US-CERT Vulnerability Summary for the Week of September 30, 2024

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
n/a–n/a
 
An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication.2024-09-3010CVE-2024-42017
[email protected]
[email protected]
 
Cisco–Cisco Data Center Network Manager
 
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device.   This vulnerability is due to improper user authorization and insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted commands to an affected REST API endpoint or through the web UI. A successful exploit could allow the attacker to execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network-admin privileges.   Note: This vulnerability does not affect Cisco NDFC when it is configured for storage area network (SAN) controller deployment.2024-10-029.9CVE-2024-20432
[email protected]
 
n/a–n/a
 
The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges.2024-10-019CVE-2024-25660
[email protected]
 
Schneider Elektronik–Series 700
 
An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.2024-10-029.1CVE-2024-35293
[email protected]
 
n/a–n/a
 
A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their email for authorization after entering their login credentials. However, the request limiting mechanism can be easily bypassed, enabling attackers to perform a brute force attack to guess the correct PIN and gain unauthorized access to the application.2024-10-019.8CVE-2024-41276
[email protected]
[email protected]
 
Optigo Networks–ONS-S8 Spectra Aggregation Switch
 
The web service for ONS-S8 – Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code.2024-10-039.8CVE-2024-41925
[email protected]
 
n/a–n/a
 
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session.2024-10-019.1CVE-2024-42514
[email protected]
[email protected]
[email protected]
 
Delta Electronics–DIAEnergie
 
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.2024-10-039.8CVE-2024-43699
[email protected]
[email protected]
 
Vmaxstudio–Vmax Project Manager
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Vmaxstudio Vmax Project Manager allows PHP Local File Inclusion, Code Injection.This issue affects Vmax Project Manager: from n/a through 1.0.2024-10-059.6CVE-2024-44014
[email protected]
 
Google–Android
 
According to the researcher: “The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server.”2024-10-029.8CVE-2024-44097
[email protected]
 
n/a–n/a
 
FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials.2024-10-029.8CVE-2024-45186
[email protected]
 
Cavok–Cavok
 
Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)2024-10-069.8CVE-2024-45249
[email protected]
 
Elsight–Halo version 11.7.1.5
 
Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)2024-10-069.8CVE-2024-45251
[email protected]
 
Elsight–Halo version 11.7.1.5
 
Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)2024-10-069.8CVE-2024-45252
[email protected]
 
Optigo Networks–ONS-S8 Spectra Aggregation Switch
 
The web server for ONS-S8 – Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password.2024-10-039.1CVE-2024-45367
[email protected]
 
zimbra — collaboration
 
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.2024-10-029.8CVE-2024-45519
[email protected]
[email protected]
 
n/a–n/a
 
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether the user is logged in as an admin or even check for a session token at all.2024-09-309.8CVE-2024-46293
[email protected]
 
YITH–YITH WooCommerce Ajax Search
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in YITH YITH WooCommerce Ajax Search allows SQL Injection.This issue affects YITH WooCommerce Ajax Search: from n/a through 2.8.0.2024-10-069.3CVE-2024-47350
[email protected]
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges.2024-09-309.8CVE-2024-8450
[email protected]
[email protected]
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices.2024-09-309.8CVE-2024-8456
[email protected]
[email protected]
 
xunhuweb–Wechat Social login QQ
 
The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. This is due to insufficient verification on the user being supplied during the social login. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This is only exploitable if the app secret is not set, so it has a default empty value.2024-10-019.8CVE-2024-9106
[email protected]
[email protected]
 
xunhuweb–Wechat Social login QQ
 
The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘convert_remoteimage_to_local’ function in versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.2024-10-019.8CVE-2024-9108
[email protected]
[email protected]
 
CodeRevolution–Echo RSS Feed Post Generator
 
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echo_check_post_header_sent() function. This makes it possible for unauthenticated attackers to register as an administrator.2024-10-019.8CVE-2024-9265
[email protected]
[email protected]
 
RedefiningTheWeb–WordPress & WooCommerce Affiliate Program
 
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callback() function not properly validating a user’s identity prior to authenticating them to the site. This makes it possible for unauthenticated attackers to log in as any user, including administrators, granted they have access to the administrator’s email.2024-10-019.8CVE-2024-9289
[email protected]
[email protected]
 
code-projects — restaurant_reservation_system
 
A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.2024-10-019.8CVE-2024-9359
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
code-projects — restaurant_reservation_system
 
A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-019.8CVE-2024-9360
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Mozilla–Firefox
 
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.2024-10-019.8CVE-2024-9392
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Mozilla–Firefox
 
Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.2024-10-019.8CVE-2024-9401
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Mozilla–Firefox
 
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.2024-10-019.8CVE-2024-9402
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Linear–eMerge e3-Series
 
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.2024-10-029.8CVE-2024-9441
[email protected]
[email protected]
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin.2024-10-028.8CVE-2024-20393
[email protected]
 
Cisco–Cisco Data Center Network Manager
 
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary&nbsp;code in a specific container with the privileges of root.2024-10-028.8CVE-2024-20449
[email protected]
 
Cisco–Cisco Meraki MX Firmware
 
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.2024-10-028.6CVE-2024-20498
[email protected]
 
Cisco–Cisco Meraki MX Firmware
 
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.2024-10-028.6CVE-2024-20499
[email protected]
 
Cisco–Cisco Meraki MX Firmware
 
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.2024-10-028.6CVE-2024-20501
[email protected]
 
n/a–uplot
 
Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.2024-10-018.2CVE-2024-21489
[email protected]
[email protected]
[email protected]
 
elabftw–elabftw
 
eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The vulnerability allows a regular user to become administrator of a team where they are a member, under a reasonable configuration. Additionally, in eLabFTW versions subsequent to v5.0.0, the vulnerability may allow an initially unauthenticated user to gain administrative privileges over an arbitrary team. The vulnerability does not affect system administrator status. Users should upgrade to version 5.1.0. System administrators are advised to turn off local user registration, saml_team_create and not allow administrators to import users into teams, unless strictly required.2024-10-018.6CVE-2024-25632
[email protected]
 
n/a–n/a
 
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials.2024-09-308.8CVE-2024-28809
[email protected]
 
n/a–n/a
 
An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management network interface) with hardcoded credentials allows attackers to access the appliance operating system (with highest privileges) via an SSH connection.2024-09-308.8CVE-2024-28812
[email protected]
 
n/a–n/a
 
An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpected network interface.2024-09-308.4CVE-2024-28813
[email protected]
 
Foxit–Foxit Reader
 
A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.2024-10-028.8CVE-2024-28888
[email protected]
[email protected]
 
GNOME Project–G Structured File Library (libgsf)
 
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.2024-10-038.4CVE-2024-36474
[email protected]
[email protected]
 
n/a–n/a
 
FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie’s component.2024-10-028.1CVE-2024-41290
[email protected]
 
n/a–n/a
 
A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component.2024-10-038CVE-2024-41586
[email protected]
[email protected]
 
n/a–n/a
 
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests.2024-10-038.8CVE-2024-41589
[email protected]
[email protected]
 
n/a–n/a
 
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.2024-10-038CVE-2024-41592
[email protected]
[email protected]
 
n/a–n/a
 
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations.2024-10-038CVE-2024-41595
[email protected]
[email protected]
 
n/a–n/a
 
Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.2024-10-038CVE-2024-41596
[email protected]
[email protected]
 
GNOME Project–G Structured File Library (libgsf)
 
An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.2024-10-038.4CVE-2024-42415
[email protected]
[email protected]
 
Delta Electronics–DIAEnergie
 
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.2024-10-038.8CVE-2024-42417
[email protected]
[email protected]
 
ABCApp Creator–ABCApp Creator
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ABCApp Creator allows PHP Local File Inclusion.This issue affects ABCApp Creator: from n/a through 1.1.2.2024-10-058.1CVE-2024-44023
[email protected]
 
Apple–iTunes for Windows
 
A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges.2024-10-028.4CVE-2024-44193
[email protected]
 
apache — lucene
 
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene’s replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. Java serialization filters (such as -Djdk.serialFilter=’!*’ on the commandline) can mitigate the issue on vulnerable versions without impacting functionality.2024-09-308CVE-2024-45772
[email protected]
 
n/a–n/a
 
Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function.2024-10-018CVE-2024-46080
[email protected]
 
n/a–n/a
 
Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function.2024-10-018CVE-2024-46084
[email protected]
[email protected]
 
n/a–n/a
 
PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them.2024-09-308.8CVE-2024-46280
[email protected]
 
n/a–n/a
 
TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm.2024-09-308CVE-2024-46313
[email protected]
 
n/a–n/a
 
OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload.2024-10-028.8CVE-2024-46626
[email protected]
 
parse-community–parse-server
 
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquires privileges of a specific role. This vulnerability is fixed in 6.5.9 and 7.3.0.2024-10-048.1CVE-2024-47183
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
SEIKO EPSON CORPORATION–Web Config
 
Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].2024-10-018.1CVE-2024-47295
[email protected]
[email protected]
 
Bit Apps–Bit Form Contact Form Plugin
 
Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form – Contact Form Plugin allows Code Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.10.2024-10-058CVE-2024-47319
[email protected]
 
Ex-Themes–WP Timeline Vertical and Horizontal timeline plugin
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through 3.6.7.2024-10-058.1CVE-2024-47323
[email protected]
 
NuGet–NuGetGallery
 
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim’s browser.2024-10-018.2CVE-2024-47604
[email protected]
[email protected]
[email protected]
 
Jenkins Project–Jenkins OpenId Connect Authentication Plugin
 
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.2024-10-028.1CVE-2024-47806
[email protected]
 
Jenkins Project–Jenkins OpenId Connect Authentication Plugin
 
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.2024-10-028.1CVE-2024-47807
[email protected]
 
ultrapressorg–Unseen Blog
 
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-10-018.8CVE-2024-7432
[email protected]
[email protected]
 
ultrapressorg–Empowerment
 
The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-10-018.8CVE-2024-7433
[email protected]
[email protected]
 
ultrapressorg–UltraPress
 
The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-10-018.8CVE-2024-7434
[email protected]
[email protected]
 
Canonical Ltd.–Juju
 
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.2024-10-028.7CVE-2024-7558
[email protected]
[email protected]
 
thimpress–WP Hotel Booking
 
The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.2024-10-028.8CVE-2024-7855
[email protected]
[email protected]
[email protected]
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell.2024-09-308.8CVE-2024-8448
[email protected]
[email protected]
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malicious website, allowing the attacker to impersonate the user and perform actions on their behalf, such as creating accounts.2024-09-308.8CVE-2024-8458
[email protected]
[email protected]
 
cagdasdag–KB Support WordPress Help Desk and Knowledge Base
 
The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in all versions up to, and including, 1.6.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple administrative actions, such as replying to arbitrary tickets, updating the status of any post, deleting any post, adding notes to tickets, flagging or unflagging tickets, and adding or removing ticket participants.2024-10-018.1CVE-2024-8548
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
HP, Inc.–HP One Agent Software
 
A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.2024-10-028CVE-2024-8733
[email protected]
 
Sophos–Sophos Intercept X
 
A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files.2024-10-028.8CVE-2024-8885
[email protected]
 
hahncgdev–WP Easy Gallery WordPress Gallery Plugin
 
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-10-018.8CVE-2024-9018
[email protected]
[email protected]
[email protected]
 
Tenable–Nessus Network Monitor
 
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.2024-09-308.4CVE-2024-9158
[email protected]
 
Canonical Ltd.–Authd
 
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.2024-10-038.8CVE-2024-9313
[email protected]
[email protected]
 
