuburnForest — Blogmentor – Blog Layouts for Elementor | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in AuburnForest Blogmentor – Blog Layouts for Elementor allows Stored XSS.This issue affects Blogmentor – Blog Layouts for Elementor: from n/a through 1.5. | 2024-07-22 | 5.4 | CVE-2024-37229 [email protected] |
Averta– Depicter Slider | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.0.2. | 2024-07-22 | 5.4 | CVE-2024-37414 [email protected] |
Beaver Addons — PowerPack Lite for Beaver Builder | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Beaver Addons PowerPack Lite for Beaver Builder allows Stored XSS.This issue affects PowerPack Lite for Beaver Builder: from n/a through 1.3.0.4. | 2024-07-22 | 5.4 | CVE-2024-37409 [email protected] |
Bernhard Kux–JSON Content Importer | Server-Side Request Forgery (SSRF) vulnerability in Bernhard Kux JSON Content Importer.This issue affects JSON Content Importer: from n/a through 1.5.6. | 2024-07-22 | 6.4 | CVE-2024-38723 [email protected] |
Biplob — Adhikari Accordions | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Biplob Adhikari Accordions allows Stored XSS.This issue affects Accordions: from n/a through 2.3.5. | 2024-07-22 | 4.8 | CVE-2024-37122 [email protected] |
Biplob — Adhikari Tabs | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Biplob Adhikari Tabs allows Stored XSS.This issue affects Tabs: from n/a through 4.0.6. | 2024-07-22 | 4.8 | CVE-2024-37120 [email protected] |
biplob018 — Shortcode Addons | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in biplob018 Shortcode Addons allows Stored XSS.This issue affects Shortcode Addons: from n/a through 3.2.5. | 2024-07-22 | 4.8 | CVE-2024-37121 [email protected] |
bPlugins — Html5 Audio Player | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23. | 2024-07-22 | 5.4 | CVE-2024-37445 [email protected] |
Brainstorm Force, Nikhil Chavan — Header, Footer & Blocks Template | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Brainstorm Force, Nikhil Chavan Elementor – Header, Footer & Blocks Template allows DOM-Based XSS.This issue affects Elementor – Header, Footer & Blocks Template: from n/a through 1.6.35. | 2024-07-22 | 5.4 | CVE-2024-33933 [email protected] |
canonical–operator | The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju (>=3.0), Juju secrets and not correctly capturing and processing `subprocess.CalledProcessError`. This vulnerability is fixed in 2.15.0. | 2024-07-22 | 4.4 | CVE-2024-41129 [email protected] [email protected] |
Canonical–snapd | In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs image (such as icons etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained non-regular files at these paths could then cause snapd to block indefinitely trying to read from such files and cause a denial of service. | 2024-07-25 | 5.8 | CVE-2024-29068 [email protected] [email protected] |
Canonical–snapd | In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information. | 2024-07-25 | 4.8 | CVE-2024-29069 [email protected] |
Canonical–snap | In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the ‘home’ plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement. | 2024-07-25 | 6.3 | CVE-2024-1724 [email protected] [email protected] [email protected] |
Checkmk GmbH–Checkmk | Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution. | 2024-07-22 | 6.5 | CVE-2024-6542 [email protected] |
CodeRevolution–Aiomatic – Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit | The AIomatic – Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the ‘aiomatic_send_email’ function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient. | 2024-07-27 | 5.8 | CVE-2024-5969 [email protected] [email protected] |
coffee2code–Add Admin CSS | The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-07-27 | 5.3 | CVE-2024-6547 [email protected] [email protected] |
coffee2code–Add Admin JavaScript | The Add Admin JavaScript plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-07-27 | 5.3 | CVE-2024-6548 [email protected] [email protected] |
coffee2code–Admin Post Navigation | The Admin Post Navigation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-07-27 | 5.3 | CVE-2024-6549 [email protected] [email protected] |
coffee2code–Admin Trim Interface | The Admin Trim Interface plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-07-27 | 5.3 | CVE-2024-6545 [email protected] [email protected] |
coffee2code–One Click Close Comments | The One Click Close Comments plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.7.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-07-27 | 5.3 | CVE-2024-6546 [email protected] [email protected] |
Connectivity Standards Alliance–Matter | An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1 allows an attacker to replay manipulated CASE Sigma1 messages to make the device unresponsive until the device is power-cycled. | 2024-07-24 | 6.5 | CVE-2024-3297 [email protected] |
craftcms–cms | Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim’s credentials. This has been patched in Craft 5.2.3. | 2024-07-25 | 4.8 | CVE-2024-41800 [email protected] [email protected] [email protected] [email protected] |
creativeinteractivemedi — Transition Slider – Responsive Image Slider and Gallery | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in creativeinteractivemedia Transition Slider – Responsive Image Slider and Gallery allows Stored XSS.This issue affects Transition Slider – Responsive Image Slider and Gallery: from n/a through 2.20.3. | 2024-07-22 | 5.4 | CVE-2024-37215 [email protected] |
Dell–Dell Edge Gateway 3200 | Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. | 2024-07-24 | 5.7 | CVE-2023-32466 [email protected] |
Dell–Dell Edge Gateway 5200 | Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits. | 2024-07-24 | 6 | CVE-2023-32471 [email protected] |
dotCMS–dotCMS core | The “reset password” login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E This will result in a view along these lines: * OWASP Top 10 – A03: Injection * CVSS Score: 5.4 * AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator * https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&… https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator | 2024-07-25 | 5.4 | CVE-2024-3938 [email protected] |
dotCMS–dotCMS core | In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API (UserSessionAjax.getSessionList.dwr) calls. While this is information that would and should be available to admins who possess “Sign In As” powers, admins who otherwise lack this privilege would still be able to utilize the session IDs to imitate other users. While this is a very small attack vector that requires very high permissions to execute, its danger lies principally in obfuscating attribution; all Sign In As operations are attributed appropriately in the log files, and a malicious administrator could use this information to render their dealings untraceable – including those admins who have not been granted this ability – such as by using a session ID to generate an API token. Fixed in:Â 24.07.12 / 23.01.20 LTS / 23.10.24v13 LTS / 24.04.24v5 LTS | 2024-07-26 | 4.9 | CVE-2024-4447 [email protected] |
Elastic–Elasticsearch | An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessive logging. This issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input’s logger to DEBUG or finer, for example using: org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider, since the loggers are hierarchical. | 2024-07-26 | 5.2 | CVE-2023-49921 [email protected] |
Elementor — Elementor Pro | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Elementor Elementor Pro allows Reflected XSS.This issue affects Elementor Pro: from n/a through 3.21.2. | 2024-07-22 | 6.1 | CVE-2024-35656 [email protected] |
