Vulnerability Summary for the Week of September 30, 2024

Posted by:

|

On:

|

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
n/a–n/a
 
An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication. 2024-09-30 10 CVE-2024-42017
cve@mitre.org
cve@mitre.org
 
Cisco–Cisco Data Center Network Manager
 
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device.   This vulnerability is due to improper user authorization and insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted commands to an affected REST API endpoint or through the web UI. A successful exploit could allow the attacker to execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network-admin privileges.   Note: This vulnerability does not affect Cisco NDFC when it is configured for storage area network (SAN) controller deployment. 2024-10-02 9.9 CVE-2024-20432
ykramarz@cisco.com
 
n/a–n/a
 
The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges. 2024-10-01 9 CVE-2024-25660
cve@mitre.org
 
Schneider Elektronik–Series 700
 
An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS. 2024-10-02 9.1 CVE-2024-35293
info@cert.vde.com
 
n/a–n/a
 
A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their email for authorization after entering their login credentials. However, the request limiting mechanism can be easily bypassed, enabling attackers to perform a brute force attack to guess the correct PIN and gain unauthorized access to the application. 2024-10-01 9.8 CVE-2024-41276
cve@mitre.org
cve@mitre.org
 
Optigo Networks–ONS-S8 Spectra Aggregation Switch
 
The web service for ONS-S8 – Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code. 2024-10-03 9.8 CVE-2024-41925
ics-cert@hq.dhs.gov
 
n/a–n/a
 
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session. 2024-10-01 9.1 CVE-2024-42514
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
Delta Electronics–DIAEnergie
 
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product. 2024-10-03 9.8 CVE-2024-43699
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
 
Vmaxstudio–Vmax Project Manager
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Vmaxstudio Vmax Project Manager allows PHP Local File Inclusion, Code Injection.This issue affects Vmax Project Manager: from n/a through 1.0. 2024-10-05 9.6 CVE-2024-44014
audit@patchstack.com
 
Google–Android
 
According to the researcher: “The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server.” 2024-10-02 9.8 CVE-2024-44097
dsap-vuln-management@google.com
 
n/a–n/a
 
FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials. 2024-10-02 9.8 CVE-2024-45186
cve@mitre.org
 
Cavok–Cavok
 
Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 2024-10-06 9.8 CVE-2024-45249
cna@cyber.gov.il
 
Elsight–Halo version 11.7.1.5
 
Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) 2024-10-06 9.8 CVE-2024-45251
cna@cyber.gov.il
 
Elsight–Halo version 11.7.1.5
 
Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) 2024-10-06 9.8 CVE-2024-45252
cna@cyber.gov.il
 
Optigo Networks–ONS-S8 Spectra Aggregation Switch
 
The web server for ONS-S8 – Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password. 2024-10-03 9.1 CVE-2024-45367
ics-cert@hq.dhs.gov
 
zimbra — collaboration
 
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. 2024-10-02 9.8 CVE-2024-45519
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether the user is logged in as an admin or even check for a session token at all. 2024-09-30 9.8 CVE-2024-46293
cve@mitre.org
 
YITH–YITH WooCommerce Ajax Search
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in YITH YITH WooCommerce Ajax Search allows SQL Injection.This issue affects YITH WooCommerce Ajax Search: from n/a through 2.8.0. 2024-10-06 9.3 CVE-2024-47350
audit@patchstack.com
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges. 2024-09-30 9.8 CVE-2024-8450
twcert@cert.org.tw
twcert@cert.org.tw
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices. 2024-09-30 9.8 CVE-2024-8456
twcert@cert.org.tw
twcert@cert.org.tw
 
xunhuweb–Wechat Social login QQ
 
The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. This is due to insufficient verification on the user being supplied during the social login. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This is only exploitable if the app secret is not set, so it has a default empty value. 2024-10-01 9.8 CVE-2024-9106
security@wordfence.com
security@wordfence.com
 
xunhuweb–Wechat Social login QQ
 
The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘convert_remoteimage_to_local’ function in versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-10-01 9.8 CVE-2024-9108
security@wordfence.com
security@wordfence.com
 
CodeRevolution–Echo RSS Feed Post Generator
 
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echo_check_post_header_sent() function. This makes it possible for unauthenticated attackers to register as an administrator. 2024-10-01 9.8 CVE-2024-9265
security@wordfence.com
security@wordfence.com
 
RedefiningTheWeb–WordPress & WooCommerce Affiliate Program
 
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callback() function not properly validating a user’s identity prior to authenticating them to the site. This makes it possible for unauthenticated attackers to log in as any user, including administrators, granted they have access to the administrator’s email. 2024-10-01 9.8 CVE-2024-9289
security@wordfence.com
security@wordfence.com
 
code-projects — restaurant_reservation_system
 
A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-01 9.8 CVE-2024-9359
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects — restaurant_reservation_system
 
A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-01 9.8 CVE-2024-9360
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Mozilla–Firefox
 
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. 2024-10-01 9.8 CVE-2024-9392
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
 
Mozilla–Firefox
 
Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. 2024-10-01 9.8 CVE-2024-9401
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
 
Mozilla–Firefox
 
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. 2024-10-01 9.8 CVE-2024-9402
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
 
Linear–eMerge e3-Series
 
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP. 2024-10-02 9.8 CVE-2024-9441
disclosure@vulncheck.com
disclosure@vulncheck.com
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin. 2024-10-02 8.8 CVE-2024-20393
ykramarz@cisco.com
 
Cisco–Cisco Data Center Network Manager
 
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary&nbsp;code in a specific container with the privileges of root. 2024-10-02 8.8 CVE-2024-20449
ykramarz@cisco.com
 
Cisco–Cisco Meraki MX Firmware
 
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. 2024-10-02 8.6 CVE-2024-20498
ykramarz@cisco.com
 
Cisco–Cisco Meraki MX Firmware
 
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. 2024-10-02 8.6 CVE-2024-20499
ykramarz@cisco.com
 
Cisco–Cisco Meraki MX Firmware
 
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. 2024-10-02 8.6 CVE-2024-20501
ykramarz@cisco.com
 
n/a–uplot
 
Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype. 2024-10-01 8.2 CVE-2024-21489
report@snyk.io
report@snyk.io
report@snyk.io
 
elabftw–elabftw
 
eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The vulnerability allows a regular user to become administrator of a team where they are a member, under a reasonable configuration. Additionally, in eLabFTW versions subsequent to v5.0.0, the vulnerability may allow an initially unauthenticated user to gain administrative privileges over an arbitrary team. The vulnerability does not affect system administrator status. Users should upgrade to version 5.1.0. System administrators are advised to turn off local user registration, saml_team_create and not allow administrators to import users into teams, unless strictly required. 2024-10-01 8.6 CVE-2024-25632
security-advisories@github.com
 
n/a–n/a
 
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials. 2024-09-30 8.8 CVE-2024-28809
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management network interface) with hardcoded credentials allows attackers to access the appliance operating system (with highest privileges) via an SSH connection. 2024-09-30 8.8 CVE-2024-28812
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpected network interface. 2024-09-30 8.4 CVE-2024-28813
cve@mitre.org
 
Foxit–Foxit Reader
 
A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. 2024-10-02 8.8 CVE-2024-28888
talos-cna@cisco.com
talos-cna@cisco.com
 
GNOME Project–G Structured File Library (libgsf)
 
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. 2024-10-03 8.4 CVE-2024-36474
talos-cna@cisco.com
talos-cna@cisco.com
 
n/a–n/a
 
FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie’s component. 2024-10-02 8.1 CVE-2024-41290
cve@mitre.org
 
n/a–n/a
 
A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component. 2024-10-03 8 CVE-2024-41586
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests. 2024-10-03 8.8 CVE-2024-41589
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. 2024-10-03 8 CVE-2024-41592
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations. 2024-10-03 8 CVE-2024-41595
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. 2024-10-03 8 CVE-2024-41596
cve@mitre.org
cve@mitre.org
 
GNOME Project–G Structured File Library (libgsf)
 
An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. 2024-10-03 8.4 CVE-2024-42415
talos-cna@cisco.com
talos-cna@cisco.com
 
Delta Electronics–DIAEnergie
 
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product. 2024-10-03 8.8 CVE-2024-42417
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
 
ABCApp Creator–ABCApp Creator
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ABCApp Creator allows PHP Local File Inclusion.This issue affects ABCApp Creator: from n/a through 1.1.2. 2024-10-05 8.1 CVE-2024-44023
audit@patchstack.com
 
Apple–iTunes for Windows
 
A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges. 2024-10-02 8.4 CVE-2024-44193
product-security@apple.com
 
apache — lucene
 
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene’s replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. Java serialization filters (such as -Djdk.serialFilter=’!*’ on the commandline) can mitigate the issue on vulnerable versions without impacting functionality. 2024-09-30 8 CVE-2024-45772
security@apache.org
 
n/a–n/a
 
Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. 2024-10-01 8 CVE-2024-46080
cve@mitre.org
 
n/a–n/a
 
Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. 2024-10-01 8 CVE-2024-46084
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them. 2024-09-30 8.8 CVE-2024-46280
cve@mitre.org
 
n/a–n/a
 
TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm. 2024-09-30 8 CVE-2024-46313
cve@mitre.org
 
n/a–n/a
 
OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload. 2024-10-02 8.8 CVE-2024-46626
cve@mitre.org
 
parse-community–parse-server
 
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquires privileges of a specific role. This vulnerability is fixed in 6.5.9 and 7.3.0. 2024-10-04 8.1 CVE-2024-47183
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
SEIKO EPSON CORPORATION–Web Config
 
Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References]. 2024-10-01 8.1 CVE-2024-47295
vultures@jpcert.or.jp
vultures@jpcert.or.jp
 
Bit Apps–Bit Form Contact Form Plugin
 
Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form – Contact Form Plugin allows Code Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.10. 2024-10-05 8 CVE-2024-47319
audit@patchstack.com
 
Ex-Themes–WP Timeline Vertical and Horizontal timeline plugin
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through 3.6.7. 2024-10-05 8.1 CVE-2024-47323
audit@patchstack.com
 
NuGet–NuGetGallery
 
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim’s browser. 2024-10-01 8.2 CVE-2024-47604
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
Jenkins Project–Jenkins OpenId Connect Authentication Plugin
 
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. 2024-10-02 8.1 CVE-2024-47806
jenkinsci-cert@googlegroups.com
 
Jenkins Project–Jenkins OpenId Connect Authentication Plugin
 
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. 2024-10-02 8.1 CVE-2024-47807
jenkinsci-cert@googlegroups.com
 
ultrapressorg–Unseen Blog
 
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-10-01 8.8 CVE-2024-7432
security@wordfence.com
security@wordfence.com
 
ultrapressorg–Empowerment
 
The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-10-01 8.8 CVE-2024-7433
security@wordfence.com
security@wordfence.com
 
ultrapressorg–UltraPress
 
The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-10-01 8.8 CVE-2024-7434
security@wordfence.com
security@wordfence.com
 
Canonical Ltd.–Juju
 
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm. 2024-10-02 8.7 CVE-2024-7558
security@ubuntu.com
security@ubuntu.com
 
thimpress–WP Hotel Booking
 
The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-10-02 8.8 CVE-2024-7855
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell. 2024-09-30 8.8 CVE-2024-8448
twcert@cert.org.tw
twcert@cert.org.tw
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malicious website, allowing the attacker to impersonate the user and perform actions on their behalf, such as creating accounts. 2024-09-30 8.8 CVE-2024-8458
twcert@cert.org.tw
twcert@cert.org.tw
 
cagdasdag–KB Support WordPress Help Desk and Knowledge Base
 
The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in all versions up to, and including, 1.6.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple administrative actions, such as replying to arbitrary tickets, updating the status of any post, deleting any post, adding notes to tickets, flagging or unflagging tickets, and adding or removing ticket participants. 2024-10-01 8.1 CVE-2024-8548
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
HP, Inc.–HP One Agent Software
 
A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. 2024-10-02 8 CVE-2024-8733
hp-security-alert@hp.com
 