Mozilla–Firefox
 
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.2024-10-018.8CVE-2024-9396
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Mozilla–Firefox
 
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.2024-10-018.8CVE-2024-9400
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-048.8CVE-2024-9514
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. This affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-048.8CVE-2024-9515
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-058.8CVE-2024-9532
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-058.8CVE-2024-9533
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-058.8CVE-2024-9534
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.2024-10-058.8CVE-2024-9535
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-068.8CVE-2024-9549
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-068.8CVE-2024-9550
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formSetWanL2TP of the file /goform/formSetWanL2TP. The manipulation of the argument webpage leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.2024-10-068.8CVE-2024-9551
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been rated as critical. Affected by this issue is the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipulation of the argument webpage leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.2024-10-068.8CVE-2024-9552
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-068.8CVE-2024-9553
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasy_Wizard of the file /goform/formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.2024-10-068.8CVE-2024-9555
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-068.8CVE-2024-9556
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formSetWanPPPoE of the file /goform/formSetWanPPPoE. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-068.8CVE-2024-9557
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formSetWanPPTP of the file /goform/formSetWanPPTP. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-068.8CVE-2024-9558
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-068.8CVE-2024-9559
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-068.8CVE-2024-9561
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
D-Link–DIR-605L
 
A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-068.8CVE-2024-9562
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
PowerDNS–Recursor
 
An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service.2024-10-037.5CVE-2024-25590
[email protected]
 
n/a–n/a
 
In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory.2024-10-017.2CVE-2024-25659
[email protected]
 
n/a–n/a
 
In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users’ passwords by reading memory dumps of the desktop application.2024-10-017.7CVE-2024-25661
[email protected]
 
Esri–Portal
 
There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2. 11.1, 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files.2024-10-047.5CVE-2024-38040
[email protected]
 
Veertu–Anka Build
 
A privilege escalation vulnerability exists in the Veertu Anka Build 1.42.0. The vulnerability occurs during Anka node agent update. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.2024-10-037.8CVE-2024-39755
[email protected]
 
Veertu–Anka Build
 
A directory traversal vulnerability exists in the archive download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of arbitrary files. An attacker can make an unauthenticated HTTP request to exploit this vulnerability.2024-10-037.5CVE-2024-41163
[email protected]
 
decidim–decidim
 
Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8.2024-10-017.1CVE-2024-41673
[email protected]
[email protected]
 
Veertu–Anka Build
 
A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can result in a disclosure of arbitrary files. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.2024-10-037.5CVE-2024-41922
[email protected]
 
WP Ticket Ultra–WP Ticket Ultra Help Desk & Support Plugin
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in WP Ticket Ultra WP Ticket Ultra Help Desk & Support Plugin allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from n/a through 1.0.5.2024-10-057.5CVE-2024-44011
[email protected]
 
wpdev33–WP Newsletter Subscription
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in wpdev33 WP Newsletter Subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through 1.1.2024-10-057.5CVE-2024-44012
[email protected]
 
Innate Images LLC–VR Calendar
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Innate Images LLC VR Calendar allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through 2.4.0.2024-10-057.5CVE-2024-44013
[email protected]
 
Users Control–Users Control
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Users Control allows PHP Local File Inclusion.This issue affects Users Control: from n/a through 1.0.16.2024-10-057.5CVE-2024-44015
[email protected]
 
Mark Steadman–Podiant
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Mark Steadman Podiant allows PHP Local File Inclusion.This issue affects Podiant: from n/a through 1.1.2024-10-057.5CVE-2024-44016
[email protected]
 
MinHyeong Lim–MH Board
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in MinHyeong Lim MH Board allows PHP Local File Inclusion.This issue affects MH Board: from n/a through 1.3.2.1.2024-10-027.5CVE-2024-44017
[email protected]
 
Istmo Plugins–Instant Chat Floating Button for WordPress Websites
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Istmo Plugins Instant Chat Floating Button for WordPress Websites allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress Websites: from n/a through 1.0.5.2024-10-057.5CVE-2024-44018
[email protected]
 
Nicejob–NiceJob
 
Cross-Site Request Forgery (CSRF) vulnerability in Nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a before 3.6.5.2024-10-067.1CVE-2024-44028
[email protected]
 
David Garlitz–viala
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in David Garlitz viala allows Reflected XSS.This issue affects viala: from n/a through 1.3.1.2024-10-067.1CVE-2024-44029
[email protected]
 
Mestres do WP–Checkout Mestres WP
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Mestres do WP Checkout Mestres WP allows PHP Local File Inclusion.This issue affects Checkout Mestres WP: from n/a through 8.6.2024-10-027.2CVE-2024-44030
[email protected]
 
Martin Greenwood–WPSPX
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Martin Greenwood WPSPX allows PHP Local File Inclusion.This issue affects WPSPX: from n/a through 1.0.2.2024-10-057.5CVE-2024-44034
[email protected]
 
Diebold Nixdorf–Vynamic View prior
 
Diebold Nixdorf – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor2024-10-067.8CVE-2024-45245
[email protected]
 
Diebold Nixdorf–Vynamic View prior to v5.9.5
 
Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element2024-10-067.3CVE-2024-45246
[email protected]
 
Multi-DNC–Multi-DNC
 
Multi-DNC – CWE-35: Path Traversal: ‘…/…//’2024-10-067.5CVE-2024-45248
[email protected]
 
elabftw–elabftw
 
eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something disabled by default), this extends to anyone. Users are advised to upgrade to at least version 5.1.0. System administrators can disable anonymous access in the System configuration panel.2024-10-017.5CVE-2024-45408
[email protected]
 
Unlimited Elements–Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121.2024-10-067.1CVE-2024-45454
[email protected]
 
randygaul — cute_png
 
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function at cute_png.h.2024-10-017.8CVE-2024-46258
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
randygaul — cute_png
 
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_unfilter() function at cute_png.h.2024-10-017.8CVE-2024-46259
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
randygaul — cute_png
 
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_make32() function at cute_png.h.2024-10-017.8CVE-2024-46261
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
randygaul — cute_png
 
cute_png v1.05 was discovered to contain a stack overflow via the cp_dynamic() function at cute_png.h.2024-10-017.8CVE-2024-46263
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
randygaul — cute_png
 
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_find() function at cute_png.h.2024-10-017.8CVE-2024-46264
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
randygaul — cute_png
 
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_block() function at cute_png.h.2024-10-017.8CVE-2024-46267
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
randygaul — cute_png
 
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_stored() function at cute_png.h.2024-10-017.8CVE-2024-46274
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
randygaul — cute_png
 
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_chunk() function at cute_png.h.2024-10-017.8CVE-2024-46276
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
An issue in the _readFileSync function of Simple-Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal.2024-09-307.5CVE-2024-46503
[email protected]
[email protected]
 
n/a–n/a
 
ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface2024-09-307.6CVE-2024-46510
[email protected]
 
n/a–n/a
 
LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrary code via the LogicLoadEc2DeployLambda and CredsGenFunction function.2024-09-307.5CVE-2024-46511
[email protected]
 
n/a–n/a
 
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users.2024-09-307.6CVE-2024-46549
[email protected]
 
JTEKT ELECTRONICS CORPORATION–Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)
 
Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.2024-10-037.8CVE-2024-47134
[email protected]
[email protected]
[email protected]
 
JTEKT ELECTRONICS CORPORATION–Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)
 
Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.2024-10-037.8CVE-2024-47135
[email protected]
[email protected]
[email protected]
 
JTEKT ELECTRONICS CORPORATION–Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)
 
Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.2024-10-037.8CVE-2024-47136
[email protected]
[email protected]
[email protected]
 
CodePeople–CP Polls
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CodePeople CP Polls allows Reflected XSS.This issue affects CP Polls: from n/a through 1.0.74.2024-10-067.1CVE-2024-47297
[email protected]
 
CubeWP–CubeWP Forms All-in-One Form Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CubeWP CubeWP Forms – All-in-One Form Builder allows Stored XSS.This issue affects CubeWP Forms – All-in-One Form Builder: from n/a through 1.1.1.2024-10-067.1CVE-2024-47300
[email protected]
 
Bit Form–Bit Form Contact Form Plugin
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Bit Form Bit Form – Contact Form Plugin allows Stored XSS.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.10.2024-10-067.1CVE-2024-47301
[email protected]
 
Copy Content Protection Team–Secure Copy Content Protection and Content Locking
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.2.3.2024-10-067.1CVE-2024-47306
[email protected]
 
WS Form–WS Form LITE
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WS Form WS Form LITE allows Stored XSS.This issue affects WS Form LITE: from n/a through 1.9.238.2024-10-067.1CVE-2024-47320
[email protected]
 
Ex-Themes–WP Timeline Vertical and Horizontal timeline plugin
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows Reflected XSS.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through 3.6.7.2024-10-067.1CVE-2024-47322
[email protected]
 
Ex-Themes–WP Timeline Vertical and Horizontal timeline plugin
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through 3.6.7.2024-10-057.5CVE-2024-47324
[email protected]
 
ILLID–Share This Image
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ILLID Share This Image allows Reflected XSS.This issue affects Share This Image: from n/a through 2.01.2024-10-067.1CVE-2024-47326
[email protected]
 
Eyal Fitoussi–GEO my WordPress
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Eyal Fitoussi GEO my WordPress allows Reflected XSS.This issue affects GEO my WordPress: from n/a through 4.5.0.3.2024-10-067.1CVE-2024-47327
[email protected]
 
Team Tangible–Loops & Logic
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Team Tangible Loops & Logic allows Reflected XSS.This issue affects Loops & Logic: from n/a through 4.1.4.2024-10-067.1CVE-2024-47333
[email protected]
 
WPExpertsio–WPExperts Square For GiveWP
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPExpertsio WPExperts Square For GiveWP allows SQL Injection.This issue affects WPExperts Square For GiveWP: from n/a through 1.3.2024-10-067.6CVE-2024-47338
[email protected]
 
James Ward–WP Mail Catcher
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in James Ward WP Mail Catcher allows Reflected XSS.This issue affects WP Mail Catcher: from n/a through 2.1.9.2024-10-067.1CVE-2024-47339
[email protected]
 
Lester GaMerZ Chan–WP-DownloadManager
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Lester ‘GaMerZ’ Chan WP-DownloadManager allows Reflected XSS.This issue affects WP-DownloadManager: from n/a through 1.68.8.2024-10-067.1CVE-2024-47341
[email protected]
 
Tribulant–Newsletters
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.9.1.2024-10-067.1CVE-2024-47346
[email protected]
 
Chart Builder Team–Chartify
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Chart Builder Team Chartify allows Reflected XSS.This issue affects Chartify: from n/a through 2.7.6.2024-10-067.1CVE-2024-47347
[email protected]
 
WaspThemes–YellowPencil Visual CSS Style Editor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6.4.2024-10-067.1CVE-2024-47348
[email protected]
 
WPMobile.App–WPMobile.App
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPMobile.App allows Reflected XSS.This issue affects WPMobile.App: from n/a through 11.50.2024-10-067.1CVE-2024-47349
[email protected]
 
Xylus Themes–WP Bulk Delete
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Xylus Themes WP Bulk Delete allows Reflected XSS.This issue affects WP Bulk Delete: from n/a through 1.3.1.2024-10-067.1CVE-2024-47352
[email protected]
 
Booking Algorithms–BA Book Everything
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Booking Algorithms BA Book Everything allows Reflected XSS.This issue affects BA Book Everything: from n/a through 1.6.20.2024-10-067.1CVE-2024-47360
[email protected]
 
YITH–YITH WooCommerce Product Add-Ons
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.13.0.2024-10-067.1CVE-2024-47367
[email protected]
 
