Vulnerability Summary for the Week of October 14, 2024

Posted by:

|

On:

|

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source Info Patch Info
Acespritech Solutions Pvt. Ltd.–Social Link Groups
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Acespritech Solutions Pvt. Ltd. Social Link Groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through 1.1.0. 2024-10-20 8.5 CVE-2024-49619 audit@patchstack.com
 
acm309–PutongOJ
 
PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually. 2024-10-17 9.1 CVE-2024-48920 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
acronis — cyber_files
 
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0×24. 2024-10-17 7.8 CVE-2024-49389 security@acronis.com
 
acronis — cyber_files
 
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0×24. 2024-10-17 7.3 CVE-2024-49390 security@acronis.com
 
acronis — cyber_files
 
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0×24. 2024-10-17 7.3 CVE-2024-49391 security@acronis.com
 
acronis — cyber_protect
 
Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. 2024-10-15 9.1 CVE-2024-49388 security@acronis.com
 
acronis — cyber_protect
 
Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. 2024-10-15 7.5 CVE-2024-49387 security@acronis.com
 
Agustin Berasategui–AB Categories Search Widget
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Agustin Berasategui AB Categories Search Widget allows Reflected XSS.This issue affects AB Categories Search Widget: from n/a through 0.2.5. 2024-10-18 7.1 CVE-2024-49240 audit@patchstack.com
 
Ahime–Ahime Image Printer
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Ahime Ahime Image Printer.This issue affects Ahime Image Printer: from n/a through 1.0.0. 2024-10-16 7.5 CVE-2024-49245 audit@patchstack.com
 
Ahmet Imamoglu–Ahmeti Wp Timeline
 
Cross-Site Request Forgery (CSRF) vulnerability in Ahmet Imamoglu Ahmeti Wp Timeline allows Stored XSS.This issue affects Ahmeti Wp Timeline: from n/a through 5.1. 2024-10-17 7.1 CVE-2024-49237 audit@patchstack.com
 
Al Imran Akash–Recently
 
Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object Injection.This issue affects Recently: from n/a through 1.1. 2024-10-16 9.8 CVE-2024-49218 audit@patchstack.com
 
anand23–Ajax Rating with Custom Login
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in anand23 Ajax Rating with Custom Login allows SQL Injection.This issue affects Ajax Rating with Custom Login: from n/a through 1.1. 2024-10-17 9.3 CVE-2024-49246 audit@patchstack.com
 
andrewmrobbins–ShopWP
 
The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating the plugin’s settings and injecting malicious scripts. 2024-10-16 7.2 CVE-2019-25214 security@wordfence.com
security@wordfence.com
 
Apa–Apa Banner Slider
 
Cross-Site Request Forgery (CSRF) vulnerability in Apa Apa Banner Slider allows SQL Injection.This issue affects Apa Banner Slider: from n/a through 1.0.0. 2024-10-20 8.2 CVE-2024-49622 audit@patchstack.com
 
Apa–APA Register Newsletter Form
 
Cross-Site Request Forgery (CSRF) vulnerability in Apa APA Register Newsletter Form allows SQL Injection.This issue affects APA Register Newsletter Form: from n/a through 1.0.0. 2024-10-20 8.2 CVE-2024-49621 audit@patchstack.com
 
apache — activemq_artemis
 
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE. Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue. 2024-10-14 8.8 CVE-2023-50780 security@apache.org
 
apache — cloudstack
 
Users logged into the Apache CloudStack’s web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account takeover, disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1 Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. 2024-10-16 8.8 CVE-2024-45693 security@apache.org
security@apache.org
security@apache.org
 
apache — cloudstack
 
The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user’s browser can use an unexpired session to gain access to resources owned by the logged out user account. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. 2024-10-16 7.1 CVE-2024-45462 security@apache.org
security@apache.org
security@apache.org
 
Apache Software Foundation–Apache CloudStack
 
Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1, an attacker that can upload or register templates and volumes, can use them to deploy malicious instances or attach uploaded volumes to their existing instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Additionally, all user-uploaded or registered KVM-compatible templates and volumes can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run this on their secondary storage(s) and inspect output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. for file in $(find /path/to/storage/ -type f -regex [a-f0-9-]*.*); do echo “Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully.”; qemu-img info -U $file | grep file: ; printf “nn”; done The command can also be run for the file-based primary storages; however, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives. For checking the whole template/volume features of each disk, operators can run the following command: for file in $(find /path/to/storage/ -type f -regex [a-f0-9-]*.*); do echo “Retrieving file [$file] info.”; qemu-img info -U $file; printf “nn”; done 2024-10-16 8.5 CVE-2024-45219 security@apache.org
security@apache.org
security@apache.org
 
Apache Software Foundation–Apache Solr
 
Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing. This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0. Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue. 2024-10-16 9.8 CVE-2024-45216 security@apache.org
 
Apache Software Foundation–Apache Solr
 
Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the “trusted” metadata. ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to “trusted” ConfigSets that may not have been created with an Authenticated request. “trusted” ConfigSets are able to load custom code into classloaders, therefore the flag is supposed to only be set when the request that uploads the ConfigSet is Authenticated & Authorized. This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before 9.7.0. This issue does not affect Solr instances that are secured via Authentication/Authorization. Users are primarily recommended to use Authentication and Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate this issue otherwise. 2024-10-16 8.1 CVE-2024-45217 security@apache.org
 
Arif Nezami–Better Author Bio
 
Cross-Site Request Forgery (CSRF) vulnerability in Arif Nezami Better Author Bio allows Cross-Site Scripting (XSS).This issue affects Better Author Bio: from n/a through 2.7.10.11. 2024-10-17 7.1 CVE-2024-49229 audit@patchstack.com
 
arisoft–ARI Adminer WordPress Database Manager
 
The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions such as accessing a site’s database and making changes. 2024-10-16 7.3 CVE-2019-25215 security@wordfence.com
security@wordfence.com
 
arraytics–WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin
 
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to reset the emails and passwords of arbitrary user accounts, including administrators, which makes account takeover and privilege escalation possible. 2024-10-17 9.8 CVE-2024-9263 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Asep Bagja Priandana–Woostagram Connect
 
Unrestricted Upload of File with Dangerous Type vulnerability in Asep Bagja Priandana Woostagram Connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through 1.0.2. 2024-10-20 10 CVE-2024-49327 audit@patchstack.com
 
Autodesk–Revit
 
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. 2024-10-16 7.8 CVE-2024-7993 psirt@autodesk.com
 
Autodesk–Revit
 
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. 2024-10-16 7.8 CVE-2024-7994 psirt@autodesk.com
 
Avchat.net–AVChat Video Chat
 
Cross-Site Request Forgery (CSRF) vulnerability in Avchat.Net AVChat Video Chat allows Stored XSS.This issue affects AVChat Video Chat: from n/a through 2.2. 2024-10-20 7.1 CVE-2024-49605 audit@patchstack.com
 
bc2018–WordPress Landing Page Squeeze Page Responsive Landing Page Builder Free WP Lead Plus X
 
The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions, such as adding pages to the site and/or replacing site content with malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-10-16 8.3 CVE-2020-36839 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Bhaskar Dhote–Back Link Tracker
 
Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Back Link Tracker allows Blind SQL Injection.This issue affects Back Link Tracker: from n/a through 1.0.0. 2024-10-20 8.2 CVE-2024-49617 audit@patchstack.com
 
Boyan Raichev–IP Loc8
 
Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 allows Object Injection.This issue affects IP Loc8: from n/a through 1.1. 2024-10-16 9.8 CVE-2024-48028 audit@patchstack.com
 
Brandon Clark–SiteBuilder Dynamic Components
 
Deserialization of Untrusted Data vulnerability in Brandon Clark SiteBuilder Dynamic Components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through 1.0. 2024-10-20 9.8 CVE-2024-49625 audit@patchstack.com
 
Brandon White–Author Discussion
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Brandon White Author Discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through 0.2.2. 2024-10-20 8.5 CVE-2024-49609 audit@patchstack.com
 
brx8r–Nice Backgrounds
 
Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through 1.0. 2024-10-20 10 CVE-2024-49330 audit@patchstack.com
 
ChanGate–Property Management System
 
Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. 2024-10-15 9.8 CVE-2024-9972 twcert@cert.org.tw
twcert@cert.org.tw
 
chertz–WP Easy Post Types
 
The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the ‘text’ parameter in the ‘ajax_import_content’ function. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-10-18 8.8 CVE-2024-10079 security@wordfence.com
security@wordfence.com
 
chertz–WP Easy Post Types
 
The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts. 2024-10-18 7.3 CVE-2024-10078 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Cisco–Cisco Analog Telephone Adaptor (ATA) Software
 
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication on specific HTTP endpoints. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view or delete the configuration or change the firmware. 2024-10-16 8.2 CVE-2024-20458 ykramarz@cisco.com
 
Cisco–Cisco Analog Telephone Adaptor (ATA) Software
 
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. 2024-10-16 7.1 CVE-2024-20421 ykramarz@cisco.com
 
cmssoft–CSV Product Import Export for WooCommerce
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in cmssoft CSV Product Import Export for WooCommerce allows SQL Injection.This issue affects CSV Product Import Export for WooCommerce: from n/a through 1.0.0. 2024-10-17 8.5 CVE-2024-49244 audit@patchstack.com
 
code-projects — pharmacy_management_system
 
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_customer.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-15 9.8 CVE-2024-9976 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Blood Bank Management System
 
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file member_register.php. The manipulation of the argument fullname/username/password/email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “password” to be affected. But it must be assumed that other parameters are affected as well. 2024-10-15 7.3 CVE-2024-9986 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
CodeFlock–FREE DOWNLOAD MANAGER
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in CodeFlock FREE DOWNLOAD MANAGER allows Path Traversal.This issue affects FREE DOWNLOAD MANAGER: from n/a through 1.0.0. 2024-10-17 8.6 CVE-2024-49315 audit@patchstack.com
 
CodePassenger–Job Board Manager for WordPress
 
Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0. 2024-10-17 9.8 CVE-2024-49322 audit@patchstack.com
 
Codezips–Sales Management System
 
A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file deletecustcom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-20 7.3 CVE-2024-10165 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Codezips–Sales Management System
 
A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file checkuser.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-20 7.3 CVE-2024-10166 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Codezips–Sales Management System
 
A vulnerability classified as critical has been found in Codezips Sales Management System 1.0. This affects an unknown part of the file deletecustind.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-20 7.3 CVE-2024-10167 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Cookie Scanner Nikel Schubert–Cookie Scanner
 
Cross-Site Request Forgery (CSRF) vulnerability in Cookie Scanner – Nikel Schubert Cookie Scanner allows Stored XSS.This issue affects Cookie Scanner: from n/a through 1.1. 2024-10-17 7.1 CVE-2024-49220 audit@patchstack.com
 
cyberlord92–Miniorange OTP Verification with Firebase
 
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and the user current password check is missing. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. 2024-10-17 9.8 CVE-2024-9862 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
cyberlord92–Miniorange OTP Verification with Firebase
 
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure ‘administrator’ default value for the ‘default_user_role’ option. This makes it possible for unauthenticated attackers to register an administrator user even if the registration form is disabled. 2024-10-17 9.8 CVE-2024-9863 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
cyberlord92–Miniorange OTP Verification with Firebase
 
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the phone number associated with that user. 2024-10-17 8.1 CVE-2024-9861 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Dan Alexander–SermonAudio Widgets
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3. 2024-10-20 8.5 CVE-2024-49614 audit@patchstack.com
 
Dassault Systmes–3DSwymer
 
An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an authenticated attacker to access some unauthorized data. 2024-10-16 7.7 CVE-2024-8040 3DS.Information-Security@3ds.com
 
Dassault Systmes–ENOVIA Collaborative Industry Innovator
 
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user’s browser session. 2024-10-16 8.7 CVE-2024-6380 3DS.Information-Security@3ds.com
 
Dell–Dell OpenManage Enterprise
 
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code (‘Code Injection’) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. 2024-10-17 8 CVE-2024-45766 security_alert@emc.com
 
Denis–Azz Anonim Posting
 
Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9. 2024-10-16 10 CVE-2024-49257 audit@patchstack.com
 
Dennis Hoppe–Encyclopedia / Glossary / Wiki
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Dennis Hoppe Encyclopedia / Glossary / Wiki allows Reflected XSS.This issue affects Encyclopedia / Glossary / Wiki: from n/a through 1.7.60. 2024-10-17 7.1 CVE-2024-49320 audit@patchstack.com
 
didi–DDMQ
 
A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-20 7.3 CVE-2024-10173 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Dotsquares–Google Map Locations
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Dotsquares Google Map Locations allows Reflected XSS.This issue affects Google Map Locations: from n/a through 1.0. 2024-10-20 7.1 CVE-2024-49606 audit@patchstack.com
 
dueclic — wp_2fa_with_telegram
 
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the ‘validate_tg’ action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. 2024-10-15 8.8 CVE-2024-9687 security@wordfence.com
security@wordfence.com
 
dueclic — wp_2fa_with_telegram
 
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication. 2024-10-15 7.5 CVE-2024-9820 security@wordfence.com
security@wordfence.com
 
easy.jobs–EasyJobs
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in easy.Jobs EasyJobs allows Reflected XSS.This issue affects EasyJobs: from n/a through 2.4.14. 2024-10-17 7.1 CVE-2024-43997 audit@patchstack.com
 
edo888–Translate WordPress Google Language Translator
 
The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Specifically affects users with older browsers that lack proper URL encoding support. 2024-10-16 7.1 CVE-2021-4452 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Edush Maxim–GoogleDrive folder list
 
Cross-Site Request Forgery (CSRF) vulnerability in Edush Maxim GoogleDrive folder list allows Stored XSS.This issue affects GoogleDrive folder list: from n/a through 2.2.2. 2024-10-20 7.1 CVE-2024-49335 audit@patchstack.com
 
emrevona–WP Fastest Cache
 
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server. 2024-10-16 8.8 CVE-2020-36836 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
ESi Technology–AIM LINE Marketing Platform
 
AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content. 2024-10-15 9.8 CVE-2024-9982 twcert@cert.org.tw
twcert@cert.org.tw
 
F5–BIG-IP
 
BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2024-10-16 7.2 CVE-2024-45844 f5sirt@f5.com
 
facebook–Facebook Chat Plugin Live Chat Plugin for WordPress
 
The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites. 2024-10-16 7.4 CVE-2020-36838 security@wordfence.com
security@wordfence.com
 
Fahad Mahmood–Endless Posts Navigation
 
Cross-Site Request Forgery (CSRF) vulnerability in Fahad Mahmood Endless Posts Navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through 2.2.7. 2024-10-20 7.1 CVE-2024-49629 audit@patchstack.com
 
Fahad Mahmood–Keep Backup Daily
 
: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Daily: from n/a through 2.0.7. 2024-10-17 7.5 CVE-2024-48024 audit@patchstack.com
 
filemanagerpro — file_manager
 
The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the ‘mk_file_folder_manager’ ajax action. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-10-16 8.8 CVE-2024-8507 security@wordfence.com
security@wordfence.com
 
filemanagerpro — file_manager
 
The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the ‘mk_file_folder_manager_shortcode’ ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if granted access to the File Manager by an administrator, to download and upload arbitrary backup files on the affected site’s server which may make remote code execution possible. 2024-10-16 8.8 CVE-2024-8746 security@wordfence.com
security@wordfence.com
 
Fliperrr Team–Creates 3D Flipbook, PDF Flipbook
 
Unrestricted Upload of File with Dangerous Type vulnerability in Fliperrr Team Creates 3D Flipbook, PDF Flipbook allows Upload a Web Shell to a Web Server.This issue affects Creates 3D Flipbook, PDF Flipbook: from n/a through 1.2. 2024-10-16 9.9 CVE-2024-48034 audit@patchstack.com
 
formosasoft — ee-class
 
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents. 2024-10-15 8.8 CVE-2024-9980 twcert@cert.org.tw
twcert@cert.org.tw
 
formosasoft — ee-class
 
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. 2024-10-15 8.8 CVE-2024-9981 twcert@cert.org.tw
twcert@cert.org.tw
 
Gabriele Valenti–Telecash Ricaricaweb
 
Deserialization of Untrusted Data vulnerability in Gabriele Valenti Telecash Ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through 2.2. 2024-10-16 9.8 CVE-2024-48030 audit@patchstack.com
 
Gerry Ntabuhashe–GERRYWORKS Post by Mail
 
: Incorrect Privilege Assignment vulnerability in Gerry Ntabuhashe GERRYWORKS Post by Mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through 1.0. 2024-10-20 8.8 CVE-2024-49608 audit@patchstack.com
 