Sophos–Sophos Intercept X
 
A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files. 2024-10-02 8.8 CVE-2024-8885
security-alert@sophos.com
 
hahncgdev–WP Easy Gallery WordPress Gallery Plugin
 
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-10-01 8.8 CVE-2024-9018
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Tenable–Nessus Network Monitor
 
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI. 2024-09-30 8.4 CVE-2024-9158
vulnreport@tenable.com
 
Canonical Ltd.–Authd
 
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. 2024-10-03 8.8 CVE-2024-9313
security@ubuntu.com
security@ubuntu.com
 
Mozilla–Firefox
 
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. 2024-10-01 8.8 CVE-2024-9396
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
 
Mozilla–Firefox
 
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. 2024-10-01 8.8 CVE-2024-9400
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-04 8.8 CVE-2024-9514
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. This affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-04 8.8 CVE-2024-9515
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-05 8.8 CVE-2024-9532
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-05 8.8 CVE-2024-9533
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-05 8.8 CVE-2024-9534
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-05 8.8 CVE-2024-9535
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-06 8.8 CVE-2024-9549
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-06 8.8 CVE-2024-9550
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formSetWanL2TP of the file /goform/formSetWanL2TP. The manipulation of the argument webpage leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-06 8.8 CVE-2024-9551
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been rated as critical. Affected by this issue is the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipulation of the argument webpage leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-06 8.8 CVE-2024-9552
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-06 8.8 CVE-2024-9553
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasy_Wizard of the file /goform/formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-06 8.8 CVE-2024-9555
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-06 8.8 CVE-2024-9556
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formSetWanPPPoE of the file /goform/formSetWanPPPoE. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-06 8.8 CVE-2024-9557
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formSetWanPPTP of the file /goform/formSetWanPPTP. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-06 8.8 CVE-2024-9558
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-06 8.8 CVE-2024-9559
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-06 8.8 CVE-2024-9561
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-605L
 
A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-06 8.8 CVE-2024-9562
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
PowerDNS–Recursor
 
An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. 2024-10-03 7.5 CVE-2024-25590
security@open-xchange.com
 
n/a–n/a
 
In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory. 2024-10-01 7.2 CVE-2024-25659
cve@mitre.org
 
n/a–n/a
 
In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users’ passwords by reading memory dumps of the desktop application. 2024-10-01 7.7 CVE-2024-25661
cve@mitre.org
 
Esri–Portal
 
There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2. 11.1, 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files. 2024-10-04 7.5 CVE-2024-38040
psirt@esri.com
 
Veertu–Anka Build
 
A privilege escalation vulnerability exists in the Veertu Anka Build 1.42.0. The vulnerability occurs during Anka node agent update. A low privilege user can trigger the update action which can result in unexpected elevation of privilege. 2024-10-03 7.8 CVE-2024-39755
talos-cna@cisco.com
 
Veertu–Anka Build
 
A directory traversal vulnerability exists in the archive download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of arbitrary files. An attacker can make an unauthenticated HTTP request to exploit this vulnerability. 2024-10-03 7.5 CVE-2024-41163
talos-cna@cisco.com
 
decidim–decidim
 
Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8. 2024-10-01 7.1 CVE-2024-41673
security-advisories@github.com
security-advisories@github.com
 
Veertu–Anka Build
 
A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can result in a disclosure of arbitrary files. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. 2024-10-03 7.5 CVE-2024-41922
talos-cna@cisco.com
 
WP Ticket Ultra–WP Ticket Ultra Help Desk & Support Plugin
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in WP Ticket Ultra WP Ticket Ultra Help Desk & Support Plugin allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from n/a through 1.0.5. 2024-10-05 7.5 CVE-2024-44011
audit@patchstack.com
 
wpdev33–WP Newsletter Subscription
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in wpdev33 WP Newsletter Subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through 1.1. 2024-10-05 7.5 CVE-2024-44012
audit@patchstack.com
 
Innate Images LLC–VR Calendar
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Innate Images LLC VR Calendar allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through 2.4.0. 2024-10-05 7.5 CVE-2024-44013
audit@patchstack.com
 
Users Control–Users Control
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Users Control allows PHP Local File Inclusion.This issue affects Users Control: from n/a through 1.0.16. 2024-10-05 7.5 CVE-2024-44015
audit@patchstack.com
 
Mark Steadman–Podiant
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Mark Steadman Podiant allows PHP Local File Inclusion.This issue affects Podiant: from n/a through 1.1. 2024-10-05 7.5 CVE-2024-44016
audit@patchstack.com
 
MinHyeong Lim–MH Board
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in MinHyeong Lim MH Board allows PHP Local File Inclusion.This issue affects MH Board: from n/a through 1.3.2.1. 2024-10-02 7.5 CVE-2024-44017
audit@patchstack.com
 
Istmo Plugins–Instant Chat Floating Button for WordPress Websites
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Istmo Plugins Instant Chat Floating Button for WordPress Websites allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress Websites: from n/a through 1.0.5. 2024-10-05 7.5 CVE-2024-44018
audit@patchstack.com
 
Nicejob–NiceJob
 
Cross-Site Request Forgery (CSRF) vulnerability in Nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a before 3.6.5. 2024-10-06 7.1 CVE-2024-44028
audit@patchstack.com
 
David Garlitz–viala
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in David Garlitz viala allows Reflected XSS.This issue affects viala: from n/a through 1.3.1. 2024-10-06 7.1 CVE-2024-44029
audit@patchstack.com
 
Mestres do WP–Checkout Mestres WP
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Mestres do WP Checkout Mestres WP allows PHP Local File Inclusion.This issue affects Checkout Mestres WP: from n/a through 8.6. 2024-10-02 7.2 CVE-2024-44030
audit@patchstack.com
 
Martin Greenwood–WPSPX
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Martin Greenwood WPSPX allows PHP Local File Inclusion.This issue affects WPSPX: from n/a through 1.0.2. 2024-10-05 7.5 CVE-2024-44034
audit@patchstack.com
 
Diebold Nixdorf–Vynamic View prior
 
Diebold Nixdorf – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor 2024-10-06 7.8 CVE-2024-45245
cna@cyber.gov.il
 
Diebold Nixdorf–Vynamic View prior to v5.9.5
 
Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element 2024-10-06 7.3 CVE-2024-45246
cna@cyber.gov.il
 
Multi-DNC–Multi-DNC
 
Multi-DNC – CWE-35: Path Traversal: ‘…/…//’ 2024-10-06 7.5 CVE-2024-45248
cna@cyber.gov.il
 
elabftw–elabftw
 
eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something disabled by default), this extends to anyone. Users are advised to upgrade to at least version 5.1.0. System administrators can disable anonymous access in the System configuration panel. 2024-10-01 7.5 CVE-2024-45408
security-advisories@github.com
 
Unlimited Elements–Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121. 2024-10-06 7.1 CVE-2024-45454
audit@patchstack.com
 
randygaul — cute_png
 
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function at cute_png.h. 2024-10-01 7.8 CVE-2024-46258
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
randygaul — cute_png
 
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_unfilter() function at cute_png.h. 2024-10-01 7.8 CVE-2024-46259
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
randygaul — cute_png
 
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_make32() function at cute_png.h. 2024-10-01 7.8 CVE-2024-46261
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
randygaul — cute_png
 
cute_png v1.05 was discovered to contain a stack overflow via the cp_dynamic() function at cute_png.h. 2024-10-01 7.8 CVE-2024-46263
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
randygaul — cute_png
 
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_find() function at cute_png.h. 2024-10-01 7.8 CVE-2024-46264
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
randygaul — cute_png
 
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_block() function at cute_png.h. 2024-10-01 7.8 CVE-2024-46267
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
randygaul — cute_png
 
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_stored() function at cute_png.h. 2024-10-01 7.8 CVE-2024-46274
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
randygaul — cute_png
 
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_chunk() function at cute_png.h. 2024-10-01 7.8 CVE-2024-46276
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in the _readFileSync function of Simple-Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal. 2024-09-30 7.5 CVE-2024-46503
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface 2024-09-30 7.6 CVE-2024-46510
cve@mitre.org
 
n/a–n/a
 
LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrary code via the LogicLoadEc2DeployLambda and CredsGenFunction function. 2024-09-30 7.5 CVE-2024-46511
cve@mitre.org
 
n/a–n/a
 
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users. 2024-09-30 7.6 CVE-2024-46549
cve@mitre.org
 
JTEKT ELECTRONICS CORPORATION–Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)
 
Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. 2024-10-03 7.8 CVE-2024-47134
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
 
JTEKT ELECTRONICS CORPORATION–Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)
 
Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. 2024-10-03 7.8 CVE-2024-47135
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
 
JTEKT ELECTRONICS CORPORATION–Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)
 
Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. 2024-10-03 7.8 CVE-2024-47136
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
 
CodePeople–CP Polls
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CodePeople CP Polls allows Reflected XSS.This issue affects CP Polls: from n/a through 1.0.74. 2024-10-06 7.1 CVE-2024-47297
audit@patchstack.com
 
CubeWP–CubeWP Forms All-in-One Form Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CubeWP CubeWP Forms – All-in-One Form Builder allows Stored XSS.This issue affects CubeWP Forms – All-in-One Form Builder: from n/a through 1.1.1. 2024-10-06 7.1 CVE-2024-47300
audit@patchstack.com
 
Bit Form–Bit Form Contact Form Plugin
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Bit Form Bit Form – Contact Form Plugin allows Stored XSS.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.10. 2024-10-06 7.1 CVE-2024-47301
audit@patchstack.com
 
Copy Content Protection Team–Secure Copy Content Protection and Content Locking
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.2.3. 2024-10-06 7.1 CVE-2024-47306
audit@patchstack.com
 
WS Form–WS Form LITE
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WS Form WS Form LITE allows Stored XSS.This issue affects WS Form LITE: from n/a through 1.9.238. 2024-10-06 7.1 CVE-2024-47320
audit@patchstack.com
 
Ex-Themes–WP Timeline Vertical and Horizontal timeline plugin
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows Reflected XSS.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through 3.6.7. 2024-10-06 7.1 CVE-2024-47322
audit@patchstack.com
 
Ex-Themes–WP Timeline Vertical and Horizontal timeline plugin
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through 3.6.7. 2024-10-05 7.5 CVE-2024-47324
audit@patchstack.com
 
ILLID–Share This Image
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ILLID Share This Image allows Reflected XSS.This issue affects Share This Image: from n/a through 2.01. 2024-10-06 7.1 CVE-2024-47326
audit@patchstack.com
 
Eyal Fitoussi–GEO my WordPress
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Eyal Fitoussi GEO my WordPress allows Reflected XSS.This issue affects GEO my WordPress: from n/a through 4.5.0.3. 2024-10-06 7.1 CVE-2024-47327
audit@patchstack.com
 
Team Tangible–Loops & Logic
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Team Tangible Loops & Logic allows Reflected XSS.This issue affects Loops & Logic: from n/a through 4.1.4. 2024-10-06 7.1 CVE-2024-47333
audit@patchstack.com
 
WPExpertsio–WPExperts Square For GiveWP
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPExpertsio WPExperts Square For GiveWP allows SQL Injection.This issue affects WPExperts Square For GiveWP: from n/a through 1.3. 2024-10-06 7.6 CVE-2024-47338
audit@patchstack.com
 
James Ward–WP Mail Catcher
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in James Ward WP Mail Catcher allows Reflected XSS.This issue affects WP Mail Catcher: from n/a through 2.1.9. 2024-10-06 7.1 CVE-2024-47339
audit@patchstack.com
 
Lester GaMerZ Chan–WP-DownloadManager
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Lester ‘GaMerZ’ Chan WP-DownloadManager allows Reflected XSS.This issue affects WP-DownloadManager: from n/a through 1.68.8. 2024-10-06 7.1 CVE-2024-47341
audit@patchstack.com
 
Tribulant–Newsletters
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.9.1. 2024-10-06 7.1 CVE-2024-47346
audit@patchstack.com
 
Chart Builder Team–Chartify
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Chart Builder Team Chartify allows Reflected XSS.This issue affects Chartify: from n/a through 2.7.6. 2024-10-06 7.1 CVE-2024-47347
audit@patchstack.com
 
WaspThemes–YellowPencil Visual CSS Style Editor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6.4. 2024-10-06 7.1 CVE-2024-47348
audit@patchstack.com
 
