High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| actpro — extra_product_options_for_woocommerce |
Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6. | 2024-06-10 | 8.8 | CVE-2024-35727 audit@patchstack.com |
| adfinis–document-merge-service |
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed. | 2024-06-11 | 9.9 | CVE-2024-37301 security-advisories@github.com security-advisories@github.com |
| Adobe–Adobe Commerce |
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction. | 2024-06-13 | 9.8 | CVE-2024-34102 psirt@adobe.com |
| Adobe–Adobe Commerce |
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required | 2024-06-13 | 9.1 | CVE-2024-34108 psirt@adobe.com |
| Adobe–Adobe Commerce |
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high. | 2024-06-13 | 8.1 | CVE-2024-34103 psirt@adobe.com |
| Adobe–Adobe Commerce |
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction. | 2024-06-13 | 8.2 | CVE-2024-34104 psirt@adobe.com |
| Adobe–Adobe Commerce |
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required. | 2024-06-13 | 7.2 | CVE-2024-34109 psirt@adobe.com |
| Adobe–Adobe Commerce |
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the system, which could then be executed. Exploitation of this issue does not require user interaction. | 2024-06-13 | 7.2 | CVE-2024-34110 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | 2024-06-13 | 7.5 | CVE-2024-26029 psirt@adobe.com |
| Adobe–Adobe Framemaker Publishing Server |
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction. | 2024-06-13 | 10 | CVE-2024-30299 psirt@adobe.com |
| Adobe–Adobe Framemaker Publishing Server |
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Information Exposure vulnerability (CWE-200) that could lead to privilege escalation. An attacker could exploit this vulnerability to gain access to sensitive information which may include system or user privileges. Exploitation of this issue does not require user interaction. | 2024-06-13 | 9.8 | CVE-2024-30300 psirt@adobe.com |
| Adobe–ColdFusion |
ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not require user interaction. | 2024-06-13 | 7.5 | CVE-2024-34112 psirt@adobe.com |
| Adobe–Photoshop Desktop |
Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-06-13 | 7.8 | CVE-2024-20753 psirt@adobe.com |
| Adobe–Substance3D – Stager |
Substance3D – Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-06-13 | 7.8 | CVE-2024-34115 psirt@adobe.com |
| aimeos–aimeos-core |
Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version 2024.04.5 fixes the issue. | 2024-06-11 | 7.2 | CVE-2024-37295 security-advisories@github.com |
| apple — macos |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to break out of its sandbox. | 2024-06-10 | 8.6 | CVE-2024-23299 product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — macos |
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution. | 2024-06-10 | 7.8 | CVE-2022-32897 product-security@apple.com |
| apple — macos |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5. Processing an AppleScript may result in unexpected termination or disclosure of process memory. | 2024-06-10 | 7.1 | CVE-2022-48578 product-security@apple.com |
| apple — macos |
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13. An app may be able to break out of its sandbox. | 2024-06-10 | 7.8 | CVE-2022-48683 product-security@apple.com |
| arraytics–WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin |
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to grant users staff permissions. | 2024-06-14 | 7.3 | CVE-2024-1094 security@wordfence.com security@wordfence.com |
| Aruphash–Crafthemes Demo Import |
Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through 3.3. | 2024-06-10 | 7.6 | CVE-2024-34800 audit@patchstack.com |
| arwebdesign — dashboard_to-do_list |
Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through 1.2.0. | 2024-06-10 | 8.8 | CVE-2024-35723 audit@patchstack.com |
| ASUS–Download Master |
The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage. | 2024-06-14 | 7.2 | CVE-2024-31161 twcert@cert.org.tw twcert@cert.org.tw |
| ASUS–Download Master |
The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device. | 2024-06-14 | 7.2 | CVE-2024-31162 twcert@cert.org.tw twcert@cert.org.tw |
| ASUS–Download Master |
ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device. | 2024-06-14 | 7.2 | CVE-2024-31163 twcert@cert.org.tw twcert@cert.org.tw |
| ASUS–DSL-N17U |
Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device. | 2024-06-14 | 9.8 | CVE-2024-3912 twcert@cert.org.tw twcert@cert.org.tw |
| ASUS–ZenWiFi XT8 |
Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device. | 2024-06-14 | 9.8 | CVE-2024-3080 twcert@cert.org.tw twcert@cert.org.tw |
| ASUS–ZenWiFi XT8 |
Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device. | 2024-06-14 | 7.2 | CVE-2024-3079 twcert@cert.org.tw twcert@cert.org.tw |
| avast — antivirus |
A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITYSYSTEM. The vulnerability exists within the “Repair” (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user’s AppData directory as NT AUTHORITYSYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance. This issue affects Avast Antivirus prior to 24.2. | 2024-06-10 | 7 | CVE-2024-5102 security@nortonlifelock.com |
| awplife — image_gallery |
Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5. | 2024-06-10 | 8.8 | CVE-2024-35721 audit@patchstack.com |
| awplife — slider_responsive_slideshow |
Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through 1.4.0. | 2024-06-10 | 8.8 | CVE-2024-35722 audit@patchstack.com |
| awslabs–aws-deployment-framework |
The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations while taking advantage of services such as AWS CodePipeline, AWS CodeBuild, and AWS CodeCommit to alleviate the heavy lifting and management compared to a traditional CI/CD setup. ADF contains a bootstrap process that is responsible to deploy ADF’s bootstrap stacks to facilitate multi-account cross-region deployments. The ADF bootstrap process relies on elevated privileges to perform this task. Two versions of the bootstrap process exist; a code-change driven pipeline using AWS CodeBuild and an event-driven state machine using AWS Lambda. If an actor has permissions to change the behavior of the CodeBuild project or the Lambda function, they would be able to escalate their privileges. Prior to version 4.0.0, the bootstrap CodeBuild role provides access to the `sts:AssumeRole` operation without further restrictions. Therefore, it is able to assume into any AWS Account in the AWS Organization with the elevated privileges provided by the cross-account access role. By default, this role is not restricted when it is created by AWS Organizations, providing Administrator level access to the AWS resources in the AWS Account. The patches for this issue are included in `aws-deployment-framework` version 4.0.0. As a temporary mitigation, add a permissions boundary to the roles created by ADF in the management account. The permissions boundary should deny all IAM and STS actions. This permissions boundary should be in place until you upgrade ADF or bootstrap a new account. While the permissions boundary is in place, the account management and bootstrapping of accounts are unable to create, update, or assume into roles. This mitigates the privilege escalation risk, but also disables ADF’s ability to create, manage, and bootstrap accounts. | 2024-06-11 | 7.5 | CVE-2024-37293 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| BlackBerry–QNX Software Development Platform |
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process. | 2024-06-11 | 9 | CVE-2024-35213 secure@blackberry.com |
| bosathemes — bosa_elementor_addons_and_templates_for_woocommerce |
Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through 1.0.12. | 2024-06-10 | 8.8 | CVE-2024-35724 audit@patchstack.com |
| buddypress_cover_project — buddypress_cover |
Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2. | 2024-06-10 | 9.8 | CVE-2024-35746 audit@patchstack.com |
| cilium–cilium |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of `cilium-bugtool` can contain sensitive data when the tool is run (with the `–envoy-dump` flag set) against Cilium deployments with the Envoy proxy enabled. Users of the TLS inspection, Ingress with TLS termination, Gateway API with TLS termination, and Kafka network policies with API key filtering features are affected. The sensitive data includes the CA certificate, certificate chain, and private key used by Cilium HTTP Network Policies, and when using Ingress/Gateway API and the API keys used in Kafka-related network policy. `cilium-bugtool` is a debugging tool that is typically invoked manually and does not run during the normal operation of a Cilium cluster. This issue has been patched in Cilium v1.15.6, v1.14.12, and v1.13.17. There is no workaround to this issue. | 2024-06-13 | 7.9 | CVE-2024-37307 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| cloudfoundry — cf-deployment |
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale. | 2024-06-10 | 7.5 | CVE-2024-22279 security@vmware.com |
| codename065–Download Manager |
The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the ‘protectMediaLibrary’ function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files. | 2024-06-13 | 7.5 | CVE-2024-2098 security@wordfence.com security@wordfence.com |
| codeparrots — easy_forms_for_mailchimp |
Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0. | 2024-06-10 | 7.3 | CVE-2024-35742 audit@patchstack.com |
| codepeople — wp_time_slots_booking_form |
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11. | 2024-06-10 | 9.8 | CVE-2024-35735 audit@patchstack.com |
| codexpert–CoDesigner The Most Compact and User-Friendly Elementor WooCommerce Builder |
The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-06-13 | 9 | CVE-2024-4371 security@wordfence.com security@wordfence.com |
| composer–composer |
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing dependencies via git by using `–prefer-dist` or the `preferred-install: dist` config setting. | 2024-06-10 | 8.8 | CVE-2024-35241 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| composer–composer |
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories. | 2024-06-10 | 8.8 | CVE-2024-35242 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| Comtrend–Comtrend WLD71-T1_v2.0.201820 |
Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability could allow an authenticated user to execute commands inside the router by making a POST request to the URL “/boaform/admin/formUserTracert”. | 2024-06-10 | 8 | CVE-2024-5785 cve-coordination@incibe.es |
| Consensu.IO–Consensu.io |
Missing Authorization vulnerability in Consensu.IO Consensu.Io.This issue affects Consensu.Io: from n/a through 1.0.1. | 2024-06-12 | 7.5 | CVE-2023-48280 audit@patchstack.com |
| contrid–Slideshow Gallery LITE |
The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-06-12 | 8.1 | CVE-2024-5543 security@wordfence.com security@wordfence.com security@wordfence.com |
| cvat-ai–cvat |
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT account can exploit this feature by specifying URLs whose host part is an intranet IP address or an internal domain name. By doing this, the attacker may be able to probe the network that the CVAT backend runs in for HTTP(S) servers. In addition, if there is a web server on this network that is sufficiently API-compatible with an Amazon S3 or Azure Blob Storage endpoint, and either allows anonymous access, or allows authentication with credentials that are known by the attacker, then the attacker may be able to create a cloud storage linked to this server. They may then be able to list files on the server; extract files from the server, if these files are of a type that CVAT supports reading from cloud storage (media data (such as images/videos/archives), importable annotations or datasets, task/project backups); and/or overwrite files on this server with exported annotations/datasets/backups. The exact capabilities of the attacker will depend on how the internal server is configured. Users should upgrade to CVAT 2.14.3 to receive a patch. In this release, the existing SSRF mitigation measures are applied to requests to cloud providers, with access to intranet IP addresses prohibited by default. Some workarounds are also available. One may use network security solutions such as virtual networks or firewalls to prohibit network access from the CVAT backend to unrelated servers on your internal network and/or require authentication for access to internal servers. | 2024-06-13 | 7.1 | CVE-2024-37164 security-advisories@github.com security-advisories@github.com |
| cvat-ai–cvat |
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a project, task or job that the victim user has permission to export into a cloud storage that the victim user has access to. The name of the resulting file can be chosen by the attacker. This implies that the attacker can overwrite arbitrary files in any cloud storage that the victim can access and, if the attacker has read access to the cloud storage used in the attack, they can obtain media files, annotations, settings and other information from any projects, tasks or jobs that the victim has permission to export. Version 2.14.3 contains a fix for the issue. No known workarounds are available. | 2024-06-13 | 7.1 | CVE-2024-37306 security-advisories@github.com security-advisories@github.com |
| Dell–Common Event Enabler |
Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file. | 2024-06-12 | 7.8 | CVE-2024-28964 security_alert@emc.com |
| Dell–CPG BIOS |
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | 2024-06-13 | 7.5 | CVE-2024-32858 security_alert@emc.com |
| Dell–CPG BIOS |
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | 2024-06-13 | 7.5 | CVE-2024-32859 security_alert@emc.com |
| Dell–CPG BIOS |
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | 2024-06-13 | 7.5 | CVE-2024-32860 security_alert@emc.com |
| Dell–Dell OpenManage Server Administrator |
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise. | 2024-06-11 | 7.3 | CVE-2024-37130 security_alert@emc.com |
| Dell–Secure Connect Gateway (SCG) Policy Manager |
SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user. | 2024-06-13 | 7.5 | CVE-2024-37131 security_alert@emc.com |
| Dell–SmartFabric OS10 Software |
Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges. | 2024-06-12 | 8.8 | CVE-2024-25949 security_alert@emc.com |
| Dell–Wyse 5070 Thin Client |
Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure. | 2024-06-13 | 7.5 | CVE-2024-30472 security_alert@emc.com |
| dreryk — gabinet |
Use of hard-coded password to the patients’ database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0. | 2024-06-10 | 9.8 | CVE-2024-3699 cvd@cert.pl cvd@cert.pl cvd@cert.pl |
| estomed — simple_care |
Use of hard-coded password to the patients’ database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported. | 2024-06-10 | 9.8 | CVE-2024-3700 cvd@cert.pl cvd@cert.pl |
| eurosoft — przychodnia |
Use of hard-coded password to the patients’ database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version vulnerability is fixed). | 2024-06-10 | 9.8 | CVE-2024-1228 cvd@cert.pl cvd@cert.pl cvd@cert.pl |
| flightbycanto–Canto |
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allow_url_include to be enabled on the target site in order to exploit. | 2024-06-14 | 9.8 | CVE-2024-4936 security@wordfence.com security@wordfence.com |
| FooEvents–FooEvents for WooCommerce |
The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the ‘display_ticket_themes_page’ function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with contributor-level capabilities or above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. This was partially patched in 1.19.20, and fully patched in 1.19.21. | 2024-06-15 | 7.1 | CVE-2024-6000 security@wordfence.com security@wordfence.com |
| Fortinet–FortiOS |
A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands | 2024-06-11 | 7.8 | CVE-2024-23110 psirt@fortinet.com |
| Fortinet–FortiPAM |
A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specially crafted packets. | 2024-06-11 | 7.5 | CVE-2024-26010 psirt@fortinet.com |
| Fuji Electric–Tellus Lite V-Simulator |
Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code. | 2024-06-13 | 7.8 | CVE-2024-37022 ics-cert@hq.dhs.gov |
| Fuji Electric–Tellus Lite V-Simulator |
Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. | 2024-06-13 | 7.8 | CVE-2024-37029 ics-cert@hq.dhs.gov |
| fujielectric — monitouch_v-sft |
Fuji Electric Monitouch V-SFTÂ is vulnerable to a type confusion, which could cause a crash or code execution. | 2024-06-10 | 9.8 | CVE-2024-5597 ics-cert@hq.dhs.gov |
| getawesomesupport — awesome_support |
Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7. | 2024-06-10 | 8.8 | CVE-2024-35741 audit@patchstack.com |
| google — android |
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-06-13 | 7.8 | CVE-2024-32896 dsap-vuln-management@google.com |
| Guangdong Baolun Electronics–IP Network Broadcasting Service Platform |
A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268692. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-06-14 | 7.3 | CVE-2024-6003 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| gurgunday–ghtml |
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated documentation to clarify that while ghtml escapes characters with special meaning in HTML, it does not provide comprehensive protection against all types of XSS attacks in every scenario. This aligns with the approach taken by other template engines. Developers should be cautious and take additional measures to sanitize user input and prevent potential vulnerabilities. Additionally, the backtick character (`) is now also escaped to prevent the creation of strings in most cases where a malicious actor somehow gains the ability to write JavaScript. This does not provide comprehensive protection either. | 2024-06-10 | 8.9 | CVE-2024-37166 security-advisories@github.com security-advisories@github.com |
| hakeemnala–Build App Online |
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code. | 2024-06-11 | 8.1 | CVE-2023-7264 security@wordfence.com security@wordfence.com security@wordfence.com |
| Hitachi Energy–FOXMAN-UN |
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface. | 2024-06-11 | 10 | CVE-2024-2013 cybersecurity@hitachienergy.com |
| Hitachi Energy–FOXMAN-UN |
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior | 2024-06-11 | 9.1 | CVE-2024-2012 cybersecurity@hitachienergy.com |
| Hitachi Energy–FOXMAN-UN |
A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program’s implicit security policy | 2024-06-11 | 8.6 | CVE-2024-2011 cybersecurity@hitachienergy.com cybersecurity@hitachienergy.com |
| Hitachi Energy–FOXMAN-UN |
A user/password reuse vulnerability exists in the FOXMAN-UN/UNEMÂ application and server management. If exploited a malicious user could use the passwords and login information to extend access on the server and other services. | 2024-06-11 | 8 | CVE-2024-28020 cybersecurity@hitachienergy.com cybersecurity@hitachienergy.com |
| Hitachi Energy–FOXMAN-UN |
A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity. | 2024-06-11 | 8 | CVE-2024-28021 cybersecurity@hitachienergy.com cybersecurity@hitachienergy.com |
| Huawei–HarmonyOS |
Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-06-14 | 7.8 | CVE-2024-36500 psirt@huawei.com |
| Huawei–HarmonyOS |
Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability. | 2024-06-14 | 7.9 | CVE-2024-36502 psirt@huawei.com |
| Huawei–HarmonyOS |
Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability. | 2024-06-14 | 7.3 | CVE-2024-36503 psirt@huawei.com |
| IBM–i |
IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support. IBM X-Force ID: 285203. | 2024-06-15 | 7.4 | CVE-2024-27275 psirt@us.ibm.com psirt@us.ibm.com |
| icegram–Email Subscribers by Icegram Express Email Marketing, Newsletters, Automation for WordPress & WooCommerce |
The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-06-12 | 8.8 | CVE-2024-4845 security@wordfence.com security@wordfence.com |
| instawp–InstaWP Connect 1-click WP Staging & Migration |
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site to InstaWP API, edit arbitrary site options and create administrator accounts. | 2024-06-12 | 9.8 | CVE-2024-4898 security@wordfence.com security@wordfence.com |
| ipages_flipbook_project — ipages_flipbook |
Missing Authorization vulnerability in Avirtum iPages Flipbook.This issue affects iPages Flipbook: from n/a through 1.5.1. | 2024-06-10 | 7.3 | CVE-2024-4744 audit@patchstack.com |
| itsourcecode–Online Bookstore |
A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file bookPerPub.php. The manipulation of the argument pubid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268459. | 2024-06-14 | 7.3 | CVE-2024-5983 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| itsourcecode–Online Bookstore |
A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268460. | 2024-06-14 | 7.3 | CVE-2024-5984 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| jetbrains — aqua |
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4 | 2024-06-10 | 7.5 | CVE-2024-37051 cve@jetbrains.com |
| jupyterhub–jupyter-server-proxy |
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The `/proxy` endpoint accepts a `host` path segment in the format `/proxy/<host>`. When this endpoint is called with an invalid `host` value, `jupyter-server-proxy` replies with a response that includes the value of `host`, without sanitization [2]. A third-party actor can leverage this by sending a phishing link with an invalid `host` value containing custom JavaScript to a user. When the user clicks this phishing link, the browser renders the response of `GET /proxy/<host>`, which runs the custom JavaScript contained in `host` set by the actor. As any arbitrary JavaScript can be run after the user clicks on a phishing link, this issue permits extensive access to the user’s JupyterLab instance for an actor. Patches are included in versions 4.2.0 and 3.2.4. As a workaround, server operators who are unable to upgrade can disable the `jupyter-server-proxy` extension. | 2024-06-11 | 9.6 | CVE-2024-35225 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| jupyterhub–oauthenticator |
OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. JupyterHub < 5.0, when used with `GlobusOAuthenticator`, could be configured to allow all users from a particular institution only. This worked fine prior to JupyterHub 5.0, because `allow_all` did not take precedence over `identity_provider`. Since JupyterHub 5.0, `allow_all` does take precedence over `identity_provider`. On a hub with the same config, now all users will be allowed to login, regardless of `identity_provider`. `identity_provider` will basically be ignored. This is a documented change in JupyterHub 5.0, but is likely to catch many users by surprise. OAuthenticator 16.3.1 fixes the issue with JupyterHub 5.0, and does not affect previous versions. As a workaround, do not upgrade to JupyterHub 5.0 when using `GlobusOAuthenticator` in the prior configuration. | 2024-06-12 | 8.1 | CVE-2024-37300 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| la-studioweb — element_kit_for_elementor |
Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.6. | 2024-06-10 | 8.8 | CVE-2024-35725 audit@patchstack.com |
| langflow — langflow |
Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the “POST /api/v1/custom_component” endpoint and provide a Python script. | 2024-06-10 | 9.8 | CVE-2024-37014 cve@mitre.org |
| latepoint–LatePoint Plugin |
The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the ‘start_or_use_session_for_customer’ function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view other customer’s cabinets, including the ability to view PII such as email addresses and to change their LatePoint user password, which may or may not be associated with a WordPress account. | 2024-06-14 | 9.1 | CVE-2024-2472 security@wordfence.com security@wordfence.com security@wordfence.com |
| Lenovo–Service Bridge |
A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited. | 2024-06-13 | 7.5 | CVE-2024-4696 psirt@lenovo.com |
| linux — linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets. | 2024-06-10 | 7.8 | CVE-2024-36971 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| lnbits–lnbits |
LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for the node backend. This vulnerability is fixed in 0.12.6. | 2024-06-14 | 8.1 | CVE-2024-34694 security-advisories@github.com |
| mcnardelli–Where I Was, Where I Will Be |
The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on external servers, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. This requires allow_url_include to be set to true in order to exploit, which is not commonly enabled. | 2024-06-14 | 9.8 | CVE-2024-5577 security@wordfence.com security@wordfence.com |
| melapress — melapress_login_security |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through 1.3.0. | 2024-06-10 | 7.2 | CVE-2024-35650 audit@patchstack.com |
| MicroDicom–DICOM Viewer |
MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit this vulnerability. | 2024-06-11 | 8.8 | CVE-2024-28877 ics-cert@hq.dhs.gov |
| MicroDicom–DICOM Viewer |
An attacker could retrieve sensitive files (medical images) as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. User interaction is required to exploit this vulnerability. | 2024-06-11 | 8.8 | CVE-2024-33606 ics-cert@hq.dhs.gov |
| microsoft — windows_10_1507 |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 2024-06-11 | 9.8 | CVE-2024-30080 secure@microsoft.com |
| Microsoft–Azure Data Science Virtual Machines |
Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability | 2024-06-11 | 8.1 | CVE-2024-37325 secure@microsoft.com |
| Microsoft–Azure Monitor |
Azure Monitor Agent Elevation of Privilege Vulnerability | 2024-06-11 | 7.1 | CVE-2024-35254 secure@microsoft.com |
| Microsoft–Azure Storage |
Azure Storage Movement Client Library Denial of Service Vulnerability | 2024-06-11 | 7.5 | CVE-2024-35252 secure@microsoft.com |
| Microsoft–Microsoft 365 Apps for Enterprise |
Microsoft Office Remote Code Execution Vulnerability | 2024-06-11 | 7.5 | CVE-2024-30101 secure@microsoft.com |
| Microsoft–Microsoft 365 Apps for Enterprise |
Microsoft Office Remote Code Execution Vulnerability | 2024-06-11 | 7.3 | CVE-2024-30102 secure@microsoft.com |
| Microsoft–Microsoft Dynamics 365 Business Central 2023 Release Wave 1 |
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | 2024-06-11 | 7.3 | CVE-2024-35248 secure@microsoft.com |
| Microsoft–Microsoft Dynamics 365 Business Central 2024 Release Wave 1 |
Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability | 2024-06-11 | 8.8 | CVE-2024-35249 secure@microsoft.com |
| Microsoft–Microsoft Office 2019 |
Microsoft Outlook Remote Code Execution Vulnerability | 2024-06-11 | 8.8 | CVE-2024-30103 secure@microsoft.com |
| Microsoft–Microsoft Office 2019 |
Microsoft Office Remote Code Execution Vulnerability | 2024-06-11 | 7.8 | CVE-2024-30104 secure@microsoft.com |
| Microsoft–Microsoft SharePoint Enterprise Server 2016 |
Microsoft SharePoint Server Remote Code Execution Vulnerability | 2024-06-11 | 7.8 | CVE-2024-30100 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-06-11 | 8.8 | CVE-2024-30068 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows OLE Remote Code Execution Vulnerability | 2024-06-11 | 8 | CVE-2024-30077 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Wi-Fi Driver Remote Code Execution Vulnerability | 2024-06-11 | 8.8 | CVE-2024-30078 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | 2024-06-11 | 8.8 | CVE-2024-30097 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Win32k Elevation of Privilege Vulnerability | 2024-06-11 | 7.8 | CVE-2024-30082 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 2024-06-11 | 7 | CVE-2024-30084 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | 2024-06-11 | 7.8 | CVE-2024-30086 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Win32k Elevation of Privilege Vulnerability | 2024-06-11 | 7.8 | CVE-2024-30087 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-06-11 | 7 | CVE-2024-30088 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Microsoft Streaming Service Elevation of Privilege Vulnerability | 2024-06-11 | 7.8 | CVE-2024-30089 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Microsoft Streaming Service Elevation of Privilege Vulnerability | 2024-06-11 | 7 | CVE-2024-30090 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Win32k Elevation of Privilege Vulnerability | 2024-06-11 | 7.8 | CVE-2024-30091 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Storage Elevation of Privilege Vulnerability | 2024-06-11 | 7.3 | CVE-2024-30093 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-06-11 | 7.8 | CVE-2024-30094 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-06-11 | 7.8 | CVE-2024-30095 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-06-11 | 7 | CVE-2024-30099 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 2024-06-11 | 7.8 | CVE-2024-35250 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Perception Service Elevation of Privilege Vulnerability | 2024-06-11 | 7 | CVE-2024-35265 secure@microsoft.com |
| Microsoft–Windows 11 version 21H2 |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 2024-06-11 | 7.8 | CVE-2024-30085 secure@microsoft.com |
| Microsoft–Windows 11 version 22H2 |
Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability | 2024-06-11 | 7.8 | CVE-2024-30072 secure@microsoft.com |
| Microsoft–Windows Server 2008 Service Pack 2 |
Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability | 2024-06-11 | 8 | CVE-2024-30074 secure@microsoft.com |
| Microsoft–Windows Server 2008 Service Pack 2 |
Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability | 2024-06-11 | 8 | CVE-2024-30075 secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability | 2024-06-11 | 7.8 | CVE-2024-30062 secure@microsoft.com |
| Microsoft–Windows Server 2019 |
DHCP Server Service Denial of Service Vulnerability | 2024-06-11 | 7.5 | CVE-2024-30070 secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Standards-Based Storage Management Service Denial of Service Vulnerability | 2024-06-11 | 7.5 | CVE-2024-30083 secure@microsoft.com |
| Microsoft–Windows Server 2022 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-06-11 | 8.8 | CVE-2024-30064 secure@microsoft.com |
| MultiVendorX–WC Marketplace |
Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.0.25. | 2024-06-11 | 8.6 | CVE-2024-24703 audit@patchstack.com |
| n/a–n/a |
An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds Write. | 2024-06-13 | 8.4 | CVE-2024-31956 cve@mitre.org |
| n/a–n/a |
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper length checking, which can result in an OOB (Out-of-Bounds) Write vulnerability. | 2024-06-13 | 8.4 | CVE-2024-32504 cve@mitre.org |
| nextcloud–security-advisories |
Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4. | 2024-06-14 | 8.1 | CVE-2024-37882 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| nextcloud–security-advisories |
Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise Server is upgraded to 21.0.9.17, 22.2.10.22, 23.0.12.17, 24.0.12.13, 25.0.13.8, 26.0.13, 27.1.8 or 28.0.4. | 2024-06-14 | 7.3 | CVE-2024-37313 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| nvidia–GPU display driver, vGPU software, and Cloud Gaming |
NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering. | 2024-06-13 | 7.8 | CVE-2024-0089 psirt@nvidia.com |
| nvidia–GPU display driver, vGPU software, and Cloud Gaming |
NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 2024-06-13 | 7.8 | CVE-2024-0090 psirt@nvidia.com |
| nvidia–GPU display driver, vGPU software, and Cloud Gaming |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering. | 2024-06-13 | 7.8 | CVE-2024-0091 psirt@nvidia.com |
| nvidia–NVIDIA Triton Inference Server |
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 2024-06-13 | 9 | CVE-2024-0095 psirt@nvidia.com |
| nvidia–vGPU software and Cloud Gaming |
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service. | 2024-06-13 | 7.8 | CVE-2024-0084 psirt@nvidia.com |
| nvidia–vGPU software and Cloud Gaming |
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service. | 2024-06-13 | 7.8 | CVE-2024-0099 psirt@nvidia.com |
| OpenText–ArcSight Logger |
Stored Cross-Site Scripting (XSS) vulnerabilities have been identified in OpenText ArcSight Logger. The vulnerabilities could be remotely exploited. | 2024-06-11 | 8.1 | CVE-2024-4190 security@opentext.com |
| oretnom23 — online_medicine_ordering_system |
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files. | 2024-06-10 | 9.1 | CVE-2024-32167 cve@mitre.org |
| parisneo — lollms_web_ui |
A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application’s handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user. | 2024-06-10 | 8.1 | CVE-2024-4328 security@huntr.dev |
| popupbuilder–Popup Builder Create highly converting, mobile friendly marketing popups. |
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check, the nonce can be obtained from the profile page of a logged-in user. This allows subscribers to perform several actions including deleting subscribers and perform blind Server-Side Request Forgery. | 2024-06-15 | 8.1 | CVE-2023-6696 security@wordfence.com security@wordfence.com security@wordfence.com |
| popupbuilder–Popup Builder Create highly converting, mobile friendly marketing popups. |
The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions, such as deleting subscribers, and importing subscribers to conduct stored cross-site scripting attacks. | 2024-06-15 | 7.4 | CVE-2024-2544 security@wordfence.com security@wordfence.com |
| Post SMTP–Post SMTP Mailer/Email Log |
Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6. | 2024-06-11 | 8.6 | CVE-2023-52233 audit@patchstack.com |
| pq-crystals — kyber |
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from emitting a vulnerable secret-dependent branch. | 2024-06-10 | 7.5 | CVE-2024-37880 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| pr-gateway–Blog2Social: Social Media Auto Post & Scheduler |
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the ‘b2sSortPostType’ parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-06-11 | 9.9 | CVE-2024-3549 security@wordfence.com security@wordfence.com |
| Premio–Folders Pro |
The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘handle_folders_file_upload’ function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2024-06-14 | 8.8 | CVE-2024-2024 security@wordfence.com security@wordfence.com |
| Red Hat–Red Hat Certificate System 10 |
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege. | 2024-06-11 | 7.5 | CVE-2023-4727 secalert@redhat.com secalert@redhat.com |
| Red Hat–Red Hat Enterprise Linux 7 |
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password. If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password). | 2024-06-12 | 8.1 | CVE-2024-3183 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| Red Hat–Red Hat Enterprise Linux 8 |
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the “forwardable” flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request. In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule. | 2024-06-12 | 7.1 | CVE-2024-2698 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| Red Hat–Red Hat OpenShift Container Platform 4.15 |
A flaw was found in cri-o. A malicious container can create a symbolic link pointing to an arbitrary directory or file on the host via directory traversal (“../”). This flaw allows the container to read and write to arbitrary files on the host system. | 2024-06-12 | 8.1 | CVE-2024-5154 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| salesagility — suitecrm |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | 2024-06-10 | 9.8 | CVE-2024-36412 security-advisories@github.com |
| salesagility — suitecrm |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | 2024-06-10 | 9 | CVE-2024-36417 security-advisories@github.com |
| salesagility — suitecrm |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | 2024-06-10 | 8.8 | CVE-2024-36408 security-advisories@github.com |
| salesagility — suitecrm |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | 2024-06-10 | 8.8 | CVE-2024-36409 security-advisories@github.com |
| salesagility — suitecrm |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | 2024-06-10 | 8.8 | CVE-2024-36410 security-advisories@github.com |
| salesagility — suitecrm |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | 2024-06-10 | 8.8 | CVE-2024-36411 security-advisories@github.com |
| salesagility — suitecrm |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | 2024-06-10 | 8.8 | CVE-2024-36415 security-advisories@github.com |
| salesagility — suitecrm |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | 2024-06-10 | 7.5 | CVE-2024-36416 security-advisories@github.com |
| salesagility–SuiteCRM |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | 2024-06-10 | 8.5 | CVE-2024-36418 security-advisories@github.com |
| SAP_SE–SAP Financial Consolidation |
SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and integrity of the application. | 2024-06-11 | 8.1 | CVE-2024-37177 cna@sap.com cna@sap.com |
| SAP_SE–SAP NetWeaver AS Java |
Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability of the application. | 2024-06-11 | 7.5 | CVE-2024-34688 cna@sap.com cna@sap.com |
| Schneider Electric–Easergy Studio |
CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine. | 2024-06-12 | 7.8 | CVE-2024-2747 cybersecurity@se.com |
| Schneider Electric–EcoStruxure IT Gateway |
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. | 2024-06-12 | 7.8 | CVE-2024-0865 cybersecurity@se.com |
| Schneider Electric–Sage 1410 |
CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set. | 2024-06-12 | 9.8 | CVE-2024-37036 cybersecurity@se.com |
| Schneider Electric–Sage 1410 |
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request. | 2024-06-12 | 8.1 | CVE-2024-37037 cybersecurity@se.com |
| Schneider Electric–Sage 1410 |
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests. | 2024-06-12 | 7.5 | CVE-2024-37038 cybersecurity@se.com |
| seacms — seacms |
SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. | 2024-06-10 | 9.1 | CVE-2024-31611 cve@mitre.org |
| securenvoy — multi-factor_authentication_solutions |
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature. | 2024-06-10 | 7.5 | CVE-2024-37393 cve@mitre.org cve@mitre.org cve@mitre.org |
| Siemens–PowerSys |
A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application insufficiently protects responses to authentication requests. This could allow a local attacker to bypass authentication, thereby gaining administrative privileges for the managed remote devices. | 2024-06-11 | 9.3 | CVE-2024-36266 productcert@siemens.com |
| Siemens–SIMATIC S7-200 SMART CPU CR40 |
A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions). Affected devices are using a predictable IP ID sequence number. This leaves the system susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack and eventually could allow an attacker to create a denial of service condition. | 2024-06-11 | 8.2 | CVE-2024-35292 productcert@siemens.com |
| Siemens–SINEC Traffic Analyzer |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application does not expire the session. This could allow an attacker to get unauthorized access. | 2024-06-11 | 7.8 | CVE-2024-35206 productcert@siemens.com |
| Siemens–SINEC Traffic Analyzer |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery(CSRF) attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. | 2024-06-11 | 7.8 | CVE-2024-35207 productcert@siemens.com |
| Siemens–SINEC Traffic Analyzer |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files. | 2024-06-11 | 7.5 | CVE-2024-35209 productcert@siemens.com |
| Siemens–SINEC Traffic Analyzer |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application lacks input validation due to which an attacker can gain access to the Database entries. | 2024-06-11 | 7.5 | CVE-2024-35212 productcert@siemens.com |
| Siemens–Tecnomatix Plant Simulation V2302 |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). The affected applications contain a type confusion vulnerability while parsing specially crafted MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22958) | 2024-06-11 | 7.8 | CVE-2024-35303 productcert@siemens.com |
| Soar Cloud–HR Portal |
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused. | 2024-06-14 | 8.8 | CVE-2024-5995 twcert@cert.org.tw twcert@cert.org.tw |
| Soar Cloud–HR Portal |
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the system. | 2024-06-14 | 8.8 | CVE-2024-5996 twcert@cert.org.tw twcert@cert.org.tw |
| SourceCodester–Employee and Visitor Gate Pass Logging System |
A vulnerability, which was classified as critical, was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268140. | 2024-06-12 | 7.3 | CVE-2024-5896 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| SourceCodester–Employee and Visitor Gate Pass Logging System |
A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. Affected is the function log_employee of the file /classes/Master.php?f=log_employee. The manipulation of the argument employee_code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268422 is the identifier assigned to this vulnerability. | 2024-06-13 | 7.3 | CVE-2024-5976 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| SourceCodester–Online Eyewear Shop |
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-268138 is the identifier assigned to this vulnerability. | 2024-06-12 | 7.3 | CVE-2024-5894 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| strapi–strapi |
Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch. | 2024-06-12 | 7.1 | CVE-2024-34065 security-advisories@github.com |
| strategery-migrations_project — strategery-migrations |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through 1.0. | 2024-06-10 | 7.5 | CVE-2024-35745 audit@patchstack.com |
| stylemixthemes — mega_menu |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through 2.3.12. | 2024-06-10 | 9.8 | CVE-2024-35677 audit@patchstack.com |
| tagDiv–tagDiv Composer |
The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the ‘td_block_title’ shortcode ‘block_template_id’ attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. | 2024-06-15 | 8.8 | CVE-2024-3813 security@wordfence.com security@wordfence.com |
| themehigh — checkout_field_editor_for_woocommerce |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through 3.6.2. | 2024-06-10 | 9.1 | CVE-2024-35658 audit@patchstack.com |
| themekraft — buddypress_woocommerce_my_account_integration._create_woocommerce_member_pages |
Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.19. | 2024-06-10 | 8.8 | CVE-2024-35726 audit@patchstack.com |
| Themeum–Tutor LMS |
Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8. | 2024-06-11 | 8.3 | CVE-2023-25799 audit@patchstack.com |
| tickera — tickera |
Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through 3.5.2.6. | 2024-06-10 | 8.8 | CVE-2024-35729 audit@patchstack.com |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the “Base Score” of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 9.8 | CVE-2024-27143 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the “Base Score” of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 9.8 | CVE-2024-27144 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the “Base Score” of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 9.8 | CVE-2024-27145 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 9.8 | CVE-2024-27172 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the “Base Score” of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 9.8 | CVE-2024-27173 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the “Base Score” of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 9.8 | CVE-2024-27174 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 8.4 | CVE-2024-27169 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Attackers can bypass the web login authentication process to gain access to the printer’s system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 8.8 | CVE-2024-3496 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 8.8 | CVE-2024-3497 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.4 | CVE-2024-27147 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.4 | CVE-2024-27148 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.4 | CVE-2024-27149 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.4 | CVE-2024-27150 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.4 | CVE-2024-27151 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.4 | CVE-2024-27152 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.4 | CVE-2024-27153 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.7 | CVE-2024-27155 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.4 | CVE-2024-27158 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.1 | CVE-2024-27164 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. A local attacker can get root privileges. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.8 | CVE-2024-27165 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.4 | CVE-2024-27166 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.4 | CVE-2024-27167 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.1 | CVE-2024-27168 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.4 | CVE-2024-27170 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.4 | CVE-2024-27171 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the “Base Score” of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.2 | CVE-2024-27176 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the “Base Score” of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.2 | CVE-2024-27177 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the “Base Score” of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.2 | CVE-2024-27178 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 7.8 | CVE-2024-3498 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Trellix–Intrusion Prevention System (IPS) Manager |
Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager. | 2024-06-14 | 9.8 | CVE-2024-5671 trellixpsirt@trellix.com |
| Trend Micro, Inc.–Trend Micro Apex One |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2024-36303. | 2024-06-10 | 7.8 | CVE-2024-36302 security@trendmicro.com security@trendmicro.com |
| Trend Micro, Inc.–Trend Micro Apex One |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2024-36302. | 2024-06-10 | 7.8 | CVE-2024-36303 security@trendmicro.com security@trendmicro.com |
| Trend Micro, Inc.–Trend Micro Apex One |
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-06-10 | 7.8 | CVE-2024-36304 security@trendmicro.com security@trendmicro.com |
| Trend Micro, Inc.–Trend Micro Apex One |
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-06-10 | 7.8 | CVE-2024-36305 security@trendmicro.com security@trendmicro.com |
| Trend Micro, Inc.–Trend Micro Apex One |
An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-06-10 | 7.8 | CVE-2024-37289 security@trendmicro.com security@trendmicro.com |
| Trend Micro, Inc.–Trend Micro Deep Security Agent |
A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-06-10 | 7.8 | CVE-2024-36358 security@trendmicro.com security@trendmicro.com |
| Trend Micro, Inc.–Trend Micro Maximum Security (Consumer) |
Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | 2024-06-10 | 7.8 | CVE-2024-32849 security@trendmicro.com security@trendmicro.com |
| tribe29 — checkmk |
Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. | 2024-06-10 | 7.5 | CVE-2024-28833 security@checkmk.com |
| Verint–WFO |
Verint – CWE-434: Unrestricted Upload of File with Dangerous Type | 2024-06-13 | 8.8 | CVE-2024-36396 cna@cyber.gov.il |
| webcraftic–Woody code snippets Insert Header Footer Code, AdSense Ads |
The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the ‘insert_php’ shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized users. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. | 2024-06-15 | 9.9 | CVE-2024-3105 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| wedevs–Dokan Pro |
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the ‘code’ parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-06-13 | 10 | CVE-2024-3922 security@wordfence.com security@wordfence.com |
| WPENGINE INC–Advanced Custom Fields PRO |
Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10. | 2024-06-10 | 9.9 | CVE-2024-34762 audit@patchstack.com |
| WPENGINE INC–Advanced Custom Fields PRO |
Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code (‘Code Injection’) vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10. | 2024-06-10 | 8.5 | CVE-2024-34761 audit@patchstack.com |
| wpmet–ElementsKit Pro |
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the ‘render_raw’ function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2024-06-14 | 8.5 | CVE-2024-4404 security@wordfence.com security@wordfence.com |
| WPStaging–WP STAGING Pro WordPress Backup Plugin |
The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the ‘sub’ parameter called from the WP STAGING WordPress Backup Plugin – Backup Duplicator & Migration plugin. This makes it possible for unauthenticated attackers to include any local files that end in ‘-settings.php’ via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-06-14 | 7.5 | CVE-2024-5551 security@wordfence.com security@wordfence.com security@wordfence.com |
| WPWeb–WooCommerce – Social Login |
The WooCommerce – Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the ‘woo_slg_verify’ vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-06-15 | 9.8 | CVE-2024-5871 security@wordfence.com security@wordfence.com |
| yotuwp–Video Gallery YouTube Playlist, Channel Gallery by YotuWP |
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-06-15 | 9.8 | CVE-2024-4258 security@wordfence.com security@wordfence.com |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 3uu–Shariff Wrapper |
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘shariff’ shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘borderradius’ and ‘timestamp’. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-15 | 6.4 | CVE-2024-2695 security@wordfence.com security@wordfence.com |
| A WP Life–Album Gallery WordPress Gallery |
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7. | 2024-06-10 | 4.3 | CVE-2024-35720 audit@patchstack.com |
| A WP Life–Media Slider Photo Sleder, Video Slider, Link Slider, Carousal Slideshow |
Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through 1.3.9. | 2024-06-10 | 4.3 | CVE-2024-35717 audit@patchstack.com |
| acurax — under_construction_/_maintenance_mode |
Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through 2.6. | 2024-06-10 | 5.3 | CVE-2024-35749 audit@patchstack.com |
| AddonMaster–Load More Anything |
Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3. | 2024-06-11 | 5.4 | CVE-2024-24704 audit@patchstack.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-20769 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-20784 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26036 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form. | 2024-06-13 | 5.4 | CVE-2024-26037 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability. | 2024-06-13 | 5.4 | CVE-2024-26039 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability. | 2024-06-13 | 5.4 | CVE-2024-26053 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26054 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the malicious script. | 2024-06-13 | 5.4 | CVE-2024-26055 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that triggers the malicious script. | 2024-06-13 | 5.4 | CVE-2024-26057 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link. | 2024-06-13 | 5.4 | CVE-2024-26058 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26060 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26066 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26068 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26070 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26071 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that causes the vulnerable script to execute. | 2024-06-13 | 5.4 | CVE-2024-26072 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26074 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26075 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26077 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26078 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26081 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26082 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26083 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26085 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26088 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26092 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2024-06-13 | 5.4 | CVE-2024-26093 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26095 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26110 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2024-06-13 | 5.4 | CVE-2024-26111 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2024-06-13 | 5.4 | CVE-2024-26113 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2024-06-13 | 5.4 | CVE-2024-26114 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2024-06-13 | 5.4 | CVE-2024-26115 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2024-06-13 | 5.4 | CVE-2024-26116 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26121 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-26123 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-34119 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-34120 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36141 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36142 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36143 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36144 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36146 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36147 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36148 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36149 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36150 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36152 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36153 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36154 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36155 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36156 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36158 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36159 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36160 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36161 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36162 psirt@adobe.com |
| adobe — experience_manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 4.8 | CVE-2024-26049 psirt@adobe.com |
| Adobe–Acrobat Mobile Sign Android |
Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to access files and directories that are outside the restricted directory and also to overwrite arbitrary files. Exploitation of this issue does not requires user interaction and attack complexity is high. | 2024-06-13 | 6.3 | CVE-2024-34129 psirt@adobe.com |
| Adobe–Acrobat Mobile Sign Android |
Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access confidential information. Exploitation of this issue does not require user interaction. | 2024-06-13 | 5.5 | CVE-2024-34130 psirt@adobe.com |
| Adobe–Adobe Commerce |
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause the server to execute arbitrary code. Exploitation of this issue does not require user interaction. | 2024-06-13 | 6.5 | CVE-2024-34111 psirt@adobe.com |
| Adobe–Adobe Commerce |
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction. | 2024-06-13 | 5.3 | CVE-2024-34106 psirt@adobe.com |
| Adobe–Adobe Commerce |
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | 2024-06-13 | 5.3 | CVE-2024-34107 psirt@adobe.com |
| Adobe–Adobe Commerce |
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 4.8 | CVE-2024-34105 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2024-06-13 | 5.4 | CVE-2024-26086 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue requires user interaction, as the victim needs to visit a web page with a maliciously crafted script. | 2024-06-13 | 5.4 | CVE-2024-26089 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link. | 2024-06-13 | 5.4 | CVE-2024-26090 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that causes the vulnerable script to execute. | 2024-06-13 | 5.4 | CVE-2024-26091 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2024-06-13 | 5.4 | CVE-2024-26117 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue requires user interaction, as the victim needs to visit a web page with a maliciously crafted script. | 2024-06-13 | 5.4 | CVE-2024-36151 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36157 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36163 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36164 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36165 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36166 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36167 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36168 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36169 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36170 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36171 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36172 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36173 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36174 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36175 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36176 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36177 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36178 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36179 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36180 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue requires user interaction, typically in the form of convincing a victim to visit a maliciously crafted web page or to interact with a maliciously modified DOM element within the application. | 2024-06-13 | 5.4 | CVE-2024-36181 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36182 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form. | 2024-06-13 | 5.4 | CVE-2024-36183 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a malicious link or to submit a specially crafted form. | 2024-06-13 | 5.4 | CVE-2024-36184 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36185 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36186 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36187 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36188 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36189 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that triggers the vulnerability. | 2024-06-13 | 5.4 | CVE-2024-36190 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36191 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36192 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36193 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36194 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36195 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36196 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability. | 2024-06-13 | 5.4 | CVE-2024-36197 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36198 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36199 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36200 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36201 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36202 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36203 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36204 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36205 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2024-06-13 | 5.4 | CVE-2024-36206 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36207 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36208 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36209 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2024-06-13 | 5.4 | CVE-2024-36210 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2024-06-13 | 5.4 | CVE-2024-36211 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36212 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36213 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36214 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36215 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2024-06-13 | 5.4 | CVE-2024-36216 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36217 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36218 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36219 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the malicious script. | 2024-06-13 | 5.4 | CVE-2024-36220 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36221 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability. | 2024-06-13 | 5.4 | CVE-2024-36222 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that causes the vulnerable script to execute. | 2024-06-13 | 5.4 | CVE-2024-36224 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36225 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form. | 2024-06-13 | 5.4 | CVE-2024-36227 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability. | 2024-06-13 | 5.4 | CVE-2024-36228 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form. | 2024-06-13 | 5.4 | CVE-2024-36229 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that causes the execution of the malicious script. | 2024-06-13 | 5.4 | CVE-2024-36230 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that causes the execution of the malicious script. | 2024-06-13 | 5.4 | CVE-2024-36231 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-06-13 | 5.4 | CVE-2024-36232 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a malicious link. | 2024-06-13 | 5.4 | CVE-2024-36233 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that triggers the vulnerability. | 2024-06-13 | 5.4 | CVE-2024-36234 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that causes the execution of the malicious script. | 2024-06-13 | 5.4 | CVE-2024-36235 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link. | 2024-06-13 | 5.4 | CVE-2024-36236 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a malicious link or to interact with a maliciously crafted web page. | 2024-06-13 | 5.4 | CVE-2024-36238 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link. | 2024-06-13 | 5.4 | CVE-2024-36239 psirt@adobe.com |
| Adobe–Audition |
Audition versions 24.2, 23.6.4 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-06-13 | 5.5 | CVE-2024-30276 psirt@adobe.com |
| Adobe–Audition |
Audition versions 24.2, 23.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service condition. An attacker could exploit this vulnerability to crash the application, leading to a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-06-13 | 5.5 | CVE-2024-30285 psirt@adobe.com |
| Adobe–ColdFusion |
ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction. | 2024-06-13 | 6.2 | CVE-2024-34113 psirt@adobe.com |
| Adobe–Creative Cloud Desktop |
Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file delete. Exploitation of this issue requires user interaction. | 2024-06-13 | 5.5 | CVE-2024-34116 psirt@adobe.com |
| Adobe–Media Encoder |
Media Encoder versions 23.6.5, 24.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-06-13 | 5.5 | CVE-2024-30278 psirt@adobe.com |
| Afzal Multani–WP Clone Menu |
Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through 1.0.1. | 2024-06-12 | 5.4 | CVE-2023-38395 audit@patchstack.com |
| aimeos–ai-client-html |
The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn’t succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue. | 2024-06-11 | 5.3 | CVE-2024-37296 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| aimeos–aimeos-core |
Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to receive a patch. | 2024-06-11 | 5.5 | CVE-2024-37294 security-advisories@github.com |
| Anders Norn–Radcliffe 2 |
Missing Authorization vulnerability in Anders Norén Radcliffe 2.This issue affects Radcliffe 2: from n/a through 2.0.17. | 2024-06-11 | 5.3 | CVE-2024-35685 audit@patchstack.com |
| apple — macos |
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode. | 2024-06-10 | 5.3 | CVE-2022-32933 product-security@apple.com |
| apple — macos |
The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to access sensitive user data. | 2024-06-10 | 5.5 | CVE-2023-40389 product-security@apple.com product-security@apple.com |
| apple — macos |
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data. | 2024-06-10 | 5.5 | CVE-2024-27792 product-security@apple.com |
| Aspose.cloud Marketplace–Aspose.Words Exporter |
Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through 6.3.1. | 2024-06-11 | 4.3 | CVE-2024-32146 audit@patchstack.com |
| ASUS–Download Master |
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks. | 2024-06-14 | 4.8 | CVE-2024-31159 twcert@cert.org.tw twcert@cert.org.tw |
| ASUS–Download Master |
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks. | 2024-06-14 | 4.8 | CVE-2024-31160 twcert@cert.org.tw twcert@cert.org.tw |
| Awesome Support Team–Awesome Support |
Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.5. | 2024-06-12 | 5.3 | CVE-2023-51537 audit@patchstack.com |
| baden03–Collapse-O-Matic |
The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘expand’ and ‘expandsub’ shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-15 | 6.4 | CVE-2024-4095 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| badhonrocks–Divi Torque Lite Divi Theme and Extra Theme |
The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-12 | 6.4 | CVE-2024-5892 security@wordfence.com security@wordfence.com security@wordfence.com |
| Bastianon Massimo–WP GPX Map |
Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through 1.7.08. | 2024-06-12 | 4.3 | CVE-2023-44234 audit@patchstack.com |
| BBS e-Theme–BBS e-Popup |
Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through 2.4.5. | 2024-06-14 | 6.5 | CVE-2023-36504 audit@patchstack.com |
| bdthemes–Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) |
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-12 | 6.4 | CVE-2024-3925 security@wordfence.com security@wordfence.com |
| BeyondTrust–BeyondInsight PasswordSafe |
A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response. | 2024-06-11 | 5.9 | CVE-2024-5813 13061848-ea10-403d-bd75-c83a022c2891 |
| bradvin–FooGallery Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel |
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-14 | 6.4 | CVE-2024-2122 security@wordfence.com security@wordfence.com |
| Brainstorm Force–ProjectHuddle Client Site |
Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34. | 2024-06-14 | 4.3 | CVE-2023-51376 audit@patchstack.com |
| brainstormforce–Elementor Header & Footer Builder |
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin’s Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-13 | 6.4 | CVE-2024-5757 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Brett Shumaker–Simple Staff List |
Missing Authorization vulnerability in Brett Shumaker Simple Staff List.This issue affects Simple Staff List: from n/a through 2.2.4. | 2024-06-12 | 4.3 | CVE-2023-51526 audit@patchstack.com |
| britner–Gutenberg Blocks with AI by Kadence WP Page Builder Features |
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-14 | 6.4 | CVE-2024-4863 security@wordfence.com security@wordfence.com security@wordfence.com |
| Bryan Lee–Kingkong Board |
Missing Authorization vulnerability in Bryan Lee Kingkong Board.This issue affects Kingkong Board: from n/a through 2.1.0.2. | 2024-06-14 | 6.3 | CVE-2023-36694 audit@patchstack.com |
| buddypress–BuddyPress |
The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ parameter in versions up to, and including, 12.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-12 | 6.4 | CVE-2024-4892 security@wordfence.com security@wordfence.com security@wordfence.com |
| BulkGate–BulkGate SMS Plugin for WooCommerce |
Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin for WooCommerce.This issue affects BulkGate SMS Plugin for WooCommerce: from n/a through 3.0.2. | 2024-06-12 | 5.4 | CVE-2023-51679 audit@patchstack.com |
| Business Directory Team–Business Directory Plugin |
Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9. | 2024-06-14 | 5.4 | CVE-2023-51516 audit@patchstack.com |
| Buy Me a Coffee–Buy Me a Coffee |
Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7. | 2024-06-12 | 4.3 | CVE-2023-25030 audit@patchstack.com |
| Code for Recovery–12 Step Meeting List |
Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.28. | 2024-06-10 | 4.3 | CVE-2024-22296 audit@patchstack.com |
| Codection–Import and export users and customers |
Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.26.5. | 2024-06-11 | 5.4 | CVE-2024-34815 audit@patchstack.com |
| codename065–Download Manager |
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-12 | 6.4 | CVE-2024-5266 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| codename065–Download Manager |
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user’s Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution. | 2024-06-12 | 4.4 | CVE-2024-1766 security@wordfence.com security@wordfence.com |
| codexpert–CoDesigner The Most Compact and User-Friendly Elementor WooCommerce Builder |
The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-12 | 6.4 | CVE-2024-4564 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Comtrend–Comtrend WLD71-T1_v2.0.201820 |
Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application to which he is authenticated. | 2024-06-10 | 6.5 | CVE-2024-5786 cve-coordination@incibe.es |
| Contact List PRO–Contact List Easy Business Directory, Staff Directory and Address Book Plugin |
Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through 2.9.87. | 2024-06-11 | 5.3 | CVE-2024-34821 audit@patchstack.com |
| contact_form_builder_project — contact_form_builder |
Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7. | 2024-06-10 | 5.3 | CVE-2024-35747 audit@patchstack.com |
| Copymatic–Copymatic AI Content Writer & Generator |
Missing Authorization vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.9. | 2024-06-11 | 6.5 | CVE-2024-35716 audit@patchstack.com |
| crate–crate |
CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security parameters during an ongoing TLS session. This flaw could lead to excessive consumption of CPU resources, resulting in potential server overload and service disruption. The vulnerability was confirmed using an openssl client where the command `R` initiates renegotiation, followed by the server confirming with `RENEGOTIATING`. This vulnerability allows an attacker to perform a denial of service attack by exhausting server CPU resources through repeated TLS renegotiations. This impacts the availability of services running on the affected server, posing a significant risk to operational stability and security. TLS 1.3 explicitly forbids renegotiation, since it closes a window of opportunity for an attack. Version 5.7.2 of CrateDB contains the fix for the issue. | 2024-06-13 | 5.3 | CVE-2024-37309 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| Deepak anand–WP Dummy Content Generator |
Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 2.3.0. | 2024-06-14 | 5.3 | CVE-2023-37394 audit@patchstack.com |
| Dell–CPG BIOS |
Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS. | 2024-06-12 | 6.8 | CVE-2024-0160 security_alert@emc.com |
| Dell–CPG BIOS |
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | 2024-06-13 | 5.1 | CVE-2024-32856 security_alert@emc.com |
| Dell–CPG BIOS |
Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service. | 2024-06-12 | 4.7 | CVE-2024-28970 security_alert@emc.com |
| Dell–Secure Connect Gateway-Application |
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application’s backend database that could potentially allow an unauthorized user access to restricted resources and change of state. | 2024-06-13 | 5.4 | CVE-2024-28965 security_alert@emc.com |
| Dell–Secure Connect Gateway-Application |
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application’s backend database that could potentially allow an unauthorized user access to restricted resources and change of state. | 2024-06-13 | 5.4 | CVE-2024-28966 security_alert@emc.com |
| Dell–Secure Connect Gateway-Application |
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application’s backend database that could potentially allow an unauthorized user access to restricted resources and change of state. | 2024-06-13 | 5.4 | CVE-2024-28967 security_alert@emc.com |
| Dell–Secure Connect Gateway-Application |
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application’s backend database that could potentially allow an unauthorized user access to restricted resources and change of state. | 2024-06-13 | 5.4 | CVE-2024-28968 security_alert@emc.com |
| Dell–Secure Connect Gateway-Application |
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application’s backend database causing potential unauthorized access and modification of application data. | 2024-06-13 | 5.4 | CVE-2024-29168 security_alert@emc.com |
| Dell–Secure Connect Gateway-Application |
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application’s backend database causing potential unauthorized access and modification of application data. | 2024-06-13 | 5.4 | CVE-2024-29169 security_alert@emc.com |
| Dell–Secure Connect Gateway-Application |
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application’s backend database that could potentially allow an unauthorized user access to restricted resources. | 2024-06-13 | 4.3 | CVE-2024-28969 security_alert@emc.com |
| devitemsllc–ShopLentor WooCommerce Builder for Elementor & Gutenberg +12 Modules All in One Solution (formerly WooLentor) |
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-11 | 6.4 | CVE-2024-5530 security@wordfence.com security@wordfence.com security@wordfence.com |
| dgwyer–Simple Sitemap Create a Responsive HTML Sitemap |
The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the ‘admin_notices’ hook found in class-settings.php. This makes it possible for unauthenticated attackers to reset the plugin options to a default state via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-06-14 | 4.3 | CVE-2023-6492 security@wordfence.com security@wordfence.com |
| Discourse–WP Discourse |
Missing Authorization vulnerability in Discourse WP Discourse.This issue affects WP Discourse: from n/a through 2.5.1. | 2024-06-11 | 4.3 | CVE-2024-35168 audit@patchstack.com |
| Elastic–Elasticsearch |
It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body  restricts search for a given index using the query or the field_security parameter, and the same cross-cluster API key also grants replication for the same index, the search restrictions are not enforced during cross cluster search operations and search results may include documents and terms that should not be returned. This issue only affects the API key based security model for remote clusters https://www.elastic.co/guide/en/elasticsearch/reference/8.14/remote-clusters.html#remote-clusters-security-models  that was previously a beta feature and is released as GA with 8.14.0 | 2024-06-12 | 6.5 | CVE-2024-23445 bressers@elastic.co |
| Elastic–Elasticsearch |
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature. | 2024-06-13 | 4.9 | CVE-2024-37280 bressers@elastic.co |
| Elastic–Kibana |
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | 2024-06-14 | 6.1 | CVE-2024-23442 bressers@elastic.co |
| Elastic–Kibana |
A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries. | 2024-06-13 | 4.3 | CVE-2024-37279 bressers@elastic.co |
| Elementor–Elementor Website Builder |
Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2. | 2024-06-11 | 4.3 | CVE-2023-33922 audit@patchstack.com |
| elespare–Elespare News, Magazine and Blog Elements & Blog Addons for Elementor with Header Footer Builder. One Click Import: No Coding Required! |
The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Horizontal Nav Menu’ widget in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-13 | 6.4 | CVE-2024-4615 security@wordfence.com security@wordfence.com |
| emlog — emlog |
Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information. | 2024-06-10 | 6.5 | CVE-2024-31612 cve@mitre.org |
| ExpressTech–Quiz And Survey Master |
Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16. | 2024-06-14 | 5.3 | CVE-2023-51507 audit@patchstack.com |
| Fastly–Fastly |
Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25. | 2024-06-11 | 5.3 | CVE-2024-34768 audit@patchstack.com |
| Fat Rat–Fat Rat Collect |
Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through 2.6.7. | 2024-06-14 | 4.3 | CVE-2023-35045 audit@patchstack.com |
| Fortinet–FortiOS |
A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands. | 2024-06-11 | 6.7 | CVE-2023-46720 psirt@fortinet.com |
| Fortinet–FortiOS |
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file. | 2024-06-11 | 6.8 | CVE-2024-23111 psirt@fortinet.com |
| Fortinet–FortiPortal |
A improper neutralization of special elements used in an sql command (‘sql injection’) in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality. | 2024-06-11 | 4.3 | CVE-2024-31495 psirt@fortinet.com |
| Fortinet–FortiSOAR |
Multiple improper neutralization of special elements used in SQL commands (‘SQL Injection’) vulnerabilities [CWE-89] in FortiSOAR 7.2.0 and before 7.0.3 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. | 2024-06-11 | 6.5 | CVE-2023-23775 psirt@fortinet.com |
| FunnelKit–FunnelKit Checkout |
Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. | 2024-06-12 | 5.4 | CVE-2023-51671 audit@patchstack.com |
| FunnelKit–FunnelKit Checkout |
Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. | 2024-06-12 | 4.3 | CVE-2023-51670 audit@patchstack.com |
| futuriowp–Futurio Extra |
The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-11 | 6.4 | CVE-2024-5646 security@wordfence.com security@wordfence.com security@wordfence.com |
| galdub–Folders Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager |
The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the ‘handle_folders_file_upload’ function. This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server. | 2024-06-14 | 4.3 | CVE-2024-2023 security@wordfence.com security@wordfence.com security@wordfence.com |
| Gangesh Matta–Simple Org Chart |
Missing Authorization vulnerability in Gangesh Matta Simple Org Chart.This issue affects Simple Org Chart: from n/a through 2.3.4. | 2024-06-12 | 5.3 | CVE-2023-40603 audit@patchstack.com |
| GitLab–GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file. | 2024-06-12 | 6.5 | CVE-2024-1495 cve@gitlab.com cve@gitlab.com cve@gitlab.com |
| GitLab–GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab’s CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration files. | 2024-06-12 | 6.5 | CVE-2024-1736 cve@gitlab.com cve@gitlab.com cve@gitlab.com |
| GitLab–GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab’s Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests. | 2024-06-12 | 6.5 | CVE-2024-1963 cve@gitlab.com cve@gitlab.com cve@gitlab.com |
| GitLab–GitLab |
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances. | 2024-06-12 | 4.4 | CVE-2024-4201 cve@gitlab.com cve@gitlab.com cve@gitlab.com |
| gloriafood–Restaurant Menu Food Ordering System Table Reservation |
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-15 | 6.4 | CVE-2024-1399 security@wordfence.com security@wordfence.com |
| gpriday–SiteOrigin Widgets Bundle |
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-11 | 6.4 | CVE-2024-5090 security@wordfence.com security@wordfence.com |
| grpc–grpc-node |
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. This has been patched in versions 1.10.9, 1.9.15, and 1.8.22. | 2024-06-10 | 5.3 | CVE-2024-37168 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| HahnCreativeGroup–WP Translate |
Missing Authorization vulnerability in HahnCreativeGroup WP Translate.This issue affects WP Translate: from n/a through 5.3.0. | 2024-06-11 | 5.4 | CVE-2024-35663 audit@patchstack.com |
| Happyforms–Happyforms |
Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10. | 2024-06-11 | 5.3 | CVE-2024-23521 audit@patchstack.com |
| Harbor–Harbor |
Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site. | 2024-06-10 | 4.3 | CVE-2024-22244 security@vmware.com |
| Hardik Chavada–Sticky Social Media Icons |
Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through 2.1. | 2024-06-12 | 5.4 | CVE-2023-40672 audit@patchstack.com |
| Himalaya Saxena–Highcompress Image Compressor |
Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0. | 2024-06-12 | 6.5 | CVE-2023-40209 audit@patchstack.com |
| hiroaki-miyashita–Custom Field Template |
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘cpt’ shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-11 | 6.4 | CVE-2023-6745 security@wordfence.com security@wordfence.com |
| hiroaki-miyashita–Custom Field Template |
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-11 | 6.4 | CVE-2024-0627 security@wordfence.com security@wordfence.com |
| hiroaki-miyashita–Custom Field Template |
The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the ‘cft’ shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary post metadata. | 2024-06-11 | 4.3 | CVE-2023-6748 security@wordfence.com security@wordfence.com |
| hiroaki-miyashita–Custom Field Template |
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-06-11 | 4.4 | CVE-2024-0653 security@wordfence.com security@wordfence.com |
| Hitachi Energy–FOXMAN-UN |
A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account. | 2024-06-11 | 6.5 | CVE-2024-28022 cybersecurity@hitachienergy.com cybersecurity@hitachienergy.com |
| Hitachi Energy–FOXMAN-UN |
A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code. | 2024-06-11 | 5.7 | CVE-2024-28023 cybersecurity@hitachienergy.com |
| Huawei–HarmonyOS |
Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-06-14 | 6.8 | CVE-2024-36499 psirt@huawei.com |
| Huawei–HarmonyOS |
Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity. | 2024-06-14 | 5.6 | CVE-2024-36501 psirt@huawei.com |
| Huawei–HarmonyOS |
Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability. | 2024-06-14 | 5.9 | CVE-2024-5465 psirt@huawei.com |
| Huawei–HarmonyOS |
Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-06-14 | 4 | CVE-2024-5464 psirt@huawei.com |
| ibericode–MC4WP |
Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9. | 2024-06-11 | 5.3 | CVE-2023-51682 audit@patchstack.com |
| IBM–Db2 for Linux, UNIX and Windows |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613. | 2024-06-12 | 6.5 | CVE-2024-31881 psirt@us.ibm.com psirt@us.ibm.com |
| IBM–Db2 for Linux, UNIX and Windows |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612. | 2024-06-12 | 5.3 | CVE-2023-29267 psirt@us.ibm.com psirt@us.ibm.com |
| IBM–Db2 for Linux, UNIX and Windows |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246. | 2024-06-12 | 5.3 | CVE-2024-28762 psirt@us.ibm.com psirt@us.ibm.com |
| IBM–Jazz Reporting Service |
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363. | 2024-06-13 | 4.4 | CVE-2024-25052 psirt@us.ibm.com psirt@us.ibm.com |
| IBM–Maximo Application Suite |
IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973. | 2024-06-13 | 4 | CVE-2024-22333 psirt@us.ibm.com psirt@us.ibm.com psirt@us.ibm.com |
| ideaboxcreations–PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) |
The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin’s Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-13 | 6.4 | CVE-2024-5787 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| If So Plugin–If-So Dynamic Content Personalization |
Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1. | 2024-06-11 | 6.5 | CVE-2024-34820 audit@patchstack.com |
| itsourcecode–Document Management System |
A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268722 is the identifier assigned to this vulnerability. | 2024-06-15 | 6.3 | CVE-2024-6014 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| itsourcecode–Event Calendar |
A vulnerability has been found in itsourcecode Event Calendar 1.0 and classified as critical. Affected by this vulnerability is the function regConfirm/regDelete of the file process.php. The manipulation of the argument userId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268699. | 2024-06-15 | 6.3 | CVE-2024-6009 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| itsourcecode–Online Book Store |
A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. Affected is an unknown function of the file /edit_book.php. The manipulation of the argument image leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268698 is the identifier assigned to this vulnerability. | 2024-06-15 | 6.3 | CVE-2024-6008 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| itsourcecode–Online Book Store |
A vulnerability was found in itsourcecode Online Book Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268721 was assigned to this vulnerability. | 2024-06-15 | 6.3 | CVE-2024-6013 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| itsourcecode–Online House Rental System |
A vulnerability was found in itsourcecode Online House Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268458 is the identifier assigned to this vulnerability. | 2024-06-14 | 6.3 | CVE-2024-5981 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| itsourcecode–Online House Rental System |
A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument month_of leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268723. | 2024-06-15 | 6.3 | CVE-2024-6015 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| itsourcecode–Online Laundry Management System |
A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268724. | 2024-06-15 | 6.3 | CVE-2024-6016 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| itsourcecode–Payroll Management System |
A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file print_payroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-268142 is the identifier assigned to this vulnerability. | 2024-06-12 | 6.3 | CVE-2024-5898 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| jasonraimondi–url-to-png |
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright’s screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol `http` or `https`. No known workarounds are available aside from upgrading. | 2024-06-10 | 5.3 | CVE-2024-37169 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| jegtheme–Jeg Elementor Kit |
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the plugin’s JKit – Tabs and JKit – Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-15 | 6.4 | CVE-2024-4479 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| jetmonsters–Stratum Elementor Widgets |
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-15 | 6.4 | CVE-2024-5611 security@wordfence.com security@wordfence.com security@wordfence.com |
| ladela–WordPress Online Booking and Scheduling Plugin Bookly |
The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with the staff member role and Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-11 | 6.4 | CVE-2024-5584 security@wordfence.com security@wordfence.com |
| leap13–Premium Addons for Elementor |
The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses and edits an injected element, and subsequently clicks the element with the mouse scroll wheel. | 2024-06-12 | 4.4 | CVE-2024-5553 security@wordfence.com security@wordfence.com security@wordfence.com |
| Lim Kai Yang–Grab & Save |
Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai Yang Grab & Save.This issue affects Grab & Save: from n/a through 1.0.4. | 2024-06-12 | 4.3 | CVE-2023-47845 audit@patchstack.com |
| LINE Corporation–LINE client for iOS |
The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE client for iOS versions below 14.9.0 and does not affect other LINE clients such as LINE client for Android. Please update LINE client for iOS to version 14.9.0 or higher. | 2024-06-12 | 6.1 | CVE-2024-5739 dl_cve@linecorp.com |
| MailerLite–MailerLite WooCommerce integration |
Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8. | 2024-06-11 | 4.3 | CVE-2023-52227 audit@patchstack.com |
| Mandrill–wpMandrill |
Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33. | 2024-06-12 | 4.3 | CVE-2023-47828 audit@patchstack.com |
| Mattermost–Mattermost |
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim’s system via custom URI schemes. | 2024-06-14 | 4.7 | CVE-2024-37182 responsibledisclosure@mattermost.com |
| Matthias Pfefferle & Automattic–ActivityPub |
Missing Authorization vulnerability in Matthias Pfefferle & Automattic ActivityPub.This issue affects ActivityPub: from n/a through 1.0.5. | 2024-06-11 | 6.5 | CVE-2023-52199 audit@patchstack.com |