Giveaway Boost–Giveaway Boost
 
Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4. 2024-10-20 9.8 CVE-2024-49332 audit@patchstack.com
 
google — chrome
 
Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-10-15 8.8 CVE-2024-9954 chrome-cve-admin@google.com
chrome-cve-admin@google.com
 
google — chrome
 
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) 2024-10-15 8.8 CVE-2024-9965 chrome-cve-admin@google.com
chrome-cve-admin@google.com
 
Google Cloud–Migrate to Containers
 
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local “m2cuser” was greated with administrator privileges. This posed a security risk if the “analyze” or “generate” commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond 2024-10-16 7.8 CVE-2024-9858 cve-coordination@google.com
 
Google–Chrome
 
Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2024-10-15 8.8 CVE-2024-9955 chrome-cve-admin@google.com
chrome-cve-admin@google.com
 
Google–Chrome
 
Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2024-10-15 8.8 CVE-2024-9957 chrome-cve-admin@google.com
chrome-cve-admin@google.com
 
Google–Chrome
 
Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) 2024-10-15 8.8 CVE-2024-9959 chrome-cve-admin@google.com
chrome-cve-admin@google.com
 
Google–Chrome
 
Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2024-10-15 8.8 CVE-2024-9960 chrome-cve-admin@google.com
chrome-cve-admin@google.com
 
Google–Chrome
 
Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2024-10-15 8.8 CVE-2024-9961 chrome-cve-admin@google.com
chrome-cve-admin@google.com
 
Google–Chrome
 
Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) 2024-10-15 7.8 CVE-2024-9956 chrome-cve-admin@google.com
chrome-cve-admin@google.com
 
Gora Tech LLC–Cooked Pro
 
Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0. 2024-10-17 10 CVE-2024-49291 audit@patchstack.com
 
Grafana–Grafana
 
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana’s $PATH for this attack to function; by default, this binary is not installed in Grafana distributions. 2024-10-18 9.9 CVE-2024-9264 security@grafana.com
 
Grayson Robbins–Disc Golf Manager
 
Deserialization of Untrusted Data vulnerability in Grayson Robbins Disc Golf Manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through 1.0.0. 2024-10-16 9.8 CVE-2024-48026 audit@patchstack.com
 
Hasan Movahed–Duplicate Title Validate
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Hasan Movahed Duplicate Title Validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through 1.0. 2024-10-20 8.5 CVE-2024-49623 audit@patchstack.com
 
helmholz — myrex24_v2_virtual_server
 
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost. 2024-10-15 7.5 CVE-2024-45272 info@cert.vde.com
info@cert.vde.com
 
Henrique Rodrigues–SafetyForms
 
Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms allows Blind SQL Injection.This issue affects SafetyForms: from n/a through 1.0.0. 2024-10-20 8.2 CVE-2024-49615 audit@patchstack.com
 
Hgiga–OAKlouds
 
The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently . 2024-10-14 9.8 CVE-2024-9924 twcert@cert.org.tw
twcert@cert.org.tw
 
HMS Networks–EWON FLEXY 202
 
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials. 2024-10-17 8.2 CVE-2024-7755 ics-cert@hq.dhs.gov
 
HP Inc.–Certain HP DesignJet products
 
Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials. 2024-10-15 7.5 CVE-2024-5749 hp-security-alert@hp.com
 
Hung Trang Si–SB Random Posts Widget
 
: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Hung Trang Si SB Random Posts Widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through 1.0. 2024-10-16 7.5 CVE-2024-48029 audit@patchstack.com
 
Igor Funa–Ad Inserter
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Igor Funa Ad Inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a through 2.7.37. 2024-10-17 7.1 CVE-2024-49248 audit@patchstack.com
 
Imagination Technologies–Graphics DDK
 
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. 2024-10-14 7.8 CVE-2024-43701 367425dc-4d06-4041-9650-c2dc6aaa27ce
 
Infotuts–SW Contact Form
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Infotuts SW Contact Form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a through 1.0. 2024-10-20 8.5 CVE-2024-49612 audit@patchstack.com
 
Innovaweb Sp. z o.o.–Free Stock Photos Foter
 
Deserialization of Untrusted Data vulnerability in Innovaweb Sp. Z o.O. Free Stock Photos Foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through 1.5.4. 2024-10-16 8.8 CVE-2024-49227 audit@patchstack.com
 
Jack Zhu–photokit
 
Unrestricted Upload of File with Dangerous Type vulnerability in Jack Zhu allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through 1.0. 2024-10-20 10 CVE-2024-49610 audit@patchstack.com
 
James Park–Analyse Uploads
 
Relative Path Traversal vulnerability in James Park Analyse Uploads allows Relative Path Traversal.This issue affects Analyse Uploads: from n/a through 0.5. 2024-10-16 8.6 CVE-2024-49253 audit@patchstack.com
 
JetBrains–YouTrack
 
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests 2024-10-17 8.1 CVE-2024-49579 cve@jetbrains.com
 
jetmonsters–Timetable and Event Schedule by MotoPress
 
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety of actions such as including random template, injecting malicious web scripts, and more. 2024-10-16 7.3 CVE-2020-36840 security@wordfence.com
security@wordfence.com
 
Jon Vincent Mendoza–Dynamic Elementor Addons
 
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Jon Vincent Mendoza Dynamic Elementor Addons allows PHP Local File Inclusion.This issue affects Dynamic Elementor Addons: from n/a through 1.0.0. 2024-10-18 7.5 CVE-2024-49243 audit@patchstack.com
 
Jordan Lyall–MyTweetLinks
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Jordan Lyall MyTweetLinks allows Blind SQL Injection.This issue affects MyTweetLinks: from n/a through 1.1.1. 2024-10-20 8.5 CVE-2024-49618 audit@patchstack.com
 
Joshua Clayton–Feed Comments Number
 
Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Clayton Feed Comments Number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a through 0.2.1. 2024-10-16 10 CVE-2024-49216 audit@patchstack.com
 
Julian Weinert // cs&m–cSlider
 
Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m cSlider allows Stored XSS.This issue affects cSlider: from n/a through 2.4.2. 2024-10-17 7.1 CVE-2024-49221 audit@patchstack.com
 
Kubernetes–Image Builder
 
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider. 2024-10-15 9.8 CVE-2024-9486 jordan@liggitt.net
jordan@liggitt.net
jordan@liggitt.net
 
Limb–WordPress Gallery Plugin Limb Image Gallery
 
Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. 2024-10-16 9.9 CVE-2024-49260 audit@patchstack.com
 
LiteSpeed Technologies–LiteSpeed Cache
 
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1. 2024-10-20 9.8 CVE-2024-44000 audit@patchstack.com
audit@patchstack.com
 
LiteSpeed Technologies–LiteSpeed Cache
 
: Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through 6.4.1. 2024-10-16 8.8 CVE-2024-47637 audit@patchstack.com
 
Lodel Geraldo–Simple Code Insert Shortcode
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Lodel Geraldo Simple Code Insert Shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through 1.0. 2024-10-20 8.5 CVE-2024-49613 audit@patchstack.com
 
M. Konieczny, DH9SB–ADIF Log Search Widget
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in M. Konieczny, DH9SB ADIF Log Search Widget allows Reflected XSS.This issue affects ADIF Log Search Widget: from n/a through 1.0f. 2024-10-18 7.1 CVE-2024-49238 audit@patchstack.com
 
Maantheme–Maan Addons For Elementor
 
: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Maantheme Maan Addons For Elementor allows Local Code Inclusion.This issue affects Maan Addons For Elementor: from n/a through 1.0.1. 2024-10-16 7.5 CVE-2024-49251 audit@patchstack.com
 
Madiri Salman Aashish–Adding drop down roles in registration
 
Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1. 2024-10-17 9.8 CVE-2024-49217 audit@patchstack.com
 
magicbug — cloudlog
 
Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection. 2024-10-14 9.8 CVE-2024-48253 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
magicbug — cloudlog
 
Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection. 2024-10-14 9.8 CVE-2024-48255 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
Mahesh Patel–Mitm Bug Tracker
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Mahesh Patel Mitm Bug Tracker allows Reflected XSS.This issue affects Mitm Bug Tracker: from n/a through 1.0. 2024-10-18 7.1 CVE-2024-49224 audit@patchstack.com
 
mainwp–MainWP Dashboard: WordPress Management without the SaaS
 
The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwp_setup_purchase_username’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-16 7.2 CVE-2016-15041 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Marco Heine–PDF-Rechnungsverwaltung
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Marco Heine PDF-Rechnungsverwaltung allows PHP Local File Inclusion.This issue affects PDF-Rechnungsverwaltung: from n/a through 0.0.1. 2024-10-17 7.5 CVE-2024-49287 audit@patchstack.com
 
MB connect line–mbNET.mini
 
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. 2024-10-15 8.4 CVE-2024-45271 info@cert.vde.com
info@cert.vde.com
 
mbconnectline — mbnet.mini_firmware
 
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. 2024-10-15 9.8 CVE-2024-45274 info@cert.vde.com
info@cert.vde.com
 
mbconnectline — mbnet.mini_firmware
 
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices. 2024-10-15 9.8 CVE-2024-45275 info@cert.vde.com
info@cert.vde.com
 
mbconnectline — mbnet.mini_firmware
 
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. 2024-10-15 7.8 CVE-2024-45273 info@cert.vde.com
info@cert.vde.com
info@cert.vde.com
info@cert.vde.com
 
mbconnectline — mbnet.mini_firmware
 
An unauthenticated remote attacker can get read access to files in the “/tmp” directory due to missing authentication. 2024-10-15 7.5 CVE-2024-45276 info@cert.vde.com
info@cert.vde.com
 
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 2024-10-17 9.8 CVE-2024-43566 secure@microsoft.com
 
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 2024-10-17 8.3 CVE-2024-43578 secure@microsoft.com
 
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 2024-10-17 8.3 CVE-2024-43579 secure@microsoft.com
 
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 2024-10-17 8.1 CVE-2024-43587 secure@microsoft.com
 
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 2024-10-17 8.8 CVE-2024-43595 secure@microsoft.com
 
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 2024-10-17 8.8 CVE-2024-43596 secure@microsoft.com
 
Microsoft–Microsoft Azure Functions
 
Improper Access Control in Imagine Cup allows an authorized attacker to elevate privileges over a network. 2024-10-15 7.5 CVE-2024-38204 secure@microsoft.com
 
Microsoft–Microsoft Dataverse
 
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. 2024-10-15 8.7 CVE-2024-38139 secure@microsoft.com
 
Microsoft–Microsoft Power Platform
 
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. 2024-10-15 8.6 CVE-2024-38190 secure@microsoft.com
 
mndpsingh287–File Manager
 
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution. 2024-10-16 9.8 CVE-2018-25105 security@wordfence.com
security@wordfence.com
 
Moridrin–SSV Events
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Moridrin SSV Events allows PHP Local File Inclusion.This issue affects SSV Events: from n/a through 3.2.7. 2024-10-20 9.6 CVE-2024-49286 audit@patchstack.com
 
Moridrin–SSV MailChimp
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Moridrin SSV MailChimp allows PHP Local File Inclusion.This issue affects SSV MailChimp: from n/a through 3.1.5. 2024-10-17 7.5 CVE-2024-49285 audit@patchstack.com
 
moxa — mxsecurity
 
MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data. 2024-10-18 7.5 CVE-2024-4740 psirt@moxa.com
 
Moxa–EDR-8010 Series
 
The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. 2024-10-14 9.4 CVE-2024-9137 psirt@moxa.com
 
Moxa–EDR-8010 Series
 
The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. 2024-10-14 7.2 CVE-2024-9139 psirt@moxa.com
 
Mozilla–Firefox for iOS
 
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2. 2024-10-15 9.1 CVE-2024-10004 security@mozilla.org
security@mozilla.org
 
Myriad Solutionz–Property Lot Management System
 
Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38. 2024-10-20 9.9 CVE-2024-49331 audit@patchstack.com
 
n/a–http-proxy-middleware
 
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths. 2024-10-19 7.5 CVE-2024-21536 report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
 
n/a–Kento Post View Counter
 
The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the ‘kento_pvc_geo’ parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-10-16 9.8 CVE-2016-15040 security@wordfence.com
security@wordfence.com
 
n/a–n/a
 
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a “create function” statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. 2024-10-17 9.8 CVE-2023-26785 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Nagios XI before 5.11.3 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate. 2024-10-14 9.1 CVE-2023-48082 cve@mitre.org
 
n/a–n/a
 
Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg. 2024-10-14 9.8 CVE-2024-46535 cve@mitre.org
 
n/a–n/a
 
D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function. 2024-10-14 9.8 CVE-2024-48150 cve@mitre.org
 
n/a–n/a
 
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. 2024-10-14 9.8 CVE-2024-48153 cve@mitre.org
 
n/a–n/a
 
A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code. 2024-10-14 9.8 CVE-2024-48168 cve@mitre.org
 
n/a–n/a
 
ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code. 2024-10-16 9.8 CVE-2024-48180 cve@mitre.org
 
n/a–n/a
 
Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter. 2024-10-15 9.8 CVE-2024-48283 cve@mitre.org
 
n/a–n/a
 
itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to SQL Injection (SQLI) via a crafted payload to the val-email parameter in forget_password.php. 2024-10-15 9.8 CVE-2024-48411 cve@mitre.org
 
n/a–n/a
 
An issue in Wanxing Technology’s Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory. 2024-10-15 9.8 CVE-2024-48779 cve@mitre.org
 
n/a–n/a
 
An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat. 2024-10-15 9.8 CVE-2024-48781 cve@mitre.org
 
n/a–n/a
 
File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end. 2024-10-15 9.8 CVE-2024-48782 cve@mitre.org
 
n/a–n/a
 
Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page. 2024-10-14 9.8 CVE-2024-48823 cve@mitre.org
 
n/a–n/a
 
Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair 2024-10-15 9.8 CVE-2024-49195 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component. 2024-10-17 8.1 CVE-2024-33453 cve@mitre.org
 
n/a–n/a
 
SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the lack to sanitisation. The application takes arbitrary value from “X-Forwarded-For” header and appends it to a SQL INSERT statement directly, leading to SQL Injection. 2024-10-15 8.8 CVE-2024-35584 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. 2024-10-15 8.1 CVE-2024-41311 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root 2024-10-17 8 CVE-2024-48192 cve@mitre.org
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. 2024-10-17 8 CVE-2024-48629 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. 2024-10-17 8 CVE-2024-48630 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. 2024-10-17 8 CVE-2024-48631 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. 2024-10-17 8 CVE-2024-48632 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. 2024-10-17 8 CVE-2024-48633 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. 2024-10-17 8 CVE-2024-48634 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. 2024-10-17 8 CVE-2024-48635 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. 2024-10-17 8 CVE-2024-48636 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. 2024-10-17 8 CVE-2024-48637 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. 2024-10-17 8 CVE-2024-48638 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php page. 2024-10-14 8.8 CVE-2024-48822 cve@mitre.org
 
n/a–n/a
 
Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. 2024-10-17 7.1 CVE-2024-30875 cve@mitre.org
 
n/a–n/a
 
A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges. 2024-10-15 7.5 CVE-2024-41344 cve@mitre.org
 
n/a–n/a
 
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request. 2024-10-15 7.5 CVE-2024-44775 cve@mitre.org
 
n/a–n/a
 
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. 2024-10-16 7.2 CVE-2024-46213 cve@mitre.org
 
n/a–n/a
 
Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode. 2024-10-14 7.3 CVE-2024-48249 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station_id or callsign. 2024-10-14 7.3 CVE-2024-48259 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request. 2024-10-15 7.6 CVE-2024-48279 cve@mitre.org
 
n/a–n/a
 
A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request. 2024-10-15 7.6 CVE-2024-48280 cve@mitre.org
 
n/a–n/a
 
A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail parameter in a POST HTTP request. 2024-10-15 7.6 CVE-2024-48282 cve@mitre.org
 
n/a–n/a
 
An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process. 2024-10-14 7.5 CVE-2024-48789 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to obtain sensitive information via the firmware update process 2024-10-14 7.5 CVE-2024-48791 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-14 7.5 CVE-2024-48792 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-14 7.5 CVE-2024-48796 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-14 7.5 CVE-2024-48797 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-14 7.5 CVE-2024-48798 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-14 7.5 CVE-2024-48799 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to obtain sensitive information via the Racine & FileName parameters in the download-file.php component. 2024-10-14 7.5 CVE-2024-48824 cve@mitre.org
 
n/a–n/a
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Digitally allows Reflected XSS.This issue affects Digitally: from n/a through 1.0.8. 2024-10-17 7.1 CVE-2024-49309 audit@patchstack.com
 