Enalean–tuleap | Tuleap is an open source suite to improve management of software developments and collaboration. Prior to Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8, the checkbox “Apply same permissions to all sub-items of this folder” in the document manager permissions modal is not taken into account and always considered as unchecked. In situations where the permissions are being restricted some users might still keep, incorrectly, the possibility to edit or manage items. Only change made via the web UI are affected, changes directly made via the REST API are not impacted. This vulnerability is fixed in Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8. | 2024-07-22 | 4.8 | CVE-2024-39902 [email protected] [email protected] [email protected] [email protected] |
EverPress — Mailster | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in EverPress Mailster allows Reflected XSS.This issue affects Mailster: from n/a through 4.0.9. | 2024-07-22 | 6.1 | CVE-2024-37433 [email protected] |
FishAudio–Bert-VITS2 | Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is concatenated with other folders and used to open a new file in the generate_config function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitrary directory on the server. If a given directory path doesn’t exist, the application will return an error, so this vulnerability could also be used to gain information about existing directories on the server. This affects fishaudio/Bert-VITS2 2.3 and earlier. | 2024-07-22 | 6.5 | CVE-2024-39688 [email protected] [email protected] [email protected] |
ForIP Tecnologia–Administrao PABX | A vulnerability classified as critical has been found in ForIP Tecnologia Administração PABX 1.x. Affected is an unknown function of the file /detalheIdUra of the component Lista Ura Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-25 | 6.3 | CVE-2024-7105 [email protected] [email protected] [email protected] [email protected] |
ggerganov–llama.cpp | llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp contains a null pointer dereference in gguf_init_from_file. This vulnerability is fixed in b3427. | 2024-07-22 | 5.4 | CVE-2024-41130 [email protected] [email protected] |
GitLab–GitLab | An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles. | 2024-07-24 | 4.4 | CVE-2024-5067 [email protected] [email protected] [email protected] [email protected] |
GitLab–GitLab | An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level. | 2024-07-25 | 4.3 | CVE-2024-7057 [email protected] [email protected] |
GitLab–GitLab | An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user. | 2024-07-24 | 4.1 | CVE-2024-7091 [email protected] |
Groundhogg– Groundhogg | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Groundhogg Inc. Groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through 3.4.2.3. | 2024-07-22 | 6.1 | CVE-2024-37264 [email protected] |
Hamid Alinia – idehweb — Login with phone number | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Hamid Alinia – idehweb Login with phone number allows Stored XSS.This issue affects Login with phone number: from n/a through 1.7.35. | 2024-07-22 | 4.8 | CVE-2024-37429 [email protected] |
Hewlett Packard Enterprise — HPE Aruba Networking EdgeConnect SD-WAN Orchestrator | A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victims browser in the context of the affected interface. | 2024-07-24 | 6.1 | CVE-2024-22444 [email protected] |
HMS Industrial Networks–Anybus-CompactCom 30 | HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by host browser the next time the page is loaded, enabling social engineering attacks. | 2024-07-25 | 6.3 | CVE-2024-6558 [email protected] [email protected] |
Huawei — HarmonyOS | Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-07-25 | 5.5 | CVE-2024-39670 [email protected] |
Huawei — HarmonyOS | Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-07-25 | 5.5 | CVE-2024-39671 [email protected] |
Huawei — HarmonyOS | Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-07-25 | 5.5 | CVE-2024-39674 [email protected] |
Huawei— HarmonyOS | Privilege escalation vulnerability in the NMS module Impact: Successful exploitation of this vulnerability will affect availability. | 2024-07-25 | 5.5 | CVE-2023-7271 [email protected] |
IBM–InfoSphere Information Server | IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719. | 2024-07-26 | 6 | CVE-2024-40689 [email protected] [email protected] |
IBM–Security Directory Integrator | IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645. | 2024-07-25 | 6.8 | CVE-2024-28772 [email protected] [email protected] |
IBM–Security Directory Integrator | IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565. | 2024-07-25 | 5.3 | CVE-2022-32759 [email protected] [email protected] |
ignitionwp–IgnitionDeck Crowdfunding Platform | The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wizard.php file. This makes it possible for authenticated attackers, with subscriber access or higher, to execute various AJAX actions. This includes actions to change the permalink structure, plugin settings and others. | 2024-07-27 | 5.4 | CVE-2024-4410 [email protected] [email protected] [email protected] |
J.N. Breetvelt a.k.a. OpaJaap — WP Photo Album Plus | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Reflected XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.00.002. | 2024-07-22 | 6.1 | CVE-2024-37416 [email protected] |
JetBrains–TeamCity | In JetBrains TeamCity before 2024.07 parameters of the “password” type could leak into the build log in some specific cases | 2024-07-22 | 6.4 | CVE-2024-41824 [email protected] |
JetBrains–TeamCity | In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab | 2024-07-22 | 4.6 | CVE-2024-41825 [email protected] |
Jethin — Gallery Slideshow | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Jethin Gallery Slideshow allows Stored XSS.This issue affects Gallery Slideshow: from n/a through 1.4.1. | 2024-07-22 | 5.4 | CVE-2024-37246 [email protected] |
kaptinlin Striking– kaptinlin Striking | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in kaptinlin Striking allows Reflected XSS.This issue affects Striking: from n/a through 2.3.4. | 2024-07-22 | 6.1 | CVE-2024-37267 [email protected] |
Kriesi.At — Enfold | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Kriesi.At Enfold allows Reflected XSS.This issue affects Enfold: from n/a through 5.6.9. | 2024-07-22 | 6.1 | CVE-2024-37199 [email protected] |
litespeedtech–LiteSpeed Cache | The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-07-24 | 6.1 | CVE-2024-3246 [email protected] [email protected] |
Maciej Bis — Permalink Manager Lite | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.3. | 2024-07-22 | 6.1 | CVE-2024-37257 [email protected] |
Martin Gibson — IdeaPush | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.60. | 2024-07-22 | 5.4 | CVE-2024-37265 [email protected] |
Mayur Somani, threeroutes media — Elegant Themes Icons | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Mayur Somani, threeroutes media Elegant Themes Icons allows Stored XSS.This issue affects Elegant Themes Icons: from n/a through 1.3. | 2024-07-22 | 5.4 | CVE-2024-37100 [email protected] |
MD-MAFUJUL-HASAN–Online-Payroll-Management-System | A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. It has been declared as critical. This vulnerability affects unknown code of the file /designation_viewmore.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-272446 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-26 | 6.3 | CVE-2024-7115 [email protected] [email protected] [email protected] [email protected] |