| Maxime Schoeni–Sublanguage |
Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through 2.9. | 2024-06-14 | 5.4 | CVE-2023-36695 audit@patchstack.com |
| meowapps — database_cleaner |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5. | 2024-06-10 | 4.9 | CVE-2024-35712 audit@patchstack.com |
| Metagauss–ProfileGrid |
Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6. | 2024-06-12 | 4.3 | CVE-2023-52117 audit@patchstack.com |
| metersphere–metersphere |
MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system’s step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue. | 2024-06-11 | 4 | CVE-2024-37161 security-advisories@github.com |
| mgibbs189–Custom Field Suite |
The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the ‘cfs[post_content]’ parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-12 | 6.4 | CVE-2024-3559 security@wordfence.com security@wordfence.com security@wordfence.com |
| Microsoft–Azure File Sync |
Microsoft Azure File Sync Elevation of Privilege Vulnerability | 2024-06-11 | 4.4 | CVE-2024-35253 secure@microsoft.com |
| Microsoft–Azure Identity Library for .NET |
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | 2024-06-11 | 5.5 | CVE-2024-35255 secure@microsoft.com |
| Microsoft–Microsoft Dynamics 365 (on-premises) version 9.1 |
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 2024-06-11 | 5.7 | CVE-2024-35263 secure@microsoft.com |
| Microsoft–Microsoft Edge (Chromium-based) |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2024-06-13 | 5.4 | CVE-2024-30058 secure@microsoft.com |
| Microsoft–Microsoft Edge for iOS |
Microsoft Edge for iOS Spoofing Vulnerability | 2024-06-13 | 5.4 | CVE-2024-30057 secure@microsoft.com |
| Microsoft–Microsoft Edge for iOS |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2024-06-13 | 4.3 | CVE-2024-38083 secure@microsoft.com |
| Microsoft–Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) |
Visual Studio Remote Code Execution Vulnerability | 2024-06-11 | 4.7 | CVE-2024-30052 secure@microsoft.com |
| Microsoft–Microsoft Visual Studio 2022 version 17.10 |
Visual Studio Elevation of Privilege Vulnerability | 2024-06-11 | 6.7 | CVE-2024-29060 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 2024-06-11 | 6.7 | CVE-2024-30063 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Container Manager Service Elevation of Privilege Vulnerability | 2024-06-11 | 6.8 | CVE-2024-30076 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Themes Denial of Service Vulnerability | 2024-06-11 | 5.5 | CVE-2024-30065 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Winlogon Elevation of Privilege Vulnerability | 2024-06-11 | 5.5 | CVE-2024-30066 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Winlogon Elevation of Privilege Vulnerability | 2024-06-11 | 5.5 | CVE-2024-30067 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Cryptographic Services Information Disclosure Vulnerability | 2024-06-11 | 5.5 | CVE-2024-30096 secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-06-11 | 4.7 | CVE-2024-30069 secure@microsoft.com |
| Minoji–MJ Update History |
Missing Authorization vulnerability in Minoji MJ Update History.This issue affects MJ Update History: from n/a through 1.0.4. | 2024-06-11 | 4.3 | CVE-2024-35671 audit@patchstack.com |
| mlewand–ckeditor-plugin-openlink |
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version < **1.0.5**. | 2024-06-14 | 6.1 | CVE-2024-37888 security-advisories@github.com |
| MoreConvert–MC Woocommerce Wishlist |
Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.8. | 2024-06-11 | 5.3 | CVE-2024-34813 audit@patchstack.com |
| MoreConvert–MC Woocommerce Wishlist |
Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.2. | 2024-06-11 | 5.3 | CVE-2024-34819 audit@patchstack.com |
| n/a–n/a |
A Directory Traversal vulnerability in iceice666 ResourcePack Server before v1.0.8 allows a remote attacker to disclose files on the server, via setPath in ResourcePackFileServer.kt. | 2024-06-10 | 6.5 | CVE-2024-35474 cve@mitre.org |
| n/a–Newspaper – News & WooCommerce WordPress Theme |
The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-15 | 5.5 | CVE-2024-3815 security@wordfence.com security@wordfence.com |
| N/A–Piotnet Forms |
Missing Authorization vulnerability in Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.29. | 2024-06-12 | 5.3 | CVE-2023-51413 audit@patchstack.com |
| namithjawahar–Insert Post Ads |
Missing Authorization vulnerability in namithjawahar Insert Post Ads.This issue affects Insert Post Ads: from n/a through 1.3.2. | 2024-06-11 | 5.3 | CVE-2024-35665 audit@patchstack.com |
| Navneil Naicker–ACF Photo Gallery Field |
Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6. | 2024-06-11 | 4.3 | CVE-2024-23518 audit@patchstack.com |
| NervyThemes–SKU Label Changer For WooCommerce |
Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through 3.0. | 2024-06-14 | 6.5 | CVE-2023-29174 audit@patchstack.com |
| NetApp–StorageGRID (formerly StorageGRID Webscale) |
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation. | 2024-06-14 | 5.3 | CVE-2024-21988 security-alert@netapp.com |
| Netentsec–NS-ASG Application Security Gateway |
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /protocol/iscgwtunnel/deleteiscgwrouteconf.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-06-15 | 6.3 | CVE-2024-6007 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| netgsm — netgsm |
Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.16. | 2024-06-10 | 6.3 | CVE-2024-4746 audit@patchstack.com |
| netweblogic–Events Manager Calendar, Bookings, Tickets, and more! |
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘event’, ‘location’, and ‘event_category’ shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-12 | 6.4 | CVE-2024-3492 security@wordfence.com security@wordfence.com |
| nextcloud–security-advisories |
user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user backend is upgraded to 3.0.0 (Nextcloud 20-23), 4.0.0 (Nexcloud 24) or 5.0.0 (Nextcloud 25-28). | 2024-06-14 | 6.3 | CVE-2024-37312 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| nextcloud–security-advisories |
user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0. | 2024-06-14 | 5.4 | CVE-2024-37886 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| nextcloud–security-advisories |
Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2. | 2024-06-14 | 4.6 | CVE-2024-37316 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| nextcloud–security-advisories |
The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3. | 2024-06-14 | 4.6 | CVE-2024-37317 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| nextcloud–security-advisories |
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1. | 2024-06-14 | 4.3 | CVE-2024-37883 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| nicheaddons–Events Addon for Elementor |
The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-11 | 6.4 | CVE-2024-4669 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| NuGet–NuGetGallery |
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cross-Site Scripting (XSS) attacks. When a user inputs a Markdown autolink such as `<javascript:alert(1)>`, the link is rendered without proper sanitization. This means that the JavaScript code within the autolink can be executed by the browser, leading to an XSS attack. Version 2024.05.28 contains a patch for this issue. | 2024-06-12 | 6.1 | CVE-2024-37304 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| nvidia–GPU display driver, vGPU software, and Cloud Gaming |
NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service. | 2024-06-13 | 5.5 | CVE-2024-0092 psirt@nvidia.com |
| nvidia–NVIDIA Triton Inference Server |
NVIDIA Triton Inference Server for Linux contains a vulnerability where a user may cause an incorrect Initialization of resource by network issue. A successful exploit of this vulnerability may lead to information disclosure. | 2024-06-13 | 5.4 | CVE-2024-0103 psirt@nvidia.com |
| nvidia–vGPU software and Cloud Gaming |
NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service. | 2024-06-13 | 6.3 | CVE-2024-0085 psirt@nvidia.com |
| nvidia–vGPU software and Cloud Gaming |
NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure. | 2024-06-13 | 6.5 | CVE-2024-0093 psirt@nvidia.com |
| nvidia–vGPU software and Cloud Gaming |
NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin. | 2024-06-13 | 5.5 | CVE-2024-0086 psirt@nvidia.com |
| nvidia–vGPU software and Cloud Gaming |
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where an untrusted guest VM can cause improper control of the interaction frequency in the host. A successful exploit of this vulnerability might lead to denial of service. | 2024-06-13 | 5.5 | CVE-2024-0094 psirt@nvidia.com |
| oceanwp–Ocean Extra |
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-11 | 6.4 | CVE-2024-5531 security@wordfence.com security@wordfence.com |
| ONTRAPORT Inc.–PilotPress |
Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through 2.0.30. | 2024-06-10 | 5.3 | CVE-2024-23524 audit@patchstack.com |
| open-quantum-safe–liboqs |
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for `-Os`, `-O1`, and other compilation options. A proof-of-concept local attack on the reference implementation leaks the entire ML-KEM 512 secret key in ~10 minutes using end-to-end decapsulation timing measurements. The issue has been fixed in version 0.10.1. As a possible workaround, some compiler options may produce vectorized code that does not leak secret information, however relying on these compiler options as a workaround may not be reliable. | 2024-06-10 | 5.9 | CVE-2024-36405 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| OpenPrinting–cups |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue. | 2024-06-11 | 4.4 | CVE-2024-35235 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| OpenText–NetIQ Access Manager |
This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before | 2024-06-11 | 6.5 | CVE-2020-11843 security@opentext.com security@opentext.com |
| ovic_importer_project — ovic_importer |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Ovic Team Ovic Importer allows Path Traversal.This issue affects Ovic Importer: from n/a through 1.6.3. | 2024-06-10 | 6.5 | CVE-2024-35754 audit@patchstack.com |
| Photo Gallery Team–Photo Gallery by 10Web |
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.24. | 2024-06-11 | 4.3 | CVE-2024-35628 audit@patchstack.com |
| Podlove–Podlove Podcast Publisher |
Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0. | 2024-06-11 | 4.3 | CVE-2024-32143 audit@patchstack.com |
| quantumcloud–AI Infographic Maker |
The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary post titles. | 2024-06-15 | 4.3 | CVE-2024-5858 security@wordfence.com security@wordfence.com security@wordfence.com |
| RabbitLoader–RabbitLoader |
Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13. | 2024-06-10 | 5.4 | CVE-2024-21751 audit@patchstack.com |
| Red Hat–Red Hat Enterprise Linux 6 |
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink. | 2024-06-12 | 4.7 | CVE-2024-5742 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| Red Hat–Red Hat Quay 3 |
A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authentication and not authorization. However, in configurations where endpoints rely only on authentication, a user may authenticate to applications they otherwise have no access to. | 2024-06-12 | 4.2 | CVE-2024-5891 secalert@redhat.com secalert@redhat.com |
| Repute Infosystems–BookingPress |
Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82. | 2024-06-11 | 6.5 | CVE-2024-34799 audit@patchstack.com |
| Revolut–Revolut Gateway for WooCommerce |
Missing Authorization vulnerability in Revolut Revolut Gateway for WooCommerce.This issue affects Revolut Gateway for WooCommerce: from n/a through 4.9.7. | 2024-06-11 | 4.3 | CVE-2023-52224 audit@patchstack.com |
| salesagility — suitecrm |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is also dependent on some password reset functionalities being enabled. It also requires the system using php 7, which is not an officially supported version. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | 2024-06-10 | 6.5 | CVE-2024-36407 security-advisories@github.com |
| salesagility — suitecrm |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | 2024-06-10 | 6.5 | CVE-2024-36414 security-advisories@github.com |
| salesagility — suitecrm |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | 2024-06-10 | 5.4 | CVE-2024-36413 security-advisories@github.com |
| salesagility–SuiteCRM |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | 2024-06-10 | 5.4 | CVE-2024-36406 security-advisories@github.com |
| salesagility–SuiteCRM-Core |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the `/legacy` route. Version 8.6.1 contains a patch for the issue. | 2024-06-10 | 4.3 | CVE-2024-36419 security-advisories@github.com |
| Salesforce–Pardot |
Missing Authorization vulnerability in Salesforce Pardot.This issue affects Pardot: from n/a through 2.1.0. | 2024-06-11 | 4.3 | CVE-2024-32148 audit@patchstack.com |
| SAP_SE–SAP BW/4HANA Transformation and Data Transfer Process |
SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low impacts on the integrity and availability of the application. | 2024-06-11 | 5.5 | CVE-2024-37176 cna@sap.com cna@sap.com |
| SAP_SE–SAP CRM WebClient UI |
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim’s browser giving the attacker the ability to access and/or modify information with no effect on availability of the application. | 2024-06-11 | 6.1 | CVE-2024-34686 cna@sap.com cna@sap.com |
| SAP_SE–SAP Document Builder |
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser. | 2024-06-11 | 6.5 | CVE-2024-34683 cna@sap.com cna@sap.com |
| SAP_SE–SAP Financial Consolidation |
SAP Financial Consolidation does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. These endpoints are exposed over the network. The vulnerability can exploit resources beyond the vulnerable component. On successful exploitation, an attacker can cause limited impact to confidentiality of the application. | 2024-06-11 | 5 | CVE-2024-37178 cna@sap.com cna@sap.com |
| SAP_SE–SAP NetWeaver and ABAP platform |
SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate users causing high impact on availability of the application. | 2024-06-11 | 6.5 | CVE-2024-33001 cna@sap.com cna@sap.com |
| SAP_SE–SAP NetWeaver AS Java |
SAP NetWeaver AS Java (CAF – Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application. | 2024-06-11 | 5.3 | CVE-2024-28164 cna@sap.com cna@sap.com |
| SAP_SE–SAP S/4HANA (Manage Incoming Payment Files) |
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the system. | 2024-06-11 | 6.5 | CVE-2024-34691 cna@sap.com cna@sap.com |
| SAP_SE–SAP Student Life Cycle Management |
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application. | 2024-06-11 | 5.4 | CVE-2024-34690 cna@sap.com cna@sap.com |
| sc_filechecker_project — sc_filechecker |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through 0.6. | 2024-06-10 | 6.5 | CVE-2024-35743 audit@patchstack.com |
| Schneider Electric–EVlink Home Smart |
CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. This does not allow to directly exploit the product or make any unintended operation as the SSH interface access is protected by an authentication mechanism. Impacts are limited to port scanning and fingerprinting activities as well as attempts to perform a potential denial of service attack on the exposed SSH interface. | 2024-06-12 | 6.5 | CVE-2024-5313 cybersecurity@se.com |
| Schneider Electric–Modicon M340 |
CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. | 2024-06-12 | 6.5 | CVE-2024-5056 cybersecurity@se.com |
| Schneider Electric–PowerLogic P5 |
CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the device. | 2024-06-12 | 6.1 | CVE-2024-5559 cybersecurity@se.com |
| Schneider Electric–Sage 1410 |
CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request. | 2024-06-12 | 5.9 | CVE-2024-37039 cybersecurity@se.com |
| Schneider Electric–Sage 1410 |
CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request. | 2024-06-12 | 5.4 | CVE-2024-37040 cybersecurity@se.com |
| Schneider Electric–Sage 1410 |
CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request. | 2024-06-12 | 5.3 | CVE-2024-5560 cybersecurity@se.com |
| Schneider Electric–SpaceLogic AS-P |
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account. | 2024-06-12 | 6.4 | CVE-2024-5558 cybersecurity@se.com |
| Schneider Electric–SpaceLogic AS-P |
CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs. | 2024-06-12 | 4.5 | CVE-2024-5557 cybersecurity@se.com |
| seedprod — rafflepress |
Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.4. | 2024-06-10 | 6.3 | CVE-2024-4745 audit@patchstack.com |
| SendPress–SendPress Newsletters |
Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6. | 2024-06-14 | 5.3 | CVE-2023-35040 audit@patchstack.com |
| Siemens–Mendix Applications using Mendix 10 |
A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0), Mendix Applications using Mendix 10 (V10.6) (All versions < V10.6.9), Mendix Applications using Mendix 9 (All versions >= V9.3.0 < V9.24.22). Affected applications could allow users with the capability to manage a role to elevate the access rights of users with that role. Successful exploitation requires to guess the id of a target role which contains the elevated access rights. | 2024-06-11 | 5.9 | CVE-2024-33500 productcert@siemens.com |
| Siemens–SIMATIC CP 1542SP-1 |
A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of affected products, if configured to allow the import of PKCS12 containers, could end up in an infinite loop when processing incomplete certificate chains. This could allow an authenticated remote attacker to create a denial of service condition by importing specially crafted PKCS12 containers. | 2024-06-11 | 4.9 | CVE-2023-50763 productcert@siemens.com productcert@siemens.com productcert@siemens.com |
| Siemens–SINEC Traffic Analyzer |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords. | 2024-06-11 | 6.3 | CVE-2024-35208 productcert@siemens.com |
| Siemens–SINEC Traffic Analyzer |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is not enforcing HSTS. This could allow an attacker to perform downgrade attacks exposing confidential information. | 2024-06-11 | 6.5 | CVE-2024-35210 productcert@siemens.com |
| Siemens–SINEC Traffic Analyzer |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”). | 2024-06-11 | 6.5 | CVE-2024-35211 productcert@siemens.com |
| SoftLab–Integrate Google Drive |
Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3. | 2024-06-12 | 5.4 | CVE-2023-52177 audit@patchstack.com |
| SoftLab–Radio Player |
Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. | 2024-06-11 | 5.3 | CVE-2024-34753 audit@patchstack.com |
| Soliloquy Team–Slider by Soliloquy |
Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through 2.7.2. | 2024-06-11 | 4.3 | CVE-2023-51519 audit@patchstack.com |
| SourceCodester–Best Online News Portal |
A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268461 was assigned to this vulnerability. | 2024-06-14 | 6.3 | CVE-2024-5985 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| SourceCodester–Cab Management System |
A vulnerability classified as critical has been found in SourceCodester Cab Management System 1.0. This affects an unknown part of the file /cms/classes/Users.php?f=delete_client. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268137 was assigned to this vulnerability. | 2024-06-12 | 6.3 | CVE-2024-5893 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| SourceCodester–Employee and Visitor Gate Pass Logging System |
A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. This issue affects the function delete_users of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268139. | 2024-06-12 | 6.3 | CVE-2024-5895 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| SourceCodester–Employee and Visitor Gate Pass Logging System |
A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=log_visitor. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268141 was assigned to this vulnerability. | 2024-06-12 | 4.3 | CVE-2024-5897 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| specialk–Dashboard Widgets Suite |
The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-06-13 | 6.1 | CVE-2024-0979 security@wordfence.com security@wordfence.com |
| strapi–strapi |
Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in contrast, stops the server execution, making it unavailable for any clients until it’s manually restarted. Any user with access to the file upload functionality is able to exploit this vulnerability, affecting applications running in both development mode and production mode as well. Users should upgrade @strapi/plugin-upload to version 4.22.0 to receive a patch. | 2024-06-12 | 5.3 | CVE-2024-31217 security-advisories@github.com security-advisories@github.com |
| stylemix–WordPress Header Builder Plugin Pearl |
The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to delete arbitrary options that can be used to perform a denial of service attack on a site. | 2024-06-12 | 6.5 | CVE-2024-5468 security@wordfence.com security@wordfence.com |
| tabrisrp–WPS Hide Login |
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the ‘action=postpass’ parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin. | 2024-06-11 | 5.3 | CVE-2024-2473 security@wordfence.com security@wordfence.com |
| tagDiv–tagDiv Composer |
The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘single’ module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-15 | 5.5 | CVE-2024-3814 security@wordfence.com security@wordfence.com |
| Tagembed–Tagembed |
Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.5. | 2024-06-11 | 5.4 | CVE-2024-34804 audit@patchstack.com |
| TechnoVama–Quotes for WooCommerce |
Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through 2.0.1. | 2024-06-12 | 4.3 | CVE-2023-51680 audit@patchstack.com |
| Tenable–Security Center |
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges | 2024-06-12 | 5.4 | CVE-2024-5759 vulnreport@tenable.com |
| Teplitsa of social technologies–Leyka |
Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.1. | 2024-06-11 | 5.3 | CVE-2024-35683 audit@patchstack.com |