N/A–VMware HCX
 
An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager.  Updates are available to remediate this vulnerability in affected VMware products. 2024-10-16 8.8 CVE-2024-38814 security@vmware.com
 
JiangQie–JiangQie Free Mini Program
 
Unrestricted Upload of File with Dangerous Type vulnerability in ?? JiangQie Free Mini Program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through 2.5.2. 2024-10-17 10 CVE-2024-49314 audit@patchstack.com
 
Najeeb Ahmad–Simple User Registration
 
Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5. 2024-10-20 9.8 CVE-2024-49604 audit@patchstack.com
 
Naudin Vladimir–FERMA.ru.net
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Naudin Vladimir FERMA.Ru.Net allows Blind SQL Injection.This issue affects FERMA.Ru.Net: from n/a through 1.3.3. 2024-10-20 8.5 CVE-2024-49620 audit@patchstack.com
 
newtype — flowmaster_bpm_plus
 
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie. 2024-10-15 8.8 CVE-2024-9970 twcert@cert.org.tw
twcert@cert.org.tw
 
newtype — flowmaster_bpm_plus
 
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents. 2024-10-15 8.8 CVE-2024-9971 twcert@cert.org.tw
twcert@cert.org.tw
 
newtype — webeip
 
WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended to upgrade to the new product. 2024-10-15 8.8 CVE-2024-9968 twcert@cert.org.tw
twcert@cert.org.tw
 
nextendweb–Nextend Social Login Pro
 
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. 2024-10-16 9.8 CVE-2024-9893 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Nikhil Vaghela–Add Categories Post Footer
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Nikhil Vaghela Add Categories Post Footer allows Reflected XSS.This issue affects Add Categories Post Footer: from n/a through 2.2.2. 2024-10-18 7.1 CVE-2024-49239 audit@patchstack.com
 
nmedia–N-Media Post Front-end Form
 
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. 2024-10-16 9.8 CVE-2016-15042 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Nokia–SR OS (7250 IXR, 7450 ESS, 7750 SR, 7950 IXR, VSR), 7705 SAR OS, 7210 SAS OS
 
Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with “access console.” Consequently, a low privilege authenticated user with “access console” can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted. 2024-10-17 7.3 CVE-2023-6729 b48c3b8f-639e-4c16-8725-497bc411dad0
 
numanrki–AADMY Add Auto Date Month Year Into Posts
 
The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. 2024-10-15 7.3 CVE-2024-9837 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Nyasro–Rate Own Post
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Nyasro Rate Own Post allows Blind SQL Injection.This issue affects Rate Own Post: from n/a through 1.0. 2024-10-20 8.5 CVE-2024-49616 audit@patchstack.com
 
OISF–libhtp
 
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49. 2024-10-16 7.5 CVE-2024-45797 security-advisories@github.com
security-advisories@github.com
 
OISF–suricata
 
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented “unset” option can trigger an assertion during traffic parsing, leading to denial of service. This issue is addressed in 7.0.7. As a workaround, use only trusted and well tested rulesets. 2024-10-16 7.5 CVE-2024-45795 security-advisories@github.com
security-advisories@github.com
 
OISF–suricata
 
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for “thash” leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules. 2024-10-16 7.5 CVE-2024-47187 security-advisories@github.com
security-advisories@github.com
 
OISF–suricata
 
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for “thash” leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7. 2024-10-16 7.5 CVE-2024-47188 security-advisories@github.com
security-advisories@github.com
 
OISF–suricata
 
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround. 2024-10-16 7.5 CVE-2024-47522 security-advisories@github.com
security-advisories@github.com
 
OpenSight Software–FlashFXP
 
A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-17 7.8 CVE-2024-10068 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
oracle — banking_liquidity_management
 
Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 14.5.0.12.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). 2024-10-15 7.1 CVE-2024-21284 secalert_us@oracle.com
 
oracle — banking_liquidity_management
 
Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 14.5.0.12.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). 2024-10-15 7.1 CVE-2024-21285 secalert_us@oracle.com
 
oracle — bi_publisher
 
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 2024-10-15 8.8 CVE-2024-21254 secalert_us@oracle.com
 
oracle — bi_publisher
 
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Layout Templates). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). 2024-10-15 7.6 CVE-2024-21195 secalert_us@oracle.com
 
oracle — fusion_middleware
 
Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Global Lifecycle Management FMW Installer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management FMW Installer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). 2024-10-15 7.5 CVE-2024-21190 secalert_us@oracle.com
 
oracle — fusion_middleware
 
Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Fusion Middleware Control. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Fusion Middleware Control, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Fusion Middleware Control accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Fusion Middleware Control accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N). 2024-10-15 7.6 CVE-2024-21191 secalert_us@oracle.com
 
oracle — fusion_middleware
 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 7.5 CVE-2024-21215 secalert_us@oracle.com
 
oracle — peoplesoft_enterprise_peopletools
 
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21214 secalert_us@oracle.com
 
oracle — peoplesoft_enterprise_peopletools
 
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XMLPublisher). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 2024-10-15 8.8 CVE-2024-21255 secalert_us@oracle.com
 
oracle — product_hub
 
Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item Catalog). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Product Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Product Hub accessible data as well as unauthorized access to critical data or complete access to all Oracle Product Hub accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21252 secalert_us@oracle.com
 
oracle — service_bus
 
Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 2024-10-15 7.5 CVE-2024-21246 secalert_us@oracle.com
 
oracle — vm_virtualbox
 
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). 2024-10-15 7.5 CVE-2024-21259 secalert_us@oracle.com
 
oracle — weblogic_server
 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 2024-10-15 9.8 CVE-2024-21216 secalert_us@oracle.com
 
oracle — weblogic_server
 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 2024-10-15 7.5 CVE-2024-21234 secalert_us@oracle.com
 
oracle — weblogic_server
 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 7.5 CVE-2024-21260 secalert_us@oracle.com
 
oracle — weblogic_server
 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 7.5 CVE-2024-21274 secalert_us@oracle.com
 
Oracle Corporation–MySQL Connectors
 
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). 2024-10-15 7.5 CVE-2024-21272 secalert_us@oracle.com
 
Oracle Corporation–Oracle Advanced Pricing
 
Vulnerability in the Oracle Advanced Pricing product of Oracle E-Business Suite (component: Price List). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Pricing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Pricing accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Pricing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21266 secalert_us@oracle.com
 
Oracle Corporation–Oracle Applications Manager
 
Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21268 secalert_us@oracle.com
 
Oracle Corporation–Oracle Common Applications Calendar
 
Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.2.6-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Common Applications Calendar accessible data as well as unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21270 secalert_us@oracle.com
 
Oracle Corporation–Oracle Contract Lifecycle Management for Public Sector
 
Vulnerability in the Oracle Contract Lifecycle Management for Public Sector product of Oracle E-Business Suite (component: Award Processes). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Contract Lifecycle Management for Public Sector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Contract Lifecycle Management for Public Sector accessible data as well as unauthorized access to critical data or complete access to all Oracle Contract Lifecycle Management for Public Sector accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21278 secalert_us@oracle.com
 
Oracle Corporation–Oracle Cost Management
 
Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.12-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Cost Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Cost Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Cost Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21267 secalert_us@oracle.com
 
Oracle Corporation–Oracle Field Service
 
Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Field Service Engineer Portal). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Field Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Field Service accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21271 secalert_us@oracle.com
 
Oracle Corporation–Oracle Financials
 
Vulnerability in the Oracle Financials product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financials. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financials accessible data as well as unauthorized access to critical data or complete access to all Oracle Financials accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21282 secalert_us@oracle.com
 
Oracle Corporation–Oracle Hospitality OPERA 5
 
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.19, 5.6.25.8 and 5.6.26.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. While the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). 2024-10-15 9 CVE-2024-21172 secalert_us@oracle.com
 
Oracle Corporation–Oracle Incentive Compensation
 
Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: Compensation Plan). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Incentive Compensation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Incentive Compensation accessible data as well as unauthorized access to critical data or complete access to all Oracle Incentive Compensation accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21269 secalert_us@oracle.com
 
Oracle Corporation–Oracle MES for Process Manufacturing
 
Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Device Integration). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle MES for Process Manufacturing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle MES for Process Manufacturing accessible data as well as unauthorized access to critical data or complete access to all Oracle MES for Process Manufacturing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21277 secalert_us@oracle.com
 
Oracle Corporation–Oracle Process Manufacturing Product Development
 
Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Manager Specification). Supported versions that are affected are 12.2.13-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Product Development. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Process Manufacturing Product Development accessible data as well as unauthorized access to critical data or complete access to all Oracle Process Manufacturing Product Development accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21250 secalert_us@oracle.com
 
Oracle Corporation–Oracle Quoting
 
Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.7-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Quoting accessible data as well as unauthorized access to critical data or complete access to all Oracle Quoting accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21275 secalert_us@oracle.com
 
Oracle Corporation–Oracle Service Contracts
 
Vulnerability in the Oracle Service Contracts product of Oracle E-Business Suite (component: Authoring). Supported versions that are affected are 12.2.5-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Contracts. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Service Contracts accessible data as well as unauthorized access to critical data or complete access to all Oracle Service Contracts accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21280 secalert_us@oracle.com
 
Oracle Corporation–Oracle Site Hub
 
Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Site Hierarchy Flows). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Site Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Site Hub accessible data as well as unauthorized access to critical data or complete access to all Oracle Site Hub accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21265 secalert_us@oracle.com
 
Oracle Corporation–Oracle Sourcing
 
Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Auctions). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Sourcing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sourcing accessible data as well as unauthorized access to critical data or complete access to all Oracle Sourcing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21279 secalert_us@oracle.com
 
Oracle Corporation–Oracle Work in Process
 
Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite (component: Messages). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Work in Process. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Work in Process accessible data as well as unauthorized access to critical data or complete access to all Oracle Work in Process accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21276 secalert_us@oracle.com
 
Oracle Corporation–PeopleSoft Enterprise HCM Global Payroll Core
 
Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are affected are 9.2.48-9.2.50. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Global Payroll Core accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 2024-10-15 8.1 CVE-2024-21283 secalert_us@oracle.com
 
oretnom23 — online_eyewear_shop
 
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=reports of the component Report Viewing Page. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-15 9.8 CVE-2024-9973 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
oretnom23 — online_eyewear_shop
 
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=add_to_card of the component POST Request Handler. The manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-15 9.8 CVE-2024-9974 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Paxman–Product Website Showcase
 
Unrestricted Upload of File with Dangerous Type vulnerability in Paxman Product Website Showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a through 1.0. 2024-10-20 10 CVE-2024-49611 audit@patchstack.com
 
paytium — paytium
 
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to set up a mollie account. 2024-10-16 8.1 CVE-2023-7291 security@wordfence.com
security@wordfence.com
 
PHPGurukul–Boat Booking System
 
A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Sign In Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-19 7.3 CVE-2024-10156 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
PHPGurukul–Boat Booking System
 
A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/password-recovery.php of the component Reset Your Password Page. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-19 7.3 CVE-2024-10157 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
PHPGurukul–Boat Booking System
 
A vulnerability classified as critical was found in PHPGurukul Boat Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php of the component My Profile Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “mobilenumber” to be affected. But it must be assumed that other parameters are affected as well. 2024-10-20 7.3 CVE-2024-10159 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
pickplugins–Post Grid and Gutenberg Blocks
 
The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-10-16 8.8 CVE-2021-4450 security@wordfence.com
security@wordfence.com
 
Piyushmca–Shipyaari Shipping Management
 
Deserialization of Untrusted Data vulnerability in Piyushmca Shipyaari Shipping Management allows Object Injection.This issue affects Shipyaari Shipping Management: from n/a through 1.2. 2024-10-20 9.8 CVE-2024-49626 audit@patchstack.com
 
publishpress–Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors
 
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the action_edited_author() due to missing validation on the ‘authors-user_id’ user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update arbitrary user accounts email addresses, including administrators, which can then be leveraged to reset that user’s account password and gain access. 2024-10-17 8.8 CVE-2024-9215 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
quadlayers–WordPress Mega Menu QuadMenu
 
The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code. 2024-10-16 9.8 CVE-2021-4443 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
ragic — enterprise_cloud_database
 
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user’s session cookie. 2024-10-15 9.8 CVE-2024-9984 twcert@cert.org.tw
twcert@cert.org.tw
 
ragic — enterprise_cloud_database
 
Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. 2024-10-15 9.8 CVE-2024-9985 twcert@cert.org.tw
twcert@cert.org.tw
 
ragic — enterprise_cloud_database
 
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. 2024-10-15 7.5 CVE-2024-9983 twcert@cert.org.tw
twcert@cert.org.tw
 
Redwan Hilali–WP Dropbox Dropins
 
Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0. 2024-10-20 10 CVE-2024-49607 audit@patchstack.com
 
rems — drag_and_drop_image_upload
 
A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-15 8.8 CVE-2024-9975 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
RestaurantConnect, Inc–Restaurant Reservations Widget
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in RestaurantConnect, Inc Restaurant Reservations Widget allows Reflected XSS.This issue affects Restaurant Reservations Widget: from n/a through 1.0. 2024-10-17 7.1 CVE-2024-48023 audit@patchstack.com
 
RITTAL GmbH & Co. KG–IoT Interface & CMC III Processing Unit
 
The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions. This is not only due to the use of an (insecure) rand() function call but also because of missing initialization via srand(). As a result only the PIDs are effectively used as seed. 2024-10-15 9.1 CVE-2024-47945 551230f0-3615-47bd-b7cc-93e92e730bbf
551230f0-3615-47bd-b7cc-93e92e730bbf
 
Rockwell Automation–ControlLogix 5580
 
CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running. 2024-10-14 7.5 CVE-2024-6207 PSIRT@rockwellautomation.com
 
Rockwell Automation–RSLogix 500
 
VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research – Team82. A feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been opened without user intervention. This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. Connected devices may also be impacted by exploitation of this vulnerability. 2024-10-14 7.7 CVE-2024-7847 PSIRT@rockwellautomation.com
 
RudeStan–VKontakte Wall Post
 
Cross-Site Request Forgery (CSRF) vulnerability in RudeStan VKontakte Wall Post allows Stored XSS.This issue affects VKontakte Wall Post: from n/a through 2.0. 2024-10-17 7.1 CVE-2024-49313 audit@patchstack.com
 
Sajid Javed–Top Bar PopUps by WPOptin
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Sajid Javed Top Bar – PopUps – by WPOptin allows PHP Local File Inclusion.This issue affects Top Bar – PopUps – by WPOptin: from n/a through 2.0.1. 2024-10-16 7.5 CVE-2024-47645 audit@patchstack.com
 
SayenThemes–Kaswara Modern VC Addons
 
The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions such as importing data, uploading arbitrary files, deleting arbitrary files, and more. 2024-10-16 7.3 CVE-2021-4448 security@wordfence.com
security@wordfence.com
 
ScienceLogic–SL1
 
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x. 2024-10-18 9.8 CVE-2024-9537 9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
 
Scott Olson–My Reading Library
 
Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object Injection.This issue affects My Reading Library: from n/a through 1.0. 2024-10-17 9.8 CVE-2024-49318 audit@patchstack.com
 
Scott Paterson–Contact Form 7 PayPal & Stripe Add-on
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.3. 2024-10-17 7.1 CVE-2024-48021 audit@patchstack.com
 
Scott Paterson–Time Clock Pro
 
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the ‘etimeclockwp_load_function_callback’ function. This allows unauthenticated attackers to execute code on the server. The invoked function’s parameters cannot be specified. 2024-10-18 8.3 CVE-2024-9593 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
scottopolis–AppPresser Mobile App Framework
 
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_password() and validate_reset_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator. 2024-10-16 8.1 CVE-2024-9305 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
SECOM–WRTM326
 
The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests. 2024-10-18 9.8 CVE-2024-10119 twcert@cert.org.tw
twcert@cert.org.tw
 
SECOM–WRTR-304GN-304TW-UPSC
 
SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. 2024-10-18 9.8 CVE-2024-10118 twcert@cert.org.tw
twcert@cert.org.tw
 
sekler–Mapplic Lite
 
The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site’s server and ultimately perform an XSS attack if requesting an SVG file. 2024-10-16 8.3 CVE-2012-10018 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
sendpulse–SendPulse Free Web Push
 
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-17 7.2 CVE-2024-9184 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Shafiq–Digital Lottery
 
Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5. 2024-10-16 10 CVE-2024-49242 audit@patchstack.com
 
Shibu Lijack a.k.a CyberJack–CJ Change Howdy
 
Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.K.A CyberJack CJ Change Howdy allows Stored XSS.This issue affects CJ Change Howdy: from n/a through 3.3.1. 2024-10-17 7.1 CVE-2024-49223 audit@patchstack.com
 
ShortPixel–ShortPixel Image Optimizer
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ShortPixel ShortPixel Image Optimizer allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3. 2024-10-17 7.6 CVE-2024-48043 audit@patchstack.com
 
SICK AG–SICK CLV6xx
 
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password. 2024-10-17 9.1 CVE-2024-10025 psirt@sick.de
psirt@sick.de
psirt@sick.de
psirt@sick.de
psirt@sick.de
psirt@sick.de
 
siteground–Speed Optimizer The All-In-One Performance-Boosting Plugin
 
The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switch_php function called via the /switch-php REST API route. This allows attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. 2024-10-16 9.8 CVE-2019-25217 security@wordfence.com
security@wordfence.com
 
Smartdevth–Advanced Advertising System
 
Deserialization of Untrusted Data vulnerability in Smartdevth Advanced Advertising System allows Object Injection.This issue affects Advanced Advertising System: from n/a through 1.3.1. 2024-10-20 9.8 CVE-2024-49624 audit@patchstack.com
 
solarwinds — serv-u
 
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability 2024-10-16 8.8 CVE-2024-45711 psirt@solarwinds.com
 
solarwinds — solarwinds_platform
 
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine. 2024-10-16 7.8 CVE-2024-45710 psirt@solarwinds.com
 
SolarWinds–SolarWinds Platform
 
The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. 2024-10-16 7.1 CVE-2024-45715 psirt@solarwinds.com
 
sooskriszta, webforza–BuddyPress Better Registration
 
: Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza BuddyPress Better Registration allows : Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through 1.6. 2024-10-16 9.8 CVE-2024-49247 audit@patchstack.com
 
Sourav–All in One Slider
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Sourav All in One Slider allows Reflected XSS.This issue affects All in One Slider: from n/a through 1.1. 2024-10-20 7.1 CVE-2024-49323 audit@patchstack.com
 
Sovratec–Sovratec Case Management
 
Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through 1.0.0. 2024-10-20 10 CVE-2024-49324 audit@patchstack.com
 
splunk — splunk
 
In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the “admin” or “power” Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive. 2024-10-14 8 CVE-2024-45731 prodsec@splunk.com
prodsec@splunk.com
 
splunk — splunk
 
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the “admin” or “power” Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration. 2024-10-14 8.8 CVE-2024-45733 prodsec@splunk.com
prodsec@splunk.com
 
ss-proj — shirasagi
 
SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests. 2024-10-15 7.5 CVE-2024-46898 vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
 
starfishwp–Rich Reviews by Starfish
 
The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body ‘update’ parameter in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-16 7.2 CVE-2019-25216 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
strategy11team–Formidable Forms Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
 
The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like ‘after_html’ in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim’s browser. 2024-10-16 8.3 CVE-2017-20192 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Sumit Surai–Featured Posts with Multiple Custom Groups (FPMCG)
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Sumit Surai Featured Posts with Multiple Custom Groups (FPMCG) allows Reflected XSS.This issue affects Featured Posts with Multiple Custom Groups (FPMCG): from n/a through 4.0. 2024-10-17 7.1 CVE-2024-48032 audit@patchstack.com
 
sunburntkamel–disconnected
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in sunburntkamel disconnected allows Reflected XSS.This issue affects disconnected: from n/a through 1.3.0. 2024-10-16 7.1 CVE-2024-49268 audit@patchstack.com
 
Sunjianle–ajax-extend
 
Improper Control of Generation of Code (‘Code Injection’) vulnerability in Sunjianle allows Code Injection.This issue affects ajax-extend: from n/a through 1.0. 2024-10-16 10 CVE-2024-49254 audit@patchstack.com
 
Supsystic–Contact Form by Supsystic
 
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Contact Form by Supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through 1.7.28. 2024-10-16 9.1 CVE-2024-48042 audit@patchstack.com
 
Surfer–Surfer
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Surfer allows SQL Injection.This issue affects Surfer: from n/a through 1.5.0.502. 2024-10-17 7.6 CVE-2024-49299 audit@patchstack.com
 
SUSE–apiserver
 
A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server’s public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser 2024-10-16 8.3 CVE-2023-32192 meissner@suse.de
meissner@suse.de
 
SUSE–Container suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122
 
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root 2024-10-16 7.8 CVE-2024-22029 meissner@suse.de
 
SUSE–norman
 
A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman’s public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. 2024-10-16 8.3 CVE-2023-32193 meissner@suse.de
meissner@suse.de
 
SUSE–openSUSE Tumbleweed
 
mlocate’s %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges. 2024-10-16 7.8 CVE-2023-32190 meissner@suse.de
 
SUSE–rancher
 
A vulnerability has been identified which may lead to sensitive data being leaked into Rancher’s audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) set to `1 or above` are impacted by this issue. 2024-10-16 8.4 CVE-2023-22649 meissner@suse.de
meissner@suse.de
 
SUSE–rancher
 
A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s tokens still usable. 2024-10-16 8.8 CVE-2023-22650 meissner@suse.de
meissner@suse.de
 
SUSE–rancher
 
A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL. 2024-10-16 8 CVE-2024-22030 meissner@suse.de
meissner@suse.de
 
SUSE–rancher
 
A vulnerability has been identified when granting a create or * global role for a resource type of “namespaces”; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project. 2024-10-16 7.2 CVE-2023-32194 meissner@suse.de
meissner@suse.de
 
SUSE–rke
 
When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin. 2024-10-16 9.9 CVE-2023-32191 meissner@suse.de
meissner@suse.de
 
taismartfactory — qplant_sf
 
SQL injection vulnerability in TAI Smart Factory’s QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the ’email’ parameter on the ‘RequestPasswordChange’ endpoint. 2024-10-15 9.8 CVE-2024-9925 cve-coordination@incibe.es
 
Takayuki Imanishi–ACF Images Search And Insert
 
Unrestricted Upload of File with Dangerous Type vulnerability in Takayuki Imanishi ACF Images Search And Insert allows Upload a Web Shell to a Web Server.This issue affects ACF Images Search And Insert: from n/a through 1.1.4. 2024-10-16 9.9 CVE-2024-48035 audit@patchstack.com
 
TAKETIN–TAKETIN To WP Membership
 
Deserialization of Untrusted Data vulnerability in TAKETIN TAKETIN To WP Membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through 2.8.0. 2024-10-16 8.8 CVE-2024-49226 audit@patchstack.com
 
teamplus technology–team+
 
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents. 2024-10-14 9.8 CVE-2024-9921 twcert@cert.org.tw
twcert@cert.org.tw
 
teamplus technology–team+
 
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. 2024-10-14 7.5 CVE-2024-9922 twcert@cert.org.tw
twcert@cert.org.tw
 
TECNO–com.transsion.aivoiceassistant
 
Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component. 2024-10-16 9.8 CVE-2024-10018 907edf6c-bf03-423e-ab1a-8da27e1aa1ea
907edf6c-bf03-423e-ab1a-8da27e1aa1ea
 
Tenda–AC8
 
A vulnerability was found in Tenda AC8 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function compare_parentcontrol_time of the file /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This is not the same issue like CVE-2023-33671. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-18 8.8 CVE-2024-10123 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Tenda–AC8
 
A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. This vulnerability affects the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-18 8.8 CVE-2024-10130 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
THATplugin–Iconize
 
Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize.This issue affects Iconize: from n/a through 1.2.4. 2024-10-16 9.1 CVE-2024-47649 audit@patchstack.com
 
The CSSIgniter Team–MaxSlider
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in The CSSIgniter Team MaxSlider allows Path Traversal.This issue affects MaxSlider: from n/a through 1.2.3. 2024-10-16 7.5 CVE-2024-47351 audit@patchstack.com
 
themegrill–ThemeGrill Demo Importer
 
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named ‘admin’, the attacker will become automatically logged in as an administrator. 2024-10-16 9.9 CVE-2020-36837 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
themehunk–WP Popup Builder Popup Forms and Marketing Lead Generation
 
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. NOTE: This vulnerability was partially fixed in version 1.3.5 with a nonce check, which effectively prevented access to the affected function. However, version 1.3.6 incorporates the correct authorization check to prevent unauthorized access. 2024-10-16 7.3 CVE-2024-9061 security@wordfence.com
security@wordfence.com
 
Themeisle–Multiple Page Generator Plugin MPG
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7. 2024-10-20 8.5 CVE-2024-47325 audit@patchstack.com
 
themexpo–RS-Members
 
Incorrect Privilege Assignment vulnerability in themexpo RS-Members allows Privilege Escalation.This issue affects RS-Members: from n/a through 1.0.3. 2024-10-17 8.8 CVE-2024-49219 audit@patchstack.com
 
Themis Solutions, Inc.–Clio Grow
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Themis Solutions, Inc. Clio Grow allows Reflected XSS.This issue affects Clio Grow: from n/a through 1.0.2. 2024-10-17 7.1 CVE-2024-49276 audit@patchstack.com
 
thinkst — opencanary
 
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon. Version 0.9.4 contains a fix for the issue. 2024-10-14 7.8 CVE-2024-48911 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
Toast Plugins–Animator
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Toast Plugins Animator allows Reflected XSS.This issue affects Animator: from n/a through 3.0.11. 2024-10-17 7.1 CVE-2024-49308 audit@patchstack.com
 
Tophive–Ultimate AI
 
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the ‘ultimate_ai_register_or_login_with_google’ function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. 2024-10-16 9.8 CVE-2024-9105 security@wordfence.com
security@wordfence.com
 
Unizoe Web Solutions–jLayer Parallax Slider
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Unizoe Web Solutions jLayer Parallax Slider allows Reflected XSS.This issue affects jLayer Parallax Slider: from n/a through 1.0. 2024-10-20 7.1 CVE-2024-49334 audit@patchstack.com
 
Unknown–Logo Slider
 
The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2024-10-17 7.6 CVE-2024-5429 contact@wpscan.com
 
Unlimited Elements–Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
 
: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows : Command Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121. 2024-10-16 9.1 CVE-2024-49271 audit@patchstack.com
 
Vasilis Kerasiotis–Affiliator
 
Unrestricted Upload of File with Dangerous Type vulnerability in Vasilis Kerasiotis Affiliator allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through 2.1.3. 2024-10-20 10 CVE-2024-49326 audit@patchstack.com
 
vasyltech–Advanced Access Manager Restricted Content, Users & Roles, Enhanced Security and More
 
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php 2024-10-16 9.8 CVE-2019-25213 security@wordfence.com
security@wordfence.com
 
vendure-ecommerce–vendure
 
Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure’s asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI. Patches are available in versions 3.0.5 and 2.3.3. Some workarounds are also available. One may use object storage rather than the local file system, e.g. MinIO or S3, or define middleware which detects and blocks requests with urls containing `/../`. 2024-10-15 9.1 CVE-2024-48914 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
VideoWhisper.com–Contact Forms, Live Support, CRM, Video Messages
 
Insertion of Sensitive Information Into Sent Data vulnerability in VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through 1.10.2. 2024-10-17 7.5 CVE-2024-49235 audit@patchstack.com
 
VillaTheme–CURCY
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in VillaTheme CURCY allows Reflected XSS.This issue affects CURCY: from n/a through 2.2.3. 2024-10-17 7.1 CVE-2024-49283 audit@patchstack.com
 
Vivek Tamrakar–WP REST API FNS
 
Unrestricted Upload of File with Dangerous Type vulnerability in Vivek Tamrakar WP REST API FNS allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through 1.0.0. 2024-10-20 10 CVE-2024-49329 audit@patchstack.com
 
Vivek Tamrakar–WP REST API FNS
 
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0. 2024-10-20 9.8 CVE-2024-49328 audit@patchstack.com
 
VSO–ConvertXtoDvd
 
A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-17 7.8 CVE-2024-10093 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
wavelog — wavelog
 
Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode. 2024-10-14 9.8 CVE-2024-48251 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
wavelog — wavelog
 
Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin. 2024-10-14 9.8 CVE-2024-48257 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
WAVLINK–WN530H4
 
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-20 8.8 CVE-2024-10194 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
webdevmattcrom–GiveWP Donation Plugin and Fundraising Platform
 
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the give_company_name parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to achieve remote code execution. 2024-10-16 9.8 CVE-2024-9634 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
wfh45678–Radar
 
A vulnerability has been found in wfh45678 Radar up to 1.0.8 and classified as critical. This vulnerability affects unknown code of the file /services/v1/common/upload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-18 7.3 CVE-2024-10120 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
wfh45678–Radar
 
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This appears not to be a path traversal weakness. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-18 7.3 CVE-2024-10121 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
woobewoo–Product Filter by WBW
 
The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery. 2024-10-16 7.3 CVE-2021-4444 security@wordfence.com
security@wordfence.com
 
wpchill–Download Monitor
 
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators. 2024-10-16 7.5 CVE-2022-4972 security@wordfence.com
security@wordfence.com
 
wpdevteam–Essential Addons for Elementor Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
 
The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user. 2024-10-16 8.8 CVE-2021-4447 security@wordfence.com
security@wordfence.com
 
WPFactory–Email Verification for WooCommerce
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPFactory Email Verification for WooCommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through 2.8.10. 2024-10-17 9.3 CVE-2024-49305 audit@patchstack.com
 
WPFactory–EU/UK VAT Manager for WooCommerce
 
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPFactory EU/UK VAT Manager for WooCommerce allows Cross-Site Scripting (XSS).This issue affects EU/UK VAT Manager for WooCommerce: from n/a through 2.12.14. 2024-10-20 7.1 CVE-2024-44061 audit@patchstack.com
 
WPGrim–Classic Editor and Classic Widgets
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPGrim Classic Editor and Classic Widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through 1.4.1. 2024-10-17 8.5 CVE-2024-47312 audit@patchstack.com
 
wpindeed–Indeed Membership Pro
 
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via the username or user ID. 2024-10-16 9.8 CVE-2020-36832 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
WPManageNinja LLC–Fluent Support
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPManageNinja LLC Fluent Support allows SQL Injection.This issue affects Fluent Support: from n/a through 1.8.0. 2024-10-17 8.5 CVE-2024-47304 audit@patchstack.com
 
wpvividplugins–Migration, Backup, Staging WPvivid
 
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. This affects versions up to, and including 0.9.35. 2024-10-16 8.8 CVE-2020-36842 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
WSIFY Sales can fly–Wsify Widget
 
Cross-Site Request Forgery (CSRF) vulnerability in WSIFY – Sales can fly Wsify Widget allows Stored XSS.This issue affects Wsify Widget: from n/a through 1.0. 2024-10-17 7.1 CVE-2024-48048 audit@patchstack.com
 
xaraartech–External featured image from bing
 
Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through 1.0.2. 2024-10-16 9.9 CVE-2024-48027 audit@patchstack.com
 
Xerox–AltaLink B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807
 
Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products. 2024-10-17 7.2 CVE-2024-6333 10b61619-3869-496c-8a1e-f291b0e71e3f
 
ZIPANG–Point Maker
 
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ZIPANG Point Maker allows PHP Local File Inclusion.This issue affects Point Maker: from n/a through 0.1.4. 2024-10-17 7.5 CVE-2024-49317 audit@patchstack.com
 
zodiac–Akismet htaccess writer
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in zodiac Akismet htaccess writer allows Reflected XSS.This issue affects Akismet htaccess writer: from n/a through 1.0.1. 2024-10-17 7.1 CVE-2024-49316 audit@patchstack.com
 
Zoho CRM–Zoho CRM Lead Magnet
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Zoho CRM Zoho CRM Lead Magnet allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through 1.7.9.0. 2024-10-17 8.5 CVE-2024-49297 audit@patchstack.com
 
ZoomIt–ZoomSounds – WordPress Wave Audio Player with Playlist
 
The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘savepng.php’ file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-10-16 9.8 CVE-2021-4449 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source Info Patch Info
A WP Life–Contact Form Widget
 