WPMobile.App–WPMobile.App
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPMobile.App allows Reflected XSS.This issue affects WPMobile.App: from n/a through 11.50. 2024-10-06 7.1 CVE-2024-47349
audit@patchstack.com
 
Xylus Themes–WP Bulk Delete
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Xylus Themes WP Bulk Delete allows Reflected XSS.This issue affects WP Bulk Delete: from n/a through 1.3.1. 2024-10-06 7.1 CVE-2024-47352
audit@patchstack.com
 
Booking Algorithms–BA Book Everything
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Booking Algorithms BA Book Everything allows Reflected XSS.This issue affects BA Book Everything: from n/a through 1.6.20. 2024-10-06 7.1 CVE-2024-47360
audit@patchstack.com
 
YITH–YITH WooCommerce Product Add-Ons
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.13.0. 2024-10-06 7.1 CVE-2024-47367
audit@patchstack.com
 
WPWeb–Social Auto Poster
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPWeb Social Auto Poster allows Reflected XSS.This issue affects Social Auto Poster: from n/a through 5.3.15. 2024-10-05 7.1 CVE-2024-47369
audit@patchstack.com
 
LiteSpeed Technologies–LiteSpeed Cache
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2. 2024-10-05 7.1 CVE-2024-47374
audit@patchstack.com
 
WPCOM–WPCOM Member
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4. 2024-10-05 7.1 CVE-2024-47378
audit@patchstack.com
 
Sale php scripts–Web Directory Free
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Sale php scripts Web Directory Free allows Reflected XSS.This issue affects Web Directory Free: from n/a through 1.7.3. 2024-10-05 7.1 CVE-2024-47379
audit@patchstack.com
 
WP Lab–WP-Lister Lite for eBay
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Lab WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.3. 2024-10-05 7.1 CVE-2024-47380
audit@patchstack.com
 
WP Compress–WP Compress Image Optimizer [All-In-One]
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One] allows Reflected XSS.This issue affects WP Compress – Image Optimizer [All-In-One]: from n/a through 6.20.13. 2024-10-05 7.1 CVE-2024-47384
audit@patchstack.com
 
WP Extended–The Ultimate WordPress Toolkit WP Extended
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 3.0.8. 2024-10-05 7.1 CVE-2024-47386
audit@patchstack.com
 
SliceWP–SliceWP
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in SliceWP allows Reflected XSS.This issue affects SliceWP: from n/a through 1.1.18. 2024-10-05 7.1 CVE-2024-47388
audit@patchstack.com
 
Basix–NEX-Forms Ultimate Form Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Reflected XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.3. 2024-10-05 7.1 CVE-2024-47389
audit@patchstack.com
 
eyecix–JobSearch
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in eyecix JobSearch allows Reflected XSS.This issue affects JobSearch: from n/a through 2.5.9. 2024-10-05 7.1 CVE-2024-47394
audit@patchstack.com
 
Robokassa–Robokassa payment gateway for Woocommerce
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Robokassa Robokassa payment gateway for Woocommerce allows Reflected XSS.This issue affects Robokassa payment gateway for Woocommerce: from n/a through 1.6.1. 2024-10-05 7.1 CVE-2024-47395
audit@patchstack.com
 
librenms–librenms
 
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the “Alert Transports” feature allows authenticated users to inject arbitrary JavaScript through the “Details” section (which contains multiple fields depending on which transport is selected at that moment). This vulnerability can lead to the execution of malicious code in the context of other users’ sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0. 2024-10-01 7.5 CVE-2024-47523
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
librenms–librenms
 
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of the Device Groups, its will be trigger. This vulnerability is fixed in 24.9.0. 2024-10-01 7.2 CVE-2024-47524
security-advisories@github.com
security-advisories@github.com
 
librenms–librenms
 
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the “Alert Rules” feature allows authenticated users to inject arbitrary JavaScript through the “Title” field. This vulnerability can lead to the execution of malicious code in the context of other users’ sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0. 2024-10-01 7.5 CVE-2024-47525
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
librenms–librenms
 
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the “Device Dependencies” feature allows authenticated users to inject arbitrary JavaScript through the device name (“hostname” parameter). This vulnerability can lead to the execution of malicious code in the context of other users’ sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0. 2024-10-01 7.5 CVE-2024-47527
security-advisories@github.com
security-advisories@github.com
 
Apache Software Foundation–Apache Avro Java SDK
 
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue. 2024-10-03 7.3 CVE-2024-47561
security@apache.org
 
async-graphql–async-graphql
 
async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10. 2024-10-03 7.5 CVE-2024-47614
security-advisories@github.com
security-advisories@github.com
 
BannerSky–BSK Forms Blacklist
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8.1. 2024-10-05 7.1 CVE-2024-47624
audit@patchstack.com
 
vCita–Online Booking & Scheduling Calendar for WordPress by vcita
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.6. 2024-10-05 7.1 CVE-2024-47638
audit@patchstack.com
 
Copyscape / Indigo Stream Technologies–Copyscape Premium
 
Cross-Site Request Forgery (CSRF) vulnerability in Copyscape / Indigo Stream Technologies Copyscape Premium allows Stored XSS.This issue affects Copyscape Premium: from n/a through 1.3.6. 2024-10-05 7.1 CVE-2024-47644
audit@patchstack.com
 
idurar–idurar-erp-crm
 
IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user’s input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath location. 2024-10-04 7.5 CVE-2024-47769
security-advisories@github.com
security-advisories@github.com
 
n/a–n/a
 
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.) 2024-10-04 7.5 CVE-2024-47850
cve@mitre.org
cve@mitre.org
 
AVG/Avast–Antivirus
 
The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is disabled. 2024-10-03 7.5 CVE-2024-5803
security@nortonlifelock.com
 
Unknown–Migration, Backup, Staging
 
The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups. 2024-10-02 7.5 CVE-2024-7315
contact@wpscan.com
 
Autodesk–Navisworks Freedom
 
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. 2024-09-30 7.8 CVE-2024-7670
psirt@autodesk.com
 
Autodesk–Navisworks Freedom
 
A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. 2024-09-30 7.8 CVE-2024-7671
psirt@autodesk.com
 
Autodesk–Navisworks Freedom
 
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. 2024-09-30 7.8 CVE-2024-7672
psirt@autodesk.com
 
Autodesk–Navisworks Freedom
 
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process. 2024-09-30 7.8 CVE-2024-7673
psirt@autodesk.com
 
Autodesk–Navisworks Freedom
 
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process. 2024-09-30 7.8 CVE-2024-7674
psirt@autodesk.com
 
Autodesk–Navisworks Freedom
 
A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process. 2024-09-30 7.8 CVE-2024-7675
psirt@autodesk.com
 
123.chat–123.chat – Video Chat
 
The 123.chat – Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-01 7.2 CVE-2024-7869
security@wordfence.com
security@wordfence.com
 
Canonical Ltd.–Juju
 
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks. 2024-10-02 7.9 CVE-2024-8038
security@ubuntu.com
security@ubuntu.com
 
dejanmarkovic–Social Web Suite Social Media Auto Post, Social Media Auto Publish
 
The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. 2024-10-03 7.5 CVE-2024-8352
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Unknown–Cost Calculator Builder
 
The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. 2024-09-30 7.2 CVE-2024-8379
contact@wpscan.com
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakness to occupy connection slots and prevent legitimate users from accessing the SSH service. 2024-09-30 7.5 CVE-2024-8451
twcert@cert.org.tw
twcert@cert.org.tw
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially. 2024-09-30 7.5 CVE-2024-8452
twcert@cert.org.tw
twcert@cert.org.tw
 
planet — gs-4210-24p2s_firmware
 
The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service. 2024-09-30 7.5 CVE-2024-8454
twcert@cert.org.tw
twcert@cert.org.tw
 
wpmudev–Broken Link Checker
 
The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 7.1 CVE-2024-8981
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
rankmath–Rank Math SEO AI SEO Tools to Dominate SEO Rankings
 
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input ‘set_redirections’ function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-10-05 7.2 CVE-2024-9314
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Mozilla–Firefox
 
Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131. 2024-10-01 7.3 CVE-2024-9403
security@mozilla.org
security@mozilla.org
security@mozilla.org
 
Codezips–Online Shopping Portal
 
A vulnerability was found in Codezips Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-03 7.3 CVE-2024-9460
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
GitLab–GitLab
 
An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches. 2024-10-01 6.6 CVE-2023-3441
cve@gitlab.com
cve@gitlab.com
cve@gitlab.com
cve@gitlab.com
 
Kiteworks–OwnCloud
 
Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim. 2024-10-01 6.8 CVE-2023-7273
a341c0d1-ebf7-493f-a84e-38cf86618674
a341c0d1-ebf7-493f-a84e-38cf86618674
 
Cisco–Cisco Unified Computing System (Managed)
 
A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exploit could allow the attacker to elevate privileges to root. 2024-10-02 6.5 CVE-2024-20365
ykramarz@cisco.com
 
Cisco–Cisco Data Center Network Manager
 
A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files. Note: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface. 2024-10-02 6.3 CVE-2024-20438
ykramarz@cisco.com
 
Cisco–Cisco Data Center Network Manager
 
A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within config only and full backup files. An attacker could exploit this vulnerability by parsing the contents of a backup file that is generated from an affected device. A successful exploit could allow the attacker to access sensitive information, including NDFC-connected device credentials, the NDFC site manager private key, and the scheduled backup file encryption key. 2024-10-02 6.3 CVE-2024-20448
ykramarz@cisco.com
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. 2024-10-02 6.5 CVE-2024-20470
ykramarz@cisco.com
 
Cisco–Cisco Data Center Network Manager
 
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information. 2024-10-02 6.3 CVE-2024-20490
ykramarz@cisco.com
 
Cisco–Cisco Nexus Dashboard Insights
 
A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information. 2024-10-02 6.3 CVE-2024-20491
ykramarz@cisco.com
 
Cisco–Cisco TelePresence Video Communication Server (VCS) Expressway
 
A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. 2024-10-02 6 CVE-2024-20492
ykramarz@cisco.com
 
Cisco–Cisco Identity Services Engine Software
 
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. An attacker with Read-Only Administrator privileges could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to view device credentials that are normally not visible to Read-Only Administrators. 2024-10-02 6.5 CVE-2024-20515
ykramarz@cisco.com
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. 2024-10-02 6.8 CVE-2024-20516
ykramarz@cisco.com
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. 2024-10-02 6.8 CVE-2024-20517
ykramarz@cisco.com
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. 2024-10-02 6.5 CVE-2024-20518
ykramarz@cisco.com
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. 2024-10-02 6.5 CVE-2024-20519
ykramarz@cisco.com
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. 2024-10-02 6.5 CVE-2024-20520
ykramarz@cisco.com
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. 2024-10-02 6.5 CVE-2024-20521
ykramarz@cisco.com
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. 2024-10-02 6.5 CVE-2024-20522
ykramarz@cisco.com
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. 2024-10-02 6.8 CVE-2024-20523
ykramarz@cisco.com
 
Cisco–Cisco Small Business RV Series Router Firmware
 
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. &nbsp; This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. 2024-10-02 6.8 CVE-2024-20524
ykramarz@cisco.com
 
Esri–Portal
 
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1, 10.9.1 and 10.8.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. 2024-10-04 6.1 CVE-2024-25691
psirt@esri.com
 
n/a–n/a
 
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain various users’ passwords by accessing memory dumps of the desktop application. 2024-09-30 6.5 CVE-2024-28807
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing these files. 2024-09-30 6.6 CVE-2024-28810
cve@mitre.org
 
Schneider Elektronik–Series 700
 
An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials. 2024-10-02 6.5 CVE-2024-35294
info@cert.vde.com
 
Esri–Portal
 
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. 2024-10-04 6.1 CVE-2024-38037
psirt@esri.com
 
Esri–Portal
 
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. 2024-10-04 6.1 CVE-2024-38038
psirt@esri.com
 
TECHNO SUPPORT COMPANY–Smart-tab Android app
 
Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. If this vulnerability is exploited, an attacker with physical access to the device may exploit the debug function to gain access to the OS functions, escalate the privilege, change the device’s settings, or spoof devices in other rooms. 2024-09-30 6.8 CVE-2024-41999
vultures@jpcert.or.jp
vultures@jpcert.or.jp
 