MD-MAFUJUL-HASAN–Online-Payroll-Management-System | A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. It has been rated as critical. This issue affects some unknown processing of the file /branch_viewmore.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-272447. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-26 | 6.3 | CVE-2024-7116 [email protected] [email protected] [email protected] [email protected] |
MD-MAFUJUL-HASAN–Online-Payroll-Management-System | A vulnerability classified as critical has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected is an unknown function of the file /shift_viewmore.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-272448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-26 | 6.3 | CVE-2024-7117 [email protected] [email protected] [email protected] [email protected] |
MD-MAFUJUL-HASAN–Online-Payroll-Management-System | A vulnerability classified as critical was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected by this vulnerability is an unknown functionality of the file /department_viewmore.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier VDB-272449 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-26 | 6.3 | CVE-2024-7118 [email protected] [email protected] [email protected] [email protected] |
MD-MAFUJUL-HASAN–Online-Payroll-Management-System | A vulnerability, which was classified as critical, has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected by this issue is some unknown functionality of the file /employee_viewmore.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-272450 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-26 | 6.3 | CVE-2024-7119 [email protected] [email protected] [email protected] [email protected] |
Michael Bester — Kimili Flash Embed | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Michael Bester Kimili Flash Embed allows Stored XSS.This issue affects Kimili Flash Embed: from n/a through 2.5.3. | 2024-07-22 | 5.4 | CVE-2024-37221 [email protected] |
Microsoft–Microsoft Edge (Chromium-based) | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | 2024-07-25 | 5.9 | CVE-2024-38103 [email protected] |
mohammed_kaludi–AMP for WP Accelerated Mobile Pages | The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-07-24 | 6.4 | CVE-2024-6896 [email protected] [email protected] [email protected] [email protected] |
Netgear–WN604 | A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-27 | 5.3 | CVE-2024-7153 [email protected] [email protected] [email protected] [email protected] |
NextScripts — NextScripts | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NextScripts allows Reflected XSS.This issue affects NextScripts: from n/a through 4.4.6. | 2024-07-22 | 6.1 | CVE-2024-37275 [email protected] |
NI–LabVIEW | An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file. This vulnerability affects LabVIEW 2024 Q1 and prior versions. | 2024-07-22 | 5.5 | CVE-2024-6638 [email protected] |
NI–SystemLink Server | An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service. | 2024-07-22 | 5.5 | CVE-2024-6122 [email protected] |
Nicdark — Restaurant Reservations | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 2.0. | 2024-07-22 | 5.4 | CVE-2024-37223 [email protected] |
Ninja Team — Ninja Beaver Add-ons for Beaver Builder | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Ninja Team Ninja Beaver Add-ons for Beaver Builder allows Stored XSS.This issue affects Ninja Beaver Add-ons for Beaver Builder: from n/a through 2.4.5. | 2024-07-22 | 5.4 | CVE-2024-37244 [email protected] |
nitesh_singh–Ultimate WordPress Auction Plugin | The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the ‘send_auction_email_callback’ and ‘resend_auction_email_callback’ functions in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to craft emails that include links and send to any email address. | 2024-07-27 | 5.8 | CVE-2024-6591 [email protected] [email protected] [email protected] |
Noor alam–Magical Addons For Elementor | Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor.This issue affects Magical Addons For Elementor: from n/a through 1.1.41. | 2024-07-22 | 4.9 | CVE-2024-38730 [email protected] |
Octopus Deploy–Octopus Server | In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text. | 2024-07-25 | 6.5 | CVE-2024-6972 [email protected] |
openedx–edx-platform | The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available when the uploader uses versions master, palm, olive, nutmeg, maple, lilac, koa, or juniper. The patch in commit cb729a3ced0404736dfa0ae768526c82b608657b ensures that cohorts data uploaded to AWS S3 buckets is written with a private ACL. Beyond patching, deployers should also ensure that existing cohorts uploads have a private ACL, or that other precautions are taken to avoid public access. | 2024-07-25 | 5.3 | CVE-2024-41806 [email protected] [email protected] |
opf–openproject | OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the “Login required” setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProject user’s account. This vulnerability affects default packaged installation of OpenProject without any additional configuration or modules on Apache (such as mod_security, manually setting a host name, having a fallthrough VirtualHost). It might also affect other installations that did not take care to fix the HOST/X-Forwarded-Host headers. Version 14.3.0 includes stronger protections for the hostname from within the application using the HostAuthorization middleware of Rails to reject any requests with a host name that does not match the configured one. Also, all generated links by the application are now ensured to use the built-in hostname. Users who aren’t able to upgrade immediately may use mod_security for Apache2 or manually fix the Host and X-Forwarded-Host headers in their proxying application before reaching the application server of OpenProject. Alternatively, they can manually apply the patch to opt-in to host header protections in previous versions of OpenProject. | 2024-07-25 | 4.7 | CVE-2024-41801 [email protected] [email protected] [email protected] |
paritydiscounts–ParityPress Parity Pricing with Discount Rules | The ParityPress – Parity Pricing with Discount Rules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘Discount Text’ in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-07-27 | 5.5 | CVE-2024-6661 [email protected] [email protected] [email protected] |
PBN Hosting SL — Page Builder Sandwich – Front-End Page Builder | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in PBN Hosting SL Page Builder Sandwich – Front-End Page Builder allows Stored XSS.This issue affects Page Builder Sandwich – Front-End Page Builder: from n/a through 5.1.0. | 2024-07-22 | 5.4 | CVE-2024-37219 [email protected] |
piotnetdotcom–Piotnet Addons For Elementor | The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.29 via the ‘pafe_posts_list’ function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and excerpts of future, draft, and pending blog posts. | 2024-07-27 | 5.3 | CVE-2024-5614 [email protected] [email protected] [email protected] |
plugins360–All-in-One Video Gallery | The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-07-24 | 6.4 | CVE-2024-6629 [email protected] [email protected] [email protected] [email protected] [email protected] |
Pratik Chaskar — Cards for Beaver Builder | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Pratik Chaskar Cards for Beaver Builder.This issue affects Cards for Beaver Builder: from n/a through 1.1.4. | 2024-07-22 | 5.4 | CVE-2024-37278 [email protected] |