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.4.2. 2024-10-17 5.4 CVE-2024-48037 audit@patchstack.com
 
acronis — cyber_files
 
Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0×24. 2024-10-17 5.7 CVE-2024-49386 security@acronis.com
 
acronis — cyber_files
 
Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0×24. 2024-10-17 4.8 CVE-2024-49392 security@acronis.com
 
acronis — cyber_protect
 
Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. 2024-10-15 4.3 CVE-2024-49382 security@acronis.com
 
acronis — cyber_protect
 
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. 2024-10-15 4.3 CVE-2024-49383 security@acronis.com
 
acronis — cyber_protect
 
Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. 2024-10-15 4.3 CVE-2024-49384 security@acronis.com
 
Adobe–Substance3D – Sampler
 
Substance3D – Sampler versions 4.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-17 5.5 CVE-2024-47459 psirt@adobe.com
 
alimir–WP ULike All-in-One Engagement Toolkit
 
The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or incorrect nonce validation on the wp_ulike_delete_history_api() function. This makes it possible for unauthenticated attackers to delete engagements via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-10-16 4.3 CVE-2024-9649 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
apache — cloudstack
 
The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Alternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting “quota.enable.service” to “false”. 2024-10-16 6.3 CVE-2024-45461 security@apache.org
security@apache.org
security@apache.org
 
apintop–Add Widget After Content
 
The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-10-18 4.4 CVE-2024-9892 security@wordfence.com
security@wordfence.com
 
B.M. Rafiul Alam–Awesome Contact Form7 for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in B.M. Rafiul Alam Awesome Contact Form7 for Elementor allows Stored XSS.This issue affects Awesome Contact Form7 for Elementor: from n/a through 3.0. 2024-10-17 6.5 CVE-2024-49319 audit@patchstack.com
 
Bert Kler–Movie Database
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Bert Kößler Movie Database allows Stored XSS.This issue affects Movie Database: from n/a through 1.0.11. 2024-10-18 5.9 CVE-2024-43300 audit@patchstack.com
 
blindsidenetworks–BigBlueButton
 
The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the moderator code and viewer code fields in versions up to, and including, 3.0.0-beta.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author privileges or higher to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-16 6.4 CVE-2023-7296 security@wordfence.com
security@wordfence.com
 
BogdanFix–WP SendFox
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox allows Retrieve Embedded Sensitive Data.This issue affects WP SendFox: from n/a through 1.3.1. 2024-10-17 5.3 CVE-2024-49284 audit@patchstack.com
 
bqworks–Accordion Slider
 
The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Successful exploitation by Contributor-level users requires an Administrator-level user to provide access to the plugin’s admin area via the `Access` plugin setting, which is restricted to administrators by default. 2024-10-16 6.4 CVE-2024-9582 security@wordfence.com
security@wordfence.com
 
cert — vince
 
A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profile, which may lead to a DoS condition when the profile is accessed. While the Django server restricts unpickling to prevent server crashes, this vulnerability could still disrupt operations. 2024-10-14 4.9 CVE-2024-9953 cret@cert.org
 
chertz–WP Easy Post Types
 
The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-18 6.4 CVE-2024-10080 security@wordfence.com
security@wordfence.com
 
Cisco–Cisco Analog Telephone Adaptor (ATA) Software
 
A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system. This vulnerability is due to a lack of input sanitization in the web-based management interface. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. 2024-10-16 6.5 CVE-2024-20459 ykramarz@cisco.com
 
Cisco–Cisco Analog Telephone Adaptor (ATA) Software
 
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user&nbsp;to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information on an affected device. 2024-10-16 6.1 CVE-2024-20460 ykramarz@cisco.com
 
Cisco–Cisco Analog Telephone Adaptor (ATA) Software
 
A vulnerability in the CLI&nbsp;of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user. This vulnerability exists because CLI input is not properly sanitized. An attacker could exploit this vulnerability by sending malicious characters to the CLI. A successful exploit could allow the attacker to read and write to the underlying operating system as the root user. 2024-10-16 6 CVE-2024-20461 ykramarz@cisco.com
 
Cisco–Cisco Analog Telephone Adaptor (ATA) Software
 
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect authorization verification by the HTTP server. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to run commands as the Admin user. 2024-10-16 5.4 CVE-2024-20420 ykramarz@cisco.com
 
Cisco–Cisco Analog Telephone Adaptor (ATA) Software
 
A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users. 2024-10-16 5.5 CVE-2024-20462 ykramarz@cisco.com
 
Cisco–Cisco Analog Telephone Adaptor (ATA) Software
 
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface on an affected device. A successful exploit could allow the attacker to make limited modifications to the configuration or reboot the device, resulting in a denial of service (DoS) condition.&nbsp; 2024-10-16 5.4 CVE-2024-20463 ykramarz@cisco.com
 
Cisco–Cisco Unified Computing System Central Software
 
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attacker with access to a backup file to learn sensitive information that is stored in full state backup files and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key. 2024-10-16 6.3 CVE-2024-20280 ykramarz@cisco.com
 
Cisco–Cisco Unified Contact Center Management Portal
 
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 2024-10-16 6.1 CVE-2024-20512 ykramarz@cisco.com
 
code-projects–Blood Bank System
 
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-20 4.7 CVE-2024-10171 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Hospital Management System
 
A vulnerability classified as critical was found in code-projects Hospital Management System 1.0. This vulnerability affects unknown code of the file change-password.php. The manipulation of the argument cpass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-20 6.3 CVE-2024-10169 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Hospital Management System
 
A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. This issue affects some unknown processing of the file get_doctor.php. The manipulation of the argument specilizationid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-20 6.3 CVE-2024-10170 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Pharmacy Management System
 
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/manage_purchase.php?action=search&tag=VOUCHER_NUMBER. The manipulation of the argument text leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-16 6.3 CVE-2024-10021 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Pharmacy Management System
 
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_supplier.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-16 6.3 CVE-2024-10022 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Pharmacy Management System
 
A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/add_new_medicine.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-16 6.3 CVE-2024-10023 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Pharmacy Management System
 
A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. This issue affects some unknown processing of the file /php/manage_medicine_stock.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-16 6.3 CVE-2024-10024 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Pharmacy Management System
 
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_invoice.php. The manipulation of the argument invoice_number leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-19 6.3 CVE-2024-10136 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Pharmacy Management System
 
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /manage_medicine.php?action=delete. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-19 6.3 CVE-2024-10137 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Pharmacy Management System
 
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. Affected is an unknown function of the file /add_new_purchase.php?action=is_supplier. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-19 6.3 CVE-2024-10138 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Pharmacy Management System
 
A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add_new_supplier.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-19 6.3 CVE-2024-10139 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Pharmacy Management System
 
A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. Affected by this issue is some unknown functionality of the file /manage_supplier.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-19 6.3 CVE-2024-10140 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
CodeAstrology Team–UltraAddons Elementor Lite
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CodeAstrology Team UltraAddons Elementor Lite allows Stored XSS.This issue affects UltraAddons Elementor Lite: from n/a through 1.1.8. 2024-10-17 6.5 CVE-2024-49277 audit@patchstack.com
 
codepeople–Calculated Fields Form
 
The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views form submissions in their email. 2024-10-17 5.3 CVE-2024-9940 security@wordfence.com
security@wordfence.com
 
Coder426–Custom Add to Cart Button Label and Link
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Coder426 Custom Add to Cart Button Label and Link allows Stored XSS.This issue affects Custom Add to Cart Button Label and Link: from n/a through 1.6.1. 2024-10-17 6.5 CVE-2024-49296 audit@patchstack.com
 
CrossedCode–bVerse Convert
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CrossedCode bVerse Convert allows Stored XSS.This issue affects bVerse Convert: from n/a through 1.3.7.1. 2024-10-18 6.5 CVE-2024-49228 audit@patchstack.com
 
Daniele Alessandra–Da Reactions
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Daniele Alessandra Da Reactions allows Stored XSS.This issue affects Da Reactions: from n/a through 5.1.5. 2024-10-17 6.5 CVE-2024-49255 audit@patchstack.com
 
Dell–Dell OpenManage Enterprise
 
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. 2024-10-17 4.3 CVE-2024-45767 security_alert@emc.com
 
Dell–Secure Connect Gateway (SCG) 5.0 Appliance – SRS
 
Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition. 2024-10-18 5.5 CVE-2024-47240 security_alert@emc.com
 
Dell–Secure Connect Gateway (SCG) 5.0 Appliance – SRS
 
Dell Secure Connect Gateway (SCG) 5.0 Appliance – SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data. 2024-10-18 5.5 CVE-2024-47241 security_alert@emc.com
 
Dell–Secure Connect Gateway (SCG) 5.0 Appliance – SRS
 
Dell Secure Connect Gateway (SCG) 5.0 Appliance – SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account. 2024-10-18 4.6 CVE-2024-48016 security_alert@emc.com
 
dFactory–Responsive Lightbox
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in dFactory Responsive Lightbox allows Stored XSS.This issue affects Responsive Lightbox: from n/a through 2.4.8. 2024-10-17 5.9 CVE-2024-49282 audit@patchstack.com
 
DOGROW.NET–Simple Baseball Scoreboard
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in DOGROW.NET Simple Baseball Scoreboard allows Stored XSS.This issue affects Simple Baseball Scoreboard: from n/a through 1.3. 2024-10-17 6.5 CVE-2024-48025 audit@patchstack.com
 
dpdbaltics–DPD Baltic Shipping
 
The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_value’ parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-18 6.1 CVE-2024-9350 security@wordfence.com
security@wordfence.com
 
Eclipse Foundation–Jetty
 
There exists a security vulnerability in Jetty’s ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server’s memory. 2024-10-14 5.9 CVE-2024-8184 emo@eclipse.org
emo@eclipse.org
emo@eclipse.org
 
Eclipse Foundation–Jetty
 
There exists a security vulnerability in Jetty’s DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server’s memory finally. 2024-10-14 5.3 CVE-2024-9823 emo@eclipse.org
emo@eclipse.org
emo@eclipse.org
 
elbanyaoui–Smart Online Order for Clover
 
The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-16 6.1 CVE-2024-8787 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
elementinvader–ElementInvader Addons for Elementor
 
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s contact form widget redirect URL in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-16 5.4 CVE-2024-9888 security@wordfence.com
security@wordfence.com
 
elementinvader–ElementInvader Addons for Elementor
 
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level access and above, to view private/draft/password protected posts, pages, and Elementor templates that they should not have access to. 2024-10-19 4.3 CVE-2024-9889 security@wordfence.com
security@wordfence.com
 
elementor — website_builder
 
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract either excerpt data or titles of private or password-protected posts. 2024-10-15 4.3 CVE-2024-6757 security@wordfence.com
security@wordfence.com
 
EmbedThis–GoAhead
 
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS). 2024-10-17 5.9 CVE-2024-3184 prodsec@nozominetworks.com
 
EmbedThis–GoAhead
 
CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template (JST) files to trigger a crash and cause a Denial of Service (DoS) by providing malicious templates. 2024-10-17 5.3 CVE-2024-3186 prodsec@nozominetworks.com
 
EmbedThis–GoAhead
 
This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent. 2024-10-17 5.9 CVE-2024-3187 prodsec@nozominetworks.com
 
enalean — tuleap
 
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to. Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue. 2024-10-14 5.7 CVE-2024-46988 security-advisories@github.com
security-advisories@github.com
 
enalean — tuleap
 
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward label allowing them to execute uncontrolled code (or at least achieve content injection) in a mail client. Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue. 2024-10-14 4.8 CVE-2024-46980 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
enalean — tuleap
 
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue. 2024-10-14 4.9 CVE-2024-47766 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
enalean — tuleap
 
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not have access to. Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue. 2024-10-14 4.3 CVE-2024-47767 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
ESAFENET–CDG
 
A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function actionPassMainApplication of the file /com/esafenet/servlet/client/MailDecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-17 6.3 CVE-2024-10069 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
ESAFENET–CDG
 
A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function actionPolicyPush of the file /com/esafenet/policy/action/PolicyPushControlAction.java. The manipulation of the argument policyId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-17 6.3 CVE-2024-10070 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
ESAFENET–CDG
 
A vulnerability classified as critical was found in ESAFENET CDG 5. This vulnerability affects the function actionUpdateEncryptPolicyEdit of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument encryptPolicyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-17 6.3 CVE-2024-10071 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
ESAFENET–CDG
 
A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. This issue affects the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument checklist leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-17 6.3 CVE-2024-10072 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
ESAFENET–CDG
 
A vulnerability has been found in ESAFENET CDG 5 and classified as critical. Affected by this vulnerability is the function updateNetSecPolicyPriority of the file /com/esafenet/servlet/ajax/NetSecPolicyAjax.java. The manipulation of the argument id/frontId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-19 6.3 CVE-2024-10133 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
ESAFENET–CDG
 
A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is the function connectLogout of the file /com/esafenet/servlet/ajax/MultiServerAjax.java. The manipulation of the argument servername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-19 6.3 CVE-2024-10134 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
ESAFENET–CDG
 
A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects the function actionDelNetSecConfig of the file /com/esafenet/servlet/netSec/NetSecConfigService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-19 6.3 CVE-2024-10135 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
EventON–EventON Pro
 
The EventON PRO – WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. This makes it possible for unauthenticated attackers to send test emails to arbitrary email addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-10-19 4.3 CVE-2023-6243 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Exclusive Addons–Exclusive Addons Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.7.1. 2024-10-17 6.5 CVE-2024-49292 audit@patchstack.com
 
F5–BIG-IQ
 
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2024-10-16 6.8 CVE-2024-47139 f5sirt@f5.com
 
fahadmahmood–RSS Feed Widget
 
The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s rfw-youtube-videos shortcode in all versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-18 6.4 CVE-2024-10057 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
fatcatapps–GetResponse Forms by Optin Cat
 
The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-18 6.1 CVE-2024-8740 security@wordfence.com
security@wordfence.com
 
filemanagerpro — file_manager
 
The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting. 2024-10-16 5.4 CVE-2024-8918 security@wordfence.com
security@wordfence.com
 
flairNLP–flair
 
A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flairmodelsclustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-17 5 CVE-2024-10073 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
flexmls–Flexmls IDX Plugin
 
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters like ‘MaxBeds’ and ‘MinBeds’ in all versions up to, and including, 3.14.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-17 6.1 CVE-2024-8719 security@wordfence.com
security@wordfence.com
 
flycart–Discount Rules for WooCommerce Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons
 
The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying rules and saving configurations. 2024-10-16 6.3 CVE-2020-36834 security@wordfence.com
security@wordfence.com
 
flycart–Discount Rules for WooCommerce Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons
 
The Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a site administrator into performing an action such as clicking on a link. Please note that this is only exploitable when the ‘Leave a Review’ notice is present, which occurs after 100 orders are made and disappears after a user dismisses the notice. 2024-10-16 4.7 CVE-2024-8541 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
gantry–Gantry 4 Framework
 
The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘override_id’ parameter in all versions up to, and including, 4.1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-18 6.1 CVE-2024-9382 security@wordfence.com
security@wordfence.com
 
giuliopanda–Bulk images optimizer: Resize, optimize, convert to webp, rename 
 
The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘save_configuration’ function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options. 2024-10-18 4.3 CVE-2024-9361 security@wordfence.com
security@wordfence.com
 
google — chrome
 
Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) 2024-10-15 5.3 CVE-2024-9966 chrome-cve-admin@google.com
chrome-cve-admin@google.com
 
google — chrome
 
Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) 2024-10-15 4.3 CVE-2024-9958 chrome-cve-admin@google.com
chrome-cve-admin@google.com
 
google — chrome
 
Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) 2024-10-15 4.3 CVE-2024-9962 chrome-cve-admin@google.com
chrome-cve-admin@google.com
 
google — chrome
 
Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) 2024-10-15 4.3 CVE-2024-9963 chrome-cve-admin@google.com
chrome-cve-admin@google.com
 
google — chrome
 
Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) 2024-10-15 4.3 CVE-2024-9964 chrome-cve-admin@google.com
chrome-cve-admin@google.com
 
Gora Tech LLC–Cooked Pro
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Gora Tech LLC Cooked Pro allows Stored XSS.This issue affects Cooked Pro: from n/a before 1.8.0. 2024-10-17 6.5 CVE-2024-49289 audit@patchstack.com
 
Gora Tech LLC–Cooked Pro
 
Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0. 2024-10-20 4.3 CVE-2024-49290 audit@patchstack.com
 
Hafiz Uddin Ahmed–Crazy Call To Action Box
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Hafiz Uddin Ahmed Crazy Call To Action Box allows Stored XSS.This issue affects Crazy Call To Action Box: from n/a through 1.0.5. 2024-10-18 6.5 CVE-2024-49236 audit@patchstack.com
 