| Termly–Cookie Consent |
Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2. | 2024-06-11 | 5.3 | CVE-2024-35692 audit@patchstack.com |
| The Newsletter Team–Newsletter – API v1 and v2 addon for Newsletter |
The Newsletter – API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create or delete newsletter subscribers. This issue affects only sites running the PHP version below 8.0 | 2024-06-12 | 6.5 | CVE-2024-5674 security@wordfence.com security@wordfence.com |
| ThemeBoy–SportsPress Sports Club & League Manager |
Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20. | 2024-06-11 | 4.3 | CVE-2024-34824 audit@patchstack.com |
| themeisle — product_addons_&_fields_for_woocommerce |
Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20. | 2024-06-10 | 5.3 | CVE-2024-35728 audit@patchstack.com |
| TMS–Amelia |
Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98. | 2024-06-10 | 5.3 | CVE-2024-22298 audit@patchstack.com |
| Tobias Conrad–Builder for WooCommerce reviews shortcodes ReviewShort |
Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.5. | 2024-06-11 | 5.3 | CVE-2024-34763 audit@patchstack.com |
| Tobias Conrad–Design for Contact Form 7 Style WordPress Plugin CF7 WOW Styler |
Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler: from n/a through 1.6.4. | 2024-06-11 | 6.3 | CVE-2024-34826 audit@patchstack.com |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 6.7 | CVE-2024-27146 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Passwords are stored in clear-text logs. An attacker can retrieve passwords. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 6.2 | CVE-2024-27154 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
The session cookies, used for authentication, are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 6.8 | CVE-2024-27156 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 6.8 | CVE-2024-27157 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the “Base Score” of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 6.2 | CVE-2024-27159 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the “Base Score” of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 6.2 | CVE-2024-27160 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the “Base Score” of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 6.2 | CVE-2024-27161 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Toshiba printers provide a web interface that will load the JavaScript file. The file contains insecure codes vulnerable to XSS and is loaded inside all the webpages provided by the printer. An attacker can steal the cookie of an admin user. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 6.1 | CVE-2024-27162 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the “Base Score” of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 6.5 | CVE-2024-27163 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
An attacker with admin access can install rogue applications. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 6.7 | CVE-2024-27180 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. An attacker can exploit the XXE to retrieve information. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 5.9 | CVE-2024-27141 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers. An attacker can exploit the XXE to retrieve information. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 5.9 | CVE-2024-27142 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. An attacker can read any file on the printer. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 4.4 | CVE-2024-27175 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Toshiba Tec Corporation–Toshiba Tec e-Studio multi-function peripheral (MFP) |
Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL. | 2024-06-14 | 4.7 | CVE-2024-27179 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 ecc0f906-8666-484c-bcf8-c3b7520a72f0 |
| Trellix–Intrusion Prevention System (IPS) Manager |
A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information. | 2024-06-14 | 6.8 | CVE-2024-5731 trellixpsirt@trellix.com |
| Trellix–Trellix EDR UI (XConsole) |
An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim’s browser for sending carefully crafted malicious links to the EDR XConsole end user. | 2024-06-13 | 4.1 | CVE-2024-4176 trellixpsirt@trellix.com |
| Trend Micro, Inc.–Trend Micro Apex One |
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-06-10 | 6.1 | CVE-2024-36306 security@trendmicro.com security@trendmicro.com |
| Trend Micro, Inc.–Trend Micro Apex One |
A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-06-10 | 4.7 | CVE-2024-36307 security@trendmicro.com security@trendmicro.com |
| Trend Micro, Inc.–Trend Micro InterScan Web Security Virtual Appliance |
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-06-10 | 5.4 | CVE-2024-36359 security@trendmicro.com security@trendmicro.com |
| Trend Micro, Inc.–Trend Micro VPN Proxy One Pro |
Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges. | 2024-06-10 | 5.3 | CVE-2024-36473 security@trendmicro.com security@trendmicro.com |
| TreyWW–MyFinances |
MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6. | 2024-06-14 | 6.5 | CVE-2024-37889 security-advisories@github.com security-advisories@github.com |
| uniview — nvr301-04s2-p4_firmware |
Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained. | 2024-06-10 | 5.4 | CVE-2024-3850 ics-cert@hq.dhs.gov |
| upunzipper_project — upunzipper |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through 1.0.0. | 2024-06-10 | 6.5 | CVE-2024-35744 audit@patchstack.com |
| Vark–Pricing Deals for WooCommerce |
Missing Authorization vulnerability in Vark Pricing Deals for WooCommerce.This issue affects Pricing Deals for WooCommerce: from n/a through 2.0.3.2. | 2024-06-12 | 5.3 | CVE-2023-41240 audit@patchstack.com |
| vberkel–Schema App Structured Data |
The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-06-14 | 4.3 | CVE-2024-0892 security@wordfence.com security@wordfence.com |
| Verint–WFO |
Verint – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 2024-06-13 | 6.1 | CVE-2024-36395 cna@cyber.gov.il |
| vsourz1td–Advanced Contact form 7 DB |
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form. | 2024-06-11 | 5.3 | CVE-2024-3723 security@wordfence.com security@wordfence.com |
| vsourz1td–Advanced Contact form 7 DB |
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘vsz_cf7_export_to_excel’ function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for submitted forms. | 2024-06-11 | 5.3 | CVE-2024-4319 security@wordfence.com security@wordfence.com |
| WebCodingPlace–Product Expiry for WooCommerce |
Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through 2.5. | 2024-06-11 | 5.4 | CVE-2023-52179 audit@patchstack.com |
| webtechstreet–Elementor Addon Elements |
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-12 | 5.4 | CVE-2024-2092 security@wordfence.com security@wordfence.com security@wordfence.com |
| WebToffee–WordPress Backup & Migration |
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.3. | 2024-06-11 | 5.4 | CVE-2023-52183 audit@patchstack.com |
| weDevs–weDocs |
Missing Authorization vulnerability in weDevs weDocs.This issue affects weDocs: from n/a through 2.1.4. | 2024-06-11 | 5.3 | CVE-2024-34442 audit@patchstack.com |
| weDevs–weMail |
Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2. | 2024-06-11 | 5.3 | CVE-2024-34822 audit@patchstack.com |
| weDevs–WooCommerce Conversion Tracking |
Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. | 2024-06-11 | 4.3 | CVE-2023-52217 audit@patchstack.com |
| weForms–weForms |
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18. | 2024-06-12 | 4.3 | CVE-2023-51524 audit@patchstack.com |
| Welcart Inc.–Welcart e-Commerce |
Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14. | 2024-06-11 | 5.4 | CVE-2024-32144 audit@patchstack.com |
| Woo–WooCommerce Canada Post Shipping |
Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through 2.8.3. | 2024-06-11 | 5.3 | CVE-2023-51498 audit@patchstack.com |
| Woo–WooCommerce Product Vendors |
Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2. | 2024-06-11 | 5.3 | CVE-2023-52186 audit@patchstack.com |
| Woo–WooCommerce Ship to Multiple Addresses |
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9. | 2024-06-14 | 5.4 | CVE-2023-51497 audit@patchstack.com |
| Woo–WooCommerce Warranty Requests |
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. | 2024-06-14 | 6.5 | CVE-2023-51495 audit@patchstack.com |
| Woo–WooCommerce Warranty Requests |
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. | 2024-06-14 | 5.3 | CVE-2023-51496 audit@patchstack.com |
| woocommerce–woocommerce |
WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript could hijack content & data stored in the browser, including the session. The URL content is read through the `Sourcebuster.js` library and then inserted without proper sanitization to the classic checkout and registration forms. Versions 8.8.5 and 8.9.3 contain a patch for the issue. As a workaround, one may disable the Order Attribution feature. | 2024-06-12 | 5.4 | CVE-2024-37297 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| WP EasyCart–WP EasyCart |
Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19. | 2024-06-11 | 5.3 | CVE-2024-35667 audit@patchstack.com |
| WP OnlineSupport, Essential Plugin–Preloader for Website |
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Preloader for Website.This issue affects Preloader for Website: from n/a through 1.2.2. | 2024-06-11 | 5.3 | CVE-2023-48273 audit@patchstack.com |
| wpbakery–WPBakery Visual Composer |
The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vc_single_image shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-13 | 6.4 | CVE-2024-5265 security@wordfence.com security@wordfence.com |
| wpdevteam–EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor |
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-13 | 6.4 | CVE-2024-1565 security@wordfence.com security@wordfence.com security@wordfence.com |
| wpdevteam–Essential Addons for Elementor Best Elementor Templates, Widgets, Kits & WooCommerce Builders |
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-11 | 6.4 | CVE-2024-5189 security@wordfence.com security@wordfence.com security@wordfence.com |
| WPEverest–Everest Forms |
Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through 2.0.3. | 2024-06-14 | 5.3 | CVE-2023-51377 audit@patchstack.com |
| wpgmaps–WP Go Maps (formerly WP Google Maps) |
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Version 9.0.39 adds a caution to make administrators aware of the possibility for abuse if permissions are granted to lower-level users. | 2024-06-14 | 6.4 | CVE-2024-5994 security@wordfence.com security@wordfence.com security@wordfence.com |
| WPManageNinja LLC–Ninja Tables |
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.5. | 2024-06-14 | 5.3 | CVE-2024-23504 audit@patchstack.com |
| WPManageNinja LLC–Ninja Tables |
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.6. | 2024-06-11 | 4.3 | CVE-2024-23503 audit@patchstack.com |
| wpmet–ElementsKit Pro |
The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-06-15 | 6.4 | CVE-2024-5263 security@wordfence.com security@wordfence.com |
| Wpmet–WP Fundraising Donation and Crowdfunding Platform |
Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.6.4. | 2024-06-11 | 5.3 | CVE-2024-34758 audit@patchstack.com |
| WPWeb–WooCommerce – Social Login |
The WooCommerce – Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification. | 2024-06-15 | 6.5 | CVE-2024-5868 security@wordfence.com security@wordfence.com |
| WriterSystem–WooCommerce Easy Duplicate Product |
Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through 0.3.0.7. | 2024-06-14 | 4.3 | CVE-2023-51523 audit@patchstack.com |
| XjSv–Cooked |
The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `_recipe_settings[post_title]` parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. A patch is available at commit 8cf88f334ccbf11134080bbb655c66f1cfe77026 and will be part of version 1.8.0. | 2024-06-13 | 5.4 | CVE-2024-37308 security-advisories@github.com security-advisories@github.com |
| xpeedstudio–MetForm Contact Form, Survey, Quiz, & Custom Form Builder for Elementor |
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the ‘handle_file’ function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users. | 2024-06-11 | 5.3 | CVE-2024-4266 security@wordfence.com security@wordfence.com security@wordfence.com |
| yithemes — yith_woocommerce_product_add-ons |
Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.9.2. | 2024-06-10 | 5.3 | CVE-2024-35680 audit@patchstack.com |
| Yoast–Yoast SEO Premium |
Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4. | 2024-06-11 | 5.3 | CVE-2023-28775 audit@patchstack.com |
| yotuwp–Video Gallery YouTube Playlist, Channel Gallery by YotuWP |
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and execute arbitrary php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-06-15 | 6.4 | CVE-2024-4551 security@wordfence.com security@wordfence.com security@wordfence.com |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | 2024-06-13 | 3.5 | CVE-2024-26126 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | 2024-06-13 | 3.5 | CVE-2024-26127 psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | 2024-06-13 | 3.5 | CVE-2024-36226 psirt@adobe.com |
| BeyondTrust–BeyondInsight PasswordSafe |
A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request. | 2024-06-11 | 3.3 | CVE-2024-5812 13061848-ea10-403d-bd75-c83a022c2891 |
| Fortinet–FortiProxy |
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file. | 2024-06-11 | 1.8 | CVE-2024-21754 psirt@fortinet.com |
| GitLab–GitLab |
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. | 2024-06-14 | 3.1 | CVE-2024-5469 cve@gitlab.com |
| Harbor–Harbor |
SQL-Injection in Harbor allows priviledge users to leak the task IDs | 2024-06-11 | 2.7 | CVE-2024-22261 security@vmware.com |
| HashiCorp–Vault |
Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected. This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9 | 2024-06-12 | 2.6 | CVE-2024-5798 security@hashicorp.com |
| HCL Software–DRYiCE Optibot Reset Station |
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header.  This could allow an attacker to intercept or manipulate data during redirection. | 2024-06-14 | 3.7 | CVE-2024-30119 psirt@hcl.com |
| HCL Software–DRYiCE Optibot Reset Station |
HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web application. | 2024-06-14 | 2.9 | CVE-2024-30120 psirt@hcl.com |
| Hitachi Energy–FOXMAN-UN |
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. | 2024-06-11 | 1.9 | CVE-2024-28024 cybersecurity@hitachienergy.com cybersecurity@hitachienergy.com |
| IBM–i |
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174. | 2024-06-15 | 3.3 | CVE-2024-31870 psirt@us.ibm.com psirt@us.ibm.com |
| Mattermost–Mattermost |
Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. | 2024-06-14 | 3.8 | CVE-2024-36287 responsibledisclosure@mattermost.com |
| n/a–playSMS |
A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.8 is able to address this issue. The name of the patch is 7a88920f6b536c6a91512e739bcb4e8adefeed2b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-267912. NOTE: The code maintainer was contacted early about this disclosure and was eager to prepare a fix as quickly as possible. | 2024-06-11 | 3.5 | CVE-2024-5851 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| nextcloud–security-advisories |
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2. | 2024-06-14 | 3.5 | CVE-2024-37314 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| nextcloud–security-advisories |
Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 23.0.12.16, 24.0.12.12, 25.0.13.6, 26.0.12, 27.1.7 or 28.0.3. | 2024-06-14 | 3.5 | CVE-2024-37315 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| nextcloud–security-advisories |
Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3. | 2024-06-14 | 3.5 | CVE-2024-37884 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| nextcloud–security-advisories |
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is recommended that the Nextcloud Desktop client is upgraded to 3.12.0. | 2024-06-14 | 3.8 | CVE-2024-37885 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| nextcloud–security-advisories |
Nextcloud Server is a self hosted personal cloud system. Private shared calendar events’ recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1. | 2024-06-14 | 3.5 | CVE-2024-37887 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| Red Hat–Red Hat Build of Keycloak |
A Cross-site request forgery (CSRF) flaw was found in Keycloak and occurs due to the lack of a unique token sent during the authentication POST request, /login-actions/authenticate. This flaw allows an attacker to craft a malicious login page and trick a legitimate user of an application into authenticating with an attacker-controlled account instead of their own. | 2024-06-12 | 3.7 | CVE-2024-5203 secalert@redhat.com secalert@redhat.com |
| SAP_SE–SAP BusinessObjects Business Intelligence Platform |
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read or modify the remote server files. | 2024-06-11 | 3.7 | CVE-2024-34684 cna@sap.com cna@sap.com |
| Siemens–TIA Administrator |
A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process. | 2024-06-11 | 3.3 | CVE-2023-38533 productcert@siemens.com |
| smallweigit–Avue |
A vulnerability classified as problematic was found in smallweigit Avue up to 3.4.4. Affected by this vulnerability is an unknown functionality of the component avueUeditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-267895. NOTE: The code maintainer explains, that “rich text is no longer maintained”. | 2024-06-11 | 3.5 | CVE-2024-5829 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| smub–Easy WP SMTP by SendLayer WordPress SMTP and Email Log Plugin |
The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment. | 2024-06-13 | 2.7 | CVE-2024-3073 security@wordfence.com security@wordfence.com |
| strapi–strapi |
Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create. They should see nothing but their own items they created not all items ever created. Users should upgrade @strapi/plugin-content-manager to version 4.19.1 to receive a patch. | 2024-06-12 | 2.3 | CVE-2024-29181 security-advisories@github.com security-advisories@github.com |
| Tenable–Security Center |
A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page. | 2024-06-12 | 3.5 | CVE-2024-1891 vulnreport@tenable.com |
| ZKTeco–ZKBio CVSecurity V5000 |
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268693 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-06-15 | 3.5 | CVE-2024-6005 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| ZKTeco–ZKBio CVSecurity V5000 |
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-268694 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-06-15 | 3.5 | CVE-2024-6006 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| Acronis–Acronis Cloud Manager |
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272. | 2024-06-14 | not yet calculated | CVE-2024-34012 security@acronis.com |
| Apache Software Foundation–Apache Airflow |
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return “Cache-Control” header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache Airflow: before 2.9.2. Users are recommended to upgrade to version 2.9.2, which fixes the issue. | 2024-06-14 | not yet calculated | CVE-2024-25142 security@apache.org security@apache.org |
| Apache Software Foundation–Apache Allura |
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set “disable_entry_points.allura.importers = forge-tracker, forge-discussion” in your .ini config file. | 2024-06-10 | not yet calculated | CVE-2024-36471 security@apache.org |
| Apple–iOS and iPadOS |
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An attacker with physical access may be able to leak Mail account credentials. | 2024-06-10 | not yet calculated | CVE-2024-23251 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user authorization. | 2024-06-10 | not yet calculated | CVE-2024-23282 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode. | 2024-06-10 | not yet calculated | CVE-2024-27799 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing a maliciously crafted message may lead to a denial-of-service. | 2024-06-10 | not yet calculated | CVE-2024-27800 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges. | 2024-06-10 | not yet calculated | CVE-2024-27801 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | 2024-06-10 | not yet calculated | CVE-2024-27802 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data. | 2024-06-10 | not yet calculated | CVE-2024-27805 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
This issue was addressed with improved environment sanitization. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data. | 2024-06-10 | not yet calculated | CVE-2024-27806 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An app may be able to circumvent App Privacy Report logging. | 2024-06-10 | not yet calculated | CVE-2024-27807 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution. | 2024-06-10 | not yet calculated | CVE-2024-27808 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges. | 2024-06-10 | not yet calculated | CVE-2024-27811 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges. | 2024-06-10 | not yet calculated | CVE-2024-27815 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges. | 2024-06-10 | not yet calculated | CVE-2024-27817 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to access contacts from the lock screen. | 2024-06-10 | not yet calculated | CVE-2024-27819 product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution. | 2024-06-10 | not yet calculated | CVE-2024-27820 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