WPWeb–Social Auto Poster
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPWeb Social Auto Poster allows Reflected XSS.This issue affects Social Auto Poster: from n/a through 5.3.15.2024-10-057.1CVE-2024-47369
[email protected]
 
LiteSpeed Technologies–LiteSpeed Cache
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2.2024-10-057.1CVE-2024-47374
[email protected]
 
WPCOM–WPCOM Member
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4.2024-10-057.1CVE-2024-47378
[email protected]
 
Sale php scripts–Web Directory Free
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Sale php scripts Web Directory Free allows Reflected XSS.This issue affects Web Directory Free: from n/a through 1.7.3.2024-10-057.1CVE-2024-47379
[email protected]
 
WP Lab–WP-Lister Lite for eBay
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Lab WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.3.2024-10-057.1CVE-2024-47380
[email protected]
 
WP Compress–WP Compress Image Optimizer [All-In-One]
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One] allows Reflected XSS.This issue affects WP Compress – Image Optimizer [All-In-One]: from n/a through 6.20.13.2024-10-057.1CVE-2024-47384
[email protected]
 
WP Extended–The Ultimate WordPress Toolkit WP Extended
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 3.0.8.2024-10-057.1CVE-2024-47386
[email protected]
 
SliceWP–SliceWP
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in SliceWP allows Reflected XSS.This issue affects SliceWP: from n/a through 1.1.18.2024-10-057.1CVE-2024-47388
[email protected]
 
Basix–NEX-Forms Ultimate Form Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Reflected XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.3.2024-10-057.1CVE-2024-47389
[email protected]
 
eyecix–JobSearch
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in eyecix JobSearch allows Reflected XSS.This issue affects JobSearch: from n/a through 2.5.9.2024-10-057.1CVE-2024-47394
[email protected]
 
Robokassa–Robokassa payment gateway for Woocommerce
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Robokassa Robokassa payment gateway for Woocommerce allows Reflected XSS.This issue affects Robokassa payment gateway for Woocommerce: from n/a through 1.6.1.2024-10-057.1CVE-2024-47395
[email protected]
 
librenms–librenms
 
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the “Alert Transports” feature allows authenticated users to inject arbitrary JavaScript through the “Details” section (which contains multiple fields depending on which transport is selected at that moment). This vulnerability can lead to the execution of malicious code in the context of other users’ sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.2024-10-017.5CVE-2024-47523
[email protected]
[email protected]
[email protected]
 
librenms–librenms
 
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of the Device Groups, its will be trigger. This vulnerability is fixed in 24.9.0.2024-10-017.2CVE-2024-47524
[email protected]
[email protected]
 
librenms–librenms
 
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the “Alert Rules” feature allows authenticated users to inject arbitrary JavaScript through the “Title” field. This vulnerability can lead to the execution of malicious code in the context of other users’ sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.2024-10-017.5CVE-2024-47525
[email protected]
[email protected]
[email protected]
 
librenms–librenms
 
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the “Device Dependencies” feature allows authenticated users to inject arbitrary JavaScript through the device name (“hostname” parameter). This vulnerability can lead to the execution of malicious code in the context of other users’ sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.2024-10-017.5CVE-2024-47527
[email protected]
[email protected]
 
Apache Software Foundation–Apache Avro Java SDK
 
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.2024-10-037.3CVE-2024-47561
[email protected]
 
async-graphql–async-graphql
 
async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10.2024-10-037.5CVE-2024-47614
[email protected]
[email protected]
 
BannerSky–BSK Forms Blacklist
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8.1.2024-10-057.1CVE-2024-47624
[email protected]
 
vCita–Online Booking & Scheduling Calendar for WordPress by vcita
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.6.2024-10-057.1CVE-2024-47638
[email protected]
 
Copyscape / Indigo Stream Technologies–Copyscape Premium
 
Cross-Site Request Forgery (CSRF) vulnerability in Copyscape / Indigo Stream Technologies Copyscape Premium allows Stored XSS.This issue affects Copyscape Premium: from n/a through 1.3.6.2024-10-057.1CVE-2024-47644
[email protected]
 
idurar–idurar-erp-crm
 
IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user’s input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath location.2024-10-047.5CVE-2024-47769
[email protected]
[email protected]
 
n/a–n/a
 
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)2024-10-047.5CVE-2024-47850
[email protected]
[email protected]
 
AVG/Avast–Antivirus
 
The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is disabled.2024-10-037.5CVE-2024-5803
[email protected]
 
Unknown–Migration, Backup, Staging
 
The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups.2024-10-027.5CVE-2024-7315
[email protected]
 
Autodesk–Navisworks Freedom
 
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.2024-09-307.8CVE-2024-7670
[email protected]
 
Autodesk–Navisworks Freedom
 
A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.2024-09-307.8CVE-2024-7671
[email protected]
 
Autodesk–Navisworks Freedom
 
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.2024-09-307.8CVE-2024-7672
[email protected]
 
Autodesk–Navisworks Freedom
 
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.2024-09-307.8CVE-2024-7673
[email protected]
 
Autodesk–Navisworks Freedom
 
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.2024-09-307.8CVE-2024-7674
[email protected]
 
Autodesk–Navisworks Freedom
 
A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.2024-09-307.8CVE-2024-7675
[email protected]
 
123.chat–123.chat – Video Chat
 
The 123.chat – Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-017.2CVE-2024-7869
[email protected]
[email protected]
 
Canonical Ltd.–Juju
 
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.2024-10-027.9CVE-2024-8038
[email protected]
[email protected]
 
dejanmarkovic–Social Web Suite Social Media Auto Post, Social Media Auto Publish
 
The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.2024-10-037.5CVE-2024-8352
[email protected]
[email protected]
[email protected]
 
Unknown–Cost Calculator Builder
 
The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.2024-09-307.2CVE-2024-8379
[email protected]
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakness to occupy connection slots and prevent legitimate users from accessing the SSH service.2024-09-307.5CVE-2024-8451
[email protected]
[email protected]
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially.2024-09-307.5CVE-2024-8452
[email protected]
[email protected]
 
planet — gs-4210-24p2s_firmware
 
The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service.2024-09-307.5CVE-2024-8454
[email protected]
[email protected]
 
wpmudev–Broken Link Checker
 
The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-017.1CVE-2024-8981
[email protected]
[email protected]
[email protected]
 
rankmath–Rank Math SEO AI SEO Tools to Dominate SEO Rankings
 
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input ‘set_redirections’ function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-10-057.2CVE-2024-9314
[email protected]
[email protected]
[email protected]
[email protected]
 
Mozilla–Firefox
 
Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131.2024-10-017.3CVE-2024-9403
[email protected]
[email protected]
[email protected]
 
Codezips–Online Shopping Portal
 
A vulnerability was found in Codezips Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-037.3CVE-2024-9460
[email protected]
[email protected]
[email protected]
[email protected]
 

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
GitLab–GitLab
 
An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.2024-10-016.6CVE-2023-3441
[email protected]
[email protected]
[email protected]
[email protected]
 
Kiteworks–OwnCloud
 
Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim.2024-10-016.8CVE-2023-7273
a341c0d1-ebf7-493f-a84e-38cf86618674
a341c0d1-ebf7-493f-a84e-38cf86618674
 
Cisco–Cisco Unified Computing System (Managed)
 
A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exploit could allow the attacker to elevate privileges to root.2024-10-026.5CVE-2024-20365
[email protected]
 
Cisco–Cisco Data Center Network Manager
 
A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files. Note: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.2024-10-026.3CVE-2024-20438
[email protected]
 
Cisco–Cisco Data Center Network Manager
 
A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within config only and full backup files. An attacker could exploit this vulnerability by parsing the contents of a backup file that is generated from an affected device. A successful exploit could allow the attacker to access sensitive information, including NDFC-connected device credentials, the NDFC site manager private key, and the scheduled backup file encryption key.2024-10-026.3CVE-2024-20448
[email protected]
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.2024-10-026.5CVE-2024-20470
[email protected]
 
Cisco–Cisco Data Center Network Manager
 
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.2024-10-026.3CVE-2024-20490
[email protected]
 
Cisco–Cisco Nexus Dashboard Insights
 
A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.2024-10-026.3CVE-2024-20491
[email protected]
 
Cisco–Cisco TelePresence Video Communication Server (VCS) Expressway
 
A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.2024-10-026CVE-2024-20492
[email protected]
 
Cisco–Cisco Identity Services Engine Software
 
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. An attacker with Read-Only Administrator privileges could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to view device credentials that are normally not visible to Read-Only Administrators.2024-10-026.5CVE-2024-20515
[email protected]
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.2024-10-026.8CVE-2024-20516
[email protected]
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.2024-10-026.8CVE-2024-20517
[email protected]
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.2024-10-026.5CVE-2024-20518
[email protected]
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.2024-10-026.5CVE-2024-20519
[email protected]
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.2024-10-026.5CVE-2024-20520
[email protected]
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.2024-10-026.5CVE-2024-20521
[email protected]
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.2024-10-026.5CVE-2024-20522
[email protected]
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.2024-10-026.8CVE-2024-20523
[email protected]
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.2024-10-026.8CVE-2024-20524
[email protected]
 
Esri–Portal
 
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1, 10.9.1 and 10.8.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.2024-10-046.1CVE-2024-25691
[email protected]
 
n/a–n/a
 
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain various users’ passwords by accessing memory dumps of the desktop application.2024-09-306.5CVE-2024-28807
[email protected]
 
n/a–n/a
 
An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing these files.2024-09-306.6CVE-2024-28810
[email protected]
 
Schneider Elektronik–Series 700
 
An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.2024-10-026.5CVE-2024-35294
[email protected]
 
Esri–Portal
 
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.2024-10-046.1CVE-2024-38037
[email protected]
 
Esri–Portal
 
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.2024-10-046.1CVE-2024-38038
[email protected]
 
TECHNO SUPPORT COMPANY–Smart-tab Android app
 
Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. If this vulnerability is exploited, an attacker with physical access to the device may exploit the debug function to gain access to the OS functions, escalate the privilege, change the device’s settings, or spoof devices in other rooms.2024-09-306.8CVE-2024-41999
[email protected]
[email protected]
 
Trustmary–Review & testimonial widgets
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Trustmary Review & testimonial widgets allows Stored XSS.This issue affects Review & testimonial widgets: from n/a through 1.0.5.2024-10-066.5CVE-2024-44022
[email protected]
 
NicheAddons–Medical Addon for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Medical Addon for Elementor allows Stored XSS.This issue affects Medical Addon for Elementor: from n/a through 1.4.2024-10-066.5CVE-2024-44024
[email protected]
 
Nicejob–NiceJob
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a before 3.6.5.2024-10-066.5CVE-2024-44025
[email protected]
 
NicheAddons–Charity Addon for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Charity Addon for Elementor allows Stored XSS.This issue affects Charity Addon for Elementor: from n/a through 1.3.0.2024-10-066.5CVE-2024-44026
[email protected]
 
TemeGUM–Gum Elementor Addon
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.6.2024-10-066.5CVE-2024-44027
[email protected]
 
NicheAddons–Restaurant & Cafe Addon for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.5.2024-10-066.5CVE-2024-44032
[email protected]
 
NicheAddons–Primary Addon for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.7.2024-10-066.5CVE-2024-44033
[email protected]
 