Hans Matzen–wp-Monalisa
 
Cross-Site Request Forgery (CSRF) vulnerability in Hans Matzen wp-Monalisa allows Cross Site Request Forgery.This issue affects wp-Monalisa: from n/a through 6.4. 2024-10-17 4.3 CVE-2024-48038 audit@patchstack.com
 
Harpreet Singh–Ajax Custom CSS/JS
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Harpreet Singh Ajax Custom CSS/JS allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through 2.0.4. 2024-10-18 6.5 CVE-2024-49230 audit@patchstack.com
 
HashThemes–Smart Blocks
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in HashThemes Smart Blocks allows Stored XSS.This issue affects Smart Blocks: from n/a through 2.0. 2024-10-16 6.5 CVE-2024-49270 audit@patchstack.com
 
hcltech — bigfix_platform
 
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances. 2024-10-14 5.3 CVE-2024-30117 psirt@hcl.com
 
heateor–Social Sharing Plugin Sassy Social Share
 
The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘urls’ parameter called via the ‘heateor_sss_sharing_count’ AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-16 6.1 CVE-2022-4971 security@wordfence.com
security@wordfence.com
 
HFO4–shudong-share
 
A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/create_share.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-18 6.3 CVE-2024-10129 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
honojs–hono
 
Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. This can allow an attacker to bypass CSRF protection implemented with Hono CSRF middleware. Version 4.6.5 fixes this issue. 2024-10-15 5.9 CVE-2024-48913 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
HT Plugins–WP Education
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in HT Plugins WP Education allows Stored XSS.This issue affects WP Education: from n/a through 1.2.8. 2024-10-20 6.5 CVE-2024-49630 audit@patchstack.com
 
IBM–Watson Studio Local
 
IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. 2024-10-16 4.3 CVE-2024-49340 psirt@us.ibm.com
 
IBM–WebSphere Application Server
 
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2024-10-16 5.5 CVE-2024-45071 psirt@us.ibm.com
 
IBM–WebSphere Application Server
 
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. 2024-10-16 5.5 CVE-2024-45072 psirt@us.ibm.com
 
IBM–WebSphere Application Server
 
IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service. 2024-10-15 5.9 CVE-2024-45085 psirt@us.ibm.com
 
india-web-developer–SEO Manager
 
The SEO Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-16 6.4 CVE-2024-9521 security@wordfence.com
security@wordfence.com
 
Infomaniak Staff–VOD Infomaniak
 
Cross-Site Request Forgery (CSRF) vulnerability in Infomaniak Staff VOD Infomaniak allows Cross Site Request Forgery.This issue affects VOD Infomaniak: from n/a through 1.5.7. 2024-10-20 5.4 CVE-2024-49274 audit@patchstack.com
 
ioannup–Edit WooCommerce Templates
 
The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-18 6.1 CVE-2024-10049 security@wordfence.com
security@wordfence.com
 
Javier Loureiro–El mejor Cluster
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Javier Loureiro El mejor Cluster allows DOM-Based XSS.This issue affects El mejor Cluster: from n/a through 1.1.14. 2024-10-18 6.5 CVE-2024-49232 audit@patchstack.com
 
JetBrains–Ktor
 
In JetBrains Ktor before 3.0.0 improper caching in HttpCache Plugin could lead to response information disclosure 2024-10-17 5.3 CVE-2024-49580 cve@jetbrains.com
 
k2servicecom–Product Customizer Light
 
The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-18 6.4 CVE-2024-9848 security@wordfence.com
security@wordfence.com
 
Kubernetes–Image Builder
 
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time the image build was occurring. 2024-10-15 6.3 CVE-2024-9594 jordan@liggitt.net
jordan@liggitt.net
jordan@liggitt.net
 
leap13–Premium Addons for Elementor
 
The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the pa_dismiss_admin_notice AJAX action. This makes it possible for authenticated subscriber+ attackers to change arbitrary options with a restricted value of 1 on vulnerable WordPress sites. 2024-10-16 6.5 CVE-2021-4445 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Limb–WordPress Gallery Plugin Limb Image Gallery
 
Path Traversal: ‘…/…//’ vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. 2024-10-16 6.5 CVE-2024-49258 audit@patchstack.com
 
linux — linux_kernel
 
In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping – it is just a raw mapping of PFNs with no reference counting of a ‘struct page’. That’s all very much intentional, but it does mean that it’s easy to mess up the cleanup in case of errors. Yes, a failed mmap() will always eventually clean up any partial mappings, but without any explicit lifetime in the page table mapping itself, it’s very easy to do the error handling in the wrong order. In particular, it’s easy to mistakenly free the physical backing store before the page tables are actually cleaned up and (temporarily) have stale dangling PTE entries. To make this situation less error-prone, just make sure that any partial pfn mapping is torn down early, before any other error handling. 2024-10-15 5.5 CVE-2024-47674 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
lolitaframework–Branding
 
The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-18 6.4 CVE-2024-9452 security@wordfence.com
security@wordfence.com
 
LOOS,Inc.–Arkhe Blocks
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.23.0. 2024-10-17 6.5 CVE-2024-49261 audit@patchstack.com
 
madrasthemes–MAS Companies For WP Job Manager
 
The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.13. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-18 6.1 CVE-2024-9206 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
MadrasThemes–MAS Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in MadrasThemes MAS Elementor allows DOM-Based XSS.This issue affects MAS Elementor: from n/a through 1.1.6. 2024-10-18 6.5 CVE-2024-49233 audit@patchstack.com
 
Martin Gibson–IdeaPush
 
Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson IdeaPush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through 8.69. 2024-10-20 4.3 CVE-2024-49275 audit@patchstack.com
 
maxfoundry–WordPress Social Share Buttons
 
The WordPress Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-19 6.1 CVE-2024-9219 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Md Abdul Kader–Easy Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Md Abdul Kader Easy Addons for Elementor allows Stored XSS.This issue affects Easy Addons for Elementor: from n/a through 1.3.0. 2024-10-20 6.5 CVE-2024-49631 audit@patchstack.com
 
Michael Tran–Table of Contents Plus
 
Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through 2408. 2024-10-20 4.3 CVE-2024-49250 audit@patchstack.com
 
Microchip–RN4870
 
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked. 2024-10-16 4.3 CVE-2024-29155 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
 
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability 2024-10-17 5.4 CVE-2024-43580 secure@microsoft.com
 
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 2024-10-18 5.3 CVE-2024-49023 secure@microsoft.com
 
Microsoft–Microsoft Edge (Chromium-based)
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability 2024-10-18 4.3 CVE-2024-43577 secure@microsoft.com
 
Mighty Plugins–Mighty Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Mighty Plugins Mighty Builder allows Stored XSS.This issue affects Mighty Builder: from n/a through 1.0.2. 2024-10-20 6.5 CVE-2024-48049 audit@patchstack.com
 
mikexstudios–Xcomic
 
A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.3 is able to address this issue. The patch is named 6ed8e3cc336e29f09c7e791863d0559939da98bf. It is recommended to upgrade the affected component. 2024-10-17 5.6 CVE-2005-10003 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
MitraStar–GPT-2541GNAC
 
A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly. 2024-10-15 4.7 CVE-2024-9977 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Mitsubishi Electric Corporation–Mitsubishi Electric CNC M800V Series M800VW
 
Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop. 2024-10-17 5.9 CVE-2024-7316 Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
 
morceaudebois–Debrandify Remove or Replace WordPress Branding
 
The Debrandify · Remove or Replace WordPress Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-18 6.4 CVE-2024-9674 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Moxa–MXsecurity Series
 
The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource. 2024-10-18 5.3 CVE-2024-4739 psirt@moxa.com
 
n/a–CoinGate Plugin
 
A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. The manipulation leads to business logic errors. The attack may be launched remotely. Upgrading to version 1.2.8 is able to address this issue. The patch is identified as 0a3097db0aec7c5d66686c142c6abaa1e126ca16. It is recommended to upgrade the affected component. 2024-10-17 4.3 CVE-2018-25104 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
n/a–n/a
 
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system. 2024-10-15 6.6 CVE-2023-31493 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the `warp://action/docker/open_subshell` intent that when clicked by the victim results in command execution on the victim’s machine. 2024-10-14 6.6 CVE-2024-41997 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere v3.4.1 and v4.1.1 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks. 2024-10-14 6.5 CVE-2024-46528 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. 2024-10-16 6.1 CVE-2024-46605 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the “Opportunities” module. An attacker can inject malicious JavaScript code into the “Name” field when creating a list. 2024-10-14 6.5 CVE-2024-48120 cve@mitre.org
 
n/a–n/a
 
A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter. 2024-10-15 6.6 CVE-2024-48622 cve@mitre.org
 
n/a–n/a
 
In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. 2024-10-15 6.5 CVE-2024-48710 cve@mitre.org
 
n/a–n/a
 
In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. 2024-10-15 6.5 CVE-2024-48712 cve@mitre.org
 
n/a–n/a
 
In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. 2024-10-15 6.5 CVE-2024-48713 cve@mitre.org
 
n/a–n/a
 
In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. 2024-10-15 6.5 CVE-2024-48714 cve@mitre.org
 
n/a–n/a
 
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via “searchinput” POST request parameter. 2024-10-16 6.1 CVE-2024-48744 cve@mitre.org
 
n/a–n/a
 
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code 2024-10-16 6.1 CVE-2024-48758 cve@mitre.org
 
n/a–n/a
 
Cross Site Scripting vulnerability in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php component. 2024-10-14 6.1 CVE-2024-48821 cve@mitre.org
 
n/a–n/a
 
Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. 2024-10-17 5.6 CVE-2023-39593 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. 2024-10-17 5.7 CVE-2024-27766 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts. 2024-10-16 5.3 CVE-2024-44762 cve@mitre.org
 
n/a–n/a
 
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. 2024-10-16 5.4 CVE-2024-46606 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML. 2024-10-14 5.4 CVE-2024-48119 cve@mitre.org
 
n/a–n/a
 
Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php. 2024-10-15 5.5 CVE-2024-48278 cve@mitre.org
 
n/a–n/a
 
In queueindex.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS). 2024-10-15 5.3 CVE-2024-48623 cve@mitre.org
 
n/a–n/a
 
In segmentsedit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability. 2024-10-15 5.3 CVE-2024-48624 cve@mitre.org
 
n/a–n/a
 
An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-14 5.3 CVE-2024-48790 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-14 5.9 CVE-2024-48793 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 2.00.02 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-14 5.3 CVE-2024-48795 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality. 2024-10-14 5.3 CVE-2024-49214 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Code bypass through Electromagnetic Fault Injection allows an attacker to successfully authenticate and write to the RPMB (Replay Protected Memory Block) area without possessing secret information. 2024-10-15 4.9 CVE-2024-31955 cve@mitre.org
 
n/a–n/a
 
An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal. 2024-10-16 4.9 CVE-2024-46212 cve@mitre.org
 
nayon46–Unlimited Addon For Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in nayon46 Unlimited Addon For Elementor allows Stored XSS.This issue affects Unlimited Addon For Elementor: from n/a through 2.0.0. 2024-10-16 6.5 CVE-2024-49267 audit@patchstack.com
 
netgear — ex3700_firmware
 
Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. 2024-10-14 6.8 CVE-2024-35519 cve@mitre.org
 
netgear — ex6120_firmware
 
Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. 2024-10-14 6.8 CVE-2024-35518 cve@mitre.org
 
netgear — r7000_firmware
 
Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. 2024-10-14 6.8 CVE-2024-35520 cve@mitre.org
 
newtype — webeip
 
NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer maintained. It is recommended to upgrade to the new product. 2024-10-15 5.4 CVE-2024-9969 twcert@cert.org.tw
twcert@cert.org.tw
 
nextscripts–NextScripts: Social Networks Auto-Poster
 
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user. 2024-10-16 5 CVE-2020-36831 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
NicheAddons–Events Addon for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Events Addon for Elementor allows Stored XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.0. 2024-10-17 6.5 CVE-2024-49264 audit@patchstack.com
 
NicheAddons–Primary Addon for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.8. 2024-10-17 6.5 CVE-2024-49259 audit@patchstack.com
 
nik00726–Photo Gallery Slideshow & Masonry Tiled Gallery
 
The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-10-19 4.9 CVE-2019-25218 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
nik00726–Video Grid
 
The Video Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-16 6.1 CVE-2023-7295 security@wordfence.com
security@wordfence.com
 
NinjaTeam–Click to Chat WP Support All-in-One Floating Widget
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NinjaTeam Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.3. 2024-10-17 6.5 CVE-2024-49281 audit@patchstack.com
 
ninjateam–Click to Chat WP Support All-in-One Floating Widget
 
The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-18 6.4 CVE-2024-10055 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
nintechnet–NinjaFirewall (WP Edition) Advanced Security Plugin and Firewall
 
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall). 2024-10-16 6.6 CVE-2021-4451 security@wordfence.com
security@wordfence.com
 
Noor Alam–WordPress Image SEO
 
Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n/a through 1.1.4. 2024-10-20 4.3 CVE-2024-49627 audit@patchstack.com
 
NVIDIA–NeMo
 
NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering. 2024-10-15 6.3 CVE-2024-0129 psirt@nvidia.com
 
OISF–suricata
 
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This issue has been addressed in 7.0.7. 2024-10-16 5.3 CVE-2024-45796 security-advisories@github.com
security-advisories@github.com
 
Oliver Schlbe–Admin Management Xtended
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Oliver Schlöbe Admin Management Xtended allows Stored XSS.This issue affects Admin Management Xtended: from n/a through 2.4.6. 2024-10-17 6.5 CVE-2024-49307 audit@patchstack.com
 
omnipressteam–Omnipress
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in omnipressteam Omnipress allows Stored XSS.This issue affects Omnipress: from n/a through 1.4.3. 2024-10-17 6.5 CVE-2024-49278 audit@patchstack.com
 
opajaap–WP Photo Album Plus
 
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wppa-tab’ parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-17 6.1 CVE-2024-9951 security@wordfence.com
security@wordfence.com
 
oracle — fusion_middleware
 
Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 2024-10-15 6.5 CVE-2024-21205 secalert_us@oracle.com
 
oracle — fusion_middleware
 
Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). 2024-10-15 4.4 CVE-2024-21192 secalert_us@oracle.com
 
oracle — graalvm
 
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). 2024-10-15 4.8 CVE-2024-21235 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 6.5 CVE-2024-21196 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 6.5 CVE-2024-21230 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 5.3 CVE-2024-21238 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 4.9 CVE-2024-21193 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 4.9 CVE-2024-21194 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 4.9 CVE-2024-21197 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 4.9 CVE-2024-21198 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 4.9 CVE-2024-21199 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 4.9 CVE-2024-21200 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 4.9 CVE-2024-21201 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 4.9 CVE-2024-21203 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.4.0 and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 4.9 CVE-2024-21204 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38 and prior, 8.4.1 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 4.9 CVE-2024-21207 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Health Monitor). Supported versions that are affected are 8.0.39 and prior and 8.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 4.4 CVE-2024-21212 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H). 2024-10-15 4.2 CVE-2024-21213 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 4.9 CVE-2024-21218 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 4.9 CVE-2024-21219 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 4.9 CVE-2024-21236 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 4.9 CVE-2024-21239 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-10-15 4.9 CVE-2024-21241 secalert_us@oracle.com
 
oracle — peoplesoft_enterprise_people_tools
 
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). 2024-10-15 6.1 CVE-2024-21202 secalert_us@oracle.com
 
oracle — vm_virtualbox
 
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H). 2024-10-15 6.1 CVE-2024-21263 secalert_us@oracle.com
 
oracle — vm_virtualbox
 
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). 2024-10-15 6 CVE-2024-21273 secalert_us@oracle.com
 
oracle — vm_virtualbox
 
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L). 2024-10-15 5.3 CVE-2024-21248 secalert_us@oracle.com
 
Oracle Corporation–MySQL Connectors
 
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). 2024-10-15 6.5 CVE-2024-21262 secalert_us@oracle.com
 
Oracle Corporation–Oracle Application Express
 
Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. While the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N). 2024-10-15 4.9 CVE-2024-21261 secalert_us@oracle.com
 
Oracle Corporation–Oracle Banking Liquidity Management
 
Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.7.0.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Liquidity Management accessible data as well as unauthorized read access to a subset of Oracle Banking Liquidity Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L). 2024-10-15 5.3 CVE-2024-21281 secalert_us@oracle.com
 
Oracle Corporation–Oracle Database Server
 
Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Core accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). 2024-10-15 4.3 CVE-2024-21233 secalert_us@oracle.com
 
Oracle Corporation–Oracle Enterprise Command Center Framework
 
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are ECC:11-13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). 2024-10-15 4.3 CVE-2024-21206 secalert_us@oracle.com
 