The issue was addressed with improved memory handling. This issue is fixed in visionOS 1.2, watchOS 10.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges. | 2024-06-10 | not yet calculated | CVE-2024-27828 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user. | 2024-06-10 | not yet calculated | CVE-2024-27830 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution. | 2024-06-10 | not yet calculated | CVE-2024-27831 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges. | 2024-06-10 | not yet calculated | CVE-2024-27832 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution. | 2024-06-10 | not yet calculated | CVE-2024-27833 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. Processing a maliciously crafted image may lead to arbitrary code execution. | 2024-06-10 | not yet calculated | CVE-2024-27836 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user. | 2024-06-10 | not yet calculated | CVE-2024-27838 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections. | 2024-06-10 | not yet calculated | CVE-2024-27840 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments. | 2024-06-10 | not yet calculated | CVE-2024-27845 product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. A malicious app may be able to gain root privileges. | 2024-06-10 | not yet calculated | CVE-2024-27848 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user. | 2024-06-10 | not yet calculated | CVE-2024-27850 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. | 2024-06-10 | not yet calculated | CVE-2024-27851 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A shortcut may be able to use sensitive data with certain actions without prompting the user. | 2024-06-10 | not yet calculated | CVE-2024-27855 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–iOS and iPadOS |
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. | 2024-06-10 | not yet calculated | CVE-2024-27857 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–macOS |
The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5. A website’s permission dialog may persist after navigation away from the site. | 2024-06-10 | not yet calculated | CVE-2024-27844 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–macOS |
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5. An app may be able to modify protected parts of the file system. | 2024-06-10 | not yet calculated | CVE-2024-27885 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–visionOS |
The issue was addressed with improvements to the file handling protocol. This issue is fixed in visionOS 1.2. Processing web content may lead to a denial-of-service. | 2024-06-10 | not yet calculated | CVE-2024-27812 product-security@apple.com product-security@apple.com product-security@apple.com |
| Apple–watchOS |
This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device may be able to view contact information from the lock screen. | 2024-06-10 | not yet calculated | CVE-2024-27814 product-security@apple.com product-security@apple.com |
| AVEVA–PI Asset Framework Client |
There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker. | 2024-06-12 | not yet calculated | CVE-2024-3467 ics-cert@hq.dhs.gov |
| AVEVA–PI Web API |
There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker. | 2024-06-12 | not yet calculated | CVE-2024-3468 ics-cert@hq.dhs.gov |
| Broadcom–Symantec SiteMinder |
A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser. | 2024-06-14 | not yet calculated | CVE-2024-36459 secure@symantec.com secure@symantec.com |
| Citrix–Citrix Hypervisor |
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive. | 2024-06-13 | not yet calculated | CVE-2024-5661 secure@citrix.com |
| Cybozu, Inc.–Cybozu Garoon |
Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition. | 2024-06-11 | not yet calculated | CVE-2024-31397 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| Cybozu, Inc.–Cybozu Garoon |
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users. | 2024-06-11 | not yet calculated | CVE-2024-31398 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| Cybozu, Inc.–Cybozu Garoon |
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition. | 2024-06-11 | not yet calculated | CVE-2024-31399 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| Cybozu, Inc.–Cybozu Garoon |
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail. | 2024-06-11 | not yet calculated | CVE-2024-31400 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| Cybozu, Inc.–Cybozu Garoon |
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product. | 2024-06-11 | not yet calculated | CVE-2024-31401 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| Cybozu, Inc.–Cybozu Garoon |
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos. | 2024-06-11 | not yet calculated | CVE-2024-31402 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| Cybozu, Inc.–Cybozu Garoon |
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo. | 2024-06-11 | not yet calculated | CVE-2024-31403 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| Cybozu, Inc.–Cybozu Garoon |
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler. | 2024-06-11 | not yet calculated | CVE-2024-31404 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| Deep Sea Electronics–DSE855 |
Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679. | 2024-06-13 | not yet calculated | CVE-2024-5947 zdi-disclosures@trendmicro.com |
| Deep Sea Electronics–DSE855 |
Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart boundaries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23170. | 2024-06-13 | not yet calculated | CVE-2024-5948 zdi-disclosures@trendmicro.com |
| Deep Sea Electronics–DSE855 |
Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart boundaries. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23171. | 2024-06-13 | not yet calculated | CVE-2024-5949 zdi-disclosures@trendmicro.com |
| Deep Sea Electronics–DSE855 |
Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart form variables. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23172. | 2024-06-13 | not yet calculated | CVE-2024-5950 zdi-disclosures@trendmicro.com |
| Deep Sea Electronics–DSE855 |
Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23173. | 2024-06-13 | not yet calculated | CVE-2024-5951 zdi-disclosures@trendmicro.com |
| Deep Sea Electronics–DSE855 |
Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23174. | 2024-06-13 | not yet calculated | CVE-2024-5952 zdi-disclosures@trendmicro.com |
| Dropbox–Dropbox Desktop |
Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shared folders. When syncing files from a shared folder belonging to an untrusted account, the Dropbox desktop application does not apply the Mark-of-the-Web to the local files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23991. | 2024-06-13 | not yet calculated | CVE-2024-5924 zdi-disclosures@trendmicro.com |
| ELECOM CO.,LTD.–WRC-X5400GS-B |
OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. | 2024-06-12 | not yet calculated | CVE-2024-36103 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| Fsas Technologies Inc.–IPCOM EX2 Series (V01L0x Series) |
Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series V01L07NF0201 and earlier. If this vulnerability is exploited, the system may be rebooted or suspended by receiving a specially crafted packet. | 2024-06-12 | not yet calculated | CVE-2024-36454 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| Google–Android |
In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-29778 dsap-vuln-management@google.com |
| Google–Android |
In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-29780 dsap-vuln-management@google.com |
| Google–Android |
In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-29781 dsap-vuln-management@google.com |
| Google–Android |
In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-29784 dsap-vuln-management@google.com |
| Google–Android |
In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-29785 dsap-vuln-management@google.com |
| Google–Android |
In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-29786 dsap-vuln-management@google.com |
| Google–Android |
In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-29787 dsap-vuln-management@google.com |
| Google–Android |
In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32891 dsap-vuln-management@google.com |
| Google–Android |
In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32892 dsap-vuln-management@google.com |
| Google–Android |
In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32893 dsap-vuln-management@google.com |
| Google–Android |
In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32894 dsap-vuln-management@google.com |
| Google–Android |
In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32895 dsap-vuln-management@google.com |
| Google–Android |
In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32897 dsap-vuln-management@google.com |
| Google–Android |
In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32898 dsap-vuln-management@google.com |
| Google–Android |
In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32899 dsap-vuln-management@google.com |
| Google–Android |
In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. This could lead to local escalation of privilege from hal_camera_default SELinux label with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32900 dsap-vuln-management@google.com |
| Google–Android |
In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32901 dsap-vuln-management@google.com |
| Google–Android |
Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet) | 2024-06-13 | not yet calculated | CVE-2024-32902 dsap-vuln-management@google.com |
| Google–Android |
In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32903 dsap-vuln-management@google.com |
| Google–Android |
In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32904 dsap-vuln-management@google.com |
| Google–Android |
In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32905 dsap-vuln-management@google.com |
| Google–Android |
In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32906 dsap-vuln-management@google.com |
| Google–Android |
In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32907 dsap-vuln-management@google.com |
| Google–Android |
In sec_media_protect of media.c, there is a possible permission bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32908 dsap-vuln-management@google.com |
| Google–Android |
In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32909 dsap-vuln-management@google.com |
| Google–Android |
In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32910 dsap-vuln-management@google.com |
| Google–Android |
There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32911 dsap-vuln-management@google.com |
| Google–Android |
there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the device with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32912 dsap-vuln-management@google.com |
| Google–Android |
In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32913 dsap-vuln-management@google.com |
| Google–Android |
In tpu_get_int_state of tpu.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32914 dsap-vuln-management@google.com |
| Google–Android |
In CellInfoListParserV2::FillCellInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32915 dsap-vuln-management@google.com |
| Google–Android |
In fvp_freq_histogram_init of fvp.c, there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32916 dsap-vuln-management@google.com |
| Google–Android |
In pl330_dma_from_peri_start() of fp_spi_dma.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32917 dsap-vuln-management@google.com |
| Google–Android |
Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key Exchange initialization steps | 2024-06-13 | not yet calculated | CVE-2024-32918 dsap-vuln-management@google.com |
| Google–Android |
In lwis_add_completion_fence of lwis_fence.c, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32919 dsap-vuln-management@google.com |
| Google–Android |
In set_secure_reg of sac_handler.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32920 dsap-vuln-management@google.com |
| Google–Android |
In lwis_initialize_transaction_fences of lwis_fence.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32921 dsap-vuln-management@google.com |
| Google–Android |
In gpu_pm_power_on_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32922 dsap-vuln-management@google.com |
| Google–Android |
there is a possible cellular denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32923 dsap-vuln-management@google.com |
| Google–Android |
In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32924 dsap-vuln-management@google.com |
| Google–Android |
In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32925 dsap-vuln-management@google.com |
| Google–Android |
there is a possible information disclosure due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32926 dsap-vuln-management@google.com |
| Google–Android |
In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32929 dsap-vuln-management@google.com |
| Google–Android |
In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-06-13 | not yet calculated | CVE-2024-32930 dsap-vuln-management@google.com |
| Google–Chrome |
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | 2024-06-11 | not yet calculated | CVE-2024-5830 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-06-11 | not yet calculated | CVE-2024-5831 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-06-11 | not yet calculated | CVE-2024-5832 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | 2024-06-11 | not yet calculated | CVE-2024-5833 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | 2024-06-11 | not yet calculated | CVE-2024-5834 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-06-11 | not yet calculated | CVE-2024-5835 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High) | 2024-06-11 | not yet calculated | CVE-2024-5836 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | 2024-06-11 | not yet calculated | CVE-2024-5837 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | 2024-06-11 | not yet calculated | CVE-2024-5838 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2024-06-11 | not yet calculated | CVE-2024-5839 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) | 2024-06-11 | not yet calculated | CVE-2024-5840 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2024-06-11 | not yet calculated | CVE-2024-5841 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | 2024-06-11 | not yet calculated | CVE-2024-5842 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium) | 2024-06-11 | not yet calculated | CVE-2024-5843 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | 2024-06-11 | not yet calculated | CVE-2024-5844 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | 2024-06-11 | not yet calculated | CVE-2024-5845 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | 2024-06-11 | not yet calculated | CVE-2024-5846 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | 2024-06-11 | not yet calculated | CVE-2024-5847 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Hewlett Packard Enterprise (HPE)–Cray System Management Software – PALS |
HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass. | 2024-06-13 | not yet calculated | CVE-2024-22441 security-alert@hpe.com |
| Hitachi Energy–FOX61x |
If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible | 2024-06-11 | not yet calculated | CVE-2024-2461 cybersecurity@hitachienergy.com |
| Hitachi Energy–FOXMAN-UN |
Allow attackers to intercept or falsify data exchanges between the client and the server | 2024-06-11 | not yet calculated | CVE-2024-2462 cybersecurity@hitachienergy.com |
| HP Inc.–HP Advance Mobile Application |
HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. | 2024-06-12 | not yet calculated | CVE-2024-2300 hp-security-alert@hp.com |
| HP Inc.–HP PC products |
Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities. | 2024-06-10 | not yet calculated | CVE-2022-37019 hp-security-alert@hp.com |
| HP Inc.–HP PC products |
Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities. | 2024-06-10 | not yet calculated | CVE-2022-37020 hp-security-alert@hp.com |
| Jan Syski–MegaBIP |
SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through 5.09. | 2024-06-12 | not yet calculated | CVE-2024-1576 cvd@cert.pl cvd@cert.pl cvd@cert.pl cvd@cert.pl |
| Jan Syski–MegaBIP |
Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects all versions of MegaBIP software. | 2024-06-12 | not yet calculated | CVE-2024-1577 cvd@cert.pl cvd@cert.pl cvd@cert.pl cvd@cert.pl |
| Jan Syski–MegaBIP |
Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10. | 2024-06-12 | not yet calculated | CVE-2024-1659 cvd@cert.pl cvd@cert.pl cvd@cert.pl cvd@cert.pl |
| Keisuke Nakayama–awkblog |
OS command injection vulnerability exists in awkblog v0.0.1 (commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552) and earlier. If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the machine running the product. | 2024-06-11 | not yet calculated | CVE-2024-36360 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. Billy Jheng Bing-Jhong reported a race between __unix_gc() and queue_oob(). __unix_gc() tries to garbage-collect close()d inflight sockets, and then if the socket has MSG_OOB in unix_sk(sk)->oob_skb, GC will drop the reference and set NULL to it locklessly. However, the peer socket still can send MSG_OOB message and queue_oob() can update unix_sk(sk)->oob_skb concurrently, leading NULL pointer dereference. [0] To fix the issue, let’s update unix_sk(sk)->oob_skb under the sk_receive_queue’s lock and take it everywhere we touch oob_skb. Note that we defer kfree_skb() in manage_oob() to silence lockdep false-positive (See [1]). [0]: BUG: kernel NULL pointer dereference, address: 0000000000000008 PF: supervisor write access in kernel mode PF: error_code(0x0002) – not-present page PGD 8000000009f5e067 P4D 8000000009f5e067 PUD 9f5d067 PMD 0 Oops: 0002 [#1] PREEMPT SMP PTI CPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc5-00191-gd091e579b864 #110 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 Workqueue: events delayed_fput RIP: 0010:skb_dequeue (./include/linux/skbuff.h:2386 ./include/linux/skbuff.h:2402 net/core/skbuff.c:3847) Code: 39 e3 74 3e 8b 43 10 48 89 ef 83 e8 01 89 43 10 49 8b 44 24 08 49 c7 44 24 08 00 00 00 00 49 8b 14 24 49 c7 04 24 00 00 00 00 <48> 89 42 08 48 89 10 e8 e7 c5 42 00 4c 89 e0 5b 5d 41 5c c3 cc cc RSP: 0018:ffffc900001bfd48 EFLAGS: 00000002 RAX: 0000000000000000 RBX: ffff8880088f5ae8 RCX: 00000000361289f9 RDX: 0000000000000000 RSI: 0000000000000206 RDI: ffff8880088f5b00 RBP: ffff8880088f5b00 R08: 0000000000080000 R09: 0000000000000001 R10: 0000000000000003 R11: 0000000000000001 R12: ffff8880056b6a00 R13: ffff8880088f5280 R14: 0000000000000001 R15: ffff8880088f5a80 FS: 0000000000000000(0000) GS:ffff88807dd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 0000000006314000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <TASK> unix_release_sock (net/unix/af_unix.c:654) unix_release (net/unix/af_unix.c:1050) __sock_release (net/socket.c:660) sock_close (net/socket.c:1423) __fput (fs/file_table.c:423) delayed_fput (fs/file_table.c:444 (discriminator 3)) process_one_work (kernel/workqueue.c:3259) worker_thread (kernel/workqueue.c:3329 kernel/workqueue.c:3416) kthread (kernel/kthread.c:388) ret_from_fork (arch/x86/kernel/process.c:153) ret_from_fork_asm (arch/x86/entry/entry_64.S:257) </TASK> Modules linked in: CR2: 0000000000000008 | 2024-06-10 | not yet calculated | CVE-2024-36972 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| mintplex-labs–mintplex-labs/anything-llm |
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the ‘anythingllm.db’ database file and other files stored in the ‘storage’ directory, such as internal communication keys and .env secrets. Exploitation of this vulnerability could lead to application compromise, denial of service (DoS) attacks, and unauthorized admin account takeover. The issue stems from improper validation of user-supplied input in the process of setting a custom logo for the app, which can be manipulated to achieve arbitrary file read, deletion, or overwrite, and to execute a DoS attack by deleting critical files required for the application’s operation. | 2024-06-12 | not yet calculated | CVE-2024-5211 security@huntr.dev security@huntr.dev |
| Motorola Solutions–Vigilant Fixed LPR Coms Box (BCAV1F2-C600) |
The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. | 2024-06-13 | not yet calculated | CVE-2024-38279 ics-cert@hq.dhs.gov |
| Motorola Solutions–Vigilant Fixed LPR Coms Box (BCAV1F2-C600) |
An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text. | 2024-06-13 | not yet calculated | CVE-2024-38280 ics-cert@hq.dhs.gov |
| Motorola Solutions–Vigilant Fixed LPR Coms Box (BCAV1F2-C600) |
An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device. | 2024-06-13 | not yet calculated | CVE-2024-38281 ics-cert@hq.dhs.gov |
| Motorola Solutions–Vigilant Fixed LPR Coms Box (BCAV1F2-C600) |
Utilizing default credentials, an attacker is able to log into the camera’s operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system. | 2024-06-13 | not yet calculated | CVE-2024-38282 ics-cert@hq.dhs.gov |
| Motorola Solutions–Vigilant Fixed LPR Coms Box (BCAV1F2-C600) |
Sensitive customer information is stored in the device without encryption. | 2024-06-13 | not yet calculated | CVE-2024-38283 ics-cert@hq.dhs.gov |
| Motorola Solutions–Vigilant Fixed LPR Coms Box (BCAV1F2-C600) |
Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls. | 2024-06-13 | not yet calculated | CVE-2024-38284 ics-cert@hq.dhs.gov |
| Motorola Solutions–Vigilant Fixed LPR Coms Box (BCAV1F2-C600) |
Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools. | 2024-06-13 | not yet calculated | CVE-2024-38285 ics-cert@hq.dhs.gov |
| Mozilla–Firefox |
If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the `Referer` and `Sec-*` headers, meaning there is the potential for incorrect security checks within the browser in addition to incorrect or misleading information sent to remote websites. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 127. | 2024-06-11 | not yet calculated | CVE-2024-5687 security@mozilla.org security@mozilla.org |
| Mozilla–Firefox |
If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | 2024-06-11 | not yet calculated | CVE-2024-5688 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| Mozilla–Firefox |
In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the ‘My Shots’ button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox < 127. | 2024-06-11 | not yet calculated | CVE-2024-5689 security@mozilla.org security@mozilla.org |
| Mozilla–Firefox |