Trustmary–Review & testimonial widgets
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Trustmary Review & testimonial widgets allows Stored XSS.This issue affects Review & testimonial widgets: from n/a through 1.0.5. 2024-10-06 6.5 CVE-2024-44022
audit@patchstack.com
 
NicheAddons–Medical Addon for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Medical Addon for Elementor allows Stored XSS.This issue affects Medical Addon for Elementor: from n/a through 1.4. 2024-10-06 6.5 CVE-2024-44024
audit@patchstack.com
 
Nicejob–NiceJob
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a before 3.6.5. 2024-10-06 6.5 CVE-2024-44025
audit@patchstack.com
 
NicheAddons–Charity Addon for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Charity Addon for Elementor allows Stored XSS.This issue affects Charity Addon for Elementor: from n/a through 1.3.0. 2024-10-06 6.5 CVE-2024-44026
audit@patchstack.com
 
TemeGUM–Gum Elementor Addon
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.6. 2024-10-06 6.5 CVE-2024-44027
audit@patchstack.com
 
NicheAddons–Restaurant & Cafe Addon for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.5. 2024-10-06 6.5 CVE-2024-44032
audit@patchstack.com
 
NicheAddons–Primary Addon for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.7. 2024-10-06 6.5 CVE-2024-44033
audit@patchstack.com
 
TemeGUM–Gum Elementor Addon
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.7. 2024-10-06 6.5 CVE-2024-44035
audit@patchstack.com
 
n/a–n/a
 
In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. The victim is not required to join a game session with an attacker. The victim must open the “Wireless Play” (or “LAN Play”) menu from the game’s title screen, and an attacker nearby (LDN) or on the same LAN network as the victim can send a crafted reply packet to the victim’s console. This enables a remote attacker to obtain complete denial-of-service on the game’s process, or potentially, remote code execution on the victim’s console. The issue is caused by incorrect use of the Nintendo Pia library, 2024-09-30 6.3 CVE-2024-45200
cve@mitre.org
cve@mitre.org
 
Sonarr–Sonarr
 
Sonarr – CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) 2024-10-06 6.1 CVE-2024-45247
cna@cyber.gov.il
 
n/a–n/a
 
Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file. 2024-10-03 6.5 CVE-2024-45870
cve@mitre.org
 
n/a–n/a
 
Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS). 2024-10-03 6.3 CVE-2024-45871
cve@mitre.org
 
n/a–n/a
 
Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files. 2024-10-03 6.3 CVE-2024-45872
cve@mitre.org
 
n/a–n/a
 
Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb. 2024-09-30 6.5 CVE-2024-45993
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter. 2024-10-01 6.1 CVE-2024-46079
cve@mitre.org
 
n/a–n/a
 
A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges. 2024-09-30 6.3 CVE-2024-46540
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack. 2024-09-30 6.3 CVE-2024-46548
cve@mitre.org
 
FreePBX–security-reporting
 
OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4. 2024-10-01 6.8 CVE-2024-47071
security-advisories@github.com
security-advisories@github.com
 
BoldThemes–Bold Page Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 5.1.1. 2024-10-06 6.5 CVE-2024-47298
audit@patchstack.com
 
Essential Plugin–Meta slider and carousel with lightbox
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Essential Plugin Meta slider and carousel with lightbox allows Stored XSS.This issue affects Meta slider and carousel with lightbox: from n/a through 2.0.1. 2024-10-06 6.5 CVE-2024-47307
audit@patchstack.com
 
Condless–Cities Shipping Zones for WooCommerce
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Condless Cities Shipping Zones for WooCommerce allows PHP Local File Inclusion.This issue affects Cities Shipping Zones for WooCommerce: from n/a through 1.2.7. 2024-10-05 6.6 CVE-2024-47309
audit@patchstack.com
 
ARI Soft–ARI Fancy Lightbox
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ARI Soft ARI Fancy Lightbox allows Stored XSS.This issue affects ARI Fancy Lightbox: from n/a through 1.3.17. 2024-10-06 6.5 CVE-2024-47310
audit@patchstack.com
 
QuomodoSoft–ElementsReady Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.0. 2024-10-06 6.5 CVE-2024-47329
audit@patchstack.com
 
wowDevs–Sky Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through 2.5.11. 2024-10-06 6.5 CVE-2024-47332
audit@patchstack.com
 
PickPlugins–Post Grid and Gutenberg Blocks
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.2.89. 2024-10-06 6.5 CVE-2024-47340
audit@patchstack.com
 
PickPlugins–Accordion
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in PickPlugins Accordion accordions allows Stored XSS.This issue affects Accordion: from n/a through 2.2.99. 2024-10-06 6.5 CVE-2024-47342
audit@patchstack.com
 
Kraftplugins–Mega Elements
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.2.4. 2024-10-06 6.5 CVE-2024-47343
audit@patchstack.com
 
CozyThemes–Cozy Blocks
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CozyThemes Cozy Blocks allows Stored XSS.This issue affects Cozy Blocks: from n/a through 2.0.11. 2024-10-06 6.5 CVE-2024-47355
audit@patchstack.com
 
Leevio–Happy Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.12.0. 2024-10-06 6.5 CVE-2024-47357
audit@patchstack.com
 
Blockspare–Blockspare
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.4. 2024-10-06 6.5 CVE-2024-47363
audit@patchstack.com
 
Move addons–Move Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Move addons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.4. 2024-10-06 6.5 CVE-2024-47364
audit@patchstack.com
 
Atakan Au–Automatically Hierarchic Categories in Menu
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS.This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.5. 2024-10-06 6.5 CVE-2024-47365
audit@patchstack.com
 
WPVibes–Elementor Addon Elements
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.6. 2024-10-06 6.5 CVE-2024-47366
audit@patchstack.com
 
Leap13–Premium Blocks Gutenberg Blocks for WordPress
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.33. 2024-10-06 6.5 CVE-2024-47368
audit@patchstack.com
 
Paul Bearne–Author Avatars List/Block
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.21. 2024-10-05 6.5 CVE-2024-47370
audit@patchstack.com
 
LiteSpeed Technologies–LiteSpeed Cache
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2. 2024-10-05 6.5 CVE-2024-47373
audit@patchstack.com
 
Ashraf–XLTab Accordions and Tabs for Elementor Page Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Ashraf XLTab – Accordions and Tabs for Elementor Page Builder allows Stored XSS.This issue affects XLTab – Accordions and Tabs for Elementor Page Builder: from n/a through 1.3. 2024-10-05 6.5 CVE-2024-47375
audit@patchstack.com
 
Webvitaly–Page-list
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Webvitaly Page-list allows Stored XSS.This issue affects Page-list: from n/a through 5.6. 2024-10-05 6.5 CVE-2024-47382
audit@patchstack.com
 
WPDeveloper–Essential Blocks for Gutenberg
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.4. 2024-10-05 6.5 CVE-2024-47385
audit@patchstack.com
 
Jegtheme–Jeg Elementor Kit
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.8. 2024-10-05 6.5 CVE-2024-47390
audit@patchstack.com
 
BoldThemes–Bold Page Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a before 5.1.1. 2024-10-05 6.5 CVE-2024-47391
audit@patchstack.com
 
BdThemes–Element Pack Elementor Addons
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.7.5. 2024-10-05 6.5 CVE-2024-47392
audit@patchstack.com
 
Quillforms–Quill Forms
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Quillforms Quill Forms allows Stored XSS.This issue affects Quill Forms: from n/a through 3.7.0. 2024-10-05 6.5 CVE-2024-47393
audit@patchstack.com
 
moveaddons–Move Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.3. 2024-10-01 6.5 CVE-2024-47396
audit@patchstack.com
 
pomerium–pomerium
 
Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token (JWT) signed by a key known by all Pomerium services in the same deployment. However, incomplete validation of this JWT meant that some service account access tokens would incorrectly be treated as valid for the purpose of databroker API authorization. Improper access to the databroker API could allow exfiltration of user info, spoofing of user sessions, or tampering with Pomerium routes, policies, and other settings. A Pomerium deployment is susceptible to this issue if all of the following conditions are met, you have issued a service account access token using Pomerium Zero or Pomerium Enterprise, the access token has an explicit expiration date in the future, and the core Pomerium databroker gRPC API is not otherwise secured by network access controls. This vulnerability is fixed in 0.27.1. 2024-10-02 6.8 CVE-2024-47616
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
sulu–sulu
 
Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website’s content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21. 2024-10-03 6.1 CVE-2024-47617
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
Katie Seaborn–Zotpress
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Katie Seaborn Zotpress allows Stored XSS.This issue affects Zotpress: from n/a through 7.3.10. 2024-10-05 6.5 CVE-2024-47621
audit@patchstack.com
 
ILLID–Advanced Woo Labels
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ILLID Advanced Woo Labels allows Stored XSS.This issue affects Advanced Woo Labels: from n/a through 2.01. 2024-10-05 6.5 CVE-2024-47622
audit@patchstack.com
 
ThemeLooks–Enter Addons
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.8. 2024-10-05 6.5 CVE-2024-47625
audit@patchstack.com
 
Rometheme–RomethemeKit For Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.5.0. 2024-10-05 6.5 CVE-2024-47626
audit@patchstack.com
 
WP Travel–WP Travel Gutenberg Blocks
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Travel WP Travel Gutenberg Blocks allows Stored XSS.This issue affects WP Travel Gutenberg Blocks: from n/a through 3.6.0. 2024-10-05 6.5 CVE-2024-47627
audit@patchstack.com
 
LA-Studio–LA-Studio Element Kit for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.9.3. 2024-10-05 6.5 CVE-2024-47628
audit@patchstack.com
 
BdThemes–Ultimate Store Kit Elementor Addons
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.5. 2024-10-05 6.5 CVE-2024-47629
audit@patchstack.com
 
ElementInvader–ElementInvader Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.7. 2024-10-05 6.5 CVE-2024-47630
audit@patchstack.com
 
bPlugins LLC–Logo Carousel Clients logo carousel for WP
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in bPlugins LLC Logo Carousel – Clients logo carousel for WP allows Stored XSS.This issue affects Logo Carousel – Clients logo carousel for WP: from n/a through 1.2. 2024-10-05 6.5 CVE-2024-47631
audit@patchstack.com
 
deTheme–DethemeKit For Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.7. 2024-10-05 6.5 CVE-2024-47632
audit@patchstack.com
 
Zoho Forms–Zoho Forms
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Zoho Forms allows Stored XSS.This issue affects Zoho Forms: from n/a through 4.0. 2024-10-05 6.5 CVE-2024-47633
audit@patchstack.com
 
VdoCipher–VdoCipher
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in VdoCipher allows Stored XSS.This issue affects VdoCipher: from n/a through 1.29. 2024-10-05 6.5 CVE-2024-47639
audit@patchstack.com
 
WPDeveloperr–Confetti Fall Animation
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPDeveloperr Confetti Fall Animation allows Stored XSS.This issue affects Confetti Fall Animation: from n/a through 1.3.0. 2024-09-30 6.5 CVE-2024-47641
audit@patchstack.com
 
Keap–Keap Official Opt-in Forms
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 2.0.1. 2024-10-05 6.5 CVE-2024-47642
audit@patchstack.com
 
Alexander Bhm–Include Fussball.de Widgets
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Alexander Böhm Include Fussball.De Widgets allows Stored XSS.This issue affects Include Fussball.De Widgets: from n/a through 4.0.0. 2024-10-05 6.5 CVE-2024-47643
audit@patchstack.com
 
Axton–WP-WebAuthn
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Axton WP-WebAuthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through 1.3.1. 2024-10-06 6.5 CVE-2024-47650
audit@patchstack.com
 
n/a–n/a
 
An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user. 2024-10-04 6.1 CVE-2024-47854
cve@mitre.org
 
n/a–n/a
 
In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands. 2024-10-04 6.7 CVE-2024-47911
cve@mitre.org
 
zephyrproject-rtos–Zephyr
 
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow. 2024-10-04 6.3 CVE-2024-6442
vulnerabilities@zephyrproject.org
 
zephyrproject-rtos–Zephyr
 
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty. 2024-10-04 6.3 CVE-2024-6443
vulnerabilities@zephyrproject.org
 
zephyrproject-rtos–Zephyr
 
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. 2024-10-04 6.3 CVE-2024-6444
vulnerabilities@zephyrproject.org
 