ProWCPlugins– Empty Cart Button for WooCommerce | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8. | 2024-07-22 | 5.4 | CVE-2024-37217 [email protected] |
Raisecom–MSG1200 | A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451. | 2024-07-26 | 6.3 | CVE-2024-7120 [email protected] [email protected] [email protected] [email protected] |
Rami Yushuvaev — Sketchfab Embed | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Rami Yushuvaev Sketchfab Embed allows Stored XSS.This issue affects Sketchfab Embed: from n/a through 1.5. | 2024-07-22 | 5.4 | CVE-2024-37216 [email protected] |
Red Hat — Red Hat OpenShift Container Platform 3.11 | A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user’s credentials. As a result, unauthenticated users can access this endpoint. | 2024-07-24 | 6.5 | CVE-2024-7079 [email protected] [email protected] |
Red Hat–Red Hat OpenShift Container Platform 3.11 | A flaw was found in the Openshift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider (“openShiftAuth”) is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification. | 2024-07-26 | 5.3 | CVE-2024-7128 [email protected] [email protected] |
robosoft — Photo Gallery, Images, Slider in Rbs Image Gallery | The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the Gallery title field in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-07-24 | 5.4 | CVE-2024-3896 [email protected] [email protected] |
Siemens–CPCI85 Central Processing/Communication | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities. | 2024-07-22 | 6.5 | CVE-2024-39601 [email protected] |
sinatrateam — Sinatra | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in sinatrateam Sinatra allows Stored XSS.This issue affects Sinatra: from n/a through 1.3. | 2024-07-22 | 5.4 | CVE-2024-37116 [email protected] |
SixLabors–ImageSharp | ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9. | 2024-07-22 | 5.3 | CVE-2024-41132 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
Social Rocket — Social Rocket | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Social Rocket allows Reflected XSS.This issue affects Social Rocket: from n/a through 1.3.3. | 2024-07-22 | 6.1 | CVE-2024-37258 [email protected] |
SourceCodester — Insurance Management System | A vulnerability classified as problematic has been found in SourceCodester Insurance Management System 1.0. This affects an unknown part of the file /Script/admin/core/update_sub_category. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272349 was assigned to this vulnerability. | 2024-07-24 | 4.6 | CVE-2024-7068 [email protected] [email protected] [email protected] [email protected] |
Spina–CMS | A vulnerability was found in Spina CMS up to 2.18.0. It has been classified as problematic. Affected is an unknown function of the file /admin/pages/. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272346 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-24 | 4.3 | CVE-2024-7065 [email protected] [email protected] [email protected] [email protected] |
Spina–CMS | A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/media_folders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272431. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-25 | 4.3 | CVE-2024-7106 [email protected] [email protected] [email protected] [email protected] |
Takashi Matsuyama — My Favorites | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Takashi Matsuyama My Favorites allows Stored XSS.This issue affects My Favorites: from n/a through 1.4.1. | 2024-07-22 | 5.4 | CVE-2024-37114 [email protected] |
Team Emilia — Projects Progress Planner | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Team Emilia Projects Progress Planner allows Stored XSS.This issue affects Progress Planner: from n/a through 0.9.2. | 2024-07-22 | 5.4 | CVE-2024-37422 [email protected] |
techjewel–Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder | The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-07-27 | 5.5 | CVE-2024-6518 [email protected] [email protected] [email protected] |
techjewel–Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder | The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-07-27 | 5.5 | CVE-2024-6520 [email protected] [email protected] [email protected] |
techjewel–Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder | The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-07-27 | 5.5 | CVE-2024-6521 [email protected] [email protected] [email protected] |
techjewel–Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder | The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and ‘btn_txt’ parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for attackers with the Form Manager permissions and Subscriber+ user role, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-07-27 | 4.9 | CVE-2024-6703 [email protected] [email protected] [email protected] |
thehappymonster–Happy Addons for Elementor | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-07-27 | 6.4 | CVE-2024-6627 [email protected] [email protected] [email protected] [email protected] |
Theme4Press — Demo Awesome | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Theme4Press Demo Awesome allows Reflected XSS.This issue affects Demo Awesome: from n/a through 1.0.1. | 2024-07-22 | 6.1 | CVE-2024-37206 [email protected] |
ThemeGrill — Esteem | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ThemeGrill Esteem allows Stored XSS.This issue affects Esteem: from n/a through 1.5.0. | 2024-07-22 | 6.1 | CVE-2024-37432 [email protected] |
ThemeLooks — Enter Addons | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ThemeLooks Enter Addons enteraddons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.6. | 2024-07-22 | 5.4 | CVE-2024-37263 [email protected] |
Themesgrove — WidgetKit | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.0. | 2024-07-22 | 5.4 | CVE-2024-37428 [email protected] |
themeum–Tutor LMS Migration Tool | The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses. | 2024-07-27 | 5.3 | CVE-2024-1798 [email protected] [email protected] |
themeum–Tutor LMS Migration Tool | The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses. | 2024-07-27 | 4.3 | CVE-2024-1804 [email protected] [email protected] |
thinkst–canarytokens | Canarytokens help track activity and actions on a network. Prior to `sha-8ea5315`, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users choose to receive alerts either via email or via a webhook. If a webhook is supplied when a Canarytoken is first created, the site will make a test request to the supplied URL to ensure it accepts alert notification HTTP requests. No safety checks were performed on the URL, leading to a Server-Side Request Forgery vulnerability. The SSRF is Blind because the content of the response is not displayed to the creating user; they are simply told whether an error occurred in making the test request. Using the Blind SSRF, it was possible to map out open ports for IPs inside the Canarytokens.org infrastructure. This issue is now patched on Canarytokens.org. Users of self-hosted Canarytokens installations can update by pulling the latest Docker image, or any Docker image after `sha-097d91a`. | 2024-07-23 | 5.4 | CVE-2024-41664 [email protected] |
Tianchoy–Blog | A vulnerability was found in Tianchoy Blog up to 1.8.8. It has been classified as critical. This affects an unknown part of the file /so.php. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272445 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-07-26 | 6.3 | CVE-2024-7114 [email protected] [email protected] [email protected] [email protected] |