TemeGUM–Gum Elementor Addon
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.7.2024-10-066.5CVE-2024-44035
[email protected]
 
n/a–n/a
 
In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. The victim is not required to join a game session with an attacker. The victim must open the “Wireless Play” (or “LAN Play”) menu from the game’s title screen, and an attacker nearby (LDN) or on the same LAN network as the victim can send a crafted reply packet to the victim’s console. This enables a remote attacker to obtain complete denial-of-service on the game’s process, or potentially, remote code execution on the victim’s console. The issue is caused by incorrect use of the Nintendo Pia library,2024-09-306.3CVE-2024-45200
[email protected]
[email protected]
 
Sonarr–Sonarr
 
Sonarr – CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)2024-10-066.1CVE-2024-45247
[email protected]
 
n/a–n/a
 
Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file.2024-10-036.5CVE-2024-45870
[email protected]
 
n/a–n/a
 
Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS).2024-10-036.3CVE-2024-45871
[email protected]
 
n/a–n/a
 
Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files.2024-10-036.3CVE-2024-45872
[email protected]
 
n/a–n/a
 
Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.2024-09-306.5CVE-2024-45993
[email protected]
[email protected]
 
n/a–n/a
 
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter.2024-10-016.1CVE-2024-46079
[email protected]
 
n/a–n/a
 
A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges.2024-09-306.3CVE-2024-46540
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack.2024-09-306.3CVE-2024-46548
[email protected]
 
FreePBX–security-reporting
 
OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4.2024-10-016.8CVE-2024-47071
[email protected]
[email protected]
 
BoldThemes–Bold Page Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 5.1.1.2024-10-066.5CVE-2024-47298
[email protected]
 
Essential Plugin–Meta slider and carousel with lightbox
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Essential Plugin Meta slider and carousel with lightbox allows Stored XSS.This issue affects Meta slider and carousel with lightbox: from n/a through 2.0.1.2024-10-066.5CVE-2024-47307
[email protected]
 
Condless–Cities Shipping Zones for WooCommerce
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Condless Cities Shipping Zones for WooCommerce allows PHP Local File Inclusion.This issue affects Cities Shipping Zones for WooCommerce: from n/a through 1.2.7.2024-10-056.6CVE-2024-47309
[email protected]
 
ARI Soft–ARI Fancy Lightbox
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ARI Soft ARI Fancy Lightbox allows Stored XSS.This issue affects ARI Fancy Lightbox: from n/a through 1.3.17.2024-10-066.5CVE-2024-47310
[email protected]
 
QuomodoSoft–ElementsReady Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.0.2024-10-066.5CVE-2024-47329
[email protected]
 
wowDevs–Sky Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through 2.5.11.2024-10-066.5CVE-2024-47332
[email protected]
 
PickPlugins–Post Grid and Gutenberg Blocks
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.2.89.2024-10-066.5CVE-2024-47340
[email protected]
 
PickPlugins–Accordion
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in PickPlugins Accordion accordions allows Stored XSS.This issue affects Accordion: from n/a through 2.2.99.2024-10-066.5CVE-2024-47342
[email protected]
 
Kraftplugins–Mega Elements
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.2.4.2024-10-066.5CVE-2024-47343
[email protected]
 
CozyThemes–Cozy Blocks
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CozyThemes Cozy Blocks allows Stored XSS.This issue affects Cozy Blocks: from n/a through 2.0.11.2024-10-066.5CVE-2024-47355
[email protected]
 
Leevio–Happy Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.12.0.2024-10-066.5CVE-2024-47357
[email protected]
 
Blockspare–Blockspare
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.4.2024-10-066.5CVE-2024-47363
[email protected]
 
Move addons–Move Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Move addons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.4.2024-10-066.5CVE-2024-47364
[email protected]
 
Atakan Au–Automatically Hierarchic Categories in Menu
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS.This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.5.2024-10-066.5CVE-2024-47365
[email protected]
 
WPVibes–Elementor Addon Elements
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.6.2024-10-066.5CVE-2024-47366
[email protected]
 
Leap13–Premium Blocks Gutenberg Blocks for WordPress
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.33.2024-10-066.5CVE-2024-47368
[email protected]
 
Paul Bearne–Author Avatars List/Block
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.21.2024-10-056.5CVE-2024-47370
[email protected]
 
LiteSpeed Technologies–LiteSpeed Cache
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2.2024-10-056.5CVE-2024-47373
[email protected]
 
Ashraf–XLTab Accordions and Tabs for Elementor Page Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Ashraf XLTab – Accordions and Tabs for Elementor Page Builder allows Stored XSS.This issue affects XLTab – Accordions and Tabs for Elementor Page Builder: from n/a through 1.3.2024-10-056.5CVE-2024-47375
[email protected]
 
Webvitaly–Page-list
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Webvitaly Page-list allows Stored XSS.This issue affects Page-list: from n/a through 5.6.2024-10-056.5CVE-2024-47382
[email protected]
 
WPDeveloper–Essential Blocks for Gutenberg
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.4.2024-10-056.5CVE-2024-47385
[email protected]
 
Jegtheme–Jeg Elementor Kit
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.8.2024-10-056.5CVE-2024-47390
[email protected]
 
BoldThemes–Bold Page Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a before 5.1.1.2024-10-056.5CVE-2024-47391
[email protected]
 
BdThemes–Element Pack Elementor Addons
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.7.5.2024-10-056.5CVE-2024-47392
[email protected]
 
Quillforms–Quill Forms
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Quillforms Quill Forms allows Stored XSS.This issue affects Quill Forms: from n/a through 3.7.0.2024-10-056.5CVE-2024-47393
[email protected]
 
moveaddons–Move Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.3.2024-10-016.5CVE-2024-47396
[email protected]
 
pomerium–pomerium
 
Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token (JWT) signed by a key known by all Pomerium services in the same deployment. However, incomplete validation of this JWT meant that some service account access tokens would incorrectly be treated as valid for the purpose of databroker API authorization. Improper access to the databroker API could allow exfiltration of user info, spoofing of user sessions, or tampering with Pomerium routes, policies, and other settings. A Pomerium deployment is susceptible to this issue if all of the following conditions are met, you have issued a service account access token using Pomerium Zero or Pomerium Enterprise, the access token has an explicit expiration date in the future, and the core Pomerium databroker gRPC API is not otherwise secured by network access controls. This vulnerability is fixed in 0.27.1.2024-10-026.8CVE-2024-47616
[email protected]
[email protected]
[email protected]
 
sulu–sulu
 
Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website’s content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21.2024-10-036.1CVE-2024-47617
[email protected]
[email protected]
[email protected]
 
Katie Seaborn–Zotpress
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Katie Seaborn Zotpress allows Stored XSS.This issue affects Zotpress: from n/a through 7.3.10.2024-10-056.5CVE-2024-47621
[email protected]
 
ILLID–Advanced Woo Labels
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ILLID Advanced Woo Labels allows Stored XSS.This issue affects Advanced Woo Labels: from n/a through 2.01.2024-10-056.5CVE-2024-47622
[email protected]
 
ThemeLooks–Enter Addons
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.8.2024-10-056.5CVE-2024-47625
[email protected]
 
Rometheme–RomethemeKit For Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.5.0.2024-10-056.5CVE-2024-47626
[email protected]
 
WP Travel–WP Travel Gutenberg Blocks
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Travel WP Travel Gutenberg Blocks allows Stored XSS.This issue affects WP Travel Gutenberg Blocks: from n/a through 3.6.0.2024-10-056.5CVE-2024-47627
[email protected]
 
LA-Studio–LA-Studio Element Kit for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.9.3.2024-10-056.5CVE-2024-47628
[email protected]
 
BdThemes–Ultimate Store Kit Elementor Addons
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.5.2024-10-056.5CVE-2024-47629
[email protected]
 
ElementInvader–ElementInvader Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.7.2024-10-056.5CVE-2024-47630
[email protected]
 
bPlugins LLC–Logo Carousel Clients logo carousel for WP
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in bPlugins LLC Logo Carousel – Clients logo carousel for WP allows Stored XSS.This issue affects Logo Carousel – Clients logo carousel for WP: from n/a through 1.2.2024-10-056.5CVE-2024-47631
[email protected]
 
deTheme–DethemeKit For Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.7.2024-10-056.5CVE-2024-47632
[email protected]
 
Zoho Forms–Zoho Forms
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Zoho Forms allows Stored XSS.This issue affects Zoho Forms: from n/a through 4.0.2024-10-056.5CVE-2024-47633
[email protected]
 
VdoCipher–VdoCipher
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in VdoCipher allows Stored XSS.This issue affects VdoCipher: from n/a through 1.29.2024-10-056.5CVE-2024-47639
[email protected]
 
WPDeveloperr–Confetti Fall Animation
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPDeveloperr Confetti Fall Animation allows Stored XSS.This issue affects Confetti Fall Animation: from n/a through 1.3.0.2024-09-306.5CVE-2024-47641
[email protected]
 
Keap–Keap Official Opt-in Forms
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 2.0.1.2024-10-056.5CVE-2024-47642
[email protected]
 
Alexander Bhm–Include Fussball.de Widgets
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Alexander Böhm Include Fussball.De Widgets allows Stored XSS.This issue affects Include Fussball.De Widgets: from n/a through 4.0.0.2024-10-056.5CVE-2024-47643
[email protected]
 
Axton–WP-WebAuthn
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Axton WP-WebAuthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through 1.3.1.2024-10-066.5CVE-2024-47650
[email protected]
 
n/a–n/a
 
An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user.2024-10-046.1CVE-2024-47854
[email protected]
 
n/a–n/a
 
In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands.2024-10-046.7CVE-2024-47911
[email protected]
 
zephyrproject-rtos–Zephyr
 
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.2024-10-046.3CVE-2024-6442
[email protected]
 
zephyrproject-rtos–Zephyr
 
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.2024-10-046.3CVE-2024-6443
[email protected]
 
zephyrproject-rtos–Zephyr
 
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.2024-10-046.3CVE-2024-6444
[email protected]
 
Canonical Ltd.–Juju
 
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.2024-10-026.5CVE-2024-8037
[email protected]
[email protected]
 
Revolution Slider–Slider Revolution
 
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to use and configure Slider Revolution can be extended to authors.2024-10-016.4CVE-2024-8107
[email protected]
[email protected]
[email protected]
 
Esri–Portal
 
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 10.8.1 – 11.2 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.2024-10-046.1CVE-2024-8148
[email protected]
 
Faronics–DeepFreeze
 
Deep Freeze 9.00.020.5760 is vulnerable to an out-of-bounds read vulnerability by triggering the 0x70014 IOCTL code of the FarDisk.sys driver.2024-10-036.4CVE-2024-8159
[email protected]
[email protected]
 
vowelweb–Ibtana WordPress Website Builder
 
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the ‘wp:ive/ive-productscarousel’ Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-026.4CVE-2024-8282
[email protected]
[email protected]
[email protected]
[email protected]
 
adreastrian–Guten Post Layout An Advanced Post Grid Collection for WordPress Gutenberg
 
The Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the ‘wp:guten-post-layout/post-grid’ Gutenberg block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-016.4CVE-2024-8288
[email protected]
[email protected]
[email protected]
[email protected]
 
ishitaka–XO Slider
 
The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-016.4CVE-2024-8324
[email protected]
[email protected]
[email protected]
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user’s password.2024-09-306.8CVE-2024-8449
[email protected]
[email protected]
 
averta–Shortcodes and extra features for Phlox theme
 
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-056.4CVE-2024-8486
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
connekthq–WordPress Infinite Scroll Ajax Load More
 
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-026.4CVE-2024-8505
[email protected]
[email protected]
[email protected]
[email protected]
 
ultimatemember–Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
 
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘um_loggedin’ shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-046.4CVE-2024-8519
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
cagdasdag–KB Support WordPress Help Desk and Knowledge Base
 