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user’s system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | 2024-06-11 | not yet calculated | CVE-2024-5690 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| Mozilla–Firefox |
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | 2024-06-11 | not yet calculated | CVE-2024-5691 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| Mozilla–Firefox |
On Windows 10, when using the ‘Save As’ functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | 2024-06-11 | not yet calculated | CVE-2024-5692 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| Mozilla–Firefox |
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | 2024-06-11 | not yet calculated | CVE-2024-5693 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| Mozilla–Firefox |
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127. | 2024-06-11 | not yet calculated | CVE-2024-5694 security@mozilla.org security@mozilla.org |
| Mozilla–Firefox |
If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < 127. | 2024-06-11 | not yet calculated | CVE-2024-5695 security@mozilla.org security@mozilla.org |
| Mozilla–Firefox |
By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | 2024-06-11 | not yet calculated | CVE-2024-5696 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| Mozilla–Firefox |
A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127. | 2024-06-11 | not yet calculated | CVE-2024-5697 security@mozilla.org security@mozilla.org |
| Mozilla–Firefox |
By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127. | 2024-06-11 | not yet calculated | CVE-2024-5698 security@mozilla.org security@mozilla.org |
| Mozilla–Firefox |
In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized – by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127. | 2024-06-11 | not yet calculated | CVE-2024-5699 security@mozilla.org security@mozilla.org |
| Mozilla–Firefox |
Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | 2024-06-11 | not yet calculated | CVE-2024-5700 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| Mozilla–Firefox |
Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127. | 2024-06-11 | not yet calculated | CVE-2024-5701 security@mozilla.org security@mozilla.org |
| Mozilla–Firefox |
Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. | 2024-06-11 | not yet calculated | CVE-2024-5702 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| Mozilla–Firefox for iOS |
When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127. | 2024-06-13 | not yet calculated | CVE-2024-38312 security@mozilla.org security@mozilla.org |
| Mozilla–Firefox for iOS |
In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127. | 2024-06-13 | not yet calculated | CVE-2024-38313 security@mozilla.org security@mozilla.org |
| n/a–n/a |
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP. | 2024-06-10 | not yet calculated | CVE-2022-45168 cve@mitre.org |
| n/a–n/a |
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn’t properly check parameters, sent in HTTP requests as input, before saving them on the server. In addition, crafted JavaScript content can then be reflected back to the end user and executed by the web browser. | 2024-06-10 | not yet calculated | CVE-2022-45176 cve@mitre.org |
| n/a–n/a |
XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus – Omni CMS 2023.1 allow a remote, unauthenticated attacker to obtain application information. | 2024-06-13 | not yet calculated | CVE-2023-35858 cve@mitre.org |
| n/a–n/a |
A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus – Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters. | 2024-06-13 | not yet calculated | CVE-2023-35859 cve@mitre.org |
| n/a–n/a |
A Directory Traversal vulnerability in Modern Campus – Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php. | 2024-06-13 | not yet calculated | CVE-2023-35860 cve@mitre.org |
| n/a–n/a |
An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function. | 2024-06-12 | not yet calculated | CVE-2023-49559 cve@mitre.org |
| n/a–n/a |
NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging. | 2024-06-13 | not yet calculated | CVE-2023-52890 cve@mitre.org |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. | 2024-06-12 | not yet calculated | CVE-2024-22855 cve@mitre.org |
| n/a–n/a |
Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device’s movable parts to destinations that exceed the devices’ maximum coordinates via the printing of a malicious .gcode file. | 2024-06-12 | not yet calculated | CVE-2024-24051 cve@mitre.org |
| n/a–n/a |
Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function. | 2024-06-14 | not yet calculated | CVE-2024-24320 cve@mitre.org |
| n/a–n/a |
An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, user credentials remain in memory while the process is still open, and can be obtained by dumping the process memory and parsing it. | 2024-06-11 | not yet calculated | CVE-2024-26330 cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages components. | 2024-06-10 | not yet calculated | CVE-2024-26507 cve@mitre.org |
| n/a–n/a |
BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name=”head_code” or name=”foot_code.” | 2024-06-10 | not yet calculated | CVE-2024-31613 cve@mitre.org |
| n/a–n/a |
File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint. | 2024-06-13 | not yet calculated | CVE-2024-31777 cve@mitre.org |
| n/a–n/a |
Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function. | 2024-06-13 | not yet calculated | CVE-2024-33253 cve@mitre.org |
| n/a–n/a |
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack. | 2024-06-14 | not yet calculated | CVE-2024-33373 cve@mitre.org |
| n/a–n/a |
Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication. | 2024-06-14 | not yet calculated | CVE-2024-33374 cve@mitre.org |
| n/a–n/a |
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router’s firmware. | 2024-06-14 | not yet calculated | CVE-2024-33375 cve@mitre.org |
| n/a–n/a |
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web page. | 2024-06-14 | not yet calculated | CVE-2024-33377 cve@mitre.org |
| n/a–n/a |
Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting. | 2024-06-10 | not yet calculated | CVE-2024-33850 cve@mitre.org |
| n/a–n/a |
An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API. | 2024-06-10 | not yet calculated | CVE-2024-34332 cve@mitre.org |
| n/a–n/a |
Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app. | 2024-06-11 | not yet calculated | CVE-2024-34405 cve@mitre.org cve@mitre.org |
| n/a–n/a |
Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep link. | 2024-06-11 | not yet calculated | CVE-2024-34406 cve@mitre.org cve@mitre.org |
| n/a–n/a |
Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged actions. | 2024-06-14 | not yet calculated | CVE-2024-34539 cve@mitre.org |
| n/a–n/a |
A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free. | 2024-06-13 | not yet calculated | CVE-2024-35325 cve@mitre.org |
| n/a–n/a |
libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free. | 2024-06-13 | not yet calculated | CVE-2024-35326 cve@mitre.org |
| n/a–n/a |
libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c. | 2024-06-13 | not yet calculated | CVE-2024-35328 cve@mitre.org |
| n/a–n/a |
libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the yaml_document_initialize and yaml_document_delete functions. | 2024-06-11 | not yet calculated | CVE-2024-35329 cve@mitre.org cve@mitre.org |
| n/a–n/a |
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts. | 2024-06-12 | not yet calculated | CVE-2024-36523 cve@mitre.org |
| n/a–n/a |
nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php. | 2024-06-10 | not yet calculated | CVE-2024-36528 cve@mitre.org |
| n/a–n/a |
nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component. | 2024-06-10 | not yet calculated | CVE-2024-36531 cve@mitre.org |
| n/a–n/a |
An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary. | 2024-06-13 | not yet calculated | CVE-2024-36586 cve@mitre.org |
| n/a–n/a |
Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy. | 2024-06-13 | not yet calculated | CVE-2024-36587 cve@mitre.org |
| n/a–n/a |
An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP request. | 2024-06-13 | not yet calculated | CVE-2024-36588 cve@mitre.org |
| n/a–n/a |
An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4 to ba9fd and DecentralizeJustice/anonBackend commit 57837 to cd815 was discovered to store credentials in plaintext. | 2024-06-13 | not yet calculated | CVE-2024-36589 cve@mitre.org |
| n/a–n/a |
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php. | 2024-06-14 | not yet calculated | CVE-2024-36597 cve@mitre.org |
| n/a–n/a |
An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file. | 2024-06-14 | not yet calculated | CVE-2024-36598 cve@mitre.org |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php. | 2024-06-14 | not yet calculated | CVE-2024-36599 cve@mitre.org |
| n/a–n/a |
Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. | 2024-06-14 | not yet calculated | CVE-2024-36600 cve@mitre.org |
| n/a–n/a |
A stored cross-site scripting (XSS) vulnerability in Church CRM v5.8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Family Name parameter under the Register a New Family page. | 2024-06-13 | not yet calculated | CVE-2024-36647 cve@mitre.org |
| n/a–n/a |
TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is not checked. This can lead to a buffer overflow, allowing attackers to construct malicious HTTP or MQTT requests to cause a denial-of-service attack. | 2024-06-11 | not yet calculated | CVE-2024-36650 cve@mitre.org |
| n/a–n/a |
In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting (XSS) attack. | 2024-06-14 | not yet calculated | CVE-2024-36656 cve@mitre.org |
| n/a–n/a |
Insecure permissions in the AdminController.AjaxSave() method of PPGo_Jobs v2.8.0 allows authenticated attackers to arbitrarily modify users’ account information. | 2024-06-12 | not yet calculated | CVE-2024-36691 cve@mitre.org |
| n/a–n/a |
libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c. | 2024-06-11 | not yet calculated | CVE-2024-36702 cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
A stack overflow vulnerability was found in version 1.18.0 of rhai. The flaw position is: (/ SRC/rhai/SRC/eval/STMT. Rs in rhai: : eval: : STMT: : _ $LT $impl $u20 $rhai.. engine.. Engine$GT$::eval_stmt::h3f1d68ce37fc6e96). Due to the stack overflow is a recursive call/SRC/rhai/SRC/eval/STMT. Rs file eval_stmt_block function. | 2024-06-13 | not yet calculated | CVE-2024-36760 cve@mitre.org |
| n/a–n/a |
naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs. | 2024-06-12 | not yet calculated | CVE-2024-36761 cve@mitre.org cve@mitre.org |
| n/a–n/a |
Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root via a directory traversal. | 2024-06-11 | not yet calculated | CVE-2024-36821 cve@mitre.org cve@mitre.org |
| n/a–n/a |
SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php. | 2024-06-12 | not yet calculated | CVE-2024-36840 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Service (daemon crash) via a certain sequence of five TCP packets. | 2024-06-12 | not yet calculated | CVE-2024-36856 cve@mitre.org cve@mitre.org |
| n/a–n/a |
SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View Function. | 2024-06-12 | not yet calculated | CVE-2024-37629 cve@mitre.org cve@mitre.org |
| n/a–n/a |
D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root. | 2024-06-13 | not yet calculated | CVE-2024-37630 cve@mitre.org |
| n/a–n/a |
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule. | 2024-06-13 | not yet calculated | CVE-2024-37631 cve@mitre.org |
| n/a–n/a |
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth . | 2024-06-13 | not yet calculated | CVE-2024-37632 cve@mitre.org |
| n/a–n/a |
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg | 2024-06-13 | not yet calculated | CVE-2024-37633 cve@mitre.org |
| n/a–n/a |
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg. | 2024-06-13 | not yet calculated | CVE-2024-37634 cve@mitre.org |
| n/a–n/a |
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg | 2024-06-13 | not yet calculated | CVE-2024-37635 cve@mitre.org |
| n/a–n/a |
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg. | 2024-06-14 | not yet calculated | CVE-2024-37637 cve@mitre.org |
| n/a–n/a |
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules. | 2024-06-14 | not yet calculated | CVE-2024-37639 cve@mitre.org |
| n/a–n/a |
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg. | 2024-06-14 | not yet calculated | CVE-2024-37640 cve@mitre.org |
| n/a–n/a |
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule | 2024-06-14 | not yet calculated | CVE-2024-37641 cve@mitre.org |
| n/a–n/a |
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck . | 2024-06-14 | not yet calculated | CVE-2024-37642 cve@mitre.org |
| n/a–n/a |
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth . | 2024-06-14 | not yet calculated | CVE-2024-37643 cve@mitre.org |
| n/a–n/a |
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | 2024-06-14 | not yet calculated | CVE-2024-37644 cve@mitre.org |
| n/a–n/a |
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog . | 2024-06-14 | not yet calculated | CVE-2024-37645 cve@mitre.org |
| n/a–n/a |
An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request. | 2024-06-12 | not yet calculated | CVE-2024-37665 cve@mitre.org cve@mitre.org |
| n/a–n/a |
Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter. | 2024-06-14 | not yet calculated | CVE-2024-37831 cve@mitre.org |
| n/a–n/a |
A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter. | 2024-06-13 | not yet calculated | CVE-2024-37849 cve@mitre.org |
| n/a–n/a |
UERANSIM before 3.2.6 allows out-of-bounds read when a RLS packet is sent to gNodeB with malformed PDU length. This occurs in function readOctetString in src/utils/octet_view.cpp and in function DecodeRlsMessage in src/lib/rls/rls_pdu.cpp | 2024-06-13 | not yet calculated | CVE-2024-37877 cve@mitre.org |
| n/a–n/a |
Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php” PHP directly echoes parameters input from external sources | 2024-06-12 | not yet calculated | CVE-2024-37878 cve@mitre.org |
| n/a–n/a |
ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php. | 2024-06-13 | not yet calculated | CVE-2024-38293 cve@mitre.org cve@mitre.org |
| n/a–n/a |
ALCASAR before 3.6.1 allows email_registration_back.php remote code execution. | 2024-06-13 | not yet calculated | CVE-2024-38294 cve@mitre.org cve@mitre.org |
| n/a–n/a |
ALCASAR before 3.6.1 allows still_connected.php remote code execution. | 2024-06-13 | not yet calculated | CVE-2024-38295 cve@mitre.org cve@mitre.org |
| Palo Alto Networks–Cortex XDR Agent |
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability. | 2024-06-12 | not yet calculated | CVE-2024-5905 psirt@paloaltonetworks.com |
| Palo Alto Networks–Cortex XDR Agent |
A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit. | 2024-06-12 | not yet calculated | CVE-2024-5907 psirt@paloaltonetworks.com |
| Palo Alto Networks–Cortex XDR Agent |
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. | 2024-06-12 | not yet calculated | CVE-2024-5909 psirt@paloaltonetworks.com |
| Palo Alto Networks–GlobalProtect App |
A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs. | 2024-06-12 | not yet calculated | CVE-2024-5908 psirt@paloaltonetworks.com |
| Palo Alto Networks–Prisma Cloud Compute |
A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user’s browser when accessed by that other user. | 2024-06-12 | not yet calculated | CVE-2024-5906 psirt@paloaltonetworks.com |
| Pandora FMS–Pandora FMS |
System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777. | 2024-06-10 | not yet calculated | CVE-2024-35304 security@pandorafms.com |
| Pandora FMS–Pandora FMS |
Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777. | 2024-06-10 | not yet calculated | CVE-2024-35305 security@pandorafms.com |
| Pandora FMS–Pandora FMS |
OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777. | 2024-06-10 | not yet calculated | CVE-2024-35306 security@pandorafms.com |
| Pandora FMS–Pandora FMS |
Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777. | 2024-06-10 | not yet calculated | CVE-2024-35307 security@pandorafms.com |
| parisneo–parisneo/lollms |
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash “), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited through various routes, including `personalities` and `/del_preset`, to read or delete any file on the Windows filesystem, compromising the system’s availability. | 2024-06-12 | not yet calculated | CVE-2024-4315 security@huntr.dev security@huntr.dev |
| parisneo–parisneo/lollms-webui |
A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function. | 2024-06-10 | not yet calculated | CVE-2024-4403 security@huntr.dev |
| Rockwell Automation–ControlLogix 5580 |
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised. | 2024-06-14 | not yet calculated | CVE-2024-5659 PSIRT@rockwellautomation.com |
| Rockwell Automation–FactoryTalk View SE |
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification. | 2024-06-14 | not yet calculated | CVE-2024-37367 PSIRT@rockwellautomation.com |
| Rockwell Automation–FactoryTalk View SE |
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification. | 2024-06-14 | not yet calculated | CVE-2024-37368 PSIRT@rockwellautomation.com |
| Rockwell Automation–FactoryTalk View SE |
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. | 2024-06-14 | not yet calculated | CVE-2024-37369 PSIRT@rockwellautomation.com |
| snipe–snipe-it |
Users with “User:edit” and “Self:api” permissions can promote or demote themselves or other users by performing changes to the group’s memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1. | 2024-06-14 | not yet calculated | CVE-2024-5685 596c5446-0ce5-4ba2-aa66-48b3b757a647 596c5446-0ce5-4ba2-aa66-48b3b757a647 596c5446-0ce5-4ba2-aa66-48b3b757a647 |
| Tibco–EBX |
The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information. | 2024-06-13 | not yet calculated | CVE-2024-4576 security@tibco.com |
| Trol InterMedia Sp. z o.o. Sp. k.–2ClickPortal |
Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user’s browser. This issue affects 2ClickPortal software versions from 7.2.31 through 7.6.4. | 2024-06-14 | not yet calculated | CVE-2024-5961 cvd@cert.pl cvd@cert.pl cvd@cert.pl |
| Unknown–Alemha watermarker |
The Alemha watermarker WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-06-14 | not yet calculated | CVE-2024-3754 contact@wpscan.com |
| Unknown–Amen |
The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-06-14 | not yet calculated | CVE-2024-3992 contact@wpscan.com |
| Unknown–ARForms – Premium WordPress Form Builder Plugin |
The ARForms – Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions. | 2024-06-12 | not yet calculated | CVE-2024-0427 contact@wpscan.com |
| Unknown–AZAN Plugin |
The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | 2024-06-14 | not yet calculated | CVE-2024-3993 contact@wpscan.com |
| Unknown–events-calendar-pro |
The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn’t have access to. (e.g. password-protected events, drafts, etc.) | 2024-06-14 | not yet calculated | CVE-2024-1295 contact@wpscan.com |
| Unknown–Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button |
The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-06-13 | not yet calculated | CVE-2024-4149 contact@wpscan.com |
| Unknown–FooGallery |
The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin | 2024-06-13 | not yet calculated | CVE-2024-2762 contact@wpscan.com |
| Unknown–Inquiry cart |
The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | 2024-06-14 | not yet calculated | CVE-2024-5155 contact@wpscan.com |
| Unknown–LuckyWP Table of Contents |
The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-06-14 | not yet calculated | CVE-2024-2218 contact@wpscan.com |
| Unknown–Pray For Me |
The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2024-06-14 | not yet calculated | CVE-2024-3965 contact@wpscan.com |
| Unknown–Pray For Me |
The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin | 2024-06-14 | not yet calculated | CVE-2024-3966 contact@wpscan.com |
| Unknown–Search & Replace |
The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network). | 2024-06-13 | not yet calculated | CVE-2024-4145 contact@wpscan.com |
| Unknown–Similarity |
The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack | 2024-06-14 | not yet calculated | CVE-2024-3971 contact@wpscan.com |
| Unknown–Similarity |
The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | 2024-06-14 | not yet calculated | CVE-2024-3972 contact@wpscan.com |
| Unknown–Social Pixel |
The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-06-14 | not yet calculated | CVE-2024-4005 contact@wpscan.com |
| Unknown–Social Sharing Plugin |
The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-06-12 | not yet calculated | CVE-2024-4924 contact@wpscan.com |
| Unknown–SVGator |
The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. | 2024-06-14 | not yet calculated | CVE-2024-4271 contact@wpscan.com |
| Unknown–SVGMagic |
The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. | 2024-06-14 | not yet calculated | CVE-2024-4270 contact@wpscan.com |
| Unknown–Themify Builder |
Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue | 2024-06-13 | not yet calculated | CVE-2024-3032 contact@wpscan.com |
| Unknown–Web Directory Free |
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. | 2024-06-13 | not yet calculated | CVE-2024-3552 contact@wpscan.com |
| Unknown–WordPress Jitsi Shortcode |
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-06-14 | not yet calculated | CVE-2024-3977 contact@wpscan.com |
| Unknown–WordPress Jitsi Shortcode |
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2024-06-14 | not yet calculated | CVE-2024-3978 contact@wpscan.com |
| Unknown–WP Prayer II |
The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2024-06-14 | not yet calculated | CVE-2024-4480 contact@wpscan.com |
| Unknown–WP Prayer II |
The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2024-06-14 | not yet calculated | CVE-2024-4751 contact@wpscan.com |
| Veeam–Recovery Orchestrator |
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator | 2024-06-11 | not yet calculated | CVE-2024-29855 support@hackerone.com |