tomdude–Intelligence | The Intelligence plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.0. This is due the plugin not preventing direct access to the /vendor/levelten/intel/realtime/index.php file and display_errors being enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-07-27 | 5.3 | CVE-2024-6573 [email protected] [email protected] [email protected] |
TracksApp–tracks | Tracks, a Getting Things Done (GTD) web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. Tracks version 2.7.1 is patched. No known complete workarounds are available. | 2024-07-26 | 6.1 | CVE-2024-41805 [email protected] [email protected] [email protected] [email protected] |
Uncanny Owl — Uncanny Automator Pro | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Uncanny Owl Uncanny Automator Pro allows Reflected XSS.This issue affects Uncanny Automator Pro: from n/a through 5.3. | 2024-07-22 | 6.1 | CVE-2024-37117 [email protected] |
UnitedThemes — Shortcodes by United Themes | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in UnitedThemes Shortcodes by United Themes allows Reflected XSS.This issue affects Shortcodes by United Themes: from n/a before 5.0.5. | 2024-07-22 | 6.1 | CVE-2024-37097 [email protected] |
vibhorchhabra–Campaign Monitor for WordPress | The Campaign Monitor for WordPress plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.8.15. This is due the plugin not properly restricting direct access to /forms/views/admin/create.php and display_errors being enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-07-27 | 5.3 | CVE-2024-6569 [email protected] [email protected] [email protected] |
Vsourz Digital — All In One Redirection | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.This issue affects All In One Redirection: from n/a through 2.2.0. | 2024-07-22 | 6.1 | CVE-2024-37245 [email protected] |
vue–vue | A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as `Object.prototype.staticClass` or `Object.prototype.staticStyle` to execute arbitrary JavaScript code. | 2024-07-23 | 4.8 | CVE-2024-6783 36c7be3b-2937-45df-85ea-ca7133ea542c |
wcproducttable–WooCommerce Product Table Lite | The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized post title modification due to a missing capability check on the wcpt_presets__duplicate_preset_to_table function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers with subscriber access and above to change titles of arbitrary posts. Missing sanitization can lead to Stored Cross-Site Scripting when viewed by an admin via the WooCommerce Product Table. | 2024-07-27 | 6.4 | CVE-2024-6458 [email protected] [email protected] [email protected] |
wibergsweb–Master Currency WP | The Master Currency WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s currencyconverterform shortcode in all versions up to, and including, 1.1.61 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-07-27 | 6.4 | CVE-2024-6634 [email protected] [email protected] |
WordPress — WordPress | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.2. | 2024-07-22 | 6.1 | CVE-2024-37262 [email protected] |
WordPress — WordPress | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin’s Magazine Grid/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-07-24 | 5.4 | CVE-2024-5818 [email protected] [email protected] |
WordPress — WordPress | The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack | 2024-07-22 | 5.4 | CVE-2024-6271 [email protected] |
WordPress — WordPress | The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | 2024-07-22 | 4.8 | CVE-2024-5004 [email protected] |
WordPress — WordPress | The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-07-22 | 4.8 | CVE-2024-5529 [email protected] |
WordPress — WordPress | The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled. | 2024-07-22 | 4.8 | CVE-2024-6243 [email protected] |
WP Extended — The Ultimate WordPress Toolkit – WP Extended | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 2.4.7. | 2024-07-22 | 6.1 | CVE-2024-37259 [email protected] |
WP Lab — WP-Lister Lite for Amazon | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Lab WP-Lister Lite for Amazon allows Reflected XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.16. | 2024-07-22 | 6.1 | CVE-2024-37261 [email protected] |
WP MEDIA SAS–Search & Replace | Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace.This issue affects Search & Replace: from n/a through 3.2.2. | 2024-07-22 | 5.4 | CVE-2024-38759 [email protected] |
wpchill–Optimize Images ALT Text (alt tag) & names for SEO using AI | The Optimize Images ALT Text (alt tag) & names for SEO using AI plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.1. This is due the plugin utilizing cocur and not preventing direct access to the generate-default.php file. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-07-24 | 5.3 | CVE-2024-6571 [email protected] [email protected] |
wpdevelop–WP Booking Calendar | The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ attribute within the plugin’s bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-07-24 | 6.4 | CVE-2024-6930 [email protected] [email protected] [email protected] [email protected] |
wpexpertsio–WP EasyPay Square for WordPress | The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect square. | 2024-07-24 | 5.3 | CVE-2024-5861 [email protected] [email protected] [email protected] [email protected] |
WPMU — DEV Branda | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17. | 2024-07-22 | 4.8 | CVE-2024-37239 [email protected] |
WPWeb–Social Auto Poster | The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options. | 2024-07-24 | 6.3 | CVE-2024-6751 [email protected] [email protected] |
WPWeb–Social Auto Poster | The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_name’ parameter in the ‘wpw_auto_poster_map_wordpress_post_type’ AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-07-24 | 6.4 | CVE-2024-6752 [email protected] [email protected] |
WPWeb–Social Auto Poster | The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpw_auto_poster_quick_delete_multiple’ function in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to delete arbitrary posts. | 2024-07-24 | 6.5 | CVE-2024-6755 [email protected] [email protected] |
WPWeb–Social Auto Poster | The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpw_auto_poster_update_tweet_template’ function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary post metadata. | 2024-07-24 | 5.4 | CVE-2024-6754 [email protected] [email protected] |
Zyxel–WBE660S firmware | The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device. | 2024-07-23 | 6.5 | CVE-2024-1575 [email protected] |
Michael Nelson — Print My Blog | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Michael Nelson Print My Blog allows Stored XSS.This issue affects Print My Blog: from n/a through 3.27.0. | 2024-07-22 | 4.8 | CVE-2024-37271 [email protected] |
N/A — N/A | In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms. | 2024-07-22 | 5.3 | CVE-2024-40430 [email protected] |
N/A — N/A | An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes | 2024-07-24 | 5.5 | CVE-2024-40575 [email protected] [email protected] |
N/A — N/A | Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the “administer fields” permission. | 2024-07-22 | 4.8 | CVE-2024-41709 [email protected] |
N/A — N/A | SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files. | 2024-07-26 | 5.8 | CVE-2024-42007 [email protected] |
N/A — N/A | An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | 2024-07-25 | 4.8 | CVE-2024-41707 [email protected] [email protected] |
Low Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