The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the ‘kbs_ajax_load_front_end_replies’ and ‘kbs_ajax_mark_reply_as_read’ functions in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to read replies of any ticket, and mark any reply as read.2024-10-016.5CVE-2024-8632
[email protected]
[email protected]
[email protected]
 
daveshine–Gravity Forms Toolbar
 
The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-016.1CVE-2024-8718
[email protected]
[email protected]
[email protected]
 
rumbletalk–RumbleTalk Live Group Chat HTML5
 
The RumbleTalk Live Group Chat – HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘rumbletalk-admin-button’ shortcode in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-016.4CVE-2024-8720
[email protected]
[email protected]
 
torstenbulk–DK PDF
 
The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-016.1CVE-2024-8727
[email protected]
[email protected]
 
brianbrey–Easy Load More
 
The Easy Load More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-016.1CVE-2024-8728
[email protected]
[email protected]
 
bitpressadmin–Bit File Manager 100% Free & Open Source File Manager and Code Editor for WordPress
 
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting.2024-10-056.8CVE-2024-8743
[email protected]
[email protected]
 
brochris–Auto Featured Image from Title
 
The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-016.1CVE-2024-8786
[email protected]
[email protected]
 
jkohlbach–Store Exporter for WooCommerce Export Products, Export Orders, Export Subscriptions, and More
 
The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-016.1CVE-2024-8793
[email protected]
[email protected]
 
ghuger–Custom Banners
 
The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-016.1CVE-2024-8799
[email protected]
[email protected]
 
sanrl–RabbitLoader Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more
 
The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.21.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-026.1CVE-2024-8800
[email protected]
[email protected]
[email protected]
 
cliogrow–Clio Grow
 
The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-046.1CVE-2024-8802
[email protected]
[email protected]
 
dartiss–Code Embed
 
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-046.4CVE-2024-8804
[email protected]
[email protected]
 
iworks–PWA easy way to Progressive Web App
 
The PWA – easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-026.4CVE-2024-8967
[email protected]
[email protected]
[email protected]
[email protected]
 
galdub–Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews Stars Testimonials
 
The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s stars_testimonials shortcode in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-016.4CVE-2024-8989
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
cyberhobo–Geo Mashup
 
The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-016.4CVE-2024-8990
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
grandplugins–AVIF Uploader
 
The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-016.4CVE-2024-9060
[email protected]
[email protected]
[email protected]
 
sigmadevs–Easy Demo Importer A Modern One-Click Demo Import Solution
 
The Easy Demo Importer – A Modern One-Click Demo Import Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-046.4CVE-2024-9071
[email protected]
[email protected]
[email protected]
 
ManageEngine–Analytics Plus
 
Zohocorp ManageEngine Analytics Plus versions before 5410 and Zoho Analytics On-Premise versions before 5410 are vulnerable to Path traversal.2024-10-036.5CVE-2024-9100
0fc0942c-577d-436f-ae8e-945763c79b02
0fc0942c-577d-436f-ae8e-945763c79b02
 
quomodosoft–QS Dark Mode Plugin
 
The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-016.4CVE-2024-9118
[email protected]
[email protected]
[email protected]
 
automatic-rock–SVG Complete
 
The SVG Complete plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-016.4CVE-2024-9119
[email protected]
[email protected]
 
rankmath–Rank Math SEO AI SEO Tools to Dominate SEO Rankings
 
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘update_metadata’ function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with ‘rank_math’, and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.2024-10-056.5CVE-2024-9161
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
kraftplugins–Demo Importer Plus
 
The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-026.4CVE-2024-9172
[email protected]
[email protected]
[email protected]
[email protected]
 
nerdpressteam–Smart Custom 404 Error Page
 
The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER[‘REQUEST_URI’] in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-046.1CVE-2024-9204
[email protected]
[email protected]
[email protected]
[email protected]
 
cornelraiu-1–WP Search Analytics
 
The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-016.1CVE-2024-9209
[email protected]
[email protected]
 
dvankooten–MC4WP: Mailchimp Top Bar
 
The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-026.1CVE-2024-9210
[email protected]
[email protected]
[email protected]
 
wpblockart–Magazine Blocks Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid
 
The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.14. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-026.1CVE-2024-9218
[email protected]
[email protected]
[email protected]
 
shawfactor–LH Copy Media File
 
The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-016.1CVE-2024-9220
[email protected]
[email protected]
 
madalinungureanu–Paid Membership Subscriptions Effortless Memberships, Recurring Payments & Content Restriction
 
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-026.1CVE-2024-9222
[email protected]
[email protected]
[email protected]
 
kau-boy–Hello World
 
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.2024-10-016.5CVE-2024-9224
[email protected]
[email protected]
[email protected]
 
rainbowgeek–SEOPress On-site SEO
 
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 8.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-026.1CVE-2024-9225
[email protected]
[email protected]
[email protected]
 
joelcj91–Loggedin Limit Active Logins
 
The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when the leave a review notice is present.2024-10-016.1CVE-2024-9228
[email protected]
[email protected]
 
wpcentrics–Fish and Ships Most flexible shipping table rate. A WooCommerce shipping rate
 
The Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-046.1CVE-2024-9237
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
fishpie–PDF Image Generator
 
The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-016.1CVE-2024-9241
[email protected]
[email protected]
 
memberful–Memberful Membership Plugin
 
The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘memberful_buy_subscription_link’ and ‘memberful_podcasts_link’ shortcodes in all versions up to, and including, 1.73.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-046.4CVE-2024-9242
[email protected]
[email protected]
[email protected]
[email protected]
 
optinhound–Easy WordPress Subscribe Optin Hound
 
The Easy WordPress Subscribe – Optin Hound plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-016.1CVE-2024-9267
[email protected]
[email protected]
[email protected]
 
cconover–Relogo
 
The Relogo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-016.4CVE-2024-9269
[email protected]
[email protected]
 
remydcf–Re:WP
 
The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-046.4CVE-2024-9271
[email protected]
[email protected]
[email protected]
 
mascotdevelopers–R Animated Icon Plugin
 
The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-016.4CVE-2024-9272
[email protected]
[email protected]
 
azexo–Elastik Page Builder
 
The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-016.4CVE-2024-9274
[email protected]
[email protected]
 
dgamoni–LocateAndFilter
 
The LocateAndFilter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-016.4CVE-2024-9304
[email protected]
[email protected]
 
thevisionofhamza–BerqWP Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript
 
The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-026.1CVE-2024-9344
[email protected]
[email protected]
[email protected]
 
tychesoftwares–Product Delivery Date for WooCommerce Lite
 
The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when notices are present.2024-10-046.1CVE-2024-9345
[email protected]
[email protected]
[email protected]
 
miunosoft–Auto Amazon Links Amazon Associates Affiliate Plugin
 
The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-046.1CVE-2024-9349
[email protected]
[email protected]
[email protected]
 
themes4wp–Popularis Extra
 
The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-046.1CVE-2024-9353
[email protected]
[email protected]
[email protected]
 
Red Hat–Red Hat Enterprise Linux 8
 
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.2024-10-016.5CVE-2024-9355
[email protected]
[email protected]
[email protected]
[email protected]
 
migumello–Aggregator Advanced Settings
 
The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-046.4CVE-2024-9368
[email protected]
[email protected]
 
wpblockshub–WP Blocks Hub
 
The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-046.4CVE-2024-9372
[email protected]
[email protected]
 
contact-banker–WordPress Captcha Plugin by Captcha Bank
 
The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-046.1CVE-2024-9375
[email protected]
[email protected]
 
icopydoc–YML for Yandex Market
 
The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-026.1CVE-2024-9378
[email protected]
[email protected]
[email protected]
 
algoritmika–Quantity Dynamic Pricing & Bulk Discounts for WooCommerce
 
The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-046.1CVE-2024-9384
[email protected]
[email protected]
[email protected]
 
themifyme–Themify Builder
 
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-056.1CVE-2024-9385
[email protected]
[email protected]
[email protected]
 
hashthemes–Hash Form Drag & Drop Form Builder
 
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the ‘handleUpload’ function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are excluded from both the ‘allowedExtensions’ and ‘unallowed_extensions’ arrays on the affected site’s server, including files that may contain cross-site scripting.2024-10-056.1CVE-2024-9417
[email protected]
[email protected]
[email protected]
[email protected]
 
prontotools–Login Logout Shortcode
 
The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-046.4CVE-2024-9421
[email protected]
[email protected]
[email protected]
 
code-projects–Restaurant Reservation System
 
A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter2.php. The manipulation of the argument from/to leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “from” to be affected. But it must be assumed that parameter “to” is affected as well.2024-10-026.3CVE-2024-9429
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
plainware–ShiftController Employee Shift Scheduling
 
The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-046.1CVE-2024-9435
[email protected]
[email protected]
[email protected]
 
acekyd–Display Medium Posts
 
The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s display_medium_posts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-046.4CVE-2024-9445
[email protected]
[email protected]
[email protected]
 
guillaume-lostweb–WP Cleanup and Basic Functions
 
The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-056.4CVE-2024-9455
[email protected]
[email protected]
 
ESAFENET–CDG
 
A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /MultiServerBackService?path=1. The manipulation of the argument fileId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-056.3CVE-2024-9536
[email protected]
[email protected]
[email protected]
[email protected]
 
ESAFENET–CDG
 
A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.2024-10-066.3CVE-2024-9560
[email protected]
[email protected]
[email protected]
[email protected]
 
Cisco–Cisco Nexus Dashboard Orchestrator
 
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device.&nbsp; This vulnerability exists because the Cisco NDO Validate Peer Certificate site management feature validates the certificates for Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud Network Controller (CNC), and Cisco Nexus Dashboard only when a new site is added or an existing one is reregistered. An attacker could exploit this vulnerability by using machine-in-the-middle techniques to intercept the traffic between the affected device and Cisco NDO and then using a crafted certificate to impersonate the affected device. A successful exploit could allow the attacker to learn sensitive information during communications between these devices.2024-10-025.9CVE-2024-20385
[email protected]
 
Cisco–Cisco Data Center Network Manager
 
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the&nbsp;affected endpoint. A successful exploit could allow the attacker to download config only or full backup files and learn sensitive configuration information. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface.2024-10-025.7CVE-2024-20441
[email protected]
 
Cisco–Cisco Nexus Dashboard
 
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web UI, generating config only or full backup files, and deleting tech support files. This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.2024-10-025.4CVE-2024-20442
[email protected]
 
Cisco–Cisco Data Center Network Manager
 
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. &nbsp; This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition.2024-10-025.5CVE-2024-20444
[email protected]
 
Cisco–Cisco Data Center Network Manager
 
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to upload files into a specific container or delete files from a specific folder within that container. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface.2024-10-025.4CVE-2024-20477
[email protected]
 
Cisco–Cisco Meraki MX Firmware
 
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.2024-10-025.8CVE-2024-20500
[email protected]
 
Cisco–Cisco Meraki MX Firmware
 
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.2024-10-025.8CVE-2024-20502
[email protected]
 
Cisco–Cisco Meraki MX Firmware
 
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device. This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device.2024-10-025.8CVE-2024-20509
[email protected]
 
Cisco–Cisco Meraki MX Firmware
 
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate.2024-10-025.8CVE-2024-20513
[email protected]
 
n/a–git-shallow-clone
 
All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function.2024-10-015.3CVE-2024-21531
[email protected]
[email protected]
 
n/a–n/a
 
A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users.2024-10-025.4CVE-2024-33210
[email protected]
 
Esri–Portal
 
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered).2024-10-045.4CVE-2024-38039
[email protected]
 
draytek — vigor3910_firmware
 
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.2024-10-035.4CVE-2024-41587
[email protected]
[email protected]
 