Canonical Ltd.–Juju
 
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. 2024-10-02 6.5 CVE-2024-8037
security@ubuntu.com
security@ubuntu.com
 
Revolution Slider–Slider Revolution
 
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to use and configure Slider Revolution can be extended to authors. 2024-10-01 6.4 CVE-2024-8107
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Esri–Portal
 
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 10.8.1 – 11.2 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. 2024-10-04 6.1 CVE-2024-8148
psirt@esri.com
 
Faronics–DeepFreeze
 
Deep Freeze 9.00.020.5760 is vulnerable to an out-of-bounds read vulnerability by triggering the 0x70014 IOCTL code of the FarDisk.sys driver. 2024-10-03 6.4 CVE-2024-8159
help@fluidattacks.com
help@fluidattacks.com
 
vowelweb–Ibtana WordPress Website Builder
 
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the ‘wp:ive/ive-productscarousel’ Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-02 6.4 CVE-2024-8282
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
adreastrian–Guten Post Layout An Advanced Post Grid Collection for WordPress Gutenberg
 
The Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the ‘wp:guten-post-layout/post-grid’ Gutenberg block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-01 6.4 CVE-2024-8288
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
ishitaka–XO Slider
 
The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-01 6.4 CVE-2024-8324
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user’s password. 2024-09-30 6.8 CVE-2024-8449
twcert@cert.org.tw
twcert@cert.org.tw
 
averta–Shortcodes and extra features for Phlox theme
 
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-05 6.4 CVE-2024-8486
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
connekthq–WordPress Infinite Scroll Ajax Load More
 
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-02 6.4 CVE-2024-8505
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
ultimatemember–Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
 
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘um_loggedin’ shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-04 6.4 CVE-2024-8519
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
cagdasdag–KB Support WordPress Help Desk and Knowledge Base
 
The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the ‘kbs_ajax_load_front_end_replies’ and ‘kbs_ajax_mark_reply_as_read’ functions in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to read replies of any ticket, and mark any reply as read. 2024-10-01 6.5 CVE-2024-8632
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
daveshine–Gravity Forms Toolbar
 
The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-8718
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
rumbletalk–RumbleTalk Live Group Chat HTML5
 
The RumbleTalk Live Group Chat – HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘rumbletalk-admin-button’ shortcode in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-01 6.4 CVE-2024-8720
security@wordfence.com
security@wordfence.com
 
torstenbulk–DK PDF
 
The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-8727
security@wordfence.com
security@wordfence.com
 
brianbrey–Easy Load More
 
The Easy Load More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-8728
security@wordfence.com
security@wordfence.com
 
bitpressadmin–Bit File Manager 100% Free & Open Source File Manager and Code Editor for WordPress
 
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting. 2024-10-05 6.8 CVE-2024-8743
security@wordfence.com
security@wordfence.com
 
brochris–Auto Featured Image from Title
 
The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-8786
security@wordfence.com
security@wordfence.com
 
jkohlbach–Store Exporter for WooCommerce Export Products, Export Orders, Export Subscriptions, and More
 
The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-8793
security@wordfence.com
security@wordfence.com
 
ghuger–Custom Banners
 
The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-8799
security@wordfence.com
security@wordfence.com
 
sanrl–RabbitLoader Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more
 
The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.21.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-02 6.1 CVE-2024-8800
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
cliogrow–Clio Grow
 
The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 6.1 CVE-2024-8802
security@wordfence.com
security@wordfence.com
 
dartiss–Code Embed
 
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-04 6.4 CVE-2024-8804
security@wordfence.com
security@wordfence.com
 
iworks–PWA easy way to Progressive Web App
 
The PWA – easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-02 6.4 CVE-2024-8967
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
galdub–Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews Stars Testimonials
 
The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s stars_testimonials shortcode in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-01 6.4 CVE-2024-8989
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
cyberhobo–Geo Mashup
 
The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-01 6.4 CVE-2024-8990
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
grandplugins–AVIF Uploader
 
The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-01 6.4 CVE-2024-9060
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
sigmadevs–Easy Demo Importer A Modern One-Click Demo Import Solution
 
The Easy Demo Importer – A Modern One-Click Demo Import Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-04 6.4 CVE-2024-9071
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
ManageEngine–Analytics Plus
 
Zohocorp ManageEngine Analytics Plus versions before 5410 and Zoho Analytics On-Premise versions before 5410 are vulnerable to Path traversal. 2024-10-03 6.5 CVE-2024-9100
0fc0942c-577d-436f-ae8e-945763c79b02
0fc0942c-577d-436f-ae8e-945763c79b02
 
quomodosoft–QS Dark Mode Plugin
 
The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-01 6.4 CVE-2024-9118
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
automatic-rock–SVG Complete
 
The SVG Complete plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-01 6.4 CVE-2024-9119
security@wordfence.com
security@wordfence.com
 
rankmath–Rank Math SEO AI SEO Tools to Dominate SEO Rankings
 
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘update_metadata’ function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with ‘rank_math’, and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators. 2024-10-05 6.5 CVE-2024-9161
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
kraftplugins–Demo Importer Plus
 
The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-02 6.4 CVE-2024-9172
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
nerdpressteam–Smart Custom 404 Error Page
 
The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER[‘REQUEST_URI’] in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 6.1 CVE-2024-9204
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
cornelraiu-1–WP Search Analytics
 
The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-9209
security@wordfence.com
security@wordfence.com
 
dvankooten–MC4WP: Mailchimp Top Bar
 
The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-02 6.1 CVE-2024-9210
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
wpblockart–Magazine Blocks Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid
 
The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.14. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-02 6.1 CVE-2024-9218
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
shawfactor–LH Copy Media File
 
The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-9220
security@wordfence.com
security@wordfence.com
 
madalinungureanu–Paid Membership Subscriptions Effortless Memberships, Recurring Payments & Content Restriction
 
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-02 6.1 CVE-2024-9222
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
kau-boy–Hello World
 
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. 2024-10-01 6.5 CVE-2024-9224
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
rainbowgeek–SEOPress On-site SEO
 
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 8.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-02 6.1 CVE-2024-9225
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
joelcj91–Loggedin Limit Active Logins
 
The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when the leave a review notice is present. 2024-10-01 6.1 CVE-2024-9228
security@wordfence.com
security@wordfence.com
 
wpcentrics–Fish and Ships Most flexible shipping table rate. A WooCommerce shipping rate
 
The Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 6.1 CVE-2024-9237
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
fishpie–PDF Image Generator
 
The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-9241
security@wordfence.com
security@wordfence.com
 
memberful–Memberful Membership Plugin
 
The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘memberful_buy_subscription_link’ and ‘memberful_podcasts_link’ shortcodes in all versions up to, and including, 1.73.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-04 6.4 CVE-2024-9242
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
optinhound–Easy WordPress Subscribe Optin Hound
 
The Easy WordPress Subscribe – Optin Hound plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-9267
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
cconover–Relogo
 
The Relogo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-01 6.4 CVE-2024-9269
security@wordfence.com
security@wordfence.com
 
remydcf–Re:WP
 
The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-04 6.4 CVE-2024-9271
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
mascotdevelopers–R Animated Icon Plugin
 
The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-01 6.4 CVE-2024-9272
security@wordfence.com
security@wordfence.com
 
azexo–Elastik Page Builder
 
The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-01 6.4 CVE-2024-9274
security@wordfence.com
security@wordfence.com
 
dgamoni–LocateAndFilter
 
The LocateAndFilter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-01 6.4 CVE-2024-9304
security@wordfence.com
security@wordfence.com
 
thevisionofhamza–BerqWP Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript
 
The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-02 6.1 CVE-2024-9344
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
tychesoftwares–Product Delivery Date for WooCommerce Lite
 
The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when notices are present. 2024-10-04 6.1 CVE-2024-9345
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
miunosoft–Auto Amazon Links Amazon Associates Affiliate Plugin
 
The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 6.1 CVE-2024-9349
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
themes4wp–Popularis Extra
 
The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 6.1 CVE-2024-9353
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Red Hat–Red Hat Enterprise Linux 8
 
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack. 2024-10-01 6.5 CVE-2024-9355
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
 
migumello–Aggregator Advanced Settings
 
The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-04 6.4 CVE-2024-9368
security@wordfence.com
security@wordfence.com
 
wpblockshub–WP Blocks Hub
 
The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-04 6.4 CVE-2024-9372
security@wordfence.com
security@wordfence.com
 
contact-banker–WordPress Captcha Plugin by Captcha Bank
 
The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 6.1 CVE-2024-9375
security@wordfence.com
security@wordfence.com
 
icopydoc–YML for Yandex Market
 
The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-02 6.1 CVE-2024-9378
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
algoritmika–Quantity Dynamic Pricing & Bulk Discounts for WooCommerce
 
The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 6.1 CVE-2024-9384
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
themifyme–Themify Builder
 
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-05 6.1 CVE-2024-9385
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
hashthemes–Hash Form Drag & Drop Form Builder
 
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the ‘handleUpload’ function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are excluded from both the ‘allowedExtensions’ and ‘unallowed_extensions’ arrays on the affected site’s server, including files that may contain cross-site scripting. 2024-10-05 6.1 CVE-2024-9417
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
prontotools–Login Logout Shortcode
 
The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-04 6.4 CVE-2024-9421
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
code-projects–Restaurant Reservation System
 
A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter2.php. The manipulation of the argument from/to leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “from” to be affected. But it must be assumed that parameter “to” is affected as well. 2024-10-02 6.3 CVE-2024-9429
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
plainware–ShiftController Employee Shift Scheduling
 
The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 6.1 CVE-2024-9435
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
acekyd–Display Medium Posts
 
The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s display_medium_posts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-04 6.4 CVE-2024-9445
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
guillaume-lostweb–WP Cleanup and Basic Functions
 
The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-05 6.4 CVE-2024-9455
security@wordfence.com
security@wordfence.com
 
ESAFENET–CDG
 
A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /MultiServerBackService?path=1. The manipulation of the argument fileId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-05 6.3 CVE-2024-9536
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
ESAFENET–CDG
 
A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-06 6.3 CVE-2024-9560
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Cisco–Cisco Nexus Dashboard Orchestrator
 
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device.&nbsp; This vulnerability exists because the Cisco NDO Validate Peer Certificate site management feature validates the certificates for Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud Network Controller (CNC), and Cisco Nexus Dashboard only when a new site is added or an existing one is reregistered. An attacker could exploit this vulnerability by using machine-in-the-middle techniques to intercept the traffic between the affected device and Cisco NDO and then using a crafted certificate to impersonate the affected device. A successful exploit could allow the attacker to learn sensitive information during communications between these devices. 2024-10-02 5.9 CVE-2024-20385
ykramarz@cisco.com
 
Cisco–Cisco Data Center Network Manager
 
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the&nbsp;affected endpoint. A successful exploit could allow the attacker to download config only or full backup files and learn sensitive configuration information. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface. 2024-10-02 5.7 CVE-2024-20441
ykramarz@cisco.com
 
Cisco–Cisco Nexus Dashboard
 
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web UI, generating config only or full backup files, and deleting tech support files. This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface. 2024-10-02 5.4 CVE-2024-20442
ykramarz@cisco.com
 
Cisco–Cisco Data Center Network Manager
 
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. &nbsp; This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition. 2024-10-02 5.5 CVE-2024-20444
ykramarz@cisco.com
 
Cisco–Cisco Data Center Network Manager
 
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to upload files into a specific container or delete files from a specific folder within that container. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface. 2024-10-02 5.4 CVE-2024-20477
ykramarz@cisco.com
 
Cisco–Cisco Meraki MX Firmware
 
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. 2024-10-02 5.8 CVE-2024-20500
ykramarz@cisco.com
 
Cisco–Cisco Meraki MX Firmware
 
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. 2024-10-02 5.8 CVE-2024-20502
ykramarz@cisco.com
 