Ankitects–Anki | A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability. | 2024-07-22 | 3.1 | CVE-2024-32152 [email protected] |
Connectivity Standards Alliance–connectedhomeip | An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information. | 2024-07-24 | 3.5 | CVE-2024-3454 [email protected] |
GitLab–GitLab | A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits. | 2024-07-24 | 2.7 | CVE-2024-0231 [email protected] [email protected] |
GitLab–GitLab | An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export. | 2024-07-24 | 2.6 | CVE-2024-7060 [email protected] |
IBM–InfoSphere Information Server | IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727. | 2024-07-24 | 2.4 | CVE-2024-37533 [email protected] [email protected] |
JetBrains–TeamCity | In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page | 2024-07-22 | 3.5 | CVE-2024-41826 [email protected] |
JetBrains–TeamCity | In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection | 2024-07-22 | 3.5 | CVE-2024-41829 [email protected] |
JetBrains–TeamCity | In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time | 2024-07-22 | 2.6 | CVE-2024-41828 [email protected] |
Lenovo–Tab K10 | An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a specially crafted application to keep the device on. | 2024-07-26 | 2.8 | CVE-2024-4786 [email protected] |
Octopus Deploy–Octopus Server | In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts. | 2024-07-25 | 2.2 | CVE-2024-4811 [email protected] |
thinkst–canarytokens | Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the “Cloned Website” Canarytoken, whereby the Canarytoken’s creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of their slow redirect token. When the creator later browses the management page for their own Canarytoken, the Javascript executes. This is a self-XSS. An attacker could create a Canarytoken with this self-XSS, and send the management link to a victim. When they click on it, the Javascript would execute. However, no sensitive information (ex. session information) will be disclosed to the malicious actor. This issue is now patched on Canarytokens.org. Users of self-hosted Canarytokens installations can update by pulling the latest Docker image, or any Docker image after `sha-097d91a`. | 2024-07-23 | 3.5 | CVE-2024-41663 [email protected] |
Severity Not Yet Assigned
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
Android–Telegram for Android | EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older. | 2024-07-23 | not yet calculated | CVE-2024-7014 [email protected] |
Apache Software Foundation–Apache Arrow Rust Object Store | Exposure of temporary credentials in logs in Apache Arrow Rust Object Store (`object_store` crate), version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html . This allows someone with access to the logs to impersonate that identity, including performing their own calls to AssumeRoleWithWebIdentity, until the OIDC token expires. Typically OIDC tokens are valid for up to an hour, although this will vary depending on the issuer. Users are recommended to use a different AWS authentication mechanism, disable logging or upgrade to version 0.10.2, which fixes this issue. Details: When using AWS WebIdentityTokens with the object_store crate, in the event of a failure and automatic retry, the underlying reqwest error, including the full URL with the credentials, potentially in the parameters, is written to the logs. Thanks to Paul Hatcherian for reporting this vulnerability | 2024-07-23 | not yet calculated | CVE-2024-41178 [email protected] [email protected] |
Apache Software Foundation–Apache Drill | XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue. | 2024-07-24 | not yet calculated | CVE-2023-48362 [email protected] [email protected] |
Apache Software Foundation–Apache Pinot | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0Â and configure RBAC, which fixes the issue. Details:Â When using a request to path “/appconfigs” to the controller, it can lead to the disclosure of sensitive information such as system information (e.g. arch, os version), environment information (e.g. maxHeapSize) and Pinot configurations (e.g. zookeeper path). This issue was addressed by the Role-based Access Control https://docs.pinot.apache.org/operators/tutorials/authentication/basic-auth-access-control , so that /appConfigs` and all other APIs can be access controlled. Only authorized users have access to it. Note the user needs to add the admin role accordingly to the RBAC guide to control access to this endpoint, and in the future version of Pinot, a default admin role is planned to be added. | 2024-07-24 | not yet calculated | CVE-2024-39676 [email protected] |
Apache Software Foundation–Apache RocketMQ | For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regular user privileges or listed in the IP whitelist, could potentially acquire the administrator’s account and password through specific interfaces. Such an action would grant them full control over RocketMQ, provided they have access to the broker IP address list. To mitigate these security threats, it is strongly advised that users upgrade to version 5.3.0 or newer. Additionally, we recommend users to use RocketMQ ACL 2.0 instead of the original RocketMQ ACL when upgrading to version Apache RocketMQ 5.3.0. | 2024-07-22 | not yet calculated | CVE-2024-23321 [email protected] [email protected] |
Apache Software Foundation–Apache Roller | Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3. This issue affects Apache Roller: from 5.0.0 before 6.1.3. Users are recommended to upgrade to version 6.1.3, which fixes the issue. | 2024-07-26 | not yet calculated | CVE-2024-25090 [email protected] |
Apache Software Foundation–Apache StreamPark | On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns “Authorization” as the front-end authentication credential. “Authorization” can still initiate requests and access data even after logout. Mitigation: all users should upgrade to 2.1.4 | 2024-07-23 | not yet calculated | CVE-2024-29070 [email protected] |
Apache Software Foundation–Apache StreamPark | On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone’s user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4 | 2024-07-22 | not yet calculated | CVE-2024-34457 [email protected] [email protected] |
Apache Software Foundation–Apache Syncope | When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to version 3.0.8, which fixes this issue. | 2024-07-22 | not yet calculated | CVE-2024-38503 [email protected] [email protected] |
Apache Software Foundation–Apache Traffic Server | Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. | 2024-07-26 | not yet calculated | CVE-2023-38522 [email protected] |
Apache Software Foundation–Apache Traffic Server | Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. | 2024-07-26 | not yet calculated | CVE-2024-35161 [email protected] |
Apache Software Foundation–Apache Traffic Server | Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. | 2024-07-26 | not yet calculated | CVE-2024-35296 [email protected] |
Atlassian–Bitbucket Data Center | There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the supported fixed versions. | 2024-07-24 | not yet calculated | CVE-2024-21684 [email protected] |
Automationanywhere–Automation 360 | Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server. | 2024-07-26 | not yet calculated | CVE-2024-6922 [email protected] |
curl–curl | libcurl’s ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances. | 2024-07-24 | not yet calculated | CVE-2024-6197 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 |