Catch Themes–Full frame
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Catch Themes Full frame allows Stored XSS.This issue affects Full frame: from n/a through 2.7.2.2024-10-065.1CVE-2024-44010
[email protected]
 
Pierre Lebedel–Kodex Posts likes
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Pierre Lebedel Kodex Posts likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0.2024-10-065.9CVE-2024-44036
[email protected]
 
MagePeople Team–Multipurpose Ticket Booking Manager
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in MagePeople Team Multipurpose Ticket Booking Manager allows Stored XSS.This issue affects Multipurpose Ticket Booking Manager: from n/a through 4.2.2.2024-10-065.9CVE-2024-44037
[email protected]
 
WP Travel–WP Travel
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Travel allows Stored XSS.This issue affects WP Travel: from n/a through 9.3.1.2024-10-065.9CVE-2024-44039
[email protected]
 
Plainware–ShiftController Employee Shift Scheduling
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Plainware ShiftController Employee Shift Scheduling allows Stored XSS.This issue affects ShiftController Employee Shift Scheduling: from n/a through 4.9.64.2024-10-065.9CVE-2024-44040
[email protected]
 
Martin Gibson–IdeaPush
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.66.2024-10-065.9CVE-2024-44041
[email protected]
 
Fahad Mahmood–WP Datepicker
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Fahad Mahmood WP Datepicker allows Stored XSS.This issue affects WP Datepicker: from n/a through 2.1.1.2024-10-065.9CVE-2024-44042
[email protected]
 
10Web–Photo Gallery by 10Web
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27.2024-10-065.9CVE-2024-44043
[email protected]
 
Kevon Adonis–WP Abstracts
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.6.5.2024-10-065.9CVE-2024-44045
[email protected]
 
Themify–Themify WooCommerce Product Filter
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Themify Themify – WooCommerce Product Filter allows Stored XSS.This issue affects Themify – WooCommerce Product Filter: from n/a through 1.5.1.2024-10-065.9CVE-2024-44046
[email protected]
 
apple — ipados
 
A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. A user’s saved passwords may be read aloud by VoiceOver.2024-10-045.5CVE-2024-44204
[email protected]
 
n/a–n/a
 
PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php.2024-10-015.6CVE-2024-44610
[email protected]
[email protected]
 
n/a–n/a
 
An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be altered by non-admin users.2024-10-015.7CVE-2024-44744
[email protected]
[email protected]
 
n/a–n/a
 
A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in “Intrest” feature.2024-09-305.4CVE-2024-45920
[email protected]
 
n/a–n/a
 
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the platform.2024-10-015.4CVE-2024-46081
[email protected]
 
n/a–n/a
 
Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters.2024-10-015.4CVE-2024-46082
[email protected]
[email protected]
 
n/a–n/a
 
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user’s account on the platform. It is important to note that regular users can trigger actions for administrator users.2024-10-015.4CVE-2024-46083
[email protected]
 
cvat-ai–cvat
 
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue.2024-09-305.4CVE-2024-47172
[email protected]
[email protected]
 
SeedProd–Coming Soon Page, Under Construction & Maintenance Mode by SeedProd
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Stored XSS.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.17.4.2024-10-065.9CVE-2024-47299
[email protected]
 
Catch Themes–Catch Base
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Catch Themes Catch Base allows Stored XSS.This issue affects Catch Base: from n/a through 3.4.6.2024-10-065.1CVE-2024-47313
[email protected]
 
Vladimir Statsenko–Terms descriptions
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Vladimir Statsenko Terms descriptions allows Stored XSS.This issue affects Terms descriptions: from n/a through 3.4.6.2024-10-065.9CVE-2024-47336
[email protected]
 
Brainstorm Force–Starter Templates
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Brainstorm Force Starter Templates allows Stored XSS.This issue affects Starter Templates: from n/a through 4.4.0.2024-10-065.9CVE-2024-47345
[email protected]
 
Catch Themes–Create
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1.2024-10-065.1CVE-2024-47356
[email protected]
 
Walter Pinem–WP MyLinks
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Walter Pinem WP MyLinks allows Stored XSS.This issue affects WP MyLinks: from n/a through 1.0.6.2024-10-055.9CVE-2024-47371
[email protected]
 
ThemeNcode LLC–TNC PDF viewer
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 3.1.0.2024-10-055.9CVE-2024-47372
[email protected]
 
Tribulant–Slideshow Gallery
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Tribulant Slideshow Gallery allows Stored XSS.This issue affects Slideshow Gallery: from n/a through 1.8.3.2024-10-055.9CVE-2024-47376
[email protected]
 
ThemeKraft–BuddyForms
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ThemeKraft BuddyForms allows Stored XSS.This issue affects BuddyForms: from n/a through 2.8.12.2024-10-055.9CVE-2024-47377
[email protected]
 
Averta–Depicter Slider
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.2.2.2024-10-055.9CVE-2024-47381
[email protected]
 
Webangon–The Pack Elementor addons
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Webangon The Pack Elementor addons allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through 2.0.8.8.2024-10-055.9CVE-2024-47383
[email protected]
 
LinkGraph–Search Atlas SEO
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in LinkGraph Search Atlas SEO allows Stored XSS.This issue affects Search Atlas SEO: from n/a through 1.8.2.2024-10-055.9CVE-2024-47387
[email protected]
 
librenms–librenms
 
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with “admin” role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0.2024-10-015.4CVE-2024-47528
[email protected]
[email protected]
 
Clinical-Genomics–scout
 
Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89.2024-09-305.4CVE-2024-47530
[email protected]
[email protected]
 
GhozyLab, Inc.–Gallery Lightbox
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in GhozyLab, Inc. Gallery Lightbox allows Stored XSS.This issue affects Gallery Lightbox: from n/a through 1.0.0.39.2024-10-055.9CVE-2024-47623
[email protected]
 
TinyPNG–TinyPNG
 
Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG.This issue affects TinyPNG: from n/a through 3.4.3.2024-10-055.4CVE-2024-47635
[email protected]
 
HelpieWP–Accordion & FAQ Helpie WordPress Accordion FAQ Plugin
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in HelpieWP Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin allows Stored XSS.This issue affects Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin: from n/a through 1.27.2024-10-055.9CVE-2024-47647
[email protected]
 
backstage–backstage
 
Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema specified that they should have backend or secret visibility. This was an intended feature of the APP_CONFIG_* way of supplying configuration, but now clearly goes against the expected behavior of the configuration system. This behavior leads to a risk of potentially exposing sensitive configuration details intended to remain private or restricted to backend processes. The issue has been resolved in version 0.3.75 of the @backstage/plugin-app-backend package. As a temporary measure, avoid supplying secrets using the APP_CONFIG_ configuration pattern. Consider alternative methods for setting secrets, such as the environment substitution available for Backstage configuration.2024-10-035.8CVE-2024-47762
[email protected]
[email protected]
 
Unknown–Starbox
 
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user’s profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks.2024-09-305.4CVE-2024-8239
[email protected]
 
icegram–Email Subscribers by Icegram Express Email Marketing, Newsletters, Automation for WordPress & WooCommerce
 
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.2024-10-025.4CVE-2024-8254
[email protected]
[email protected]
[email protected]
 
spicethemes–Spice Starter Sites
 
The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to import demo content.2024-10-015.3CVE-2024-8430
[email protected]
[email protected]
 
planet — gs-4210-24p2s_firmware
 
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.2024-09-305.9CVE-2024-8455
[email protected]
[email protected]
 
NLnet Labs–Unbound
 
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.2024-10-035.3CVE-2024-8508
[email protected]
 
ultimatemember–Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
 
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the admin_init or user_action_hook function. This makes it possible for unauthenticated attackers to modify a users membership status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-10-045.3CVE-2024-8520
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
dotcamp — ultimate_blocks
 
The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks2024-09-305.4CVE-2024-8536
[email protected]
 
Red Hat–Red Hat Enterprise Linux 8
 
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.2024-10-015.4CVE-2024-9341
[email protected]
[email protected]
[email protected]
[email protected]
 
n/a–ThingsBoard
 
A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation leads to resource consumption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.7.1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed on 2024-07-24 about this vulnerability and announced the release of 3.7.1 for the second half of September 2024.2024-10-015.3CVE-2024-9358
[email protected]
[email protected]
[email protected]
[email protected]
 
Pluck CMS–Pluck CMS
 
An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module, but not from recursive directories.2024-10-015.3CVE-2024-9405
[email protected]
 
Ada Support–Ada.cx Sentry Component
 
Ada.cx’s Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint.2024-10-045.3CVE-2024-9410
[email protected]
 
HP Inc.–Certain HP LaserJet Printers
 
Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a “JPEG Unsupported” message which may not clear, potentially blocking queued print jobs.2024-10-025.3CVE-2024-9423
[email protected]
 
brian_voelker–slim_select
 
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption(), the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate lists using unsanitized user-provided input may be vulnerable to cross-site scripting, resulting in attacker executed JavaScript. At this time, no patch is available.2024-10-025.4CVE-2024-9440
[email protected]
[email protected]
[email protected]
 
AVG/Avast–Antivirus
 
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing.2024-10-045.1CVE-2024-9481
[email protected]
 
AVG/Avast–Antivirus
 
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing.2024-10-045.1CVE-2024-9482
[email protected]
 
AVG/Avast–Antivirus
 
A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing.2024-10-045.1CVE-2024-9483
[email protected]
 
AVG/Avast–Antivirus
 
An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing.2024-10-045.1CVE-2024-9484
[email protected]
 
NVIDIA–Triton Inference Server
 
NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service.2024-10-014.9CVE-2024-0116
[email protected]
 
n/a–cocoon
 
Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. **Note:** The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng.2024-10-024.5CVE-2024-21530
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Esri–Enterprise Web App Builder
 
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 10.8.1 – 10.9.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the Layer Showcase application configuration which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.2024-10-044.8CVE-2024-25694
[email protected]
 
Esri–Portal for ArcGIS Enterprise Experience Builder
 
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the Experience Builder Embed widget which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.2024-10-044.8CVE-2024-25701
[email protected]
 
Esri–ArcGIS Enterprise Web App Builder
 
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.2024-10-044.8CVE-2024-25702
[email protected]
 
Esri–Portal
 
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code.2024-10-044.8CVE-2024-25707
[email protected]
 
radiustheme — the_post_grid
 
The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2024-09-304.8CVE-2024-3635
[email protected]
 
Esri–Portal for ArcGIS Enterprise Experience Builder
 
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.2024-10-044.6CVE-2024-38036
[email protected]
 
n/a–n/a
 
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name.2024-10-034.7CVE-2024-41583
[email protected]
[email protected]
 
n/a–n/a
 
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter.2024-10-034.7CVE-2024-41584
[email protected]
[email protected]
 
Hewlett Packard Enterprise–HPE IceWall Agent products
 
A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a Cross-Site Request Forgery (CSRF) in the login flow.2024-10-034.3CVE-2024-42504
[email protected]
 
apple — ipados
 
This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated.2024-10-044.3CVE-2024-44207
[email protected]
 
IBM–WebSphere Application Server
 
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.2024-09-304.8CVE-2024-45073
[email protected]
 