Cisco–Cisco Meraki MX Firmware
 
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device. This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device. 2024-10-02 5.8 CVE-2024-20509
ykramarz@cisco.com
 
Cisco–Cisco Meraki MX Firmware
 
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate. 2024-10-02 5.8 CVE-2024-20513
ykramarz@cisco.com
 
n/a–git-shallow-clone
 
All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function. 2024-10-01 5.3 CVE-2024-21531
report@snyk.io
report@snyk.io
 
n/a–n/a
 
A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. 2024-10-02 5.4 CVE-2024-33210
cve@mitre.org
 
Esri–Portal
 
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered). 2024-10-04 5.4 CVE-2024-38039
psirt@esri.com
 
draytek — vigor3910_firmware
 
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. 2024-10-03 5.4 CVE-2024-41587
cve@mitre.org
cve@mitre.org
 
Catch Themes–Full frame
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Catch Themes Full frame allows Stored XSS.This issue affects Full frame: from n/a through 2.7.2. 2024-10-06 5.1 CVE-2024-44010
audit@patchstack.com
 
Pierre Lebedel–Kodex Posts likes
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Pierre Lebedel Kodex Posts likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0. 2024-10-06 5.9 CVE-2024-44036
audit@patchstack.com
 
MagePeople Team–Multipurpose Ticket Booking Manager
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in MagePeople Team Multipurpose Ticket Booking Manager allows Stored XSS.This issue affects Multipurpose Ticket Booking Manager: from n/a through 4.2.2. 2024-10-06 5.9 CVE-2024-44037
audit@patchstack.com
 
WP Travel–WP Travel
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Travel allows Stored XSS.This issue affects WP Travel: from n/a through 9.3.1. 2024-10-06 5.9 CVE-2024-44039
audit@patchstack.com
 
Plainware–ShiftController Employee Shift Scheduling
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Plainware ShiftController Employee Shift Scheduling allows Stored XSS.This issue affects ShiftController Employee Shift Scheduling: from n/a through 4.9.64. 2024-10-06 5.9 CVE-2024-44040
audit@patchstack.com
 
Martin Gibson–IdeaPush
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.66. 2024-10-06 5.9 CVE-2024-44041
audit@patchstack.com
 
Fahad Mahmood–WP Datepicker
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Fahad Mahmood WP Datepicker allows Stored XSS.This issue affects WP Datepicker: from n/a through 2.1.1. 2024-10-06 5.9 CVE-2024-44042
audit@patchstack.com
 
10Web–Photo Gallery by 10Web
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27. 2024-10-06 5.9 CVE-2024-44043
audit@patchstack.com
 
Kevon Adonis–WP Abstracts
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.6.5. 2024-10-06 5.9 CVE-2024-44045
audit@patchstack.com
 
Themify–Themify WooCommerce Product Filter
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Themify Themify – WooCommerce Product Filter allows Stored XSS.This issue affects Themify – WooCommerce Product Filter: from n/a through 1.5.1. 2024-10-06 5.9 CVE-2024-44046
audit@patchstack.com
 
apple — ipados
 
A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. A user’s saved passwords may be read aloud by VoiceOver. 2024-10-04 5.5 CVE-2024-44204
product-security@apple.com
 
n/a–n/a
 
PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php. 2024-10-01 5.6 CVE-2024-44610
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be altered by non-admin users. 2024-10-01 5.7 CVE-2024-44744
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in “Intrest” feature. 2024-09-30 5.4 CVE-2024-45920
cve@mitre.org
 
n/a–n/a
 
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the platform. 2024-10-01 5.4 CVE-2024-46081
cve@mitre.org
 
n/a–n/a
 
Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. 2024-10-01 5.4 CVE-2024-46082
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user’s account on the platform. It is important to note that regular users can trigger actions for administrator users. 2024-10-01 5.4 CVE-2024-46083
cve@mitre.org
 
cvat-ai–cvat
 
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue. 2024-09-30 5.4 CVE-2024-47172
security-advisories@github.com
security-advisories@github.com
 
SeedProd–Coming Soon Page, Under Construction & Maintenance Mode by SeedProd
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Stored XSS.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.17.4. 2024-10-06 5.9 CVE-2024-47299
audit@patchstack.com
 
Catch Themes–Catch Base
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Catch Themes Catch Base allows Stored XSS.This issue affects Catch Base: from n/a through 3.4.6. 2024-10-06 5.1 CVE-2024-47313
audit@patchstack.com
 
Vladimir Statsenko–Terms descriptions
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Vladimir Statsenko Terms descriptions allows Stored XSS.This issue affects Terms descriptions: from n/a through 3.4.6. 2024-10-06 5.9 CVE-2024-47336
audit@patchstack.com
 
Brainstorm Force–Starter Templates
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Brainstorm Force Starter Templates allows Stored XSS.This issue affects Starter Templates: from n/a through 4.4.0. 2024-10-06 5.9 CVE-2024-47345
audit@patchstack.com
 
Catch Themes–Create
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1. 2024-10-06 5.1 CVE-2024-47356
audit@patchstack.com
 
Walter Pinem–WP MyLinks
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Walter Pinem WP MyLinks allows Stored XSS.This issue affects WP MyLinks: from n/a through 1.0.6. 2024-10-05 5.9 CVE-2024-47371
audit@patchstack.com
 
ThemeNcode LLC–TNC PDF viewer
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 3.1.0. 2024-10-05 5.9 CVE-2024-47372
audit@patchstack.com
 
Tribulant–Slideshow Gallery
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Tribulant Slideshow Gallery allows Stored XSS.This issue affects Slideshow Gallery: from n/a through 1.8.3. 2024-10-05 5.9 CVE-2024-47376
audit@patchstack.com
 
ThemeKraft–BuddyForms
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ThemeKraft BuddyForms allows Stored XSS.This issue affects BuddyForms: from n/a through 2.8.12. 2024-10-05 5.9 CVE-2024-47377
audit@patchstack.com
 
Averta–Depicter Slider
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.2.2. 2024-10-05 5.9 CVE-2024-47381
audit@patchstack.com
 
Webangon–The Pack Elementor addons
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Webangon The Pack Elementor addons allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through 2.0.8.8. 2024-10-05 5.9 CVE-2024-47383
audit@patchstack.com
 
LinkGraph–Search Atlas SEO
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in LinkGraph Search Atlas SEO allows Stored XSS.This issue affects Search Atlas SEO: from n/a through 1.8.2. 2024-10-05 5.9 CVE-2024-47387
audit@patchstack.com
 
librenms–librenms
 
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with “admin” role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0. 2024-10-01 5.4 CVE-2024-47528
security-advisories@github.com
security-advisories@github.com
 
Clinical-Genomics–scout
 
Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89. 2024-09-30 5.4 CVE-2024-47530
security-advisories@github.com
security-advisories@github.com
 
GhozyLab, Inc.–Gallery Lightbox
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in GhozyLab, Inc. Gallery Lightbox allows Stored XSS.This issue affects Gallery Lightbox: from n/a through 1.0.0.39. 2024-10-05 5.9 CVE-2024-47623
audit@patchstack.com
 
TinyPNG–TinyPNG
 
Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG.This issue affects TinyPNG: from n/a through 3.4.3. 2024-10-05 5.4 CVE-2024-47635
audit@patchstack.com
 
HelpieWP–Accordion & FAQ Helpie WordPress Accordion FAQ Plugin
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in HelpieWP Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin allows Stored XSS.This issue affects Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin: from n/a through 1.27. 2024-10-05 5.9 CVE-2024-47647
audit@patchstack.com
 
backstage–backstage
 
Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema specified that they should have backend or secret visibility. This was an intended feature of the APP_CONFIG_* way of supplying configuration, but now clearly goes against the expected behavior of the configuration system. This behavior leads to a risk of potentially exposing sensitive configuration details intended to remain private or restricted to backend processes. The issue has been resolved in version 0.3.75 of the @backstage/plugin-app-backend package. As a temporary measure, avoid supplying secrets using the APP_CONFIG_ configuration pattern. Consider alternative methods for setting secrets, such as the environment substitution available for Backstage configuration. 2024-10-03 5.8 CVE-2024-47762
security-advisories@github.com
security-advisories@github.com
 
Unknown–Starbox
 
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user’s profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks. 2024-09-30 5.4 CVE-2024-8239
contact@wpscan.com
 
icegram–Email Subscribers by Icegram Express Email Marketing, Newsletters, Automation for WordPress & WooCommerce
 
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. 2024-10-02 5.4 CVE-2024-8254
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
spicethemes–Spice Starter Sites
 
The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to import demo content. 2024-10-01 5.3 CVE-2024-8430
security@wordfence.com
security@wordfence.com
 
planet — gs-4210-24p2s_firmware
 
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords. 2024-09-30 5.9 CVE-2024-8455
twcert@cert.org.tw
twcert@cert.org.tw
 
NLnet Labs–Unbound
 
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic. 2024-10-03 5.3 CVE-2024-8508
sep@nlnetlabs.nl
 
ultimatemember–Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
 
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the admin_init or user_action_hook function. This makes it possible for unauthenticated attackers to modify a users membership status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-10-04 5.3 CVE-2024-8520
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
dotcamp — ultimate_blocks
 
The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2024-09-30 5.4 CVE-2024-8536
contact@wpscan.com
 
Red Hat–Red Hat Enterprise Linux 8
 
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. 2024-10-01 5.4 CVE-2024-9341
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
 
n/a–ThingsBoard
 
A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation leads to resource consumption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.7.1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed on 2024-07-24 about this vulnerability and announced the release of 3.7.1 for the second half of September 2024. 2024-10-01 5.3 CVE-2024-9358
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Pluck CMS–Pluck CMS
 
An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module, but not from recursive directories. 2024-10-01 5.3 CVE-2024-9405
cve-coordination@incibe.es
 
Ada Support–Ada.cx Sentry Component
 
Ada.cx’s Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint. 2024-10-04 5.3 CVE-2024-9410
vulnreport@tenable.com
 
HP Inc.–Certain HP LaserJet Printers
 
Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a “JPEG Unsupported” message which may not clear, potentially blocking queued print jobs. 2024-10-02 5.3 CVE-2024-9423
hp-security-alert@hp.com
 
brian_voelker–slim_select
 
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption(), the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate lists using unsanitized user-provided input may be vulnerable to cross-site scripting, resulting in attacker executed JavaScript. At this time, no patch is available. 2024-10-02 5.4 CVE-2024-9440
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
 
AVG/Avast–Antivirus
 
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing. 2024-10-04 5.1 CVE-2024-9481
security@nortonlifelock.com
 
AVG/Avast–Antivirus
 
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing. 2024-10-04 5.1 CVE-2024-9482
security@nortonlifelock.com
 
AVG/Avast–Antivirus
 
A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing. 2024-10-04 5.1 CVE-2024-9483
security@nortonlifelock.com
 
AVG/Avast–Antivirus
 
An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing. 2024-10-04 5.1 CVE-2024-9484
security@nortonlifelock.com
 
NVIDIA–Triton Inference Server
 
NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service. 2024-10-01 4.9 CVE-2024-0116
psirt@nvidia.com
 
n/a–cocoon
 
Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. **Note:** The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng. 2024-10-02 4.5 CVE-2024-21530
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
 
Esri–Enterprise Web App Builder
 
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 10.8.1 – 10.9.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the Layer Showcase application configuration which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal. 2024-10-04 4.8 CVE-2024-25694
psirt@esri.com
 
Esri–Portal for ArcGIS Enterprise Experience Builder
 
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the Experience Builder Embed widget which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal. 2024-10-04 4.8 CVE-2024-25701
psirt@esri.com
 
Esri–ArcGIS Enterprise Web App Builder
 
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal. 2024-10-04 4.8 CVE-2024-25702
psirt@esri.com
 
Esri–Portal
 
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code. 2024-10-04 4.8 CVE-2024-25707
psirt@esri.com
 
radiustheme — the_post_grid
 
The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-09-30 4.8 CVE-2024-3635
contact@wpscan.com
 
Esri–Portal for ArcGIS Enterprise Experience Builder
 
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. 2024-10-04 4.6 CVE-2024-38036
psirt@esri.com
 
n/a–n/a
 
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name. 2024-10-03 4.7 CVE-2024-41583
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter. 2024-10-03 4.7 CVE-2024-41584
cve@mitre.org
cve@mitre.org
 