curl–curl | libcurl’s URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the *macidn* IDN backend. The conversion function then fills up the provided buffer exactly – but does not null terminate the string. This flaw can lead to stack contents accidently getting returned as part of the converted string. | 2024-07-24 | not yet calculated | CVE-2024-6874 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 |
GStreamer–ORC | Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer’s build environment. This may lead to compromise of developer machines or CI build environments. | 2024-07-26 | not yet calculated | CVE-2024-40897 [email protected] [email protected] [email protected] [email protected] |
Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. Separately, posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle). After the bug has been triggered, use-after-free reads will occur in lock_get_status() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can’t corrupt kernel memory. Fix it by calling locks_remove_posix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and files_struct and is also used by filp_flush(). | 2024-07-23 | not yet calculated | CVE-2024-41012 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
OpenText–OpenText Directory Services | Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2. | 2024-07-26 | not yet calculated | CVE-2024-7050 [email protected] |
PerkinElmer–ProcessPlus | Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0. | 2024-07-22 | not yet calculated | CVE-2024-6911 [email protected] [email protected] |
PerkinElmer–ProcessPlus | Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0. | 2024-07-22 | not yet calculated | CVE-2024-6912 [email protected] [email protected] |
PerkinElmer–ProcessPlus | Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windows system.This issue affects ProcessPlus: through 1.11.6507.0. | 2024-07-22 | not yet calculated | CVE-2024-6913 [email protected] [email protected] |
Positron S.R.L–Broadcast Signal Processor TRA7005 | Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application. | 2024-07-25 | not yet calculated | CVE-2024-7007 [email protected] |
SyroTech–SyroTech SY-GPON-1110-WDONT router | This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router’s web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and compromise the targeted system. | 2024-07-26 | not yet calculated | CVE-2024-41684 [email protected] |
SyroTech–SyroTech SY-GPON-1110-WDONT router | This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router’s web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and obtain sensitive information on the targeted system. | 2024-07-26 | not yet calculated | CVE-2024-41685 [email protected] |
SyroTech–SyroTech SY-GPON-1110-WDONT router | This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats. | 2024-07-26 | not yet calculated | CVE-2024-41686 [email protected] |
SyroTech–SyroTech SY-GPON-1110-WDONT router | This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system. | 2024-07-26 | not yet calculated | CVE-2024-41687 [email protected] |
SyroTech–SyroTech SY-GPON-1110-WDONT router | This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router’s firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system. | 2024-07-26 | not yet calculated | CVE-2024-41688 [email protected] |
SyroTech–SyroTech SY-GPON-1110-WDONT router | This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router’s firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WPA/ WPS credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to bypass WPA/ WPS and gain access to the Wi-Fi network of the targeted system. | 2024-07-26 | not yet calculated | CVE-2024-41689 [email protected] |
SyroTech–SyroTech SY-GPON-1110-WDONT router | This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and password credentials in plaintext within the router’s firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext default credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system. | 2024-07-26 | not yet calculated | CVE-2024-41690 [email protected] |
SyroTech–SyroTech SY-GPON-1110-WDONT router | This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router’s firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext FTP credentials from the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the FTP server associated with the targeted system. | 2024-07-26 | not yet calculated | CVE-2024-41691 [email protected] |
SyroTech–SyroTech SY-GPON-1110-WDONT router | This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands with root privileges on the targeted system. | 2024-07-26 | not yet calculated | CVE-2024-41692 [email protected] |
Ubiquiti–UniFi U6+ Access Point | A misconfiguration on UniFi U6+ Access Point could cause an incorrect VLAN traffic forwarding to APs meshed to UniFi U6+ Access Point. Affected Products: UniFi U6+ Access Point (Version 6.6.65 and earlier) Mitigation: Update your UniFi U6+ Access Point to Version 6.6.74 or later. | 2024-07-22 | not yet calculated | CVE-2024-37380 [email protected] |
Unknown–Hide My WP Ghost | The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. | 2024-07-23 | not yet calculated | CVE-2024-6420 [email protected] |
Unknown–Master Slider | During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10. | 2024-07-26 | not yet calculated | CVE-2024-6490 [email protected] |
Unknown–Page Builder Gutenberg Blocks | The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. | 2024-07-23 | not yet calculated | CVE-2024-4260 [email protected] |
Unknown–Request a Quote | The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-07-23 | not yet calculated | CVE-2024-6231 [email protected] |
Unknown–WP ULike | The WP ULike WordPress plugin before 4.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-07-24 | not yet calculated | CVE-2024-6094 [email protected] |
n/a–n/a | Directory Traversal vulnerability in Punkbuster pbsv.d64 2.351, allows remote attackers to execute arbitrary code. | 2024-07-22 | not yet calculated | CVE-2020-24102 [email protected] |
n/a–n/a | Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method. | 2024-07-26 | not yet calculated | CVE-2023-50700 [email protected] [email protected] [email protected] |
n/a–n/a | An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component. | 2024-07-26 | not yet calculated | CVE-2024-24257 [email protected] |
n/a–n/a | Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component. | 2024-07-22 | not yet calculated | CVE-2024-24507 [email protected] |
n/a–n/a | An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets. | 2024-07-26 | not yet calculated | CVE-2024-26520 [email protected] |
n/a–n/a | An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins. | 2024-07-26 | not yet calculated | CVE-2024-27357 [email protected] |
n/a–n/a | An issue was discovered in WithSecure Elements Agent through 23.x for macOS and WithSecure Elements Client Security through 23.x for macOS. Local users can block an admin from completing an installation, aka a Denial-of-Service (DoS). | 2024-07-26 | not yet calculated | CVE-2024-27358 [email protected] |
n/a–n/a | Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component. | 2024-07-22 | not yet calculated | CVE-2024-28698 [email protected] [email protected] |
n/a–n/a | Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.4 and earlier allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload. | 2024-07-22 | not yet calculated | CVE-2024-34329 [email protected] [email protected] |
n/a–n/a | Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account’s token. | 2024-07-24 | not yet calculated | CVE-2024-36533 [email protected] |