ZKteco–iClock v3.1-168
 
ZKteco – CWE 200 Exposure of Sensitive Information to an Unauthorized Actor2024-10-064.3CVE-2024-45250
[email protected]
 
n/a–n/a
 
Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.2024-10-024.8CVE-2024-45960
[email protected]
 
n/a–n/a
 
October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target.2024-10-024.7CVE-2024-45962
[email protected]
 
n/a–n/a
 
Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the “Organizer tags” field.2024-10-024.8CVE-2024-45964
[email protected]
 
n/a–n/a
 
Contao 5.4.1 allows an authenticated admin account to upload a SVG file containing malicious javascript code into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted javascript to the target.2024-10-024.7CVE-2024-45965
[email protected]
 
n/a–n/a
 
Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget.2024-10-014.7CVE-2024-45967
[email protected]
 
n/a–n/a
 
A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user’s browser via injecting a crafted payload.2024-09-304.8CVE-2024-46475
[email protected]
 
Salon Booking System–Salon booking system
 
Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.9.2024-10-054.3CVE-2024-47316
[email protected]
 
Clinical-Genomics–scout
 
Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users’ devices or data. This vulnerability is fixed in 4.89.2024-09-304.6CVE-2024-47531
[email protected]
[email protected]
 
Payflex–Payflex Payment Gateway
 
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Payflex Payflex Payment Gateway.This issue affects Payflex Payment Gateway: from n/a through 2.6.1.2024-10-054.7CVE-2024-47646
[email protected]
 
Esri–Portal
 
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.2024-10-044.6CVE-2024-8149
[email protected]
 
Unknown–Slider by 10Web
 
The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2024-09-304.8CVE-2024-8283
[email protected]
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.2024-09-304.9CVE-2024-8453
[email protected]
[email protected]
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject arbitrary JavaScript, leading to Stored XSS attack.2024-09-304.8CVE-2024-8457
[email protected]
[email protected]
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology store SNMPv3 users’ passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials.2024-09-304.9CVE-2024-8459
[email protected]
[email protected]
 
themehigh–Checkout Field Editor (Checkout Manager) for WooCommerce
 
The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘render_review_request_notice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-044.7CVE-2024-8499
[email protected]
[email protected]
[email protected]
 
soumettre–Soumettre.fr
 
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettre_disconnect_gateway function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the gateway and delete the API key.2024-10-014.3CVE-2024-8675
[email protected]
[email protected]
 
James Low–CSS JS Files
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in James Low CSS JS Files allows Path Traversal.This issue affects CSS JS Files: from n/a through 1.5.0.2024-10-054.9CVE-2024-9146
[email protected]
 
Linux and Microsoft Windows–Octopus Server
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766.2024-09-304.3CVE-2024-9194
[email protected]
 
expressjs–express
 
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.2024-10-034.7CVE-2024-9266
36c7be3b-2937-45df-85ea-ca7133ea542c
 
wpdevelop–WP Booking Calendar
 
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. In addition, site administrators have the option to grant lower-level users with access to manage the plugin’s settings which may extend this vulnerability to those users.2024-10-044.4CVE-2024-9306
[email protected]
[email protected]
 
Red Hat–Red Hat Enterprise Linux 8
 
A vulnerability exists in the bind-propagation option of the Dockerfile RUN –mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.2024-10-014.7CVE-2024-9407
[email protected]
[email protected]
 
techjewel–Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
 
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to edit forms (administrator by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-054.9CVE-2024-9528
[email protected]
[email protected]
[email protected]
[email protected]
 

Back to top

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
NVIDIA–CUDA Toolkit
 
NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.2024-10-033.3CVE-2024-0123
[email protected]
 
NVIDIA–CUDA Toolkit
 
NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service.2024-10-033.3CVE-2024-0124
[email protected]
 
NVIDIA–CUDA Toolkit
 
NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service.2024-10-033.3CVE-2024-0125
[email protected]
 
HCL Software–Nomad server on Domino
 
HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.2024-10-013.7CVE-2024-30132
[email protected]
 
librenms–librenms
 
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the “Alert Templates” feature allows users to inject arbitrary JavaScript into the alert template’s name. This script executes immediately upon submission but does not persist after a page refresh.2024-10-013.5CVE-2024-47526
[email protected]
[email protected]
[email protected]
[email protected]
 
miraheze–DataDump
 
DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d.2024-10-023.5CVE-2024-47612
[email protected]
[email protected]
[email protected]
 
n/a–OFCMS
 
A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-013.5CVE-2024-9411
[email protected]
[email protected]
[email protected]
 
Netadmin Software–NetAdmin IAM
 
A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument username leads to information exposure through discrepancy. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-043.7CVE-2024-9513
[email protected]
[email protected]
[email protected]
 
Sovell–Smart Canteen System
 
A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation leads to authorization bypass. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-063.7CVE-2024-9554
[email protected]
[email protected]
[email protected]
[email protected]
 

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
theupdateframework–go-tuf
 
go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if targets delegate to “A”, and to “B”, and “B” delegates to “C”, then the client should trace the delegations in the order “A” then “B” then “C” but it may incorrectly trace the delegations “B”->”C”->”A”. This vulnerability is fixed in 2.0.1.2024-10-01not yet calculatedCVE-2024-47534
[email protected]
[email protected]
[email protected]
[email protected]
 
hyperium–tonic
 
Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that were not covered correctly causing the accept loop to exit. Upgrading to tonic 0.12.3 and above contains the fix.2024-10-01not yet calculatedCVE-2024-47609
[email protected]
[email protected]
[email protected]
 
tukaani-project–xz
 
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters (for example, filenames) that don’t exist in the current legacy code page, the characters are converted to similar-looking characters with best-fit mapping. Some best-fit mappings result in ASCII characters that change the meaning of the command line, which can be exploited with malicious filenames to do argument injection or directory traversal attacks. This vulnerability is fixed in 5.6.3. Command line tools built for Cygwin or MSYS2 are unaffected. liblzma is unaffected.2024-10-02not yet calculatedCVE-2024-47611
[email protected]
[email protected]
 
Wiz–Wiz Code Visual Studio Code extension
 
Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a “trusted folder” within Visual Studio Code, and initiates a manual scan of the file.2024-10-01not yet calculatedCVE-2024-9145
9947ef80-c5d5-474a-bbab-97341a59000e
9947ef80-c5d5-474a-bbab-97341a59000e
9947ef80-c5d5-474a-bbab-97341a59000e
 
n/a–n/a
 
Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key with the same X coordinate as the offered public key and by reflection of the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. This is a related issue to CVE-2020-26558.2024-10-01not yet calculatedCVE-2021-37577
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.2024-10-04not yet calculatedCVE-2023-26770
[email protected]
[email protected]
 
n/a–n/a
 
Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the victim opens the file.2024-10-04not yet calculatedCVE-2023-26771
[email protected]
[email protected]
 
n/a–n/a
 
The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user’s primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user’s primary network. The only requirement of the attack is proximity to the dedicated wireless network.2024-10-03not yet calculatedCVE-2023-37822
[email protected]
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.2024-10-02not yet calculatedCVE-2024-24116
[email protected]
[email protected]
 
n/a–n/a
 
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component.2024-10-02not yet calculatedCVE-2024-24117
[email protected]
[email protected]
 
n/a–n/a
 
A remote code execution vulnerability in the project management of Wanxing Technology’s Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restart the system, and automatically execute the constructed attack script.2024-10-02not yet calculatedCVE-2024-24122
[email protected]
[email protected]
 
n/a–n/a
 
Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows attackers (with access to the database or exported configuration files) to obtain SNMP users’ usernames and passwords in cleartext.2024-10-01not yet calculatedCVE-2024-25658
[email protected]
 
n/a–n/a
 
An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web applications.2024-09-30not yet calculatedCVE-2024-28808
[email protected]
 
n/a–n/a
 
An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations.2024-09-30not yet calculatedCVE-2024-28811
[email protected]
 
n/a–n/a
 
Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter.2024-10-01not yet calculatedCVE-2024-31835
[email protected]
[email protected]
 
n/a–n/a
 
FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the “Add New Entry” section, which allows them to execute arbitrary code in the context of a victim’s web browser.2024-10-02not yet calculatedCVE-2024-33209
[email protected]
 
n/a–n/a
 
Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.2024-10-02not yet calculatedCVE-2024-33662
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header.2024-10-03not yet calculatedCVE-2024-34535
[email protected]
[email protected]
 
n/a–n/a
 
An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing network traffic.2024-09-30not yet calculatedCVE-2024-35495
[email protected]
 
n/a–n/a
 
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the “sendreply.php” file, and the uploaded file was received using the “$- FILES” variable.2024-10-04not yet calculatedCVE-2024-37868
[email protected]
[email protected]
 
n/a–n/a
 
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the “poster.php” file, and the uploaded file was received using the “$- FILES” variable2024-10-04not yet calculatedCVE-2024-37869
[email protected]
[email protected]
 
n/a–n/a
 
A Path Traversal (Local File Inclusion) vulnerability in “BinaryFileRedirector.ashx” in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the “path” parameter.2024-10-04not yet calculatedCVE-2024-41511
[email protected]
 
n/a–n/a
 
A SQL Injection vulnerability in “ccHandler.aspx” in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the “bomid” parameter.2024-10-04not yet calculatedCVE-2024-41512
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
A reflected cross-site scripting (XSS) vulnerability in “Artikel.aspx” in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the “searchindex” parameter.2024-10-04not yet calculatedCVE-2024-41513
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
A reflected cross-site scripting (XSS) vulnerability in “PrevPgGroup.aspx” in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the “wer” parameter.2024-10-04not yet calculatedCVE-2024-41514
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
A reflected cross-site scripting (XSS) vulnerability in “ccHandlerResource.ashx” in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the “res_url” parameter.2024-10-04not yet calculatedCVE-2024-41515
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
A Reflected cross-site scripting (XSS) vulnerability in “ccHandler.aspx” CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the “bomid” parameter.2024-10-04not yet calculatedCVE-2024-41516
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine.2024-10-03not yet calculatedCVE-2024-41585
[email protected]
[email protected]
 
n/a–n/a
 
The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.2024-10-03not yet calculatedCVE-2024-41588
[email protected]
[email protected]
 
n/a–n/a
 
Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.2024-10-03not yet calculatedCVE-2024-41590
[email protected]
[email protected]
 
n/a–n/a
 
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.2024-10-03not yet calculatedCVE-2024-41591
[email protected]
[email protected]
 
n/a–n/a
 
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.2024-10-03not yet calculatedCVE-2024-41593
[email protected]
[email protected]
 
n/a–n/a
 
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.2024-10-03not yet calculatedCVE-2024-41594
[email protected]
[email protected]
 
TEM–Opera Plus FM Family Transmitter
 
The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.2024-10-03not yet calculatedCVE-2024-41987
[email protected]
 
TEM–Opera Plus FM Family Transmitter
 
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server’s main interfaces and execute arbitrary code.2024-10-03not yet calculatedCVE-2024-41988
[email protected]
 
TECHNO SUPPORT COMPANY–Smart-tab Android app
 
Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a password. If this vulnerability is exploited, an attacker with physical access to the device may retrieve the credential information and spoof the device to access the related external service.2024-09-30not yet calculatedCVE-2024-42496
[email protected]
[email protected]
 
Microchip–TimeProvider 4100
 
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0.2024-10-04not yet calculatedCVE-2024-43683
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
 
Microchip–TimeProvider 4100
 
Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.2024-10-04not yet calculatedCVE-2024-43684
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
 
Microchip–TimeProvider 4100
 
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.2024-10-04not yet calculatedCVE-2024-43685
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
 
Microchip–TimeProvider 4100
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.2024-10-04not yet calculatedCVE-2024-43686
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
 
Microchip–TimeProvider 4100
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.2024-10-04not yet calculatedCVE-2024-43687
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
 