Oracle Corporation–Oracle Installed Base
 
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). 2024-10-15 5.3 CVE-2024-21258 secalert_us@oracle.com
 
Oracle Corporation–PeopleSoft Enterprise CC Common Application Objects
 
Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). 2024-10-15 5.4 CVE-2024-21264 secalert_us@oracle.com
 
Oracle Corporation–PeopleSoft Enterprise ELM Enterprise Learning Management
 
Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management product of Oracle PeopleSoft (component: Enterprise Learning Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise ELM Enterprise Learning Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise ELM Enterprise Learning Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). 2024-10-15 5.4 CVE-2024-21286 secalert_us@oracle.com
 
Oracle Corporation–PeopleSoft Enterprise FIN Expenses
 
Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Expenses. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FIN Expenses accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). 2024-10-15 4.3 CVE-2024-21249 secalert_us@oracle.com
 
oretnom23 — online_eyewear_shop
 
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=system_info/contact_info of the component Contact Information Page. The manipulation of the argument Address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. 2024-10-15 4.8 CVE-2024-9952 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
parcelpro–Parcel Pro
 
The Parcel Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘action’ parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-18 6.1 CVE-2024-9383 security@wordfence.com
security@wordfence.com
 
paretodigital–YASR Yet Another Star Rating Plugin for WordPress
 
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. 2024-10-16 6.3 CVE-2022-4974 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Partnerships at Booking.com–Booking.com Banner Creator
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Partnerships at Booking.Com Booking.Com Banner Creator allows Stored XSS.This issue affects Booking.Com Banner Creator: from n/a through 1.4.6. 2024-10-16 6.5 CVE-2024-49265 audit@patchstack.com
 
paulirish-1–Infinite-Scroll
 
The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_ajax_edit and process_ajax_delete function. This makes it possible for unauthenticated attackers to make changes to plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-10-18 5.3 CVE-2024-10040 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
paytium — paytium
 
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to create a mollie payment profile. 2024-10-16 6.5 CVE-2023-7294 security@wordfence.com
security@wordfence.com
 
paytium — paytium
 
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to cancel a subscription to the plugin. 2024-10-16 5.4 CVE-2023-7287 security@wordfence.com
security@wordfence.com
 
paytium — paytium
 
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin settings. 2024-10-16 4.3 CVE-2023-7288 security@wordfence.com
security@wordfence.com
 
paytium — paytium
 
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin API keys. 2024-10-16 4.3 CVE-2023-7289 security@wordfence.com
security@wordfence.com
 
paytium — paytium
 
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to check profile statuses. 2024-10-16 4.3 CVE-2023-7290 security@wordfence.com
security@wordfence.com
 
paytium — paytium
 
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to dismiss admin notices. 2024-10-16 4.3 CVE-2023-7292 security@wordfence.com
security@wordfence.com
 
paytium — paytium
 
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to verify the existence of a mollie account. 2024-10-16 4.3 CVE-2023-7293 security@wordfence.com
security@wordfence.com
 
peepso–Community by PeepSo Social Network, Membership, Registration, User Profiles, Premium Mobile App
 
The Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments, and profiles when Markdown support is enabled in all versions up to, and including, 6.4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-16 5.4 CVE-2024-9873 security@wordfence.com
security@wordfence.com
 
Pepro Dev. Group–PeproDev Ultimate Invoice
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice allows Stored XSS.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.6. 2024-10-17 6.5 CVE-2024-49298 audit@patchstack.com
 
persianscript– Persian WooCommerce SMS
 
The ?????? ????? ??????? Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-17 6.1 CVE-2024-9213 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Peter CyClop–WordPress Video
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Peter CyClop WordPress Video allows Stored XSS.This issue affects WordPress Video: from n/a through 1.0. 2024-10-18 6.5 CVE-2024-49231 audit@patchstack.com
 
PHPGurukul–Boat Booking System
 
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument nopeople leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-19 6.3 CVE-2024-10153 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
PHPGurukul–Boat Booking System
 
A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file status.php of the component Check Booking Status Page. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-19 6.3 CVE-2024-10154 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
PHPGurukul–Boat Booking System
 
A vulnerability, which was classified as critical, has been found in PHPGurukul Boat Booking System 1.0. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php of the component BW Dates Report Page. The manipulation of the argument fdate/tdate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “fdate” to be affected. But it must be assumed “tdate” is affected as well. 2024-10-20 6.3 CVE-2024-10160 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
PHPGurukul–Boat Booking System
 
A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-20 6.3 CVE-2024-10161 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
PHPGurukul–Boat Booking System
 
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-subadmin.php of the component Edit Subdomain Details Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “mobilenumber” to be affected. But it must be assumed that other parameters are affected as well. 2024-10-20 6.3 CVE-2024-10162 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
PHPGurukul–Boat Booking System
 
A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0. Affected is the function session_start. The manipulation leads to session fixiation. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-19 4.3 CVE-2024-10158 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
PINPOINT.WORLD–Pinpoint Booking System
 
Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1. 2024-10-17 5.4 CVE-2024-49304 audit@patchstack.com
 
plainware–Locatoraid Store Locator
 
The Locatoraid Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST keys in all versions up to, and including, 3.9.47 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-16 6.1 CVE-2024-9652 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
podpirate–ACF Quick Edit Fields
 
The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users capability to access metadata of other users, this includes contributor-level users and above. 2024-10-16 6.5 CVE-2023-7286 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Portfoliohub–WordPress Portfolio Builder Portfolio Gallery
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7. 2024-10-17 6.5 CVE-2024-49302 audit@patchstack.com
 
prasidhda–Woo Manage Fraud Orders
 
The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 6.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-16 6.1 CVE-2024-9937 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
PressTigers–Simple Testimonials Showcase
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in PressTigers Simple Testimonials Showcase.This issue affects Simple Testimonials Showcase: from n/a through 1.1.6. 2024-10-17 5.9 CVE-2024-49295 audit@patchstack.com
 
quantizor — markdown-to-jsx
 
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown. 2024-10-15 6.1 CVE-2024-21535 report@snyk.io
report@snyk.io
 
quomodosoft–ElementsReady Addons for Elementor
 
The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-16 6.4 CVE-2024-9444 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Razon Komar Pal–Linked Variation for WooCommerce
 
Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Linked Variation for WooCommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through 1.0.5. 2024-10-17 4.3 CVE-2024-48047 audit@patchstack.com
 
Red Hat–OpenShift Developer Tools and Services
 
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`–userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host. 2024-10-15 6.5 CVE-2024-9676 secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
 
Red Hat–Red Hat Ansible Automation Platform 2
 
A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the “?next=” in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data. 2024-10-16 5.4 CVE-2024-10033 secalert@redhat.com
secalert@redhat.com
 
Red Hat–Red Hat Ansible Automation Platform 2
 
A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references. 2024-10-15 5.3 CVE-2024-9979 secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
 
Red Hat–Red Hat Quay 3
 
A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement.  While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future. 2024-10-17 4.8 CVE-2024-9683 secalert@redhat.com
secalert@redhat.com
 
RITTAL GmbH & Co. KG–IoT Interface & CMC III Processing Unit
 
The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function. 2024-10-15 6.8 CVE-2024-47944 551230f0-3615-47bd-b7cc-93e92e730bbf
551230f0-3615-47bd-b7cc-93e92e730bbf
 
sajjad67–Advanced Category and Custom Taxonomy Image
 
The Advanced Category and Custom Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ad_tax_image shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-18 6.4 CVE-2024-9425 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
shaonsina–Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
 
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data. 2024-10-16 4.3 CVE-2024-9540 security@wordfence.com
security@wordfence.com
 
Sinan Yorulmaz–G Meta Keywords
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Sinan Yorulmaz G Meta Keywords allows Stored XSS.This issue affects G Meta Keywords: from n/a through 1.4. 2024-10-17 6.5 CVE-2024-49301 audit@patchstack.com
 
SKT Themes–SKT Blocks Gutenberg based Page Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in SKT Themes SKT Blocks – Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.6. 2024-10-17 6.5 CVE-2024-48036 audit@patchstack.com
 
smackcoders–SendGrid for WordPress
 
The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘wp_mailplus_clear_logs’ function in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin’s log files. 2024-10-18 4.3 CVE-2024-9364 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
SolarWinds–Kiwi CatTools
 
SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes. 2024-10-17 5.1 CVE-2024-45713 psirt@solarwinds.com
 
SolarWinds–Serv-U
 
Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. 2024-10-16 4.8 CVE-2024-45714 psirt@solarwinds.com
 
SourceCodester–Sentiment Based Movie Rating System
 
A vulnerability was found in SourceCodester Sentiment Based Movie Rating System 1.0. It has been classified as critical. Affected is an unknown function of the file /msrps/movie_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure mentions a slightly changed product name. 2024-10-20 6.3 CVE-2024-10163 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
splunk — splunk
 
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the “admin” or “power” Splunk roles could run a search as the “nobody” Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data. 2024-10-14 6.5 CVE-2024-45732 prodsec@splunk.com
prodsec@splunk.com
 
splunk — splunk
 
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft a search query with an improperly formatted “INGEST_EVAL” parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd). 2024-10-14 6.5 CVE-2024-45736 prodsec@splunk.com
prodsec@splunk.com
 
splunk — splunk
 
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user. 2024-10-14 5.4 CVE-2024-45740 prodsec@splunk.com
prodsec@splunk.com
 
splunk — splunk
 
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the “admin” or “power” Splunk roles could create a malicious payload through a custom configuration file that the “api.uri” parameter from the “/manager/search/apps/local” endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user. 2024-10-14 5.4 CVE-2024-45741 prodsec@splunk.com
prodsec@splunk.com
 
splunk — splunk
 
In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the “admin” or “power” Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard. 2024-10-14 4.3 CVE-2024-45734 prodsec@splunk.com
prodsec@splunk.com
 
splunk — splunk
 
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the “admin” or “power” Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App. 2024-10-14 4.3 CVE-2024-45735 prodsec@splunk.com
prodsec@splunk.com
 
splunk — splunk
 
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level. 2024-10-14 4.9 CVE-2024-45738 prodsec@splunk.com
prodsec@splunk.com
 
splunk — splunk
 
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level. 2024-10-14 4.9 CVE-2024-45739 prodsec@splunk.com
prodsec@splunk.com
 
strategy11team–Formidable Forms Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
 
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form. 2024-10-16 5.3 CVE-2017-20194 security@wordfence.com
security@wordfence.com
 
Streamline.lv–CartBounty Save and recover abandoned carts for WooCommerce
 
Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty – Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a through 8.2. 2024-10-20 6.5 CVE-2024-47634 audit@patchstack.com
 
streamweasels–StreamWeasels Twitch Integration
 
The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-19 6.4 CVE-2024-9897 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
sukiwp–Suki Sites Import
 
The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-18 6.4 CVE-2024-8916 security@wordfence.com
security@wordfence.com
 
Sumit Surai–Featured Posts with Multiple Custom Groups (FPMCG)
 
Cross-Site Request Forgery (CSRF) vulnerability in Sumit Surai Featured Posts with Multiple Custom Groups (FPMCG) allows Cross Site Request Forgery.This issue affects Featured Posts with Multiple Custom Groups (FPMCG): from n/a through 4.0. 2024-10-17 6.5 CVE-2024-48031 audit@patchstack.com
 
Supsystic–Contact Form by Supsystic
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Supsystic Contact Form by Supsystic allows Stored XSS.This issue affects Contact Form by Supsystic: from n/a through 1.7.28. 2024-10-17 5.9 CVE-2024-48046 audit@patchstack.com
 
SUSE–rancher
 
A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. 2024-10-16 6.6 CVE-2023-32196 meissner@suse.de
meissner@suse.de
 
SUSE–rancher
 
A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled. When reconciling, the Kube API secret values are written in plaintext on the AppliedSpec. Cluster owners, Cluster members, and Project members (for projects within the cluster), all have RBAC permissions to view the cluster object from the apiserver. 2024-10-16 6.5 CVE-2024-22032 meissner@suse.de
meissner@suse.de
 
SUSE–SUSE Linux Enterprise Desktop 15 SP5
 
Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim 2024-10-16 5.5 CVE-2024-22034 meissner@suse.de
 
SUSE–SUSE Manager Server Module 4.3
 
Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys 2024-10-16 5.9 CVE-2023-32189 meissner@suse.de
 
SUSE–SUSE Package Hub 15 SP5
 
The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps 2024-10-16 6.3 CVE-2024-22033 meissner@suse.de
 
Swebdeveloper–wpPricing Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Swebdeveloper wpPricing Builder allows Stored XSS.This issue affects wpPricing Builder: from n/a through 1.5.0. 2024-10-18 6.5 CVE-2024-49225 audit@patchstack.com
 
SysBasics–Shortcode For Elementor Templates
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in SysBasics Shortcode For Elementor Templates allows Stored XSS.This issue affects Shortcode For Elementor Templates: from n/a through 1.0.0. 2024-10-17 6.5 CVE-2024-48022 audit@patchstack.com
 
Tady Walsh–Tito
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Tady Walsh Tito allows DOM-Based XSS.This issue affects Tito: from n/a through 2.3. 2024-10-18 6.5 CVE-2024-49241 audit@patchstack.com
 
Takashi Matsuyama–My Favorites
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Takashi Matsuyama My Favorites allows Stored XSS.This issue affects My Favorites: from n/a through 1.4.1. 2024-10-17 6.5 CVE-2024-49263 audit@patchstack.com
 
teamplus technology–team+
 
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them. 2024-10-14 4.9 CVE-2024-9923 twcert@cert.org.tw
twcert@cert.org.tw
 
Tecno–4G Portable WiFi TR118
 
A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-20 4.7 CVE-2024-10195 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Teplitsa of social technologies–Leyka
 
: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.6. 2024-10-16 5.3 CVE-2024-49252 audit@patchstack.com
 
thecatkin–ReDi Restaurant Reservation
 
The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 24.0902. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-17 6.1 CVE-2024-9240 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
thehowarde–Parallax Image
 
The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-17 6.4 CVE-2024-9898 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
themeid–Elemenda
 
The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-18 6.4 CVE-2024-9373 security@wordfence.com
security@wordfence.com
 
themeinwp–Social Share With Floating Bar
 
The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-18 6.1 CVE-2024-8790 security@wordfence.com
security@wordfence.com
 
Themesflat–Themesflat Addons For Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.0. 2024-10-17 6.5 CVE-2024-49310 audit@patchstack.com
 
themeworm–Plexx Elementor Extension
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in themeworm Plexx Elementor Extension allows Stored XSS.This issue affects Plexx Elementor Extension: from n/a through 1.3.4. 2024-10-18 6.5 CVE-2024-49234 audit@patchstack.com
 
Thimo Grauerholz–WP-Spreadplugin
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Thimo Grauerholz WP-Spreadplugin allows Stored XSS.This issue affects WP-Spreadplugin: from n/a through 4.8.9. 2024-10-16 5.9 CVE-2024-49266 audit@patchstack.com
 
tiandi–Flat UI Button
 
The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-18 6.4 CVE-2024-10014 security@wordfence.com
security@wordfence.com
 
TipTopPress–Hyperlink Group Block
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in TipTopPress Hyperlink Group Block allows Stored XSS.This issue affects Hyperlink Group Block: from n/a through 1.17.5. 2024-10-17 6.5 CVE-2024-49279 audit@patchstack.com
 
tkama–Kama SpamBlock
 
The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST values in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-16 6.1 CVE-2024-9647 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Tophive–Ultimate AI
 
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated value check in the ‘ultimate_ai_change_pass’ function. This makes it possible for unauthenticated attackers to reset the password of the first user, whose account is not yet activated or the first user who activated their account, who are subscribers. 2024-10-16 5.6 CVE-2024-9104 security@wordfence.com
security@wordfence.com
 
tychesoftwares–Arconix Shortcodes
 
The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘button’ shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-18 6.4 CVE-2024-9703 security@wordfence.com
security@wordfence.com
 
vercel–next.js
 
Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned. 2024-10-14 5.9 CVE-2024-47831 security-advisories@github.com
security-advisories@github.com
 
VillaTheme–Email Template Customizer for WooCommerce
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through 1.2.5. 2024-10-17 5.9 CVE-2024-49288 audit@patchstack.com
 
vladolaru–Fonto Custom Web Fonts Manager
 
The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-17 6.4 CVE-2024-8920 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
WAVLINK–WN530H4
 