n/a–n/a | Insecure permissions in hwameistor v0.14.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account’s token. | 2024-07-24 | not yet calculated | CVE-2024-36534 [email protected] |
n/a–n/a | Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account’s token. | 2024-07-24 | not yet calculated | CVE-2024-36535 [email protected] |
n/a–n/a | Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account’s token. | 2024-07-24 | not yet calculated | CVE-2024-36536 [email protected] |
n/a–n/a | Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and escalate privileges by obtaining the service account’s token. | 2024-07-24 | not yet calculated | CVE-2024-36537 [email protected] |
n/a–n/a | Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account’s token. | 2024-07-24 | not yet calculated | CVE-2024-36538 [email protected] |
n/a–n/a | Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account’s token. | 2024-07-24 | not yet calculated | CVE-2024-36539 [email protected] |
n/a–n/a | Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account’s token. | 2024-07-24 | not yet calculated | CVE-2024-36540 [email protected] |
n/a–n/a | Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account’s token. | 2024-07-25 | not yet calculated | CVE-2024-36542 [email protected] |
n/a–n/a | An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure. | 2024-07-26 | not yet calculated | CVE-2024-37034 [email protected] |
n/a–n/a | The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator’s password to a random insecure 8-digit value. | 2024-07-25 | not yet calculated | CVE-2024-38287 [email protected] [email protected] |
n/a–n/a | A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root. | 2024-07-25 | not yet calculated | CVE-2024-38288 [email protected] [email protected] |
n/a–n/a | A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input. | 2024-07-25 | not yet calculated | CVE-2024-38289 [email protected] [email protected] |
n/a–n/a | An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component. | 2024-07-22 | not yet calculated | CVE-2024-38944 [email protected] |
n/a–n/a | EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface. | 2024-07-22 | not yet calculated | CVE-2024-39250 [email protected] |
n/a–n/a | In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service with relatively few incoming requests. This vulnerability only exists in the OpenResty fork in the openresty/luajit2 GitHub repository. The LuaJIT/LuaJIT repository. is unaffected. | 2024-07-23 | not yet calculated | CVE-2024-39702 [email protected] |
n/a–n/a | IP Guard v4.81.0307.0 was discovered to contain an arbitrary file read vulnerability via the file name parameter. | 2024-07-22 | not yet calculated | CVE-2024-40051 [email protected] |
n/a–n/a | Laravel v11.x was discovered to contain an XML External Entity (XXE) vulnerability. | 2024-07-22 | not yet calculated | CVE-2024-40075 [email protected] |
n/a–n/a | An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files. | 2024-07-26 | not yet calculated | CVE-2024-40116 [email protected] |
n/a–n/a | Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. | 2024-07-26 | not yet calculated | CVE-2024-40117 [email protected] [email protected] |
n/a–n/a | Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function. | 2024-07-24 | not yet calculated | CVE-2024-40137 [email protected] |
n/a–n/a | An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file. | 2024-07-25 | not yet calculated | CVE-2024-40318 [email protected] |
n/a–n/a | A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation. | 2024-07-25 | not yet calculated | CVE-2024-40324 [email protected] |
n/a–n/a | Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component. | 2024-07-26 | not yet calculated | CVE-2024-40433 [email protected] |
n/a–n/a | A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function. | 2024-07-24 | not yet calculated | CVE-2024-40495 [email protected] [email protected] [email protected] |
n/a–n/a | SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote attacker to execute arbitrary code via the btn_login_b_Click function of the Loginpage.aspx | 2024-07-22 | not yet calculated | CVE-2024-40502 [email protected] [email protected] [email protected] |
n/a–n/a | In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file’s contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498. | 2024-07-24 | not yet calculated | CVE-2024-40767 [email protected] [email protected] [email protected] [email protected] |
n/a–n/a | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. | 2024-07-22 | not yet calculated | CVE-2024-41314 [email protected] [email protected] |
n/a–n/a | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | 2024-07-22 | not yet calculated | CVE-2024-41315 [email protected] [email protected] |
n/a–n/a | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. | 2024-07-22 | not yet calculated | CVE-2024-41316 [email protected] [email protected] |
n/a–n/a | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. | 2024-07-22 | not yet calculated | CVE-2024-41317 [email protected] [email protected] |
n/a–n/a | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. | 2024-07-22 | not yet calculated | CVE-2024-41318 [email protected] [email protected] |
n/a–n/a | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function. | 2024-07-22 | not yet calculated | CVE-2024-41320 [email protected] [email protected] |
n/a–n/a | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php | 2024-07-26 | not yet calculated | CVE-2024-41353 [email protected] |
n/a–n/a | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php | 2024-07-26 | not yet calculated | CVE-2024-41354 [email protected] |
n/a–n/a | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php. | 2024-07-26 | not yet calculated | CVE-2024-41355 [email protected] |
n/a–n/a | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-network.php. | 2024-07-26 | not yet calculated | CVE-2024-41356 [email protected] |
n/a–n/a | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php. | 2024-07-26 | not yet calculated | CVE-2024-41357 [email protected] |
n/a–n/a | ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php. | 2024-07-26 | not yet calculated | CVE-2024-41373 [email protected] |
n/a–n/a | ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php | 2024-07-26 | not yet calculated | CVE-2024-41374 [email protected] |
n/a–n/a | ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.php | 2024-07-26 | not yet calculated | CVE-2024-41375 [email protected] |
n/a–n/a | Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand | 2024-07-25 | not yet calculated | CVE-2024-41468 [email protected] |
n/a–n/a | Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac | 2024-07-25 | not yet calculated | CVE-2024-41473 [email protected] |
n/a–n/a | CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_invoice_items.php?id= . | 2024-07-24 | not yet calculated | CVE-2024-41550 [email protected] |
n/a–n/a | Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API. | 2024-07-26 | not yet calculated | CVE-2024-41628 [email protected] [email protected] [email protected] [email protected] |
n/a–n/a | In veilid-core in Veilid before 0.3.4, the protocol’s ping function can be misused in a way that decreases the effectiveness of safety and private routes. | 2024-07-22 | not yet calculated | CVE-2024-41880 [email protected] |
n/a–n/a | xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyprland) before 1.3.3 allows OS command execution, e.g., because single quotes are not used when sending a list of app IDs and titles via the environment. | 2024-07-27 | not yet calculated | CVE-2024-42029 [email protected] [email protected] [email protected] |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.