OpenC3–cosmos
 
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition.2024-10-02not yet calculatedCVE-2024-43795
[email protected]
[email protected]
 
n/a–n/a
 
An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port.2024-10-04not yet calculatedCVE-2024-44439
[email protected]
[email protected]
 
mantisbt–mantisbt
 
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users’ personal system profiles. This vulnerability is fixed in 2.26.4.2024-09-30not yet calculatedCVE-2024-45792
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically within the get_station_info()function located in the file /application/models/Oqrs_model.php. The vulnerability is exploitable via the station_id parameter.2024-10-01not yet calculatedCVE-2024-45999
[email protected]
 
n/a–n/a
 
itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and state_name parameters in travellers.php.2024-10-04not yet calculatedCVE-2024-46077
[email protected]
[email protected]
 
n/a–n/a
 
itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id.2024-10-04not yet calculatedCVE-2024-46078
[email protected]
 
n/a–n/a
 
A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page.2024-10-04not yet calculatedCVE-2024-46409
[email protected]
[email protected]
 
n/a–n/a
 
TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function.2024-10-04not yet calculatedCVE-2024-46486
[email protected]
[email protected]
 
n/a–n/a
 
An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter.2024-09-30not yet calculatedCVE-2024-46635
[email protected]
 
n/a–n/a
 
Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability.2024-10-03not yet calculatedCVE-2024-46658
[email protected]
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel_pcie: Allocate memory for driver private data Fix driver not allocating memory for struct btintel_data which is used to store internal data.2024-09-30not yet calculatedCVE-2024-46869
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
OpenC3–cosmos
 
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode’s open_local_file method allows an authenticated user with adequate permissions to download any .txt via the ScreensController#show on the web server COSMOS is running on (depending on the file permissions). This vulnerability is fixed in 5.19.0.2024-10-02not yet calculatedCVE-2024-46977
[email protected]
[email protected]
 
cvat-ai–cvat
 
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate any API calls on that user’s behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.2024-09-30not yet calculatedCVE-2024-47063
[email protected]
[email protected]
 
cvat-ai–cvat
 
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user’s behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.2024-09-30not yet calculatedCVE-2024-47064
[email protected]
[email protected]
 
alist-org–alist
 
AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:link_name takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up to HTML tags via XHTML and thus leading to a XSS vulnerability. This vulnerability is fixed in 3.29.0.2024-09-30not yet calculatedCVE-2024-47067
[email protected]
[email protected]
 
expressjs–basic-auth-connect
 
basic-auth-connect is Connect’s Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.2024-09-30not yet calculatedCVE-2024-47178
[email protected]
[email protected]
 
n/a–n/a
 
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.2024-10-04not yet calculatedCVE-2024-47211
[email protected]
[email protected]
[email protected]
[email protected]
 
OpenC3–cosmos
 
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128). This vulnerability is fixed in 5.19.0. This only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition.2024-10-02not yet calculatedCVE-2024-47529
[email protected]
[email protected]
 
zopefoundation–RestrictedPython
 
RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment.2024-09-30not yet calculatedCVE-2024-47532
[email protected]
[email protected]
 
StarCitizenTools–mediawiki-skins-Citizen
 
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their “real name” to an XSS payload. This vulnerability is fixed in 2.31.0.2024-09-30not yet calculatedCVE-2024-47536
[email protected]
[email protected]
[email protected]
[email protected]
 
Apache Software Foundation–Apache Commons IO
 
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.2024-10-03not yet calculatedCVE-2024-47554
[email protected]
 
Js Communication Co., Ltd.–RevoWorks Cloud Client
 
RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client’s local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry.2024-10-01not yet calculatedCVE-2024-47560
[email protected]
[email protected]
 
DefinetlyNotAI–Logicytics
 
Logicytics is designed to harvest and collect data for forensic analysis. Logicytics has a basic vuln affecting compromised devices from shell injections. This vulnerability is fixed in 2.3.2.2024-10-01not yet calculatedCVE-2024-47608
[email protected]
[email protected]
 
sulu–sulu
 
Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ (other users including admins) browsers. This issue is fixed in 2.6.5.2024-10-03not yet calculatedCVE-2024-47618
[email protected]
[email protected]
 
Shilpi Computers–Client Dashboard
 
This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple “userid” parameters in the API request body leading to unauthorized access of sensitive information belonging to other users.2024-10-04not yet calculatedCVE-2024-47651
[email protected]
 
Shilpi Computers–Client Dashboard
 
This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their corresponding mobile number. A remote attacker could exploit this vulnerability by providing mobile number of targeted user, to obtain complete access to the targeted user account.2024-10-04not yet calculatedCVE-2024-47652
[email protected]
 
Shilpi Computers–Client Dashboard
 
This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to unauthorized modification of requests belonging to the other users.2024-10-04not yet calculatedCVE-2024-47653
[email protected]
 
Shilpi Computers–Client Dashboard
 
This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints, which could lead to the OTP bombing on the targeted system.2024-10-04not yet calculatedCVE-2024-47654
[email protected]
 
Shilpi Computers–Client Dashboard
 
This vulnerability exists in the Shilpi Client Dashboard due to improper validation of files being uploaded other than the specified extension. An authenticated remote attacker could exploit this vulnerability by uploading malicious file, which could lead to remote code execution on targeted application.2024-10-04not yet calculatedCVE-2024-47655
[email protected]
 
Shilpi Computers–Client Dashboard
 
This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on password, which could lead to gain unauthorized access to other user accounts.2024-10-04not yet calculatedCVE-2024-47656
[email protected]
 
Shilpi Computers–Net Back Office
 
This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter dfclientid through API request URLs which could lead to unauthorized access to sensitive information belonging to other users.2024-10-04not yet calculatedCVE-2024-47657
[email protected]
 
jshttp–cookie
 
cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain.2024-10-04not yet calculatedCVE-2024-47764
[email protected]
[email protected]
[email protected]
 
jgniecki–MinecraftMotdParser
 
Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting (XSS) attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of MotdItemCollection to generate a HTML string. An attacker can make malicious inputs to the color and text properties of MotdItem to inject own HTML into a web page during web page generation. For example by sending a malicious MOTD from a Minecraft server under their control that was queried and passed to the HtmlGenerator. This XSS vulnerability exists because the values of these properties are neither filtered nor escaped. This vulnerability is fixed in 1.0.6.2024-10-04not yet calculatedCVE-2024-47765
[email protected]
[email protected]
 
Lif-Platforms–Lif-Auth-Server
 
Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker knew the email of the target, they could supply the email and immediately prompt the server to update the password without ever needing the code. This issue has been patched in version 1.7.3.2024-10-04not yet calculatedCVE-2024-47768
[email protected]
[email protected]
 
Jenkins Project–Jenkins
 
Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.2024-10-02not yet calculatedCVE-2024-47803
[email protected]
 
Jenkins Project–Jenkins
 
If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction.2024-10-02not yet calculatedCVE-2024-47804
[email protected]
 
Jenkins Project–Jenkins Credentials Plugin
 
Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `config.xml` via REST API or CLI.2024-10-02not yet calculatedCVE-2024-47805
[email protected]
 
The Wikimedia Foundation–Mediawiki – Apex skin
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – Apex skin allows Stored XSS.This issue affects Mediawiki – Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.2024-10-05not yet calculatedCVE-2024-47840
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
 
The Wikimedia Foundation–Mediawiki – CSS Extension
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in The Wikimedia Foundation Mediawiki – CSS Extension allows Path Traversal.This issue affects Mediawiki – CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9.2024-10-05not yet calculatedCVE-2024-47841
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
 
The Wikimedia Foundation–Mediawiki – CSS Extension
 
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki – CSS Extension allows Code Injection.This issue affects Mediawiki – CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.2024-10-05not yet calculatedCVE-2024-47845
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
 
The Wikimedia Foundation–Mediawiki – Cargo
 
Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki – Cargo allows Cross Site Request Forgery.This issue affects Mediawiki – Cargo: from 3.6.X before 3.6.1.2024-10-05not yet calculatedCVE-2024-47846
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
 
The Wikimedia Foundation–Mediawiki – Cargo
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki – Cargo: from 3.6.X before 3.6.1.2024-10-05not yet calculatedCVE-2024-47847
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
 
The Wikimedia Foundation–Mediawiki – PageTriage
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki – PageTriage allows Authentication Bypass.This issue affects Mediawiki – PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.2024-10-05not yet calculatedCVE-2024-47848
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
 
The Wikimedia Foundation–Mediawiki – Cargo
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in The Wikimedia Foundation Mediawiki – Cargo allows SQL Injection.This issue affects Mediawiki – Cargo: from 3.6.X before 3.6.1.2024-10-05not yet calculatedCVE-2024-47849
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
 
n/a–n/a
 
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.2024-10-04not yet calculatedCVE-2024-47855
[email protected]
[email protected]
 
n/a–n/a
 
An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.2024-10-04not yet calculatedCVE-2024-47910
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.2024-10-04not yet calculatedCVE-2024-47913
[email protected]
[email protected]
 
Vercom S.A.–Redlink SDK
 
Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13.2024-09-30not yet calculatedCVE-2024-6051
[email protected]
[email protected]
 
OpenText–Vertica
 
Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X.2024-10-02not yet calculatedCVE-2024-6360
[email protected]
 
parisneo–parisneo/lollms-webui
 
A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code.2024-09-30not yet calculatedCVE-2024-6394
[email protected]
 
Finrota–Netahsilat
 
Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03.2024-10-04not yet calculatedCVE-2024-6400
[email protected]
 
Microchip–TimeProvider 4100
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.2024-10-04not yet calculatedCVE-2024-7801
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
 
Webroot–SecureAnywhere – Web Shield
 
Access of Resource Using Incompatible Type (‘Type Confusion’) vulnerability in Webroot SecureAnywhere – Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere – Web Shield: before 2.1.2.3.2024-10-03not yet calculatedCVE-2024-7824
[email protected]
 
Webroot–SecureAnywhere – Web Shield
 
Access of Resource Using Incompatible Type (‘Type Confusion’) vulnerability in Webroot SecureAnywhere – Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere – Web Shield: before 2.1.2.3.2024-10-03not yet calculatedCVE-2024-7825
[email protected]
 
Webroot–SecureAnywhere – Web Shield
 
Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere – Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere – Web Shield: before 2.1.2.3.2024-10-03not yet calculatedCVE-2024-7826
[email protected]
 
Microchip–TimeProvider 4100
 
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.2024-10-04not yet calculatedCVE-2024-9054
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
 
M-Files Corporation–M-Files Hubshare
 
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI2024-10-02not yet calculatedCVE-2024-9174
[email protected]
 
Eclipse Foundation–Glassfish
 
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is ‘/management/domain’. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.2024-09-30not yet calculatedCVE-2024-9329
[email protected]
[email protected]
 
M-Files Corporation–M-Files Connector for Copilot
 
Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation2024-10-02not yet calculatedCVE-2024-9333
[email protected]
 
Mozilla–Firefox
 
A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. *This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.2024-10-01not yet calculatedCVE-2024-9391
[email protected]
[email protected]
 
Mozilla–Firefox
 
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to “same site” documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.2024-10-01not yet calculatedCVE-2024-9393
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Mozilla–Firefox
 
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to “same site” documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.2024-10-01not yet calculatedCVE-2024-9394
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Mozilla–Firefox
 
A specially crafted filename containing a large number of spaces could obscure the file’s extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.2024-10-01not yet calculatedCVE-2024-9395
[email protected]
[email protected]
 
Mozilla–Firefox
 
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.2024-10-01not yet calculatedCVE-2024-9397
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Mozilla–Firefox
 
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.2024-10-01not yet calculatedCVE-2024-9398
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Mozilla–Firefox
 
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.2024-10-01not yet calculatedCVE-2024-9399
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 

Back to top

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.