Hewlett Packard Enterprise–HPE IceWall Agent products
 
A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a Cross-Site Request Forgery (CSRF) in the login flow. 2024-10-03 4.3 CVE-2024-42504
security-alert@hpe.com
 
apple — ipados
 
This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated. 2024-10-04 4.3 CVE-2024-44207
product-security@apple.com
 
IBM–WebSphere Application Server
 
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2024-09-30 4.8 CVE-2024-45073
psirt@us.ibm.com
 
ZKteco–iClock v3.1-168
 
ZKteco – CWE 200 Exposure of Sensitive Information to an Unauthorized Actor 2024-10-06 4.3 CVE-2024-45250
cna@cyber.gov.il
 
n/a–n/a
 
Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack. 2024-10-02 4.8 CVE-2024-45960
cve@mitre.org
 
n/a–n/a
 
October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target. 2024-10-02 4.7 CVE-2024-45962
cve@mitre.org
 
n/a–n/a
 
Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the “Organizer tags” field. 2024-10-02 4.8 CVE-2024-45964
cve@mitre.org
 
n/a–n/a
 
Contao 5.4.1 allows an authenticated admin account to upload a SVG file containing malicious javascript code into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted javascript to the target. 2024-10-02 4.7 CVE-2024-45965
cve@mitre.org
 
n/a–n/a
 
Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget. 2024-10-01 4.7 CVE-2024-45967
cve@mitre.org
 
n/a–n/a
 
A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user’s browser via injecting a crafted payload. 2024-09-30 4.8 CVE-2024-46475
cve@mitre.org
 
Salon Booking System–Salon booking system
 
Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.9. 2024-10-05 4.3 CVE-2024-47316
audit@patchstack.com
 
Clinical-Genomics–scout
 
Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users’ devices or data. This vulnerability is fixed in 4.89. 2024-09-30 4.6 CVE-2024-47531
security-advisories@github.com
security-advisories@github.com
 
Payflex–Payflex Payment Gateway
 
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Payflex Payflex Payment Gateway.This issue affects Payflex Payment Gateway: from n/a through 2.6.1. 2024-10-05 4.7 CVE-2024-47646
audit@patchstack.com
 
Esri–Portal
 
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. 2024-10-04 4.6 CVE-2024-8149
psirt@esri.com
 
Unknown–Slider by 10Web
 
The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-09-30 4.8 CVE-2024-8283
contact@wpscan.com
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords. 2024-09-30 4.9 CVE-2024-8453
twcert@cert.org.tw
twcert@cert.org.tw
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject arbitrary JavaScript, leading to Stored XSS attack. 2024-09-30 4.8 CVE-2024-8457
twcert@cert.org.tw
twcert@cert.org.tw
 
planet — gs-4210-24p2s_firmware
 
Certain switch models from PLANET Technology store SNMPv3 users’ passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials. 2024-09-30 4.9 CVE-2024-8459
twcert@cert.org.tw
twcert@cert.org.tw
 
themehigh–Checkout Field Editor (Checkout Manager) for WooCommerce
 
The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘render_review_request_notice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 4.7 CVE-2024-8499
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
soumettre–Soumettre.fr
 
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettre_disconnect_gateway function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the gateway and delete the API key. 2024-10-01 4.3 CVE-2024-8675
security@wordfence.com
security@wordfence.com
 
James Low–CSS JS Files
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in James Low CSS JS Files allows Path Traversal.This issue affects CSS JS Files: from n/a through 1.5.0. 2024-10-05 4.9 CVE-2024-9146
audit@patchstack.com
 
Linux and Microsoft Windows–Octopus Server
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766. 2024-09-30 4.3 CVE-2024-9194
security@octopus.com
 
expressjs–express
 
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0. 2024-10-03 4.7 CVE-2024-9266
36c7be3b-2937-45df-85ea-ca7133ea542c
 
wpdevelop–WP Booking Calendar
 
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. In addition, site administrators have the option to grant lower-level users with access to manage the plugin’s settings which may extend this vulnerability to those users. 2024-10-04 4.4 CVE-2024-9306
security@wordfence.com
security@wordfence.com
 
Red Hat–Red Hat Enterprise Linux 8
 
A vulnerability exists in the bind-propagation option of the Dockerfile RUN –mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. 2024-10-01 4.7 CVE-2024-9407
secalert@redhat.com
secalert@redhat.com
 
techjewel–Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
 
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to edit forms (administrator by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-05 4.9 CVE-2024-9528
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
NVIDIA–CUDA Toolkit
 
NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service. 2024-10-03 3.3 CVE-2024-0123
psirt@nvidia.com
 
NVIDIA–CUDA Toolkit
 
NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service. 2024-10-03 3.3 CVE-2024-0124
psirt@nvidia.com
 
NVIDIA–CUDA Toolkit
 
NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service. 2024-10-03 3.3 CVE-2024-0125
psirt@nvidia.com
 
HCL Software–Nomad server on Domino
 
HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors. 2024-10-01 3.7 CVE-2024-30132
psirt@hcl.com
 
librenms–librenms
 
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the “Alert Templates” feature allows users to inject arbitrary JavaScript into the alert template’s name. This script executes immediately upon submission but does not persist after a page refresh. 2024-10-01 3.5 CVE-2024-47526
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
miraheze–DataDump
 
DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d. 2024-10-02 3.5 CVE-2024-47612
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
n/a–OFCMS
 
A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-01 3.5 CVE-2024-9411
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Netadmin Software–NetAdmin IAM
 
A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument username leads to information exposure through discrepancy. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-04 3.7 CVE-2024-9513
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Sovell–Smart Canteen System
 
A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation leads to authorization bypass. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-06 3.7 CVE-2024-9554
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
theupdateframework–go-tuf
 
go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if targets delegate to “A”, and to “B”, and “B” delegates to “C”, then the client should trace the delegations in the order “A” then “B” then “C” but it may incorrectly trace the delegations “B”->”C”->”A”. This vulnerability is fixed in 2.0.1. 2024-10-01 not yet calculated CVE-2024-47534
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
hyperium–tonic
 
Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that were not covered correctly causing the accept loop to exit. Upgrading to tonic 0.12.3 and above contains the fix. 2024-10-01 not yet calculated CVE-2024-47609
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
tukaani-project–xz
 
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters (for example, filenames) that don’t exist in the current legacy code page, the characters are converted to similar-looking characters with best-fit mapping. Some best-fit mappings result in ASCII characters that change the meaning of the command line, which can be exploited with malicious filenames to do argument injection or directory traversal attacks. This vulnerability is fixed in 5.6.3. Command line tools built for Cygwin or MSYS2 are unaffected. liblzma is unaffected. 2024-10-02 not yet calculated CVE-2024-47611
security-advisories@github.com
security-advisories@github.com
 
Wiz–Wiz Code Visual Studio Code extension
 
Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a “trusted folder” within Visual Studio Code, and initiates a manual scan of the file. 2024-10-01 not yet calculated CVE-2024-9145
9947ef80-c5d5-474a-bbab-97341a59000e
9947ef80-c5d5-474a-bbab-97341a59000e
9947ef80-c5d5-474a-bbab-97341a59000e
 
n/a–n/a
 
Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key with the same X coordinate as the offered public key and by reflection of the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. This is a related issue to CVE-2020-26558. 2024-10-01 not yet calculated CVE-2021-37577
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user. 2024-10-04 not yet calculated CVE-2023-26770
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the victim opens the file. 2024-10-04 not yet calculated CVE-2023-26771
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user’s primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user’s primary network. The only requirement of the attack is proximity to the dedicated wireless network. 2024-10-03 not yet calculated CVE-2023-37822
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm. 2024-10-02 not yet calculated CVE-2024-24116
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component. 2024-10-02 not yet calculated CVE-2024-24117
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A remote code execution vulnerability in the project management of Wanxing Technology’s Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restart the system, and automatically execute the constructed attack script. 2024-10-02 not yet calculated CVE-2024-24122
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows attackers (with access to the database or exported configuration files) to obtain SNMP users’ usernames and passwords in cleartext. 2024-10-01 not yet calculated CVE-2024-25658
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web applications. 2024-09-30 not yet calculated CVE-2024-28808
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations. 2024-09-30 not yet calculated CVE-2024-28811
cve@mitre.org
 
n/a–n/a
 
Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter. 2024-10-01 not yet calculated CVE-2024-31835
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the “Add New Entry” section, which allows them to execute arbitrary code in the context of a victim’s web browser. 2024-10-02 not yet calculated CVE-2024-33209
cve@mitre.org
 
n/a–n/a
 
Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function. 2024-10-02 not yet calculated CVE-2024-33662
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header. 2024-10-03 not yet calculated CVE-2024-34535
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing network traffic. 2024-09-30 not yet calculated CVE-2024-35495
cve@mitre.org
 
n/a–n/a
 
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the “sendreply.php” file, and the uploaded file was received using the “$- FILES” variable. 2024-10-04 not yet calculated CVE-2024-37868
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the “poster.php” file, and the uploaded file was received using the “$- FILES” variable 2024-10-04 not yet calculated CVE-2024-37869
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A Path Traversal (Local File Inclusion) vulnerability in “BinaryFileRedirector.ashx” in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the “path” parameter. 2024-10-04 not yet calculated CVE-2024-41511
cve@mitre.org
 
n/a–n/a
 
A SQL Injection vulnerability in “ccHandler.aspx” in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the “bomid” parameter. 2024-10-04 not yet calculated CVE-2024-41512
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A reflected cross-site scripting (XSS) vulnerability in “Artikel.aspx” in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the “searchindex” parameter. 2024-10-04 not yet calculated CVE-2024-41513
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A reflected cross-site scripting (XSS) vulnerability in “PrevPgGroup.aspx” in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the “wer” parameter. 2024-10-04 not yet calculated CVE-2024-41514
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A reflected cross-site scripting (XSS) vulnerability in “ccHandlerResource.ashx” in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the “res_url” parameter. 2024-10-04 not yet calculated CVE-2024-41515
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A Reflected cross-site scripting (XSS) vulnerability in “ccHandler.aspx” CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the “bomid” parameter. 2024-10-04 not yet calculated CVE-2024-41516
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine. 2024-10-03 not yet calculated CVE-2024-41585
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function. 2024-10-03 not yet calculated CVE-2024-41588
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6. 2024-10-03 not yet calculated CVE-2024-41590
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. 2024-10-03 not yet calculated CVE-2024-41591
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. 2024-10-03 not yet calculated CVE-2024-41593
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL. 2024-10-03 not yet calculated CVE-2024-41594
cve@mitre.org
cve@mitre.org
 
TEM–Opera Plus FM Family Transmitter
 
The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. 2024-10-03 not yet calculated CVE-2024-41987
ics-cert@hq.dhs.gov
 
TEM–Opera Plus FM Family Transmitter
 
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server’s main interfaces and execute arbitrary code. 2024-10-03 not yet calculated CVE-2024-41988
ics-cert@hq.dhs.gov
 
TECHNO SUPPORT COMPANY–Smart-tab Android app
 
Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a password. If this vulnerability is exploited, an attacker with physical access to the device may retrieve the credential information and spoof the device to access the related external service. 2024-09-30 not yet calculated CVE-2024-42496
vultures@jpcert.or.jp
vultures@jpcert.or.jp
 
Microchip–TimeProvider 4100
 
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0. 2024-10-04 not yet calculated CVE-2024-43683
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
 
Microchip–TimeProvider 4100
 
Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0. 2024-10-04 not yet calculated CVE-2024-43684
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
 
Microchip–TimeProvider 4100
 
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. 2024-10-04 not yet calculated CVE-2024-43685
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
 
Microchip–TimeProvider 4100
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. 2024-10-04 not yet calculated CVE-2024-43686
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
 
Microchip–TimeProvider 4100
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7. 2024-10-04 not yet calculated CVE-2024-43687
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
 
OpenC3–cosmos
 
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition. 2024-10-02 not yet calculated CVE-2024-43795
security-advisories@github.com
security-advisories@github.com
 
n/a–n/a
 
An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port. 2024-10-04 not yet calculated CVE-2024-44439
cve@mitre.org
cve@mitre.org
 
mantisbt–mantisbt
 
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users’ personal system profiles. This vulnerability is fixed in 2.26.4. 2024-09-30 not yet calculated CVE-2024-45792
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
n/a–n/a
 
A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically within the get_station_info()function located in the file /application/models/Oqrs_model.php. The vulnerability is exploitable via the station_id parameter. 2024-10-01 not yet calculated CVE-2024-45999
cve@mitre.org
 
n/a–n/a
 
itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and state_name parameters in travellers.php. 2024-10-04 not yet calculated CVE-2024-46077
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id. 2024-10-04 not yet calculated CVE-2024-46078
cve@mitre.org
 
n/a–n/a
 
A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page. 2024-10-04 not yet calculated CVE-2024-46409
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. 2024-10-04 not yet calculated CVE-2024-46486
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter. 2024-09-30 not yet calculated CVE-2024-46635
cve@mitre.org
 
n/a–n/a
 
Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability. 2024-10-03 not yet calculated CVE-2024-46658
cve@mitre.org
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel_pcie: Allocate memory for driver private data Fix driver not allocating memory for struct btintel_data which is used to store internal data. 2024-09-30 not yet calculated CVE-2024-46869
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
OpenC3–cosmos
 
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode’s open_local_file method allows an authenticated user with adequate permissions to download any .txt via the ScreensController#show on the web server COSMOS is running on (depending on the file permissions). This vulnerability is fixed in 5.19.0. 2024-10-02 not yet calculated CVE-2024-46977
security-advisories@github.com
security-advisories@github.com
 
cvat-ai–cvat
 
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate any API calls on that user’s behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue. 2024-09-30 not yet calculated CVE-2024-47063
security-advisories@github.com
security-advisories@github.com
 
cvat-ai–cvat
 
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user’s behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue. 2024-09-30 not yet calculated CVE-2024-47064
security-advisories@github.com
security-advisories@github.com
 
alist-org–alist
 
AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:link_name takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up to HTML tags via XHTML and thus leading to a XSS vulnerability. This vulnerability is fixed in 3.29.0. 2024-09-30 not yet calculated CVE-2024-47067
security-advisories@github.com
security-advisories@github.com
 
expressjs–basic-auth-connect
 
basic-auth-connect is Connect’s Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0. 2024-09-30 not yet calculated CVE-2024-47178
security-advisories@github.com
security-advisories@github.com
 
n/a–n/a
 
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming. 2024-10-04 not yet calculated CVE-2024-47211
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
OpenC3–cosmos
 
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128). This vulnerability is fixed in 5.19.0. This only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition. 2024-10-02 not yet calculated CVE-2024-47529
security-advisories@github.com
security-advisories@github.com
 
zopefoundation–RestrictedPython
 
RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment. 2024-09-30 not yet calculated CVE-2024-47532
security-advisories@github.com
security-advisories@github.com
 
StarCitizenTools–mediawiki-skins-Citizen
 
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their “real name” to an XSS payload. This vulnerability is fixed in 2.31.0. 2024-09-30 not yet calculated CVE-2024-47536
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
Apache Software Foundation–Apache Commons IO
 
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue. 2024-10-03 not yet calculated CVE-2024-47554
security@apache.org
 
Js Communication Co., Ltd.–RevoWorks Cloud Client
 
RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client’s local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry. 2024-10-01 not yet calculated CVE-2024-47560
vultures@jpcert.or.jp
vultures@jpcert.or.jp
 
DefinetlyNotAI–Logicytics
 
Logicytics is designed to harvest and collect data for forensic analysis. Logicytics has a basic vuln affecting compromised devices from shell injections. This vulnerability is fixed in 2.3.2. 2024-10-01 not yet calculated CVE-2024-47608
security-advisories@github.com
security-advisories@github.com
 
sulu–sulu
 
Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ (other users including admins) browsers. This issue is fixed in 2.6.5. 2024-10-03 not yet calculated CVE-2024-47618
security-advisories@github.com
security-advisories@github.com
 
Shilpi Computers–Client Dashboard
 
This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple “userid” parameters in the API request body leading to unauthorized access of sensitive information belonging to other users. 2024-10-04 not yet calculated CVE-2024-47651
vdisclose@cert-in.org.in
 
Shilpi Computers–Client Dashboard
 
This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their corresponding mobile number. A remote attacker could exploit this vulnerability by providing mobile number of targeted user, to obtain complete access to the targeted user account. 2024-10-04 not yet calculated CVE-2024-47652
vdisclose@cert-in.org.in
 
Shilpi Computers–Client Dashboard
 
This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to unauthorized modification of requests belonging to the other users. 2024-10-04 not yet calculated CVE-2024-47653
vdisclose@cert-in.org.in
 
Shilpi Computers–Client Dashboard
 
This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints, which could lead to the OTP bombing on the targeted system. 2024-10-04 not yet calculated CVE-2024-47654
vdisclose@cert-in.org.in
 
Shilpi Computers–Client Dashboard
 
This vulnerability exists in the Shilpi Client Dashboard due to improper validation of files being uploaded other than the specified extension. An authenticated remote attacker could exploit this vulnerability by uploading malicious file, which could lead to remote code execution on targeted application. 2024-10-04 not yet calculated CVE-2024-47655
vdisclose@cert-in.org.in
 
Shilpi Computers–Client Dashboard
 
This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on password, which could lead to gain unauthorized access to other user accounts. 2024-10-04 not yet calculated CVE-2024-47656
vdisclose@cert-in.org.in
 
Shilpi Computers–Net Back Office
 
This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter dfclientid through API request URLs which could lead to unauthorized access to sensitive information belonging to other users. 2024-10-04 not yet calculated CVE-2024-47657
vdisclose@cert-in.org.in
 
jshttp–cookie
 
cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain. 2024-10-04 not yet calculated CVE-2024-47764
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
jgniecki–MinecraftMotdParser
 
Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting (XSS) attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of MotdItemCollection to generate a HTML string. An attacker can make malicious inputs to the color and text properties of MotdItem to inject own HTML into a web page during web page generation. For example by sending a malicious MOTD from a Minecraft server under their control that was queried and passed to the HtmlGenerator. This XSS vulnerability exists because the values of these properties are neither filtered nor escaped. This vulnerability is fixed in 1.0.6. 2024-10-04 not yet calculated CVE-2024-47765
security-advisories@github.com
security-advisories@github.com
 
Lif-Platforms–Lif-Auth-Server
 
Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker knew the email of the target, they could supply the email and immediately prompt the server to update the password without ever needing the code. This issue has been patched in version 1.7.3. 2024-10-04 not yet calculated CVE-2024-47768
security-advisories@github.com
security-advisories@github.com
 
Jenkins Project–Jenkins
 
Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field. 2024-10-02 not yet calculated CVE-2024-47803
jenkinsci-cert@googlegroups.com
 
Jenkins Project–Jenkins
 
If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction. 2024-10-02 not yet calculated CVE-2024-47804
jenkinsci-cert@googlegroups.com
 
Jenkins Project–Jenkins Credentials Plugin
 
Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `config.xml` via REST API or CLI. 2024-10-02 not yet calculated CVE-2024-47805
jenkinsci-cert@googlegroups.com
 
The Wikimedia Foundation–Mediawiki – Apex skin
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – Apex skin allows Stored XSS.This issue affects Mediawiki – Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. 2024-10-05 not yet calculated CVE-2024-47840
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
 
The Wikimedia Foundation–Mediawiki – CSS Extension
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in The Wikimedia Foundation Mediawiki – CSS Extension allows Path Traversal.This issue affects Mediawiki – CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9. 2024-10-05 not yet calculated CVE-2024-47841
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
 
The Wikimedia Foundation–Mediawiki – CSS Extension
 
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki – CSS Extension allows Code Injection.This issue affects Mediawiki – CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. 2024-10-05 not yet calculated CVE-2024-47845
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
 
The Wikimedia Foundation–Mediawiki – Cargo
 
Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki – Cargo allows Cross Site Request Forgery.This issue affects Mediawiki – Cargo: from 3.6.X before 3.6.1. 2024-10-05 not yet calculated CVE-2024-47846
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
 
The Wikimedia Foundation–Mediawiki – Cargo
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki – Cargo: from 3.6.X before 3.6.1. 2024-10-05 not yet calculated CVE-2024-47847
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
 
The Wikimedia Foundation–Mediawiki – PageTriage
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki – PageTriage allows Authentication Bypass.This issue affects Mediawiki – PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. 2024-10-05 not yet calculated CVE-2024-47848
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
 
The Wikimedia Foundation–Mediawiki – Cargo
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in The Wikimedia Foundation Mediawiki – Cargo allows SQL Injection.This issue affects Mediawiki – Cargo: from 3.6.X before 3.6.1. 2024-10-05 not yet calculated CVE-2024-47849
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
 
n/a–n/a
 
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. 2024-10-04 not yet calculated CVE-2024-47855
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT. 2024-10-04 not yet calculated CVE-2024-47910
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter. 2024-10-04 not yet calculated CVE-2024-47913
cve@mitre.org
cve@mitre.org
 
Vercom S.A.–Redlink SDK
 
Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13. 2024-09-30 not yet calculated CVE-2024-6051
cvd@cert.pl
cvd@cert.pl
 
OpenText–Vertica
 
Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X. 2024-10-02 not yet calculated CVE-2024-6360
security@opentext.com
 
parisneo–parisneo/lollms-webui
 
A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code. 2024-09-30 not yet calculated CVE-2024-6394
security@huntr.dev
 
Finrota–Netahsilat
 
Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03. 2024-10-04 not yet calculated CVE-2024-6400
iletisim@usom.gov.tr
 
Microchip–TimeProvider 4100
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. 2024-10-04 not yet calculated CVE-2024-7801
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
 
Webroot–SecureAnywhere – Web Shield
 
Access of Resource Using Incompatible Type (‘Type Confusion’) vulnerability in Webroot SecureAnywhere – Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere – Web Shield: before 2.1.2.3. 2024-10-03 not yet calculated CVE-2024-7824
security@opentext.com
 
Webroot–SecureAnywhere – Web Shield
 
Access of Resource Using Incompatible Type (‘Type Confusion’) vulnerability in Webroot SecureAnywhere – Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere – Web Shield: before 2.1.2.3. 2024-10-03 not yet calculated CVE-2024-7825
security@opentext.com
 
Webroot–SecureAnywhere – Web Shield
 
Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere – Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere – Web Shield: before 2.1.2.3. 2024-10-03 not yet calculated CVE-2024-7826
security@opentext.com
 
Microchip–TimeProvider 4100
 
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. 2024-10-04 not yet calculated CVE-2024-9054
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
 
M-Files Corporation–M-Files Hubshare
 
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI 2024-10-02 not yet calculated CVE-2024-9174
security@m-files.com
 
Eclipse Foundation–Glassfish
 
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is ‘/management/domain’. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. 2024-09-30 not yet calculated CVE-2024-9329
emo@eclipse.org
emo@eclipse.org
 
M-Files Corporation–M-Files Connector for Copilot
 
Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation 2024-10-02 not yet calculated CVE-2024-9333
security@m-files.com
 
Mozilla–Firefox
 
A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. *This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131. 2024-10-01 not yet calculated CVE-2024-9391
security@mozilla.org
security@mozilla.org
 
Mozilla–Firefox
 
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to “same site” documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. 2024-10-01 not yet calculated CVE-2024-9393
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
 
Mozilla–Firefox
 
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to “same site” documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. 2024-10-01 not yet calculated CVE-2024-9394
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
 
Mozilla–Firefox
 
A specially crafted filename containing a large number of spaces could obscure the file’s extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131. 2024-10-01 not yet calculated CVE-2024-9395
security@mozilla.org
security@mozilla.org
 
Mozilla–Firefox
 
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. 2024-10-01 not yet calculated CVE-2024-9397
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
 
Mozilla–Firefox
 
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. 2024-10-01 not yet calculated CVE-2024-9398
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
 
Mozilla–Firefox
 
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. 2024-10-01 not yet calculated CVE-2024-9399
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
 

Back to top

Posted by

in