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-20 4.7 CVE-2024-10193 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Weblizar–Lightbox slider Responsive Lightbox Gallery
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Weblizar Lightbox slider – Responsive Lightbox Gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n/a through 1.10.0. 2024-10-17 6.5 CVE-2024-49280 audit@patchstack.com
 
wepic–Country Flags for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in wepic Country Flags for Elementor allows Stored XSS.This issue affects Country Flags for Elementor: from n/a through 1.0.1. 2024-10-17 6.5 CVE-2024-49262 audit@patchstack.com
 
WhileTrue–Most And Least Read Posts Widget
 
Cross-Site Request Forgery (CSRF) vulnerability in WhileTrue Most And Least Read Posts Widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.18. 2024-10-20 4.3 CVE-2024-49628 audit@patchstack.com
 
WisdmLabs–Edwiser Bridge
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WisdmLabs Edwiser Bridge allows Stored XSS.This issue affects Edwiser Bridge: from n/a through 3.0.7. 2024-10-17 6.5 CVE-2024-49311 audit@patchstack.com
 
WisdmLabs–Edwiser Bridge
 
Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.7. 2024-10-17 4.9 CVE-2024-49312 audit@patchstack.com
 
withastro–astro
 
The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting (XSS) in websites enables Astro’s client-side routing and has *stored* attacker-controlled scriptless HTML elements (i.e., `iframe` tags with unsanitized `name` attributes) on the destination pages. This vulnerability can result in cross-site scripting (XSS) attacks on websites that built with Astro that enable the client-side routing with `ViewTransitions` and store the user-inserted scriptless HTML tags without properly sanitizing the `name` attributes on the page. Version 4.16.1 contains a patch for this issue. 2024-10-14 5.9 CVE-2024-47885 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
woocommerce — woocommerce
 
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions. 2024-10-15 6.1 CVE-2024-9944 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
WooCommerce–Product Vendors
 
The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the ‘vendor_description’ parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-16 4.7 CVE-2017-20193 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
WooCommerce–WooCommerce Smart Coupons
 
The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to send themselves gift certificates of any value, which could be redeemed for products sold on the victim’s storefront. 2024-10-16 5.3 CVE-2020-36841 security@wordfence.com
security@wordfence.com
 
WordPress Foundation–WordPress
 
WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page. 2024-10-16 4.9 CVE-2022-4973 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
WP-buy–WP Content Copy Protection & No Right Click
 
Cross-Site Request Forgery (CSRF) vulnerability in WP-buy WP Content Copy Protection & No Right Click allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through 3.5.9. 2024-10-20 4.3 CVE-2024-49306 audit@patchstack.com
 
wp-slimstat — slimstat_analytics
 
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-15 6.1 CVE-2024-9548 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
wpdevteam–Essential Addons for Elementor Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
 
The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform many unauthorized actions such as changing settings and installing arbitrary plugins. 2024-10-16 6.3 CVE-2021-4446 security@wordfence.com
security@wordfence.com
 
wpdiscover–Photo Gallery Builder
 
Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions. 2024-10-20 4.3 CVE-2024-49325 audit@patchstack.com
 
wpextended–The Ultimate WordPress Toolkit WP Extended
 
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpext-export’ parameter in all versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-17 6.1 CVE-2024-9347 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
wpindeed–Indeed Membership Pro
 
The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 – 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subscriber, to perform a variety of actions such as modifying settings and viewing sensitive data. 2024-10-16 6.3 CVE-2020-36833 security@wordfence.com
security@wordfence.com
 
wpmudev–Forminator Forms Contact Form, Payment Form & Custom Form Builder
 
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the quiz ‘create_module’ function. This makes it possible for unauthenticated attackers to create draft quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-10-17 4.3 CVE-2024-9351 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
wpmudev–Forminator Forms Contact Form, Payment Form & Custom Form Builder
 
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the custom form ‘create_module’ function. This makes it possible for unauthenticated attackers to create draft forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-10-17 4.3 CVE-2024-9352 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
wproyal–Royal Elementor Addons and Templates
 
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected posts. 2024-10-17 4.3 CVE-2024-7417 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
wpvividplugins–Migration, Backup, Staging WPvivid
 
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site’s database due to missing capability checks on the wp_ajax_wpvivid_add_remote AJAX action that allows low-level authenticated attackers to send back-ups to a remote location of their choice for review. This affects versions up to, and including 0.9.35. 2024-10-16 4.9 CVE-2020-36835 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
WPWeb–Social Auto Poster
 
Cross-Site Request Forgery (CSRF) vulnerability in WPWeb Social Auto Poster allows Cross Site Request Forgery.This issue affects Social Auto Poster: from n/a through 5.3.15. 2024-10-20 4.3 CVE-2024-49272 audit@patchstack.com
 
wpzest–Easy Menu Manager | WPZest
 
The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-18 6.4 CVE-2024-9366 security@wordfence.com
security@wordfence.com
 
wpzita–Zita Elementor Site Library
 
The Zita Elementor Site Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-16 6.4 CVE-2024-8921 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
xplodedthemes — wpide
 
The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution results. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. 2024-10-15 5.3 CVE-2024-9546 security@wordfence.com
security@wordfence.com
 
zaytech — smart_online_order_for_clover
 
The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-15 5.4 CVE-2024-9895 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
zluck–Multiline files upload for contact form 7
 
The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugin_form_submission() function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate the plugin and send a custom reason from the site. 2024-10-16 4.3 CVE-2024-9891 security@wordfence.com
security@wordfence.com
security@wordfence.com
 

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source Info Patch Info
Admidio–admidio
 
Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue. 2024-10-16 3.5 CVE-2024-47836 security-advisories@github.com
 
authzed — spicedb
 
SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources2` and have caveats in the evaluation path for their requests can return a permissionship of `CONDITIONAL` with context marked as missing, even then the context was supplied. LookupResources2 is the new default in SpiceDB 1.37.0 and has been opt-in since SpiceDB 1.35.0. The bug is patched as part of SpiceDB 1.37.1. As a workaround, disable LookupResources2 via the `–enable-experimental-lookup-resources` flag by setting it to `false`. 2024-10-14 2.4 CVE-2024-48909 security-advisories@github.com
security-advisories@github.com
 
code-projects–Blood Bank System
 
A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /viewrequest.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-19 3.5 CVE-2024-10142 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Eclipse Foundation–Jetty
 
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. 2024-10-14 3.1 CVE-2024-6762 emo@eclipse.org
emo@eclipse.org
emo@eclipse.org
emo@eclipse.org
emo@eclipse.org
emo@eclipse.org
 
Eclipse Foundation–Jetty
 
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks. 2024-10-14 3.7 CVE-2024-6763 emo@eclipse.org
emo@eclipse.org
emo@eclipse.org
 
elabftw–elabftw
 
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to 5.1.5 allows an attacker to inject arbitrary HTML tags in the pages: “experiments.php” (show mode), “database.php” (show mode) or “search.php”. It works by providing HTML code in the extended search string, which will then be displayed back to the user in the error message. This means that injected HTML will appear in a red “alert/danger” box, and be part of an error message. Due to some other security measures, it is not possible to execute arbitrary javascript from this attack. As such, this attack is deemed low impact. Users should upgrade to at least version 5.1.5 to receive a patch. No known workarounds are available. 2024-10-14 3.5 CVE-2024-47826 security-advisories@github.com
security-advisories@github.com
 
jsbroks–COCO Annotator
 
A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRET_KEY leads to predictable from observable state. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. 2024-10-19 3.7 CVE-2024-10141 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
oracle — graalvm
 
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). 2024-10-15 3.7 CVE-2024-21217 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L). 2024-10-15 3.1 CVE-2024-21231 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data as well as unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). 2024-10-15 3.8 CVE-2024-21247 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N). 2024-10-15 2 CVE-2024-21209 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). 2024-10-15 2.2 CVE-2024-21232 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). 2024-10-15 2.2 CVE-2024-21237 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N). 2024-10-15 2.2 CVE-2024-21243 secalert_us@oracle.com
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N). 2024-10-15 2.2 CVE-2024-21244 secalert_us@oracle.com
 
oracle — vm_virtualbox
 
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). 2024-10-15 2.3 CVE-2024-21253 secalert_us@oracle.com
 
Oracle Corporation–GraalVM
 
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). 2024-10-15 3.7 CVE-2024-21211 secalert_us@oracle.com
 
Oracle Corporation–Oracle Database Server
 
Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via HTTP to compromise XML Database. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XML Database. CVSS 3.1 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). 2024-10-15 3.5 CVE-2024-21242 secalert_us@oracle.com
 
Oracle Corporation–Oracle Database Server
 
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). 2024-10-15 3.1 CVE-2024-21251 secalert_us@oracle.com
 
Oracle Corporation–Oracle Hyperion BI+
 
Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.18.0.000. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Hyperion BI+ executes to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hyperion BI+ accessible data. CVSS 3.1 Base Score 3.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N). 2024-10-15 3 CVE-2024-21257 secalert_us@oracle.com
 
Oracle Corporation–Oracle Java SE
 
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). 2024-10-15 3.7 CVE-2024-21208 secalert_us@oracle.com
 
Oracle Corporation–Oracle Java SE
 
Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). 2024-10-15 3.7 CVE-2024-21210 secalert_us@oracle.com
 
PHPGurukul–Boat Booking System
 
A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument phone_number leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-19 3.5 CVE-2024-10155 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
PHPGurukul–Boat Booking System
 
A vulnerability, which was classified as problematic, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/book-details.php of the component Booking Details Page. The manipulation of the argument Official Remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-20 3.5 CVE-2024-10191 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
PHPGurukul–IFSC Code Finder Project
 
A vulnerability has been found in PHPGurukul IFSC Code Finder Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file search.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-20 3.5 CVE-2024-10192 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
splunk — splunk
 
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the “admin” or “power” Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF). 2024-10-14 3.5 CVE-2024-45737 prodsec@splunk.com
prodsec@splunk.com
 
Topdata–Inner Rep Plus WebServer
 
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-18 2.7 CVE-2024-10122 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Topdata–Inner Rep Plus WebServer
 
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-18 2.7 CVE-2024-10128 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
VMware–Spring
 
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected. 2024-10-18 3.1 CVE-2024-38820 security@vmware.com
 
vue–vue
 
Improper regular expression in Vue’s parseHTML function leads to a potential regular expression denial of service vulnerability. 2024-10-15 3.7 CVE-2024-9506 36c7be3b-2937-45df-85ea-ca7133ea542c
 

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source Info Patch Info
Apache Software Foundation–Apache Roller
 
Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller’s CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4. Roller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue. Roller 6.1.4 release announcement:  https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw 2024-10-14 not yet calculated CVE-2024-46911 security@apache.org
 
AstroxNetwork–agent_dart
 
Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in `lib/agent/certificate.dart` does not occur properly. During the delegation verification in the `_checkDelegation` function, the canister_ranges aren’t verified. The impact of not checking the canister_ranges is that a subnet can sign canister responses in behalf of another subnet. The certificate’s timestamp, i.e /time path, is also not verified, meaning that the certificate effectively has no expiration time. Version 1.0.0-dev.29 implements appropriate certificate verification. 2024-10-15 not yet calculated CVE-2024-48915 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
binary-husky–binary-husky/gpt_academic
 
A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration values. 2024-10-17 not yet calculated CVE-2024-10100 security@huntr.dev
 
binary-husky–binary-husky/gpt_academic
 
A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payload in the victim’s browser when the file is accessed. This can result in the theft of session cookies or other sensitive information. 2024-10-17 not yet calculated CVE-2024-10101 security@huntr.dev
 
BItdefender–Total Security
 
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites. 2024-10-18 not yet calculated CVE-2023-6056 cve-requests@bitdefender.com
 
Bitdefender–Total Security
 
A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site’s certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate. 2024-10-18 not yet calculated CVE-2023-49567 cve-requests@bitdefender.com
 
Bitdefender–Total Security
 
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn’t authorized to issue certificates. This occurs when the “Basic Constraints” extension in the certificate indicates that it is meant to be an “End Entity”. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website. 2024-10-18 not yet calculated CVE-2023-49570 cve-requests@bitdefender.com
 
Bitdefender–Total Security
 
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the “Server Authentication” specification in the Extended Key Usage extension, the product does not verify the certificate’s compliance with the site, deeming such certificates as valid. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website. 2024-10-18 not yet calculated CVE-2023-6055 cve-requests@bitdefender.com
 
Bitdefender–Total Security
 
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate. 2024-10-18 not yet calculated CVE-2023-6057 cve-requests@bitdefender.com
 
Bitdefender–Total Security
 
A vulnerability has been identified in Bitdefender Safepay’s handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications. 2024-10-18 not yet calculated CVE-2023-6058 cve-requests@bitdefender.com
 
Checkmk GmbH–Checkmk
 
Insertion of Sensitive Information into Log File in Checkmk GmbH’s Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators. 2024-10-14 not yet calculated CVE-2024-38862 security@checkmk.com
 
Checkmk GmbH–Checkmk
 
Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH’s Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks. 2024-10-14 not yet calculated CVE-2024-38863 security@checkmk.com
 
comfyanonymous–comfyanonymous/comfyui
 
A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the `/api/upload/image` endpoint. The payload is executed when the file is viewed through the `/view` API endpoint, leading to potential execution of arbitrary JavaScript code. 2024-10-17 not yet calculated CVE-2024-10099 security@huntr.dev
 
Docker–Docker Desktop
 
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. 2024-10-16 not yet calculated CVE-2024-9348 security@docker.com
 
element-hq–element-desktop
 
Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets. 2024-10-15 not yet calculated CVE-2024-47771 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
element-hq–element-web
 
Element is a Matrix web client built using the Matrix React SDK .Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Note that despite superficial similarity to CVE-2024-47771, this is an entirely separate vulnerability, caused by a separate piece of code included only in Element Web. Element Web and Element Desktop share most but not all, of their code and this vulnerability exists in the part of the code base which is not shared between the projects. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets. 2024-10-15 not yet calculated CVE-2024-47779 security-advisories@github.com
security-advisories@github.com
 
Elvaco–M-Bus Metering Gateway CMe3100
 
The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information. 2024-10-17 not yet calculated CVE-2024-49396 ics-cert@hq.dhs.gov
 
Elvaco–M-Bus Metering Gateway CMe3100
 
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts. 2024-10-17 not yet calculated CVE-2024-49397 ics-cert@hq.dhs.gov
 
Elvaco–M-Bus Metering Gateway CMe3100
 
The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code. 2024-10-17 not yet calculated CVE-2024-49398 ics-cert@hq.dhs.gov
 
Elvaco–M-Bus Metering Gateway CMe3100
 
The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. 2024-10-17 not yet calculated CVE-2024-49399 ics-cert@hq.dhs.gov
 
encode–starlette
 
Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fields and cause Starlette to both slow down significantly due to excessive memory allocations and copy operations, and also consume more and more memory until the server starts swapping and grinds to a halt, or the OS terminates the server process with an OOM error. Uploading multiple such requests in parallel may be enough to render a service practically unusable, even if reasonable request size limits are enforced by a reverse proxy in front of Starlette. This Denial of service (DoS) vulnerability affects all applications built with Starlette (or FastAPI) accepting form requests. Verison 0.40.0 fixes this issue. 2024-10-15 not yet calculated CVE-2024-47874 security-advisories@github.com
security-advisories@github.com
 
Hewlett Packard Enterprise (HPE)–HPE OneView
 
This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users. 2024-10-18 not yet calculated CVE-2024-42508 security-alert@hpe.com
 
Hikvision–HikCentral Master Lite
 
There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file. 2024-10-18 not yet calculated CVE-2024-47485 hsrc@hikvision.com
 
Hikvision–HikCentral Master Lite
 
There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could inject scripts into certain pages by building malicious data. 2024-10-18 not yet calculated CVE-2024-47486 hsrc@hikvision.com
 
Hikvision–HikCentral Professional
 
There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries. 2024-10-18 not yet calculated CVE-2024-47487 hsrc@hikvision.com
 
infiniflow–infiniflow/ragflow
 
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input `req[‘llm_factory’]` and `req[‘llm_name’]` to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to potentially execute arbitrary code due to the lack of comprehensive input validation or sanitization. An attacker could provide a malicious value for ‘llm_factory’ that, when used as an index to these model dictionaries, results in the execution of arbitrary code. 2024-10-19 not yet calculated CVE-2024-10131 security@huntr.dev
 
Ivanti–Connect Secure
 
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution. 2024-10-18 not yet calculated CVE-2024-37404 support@hackerone.com
 
Ivanti–DSM
 
Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. 2024-10-18 not yet calculated CVE-2024-29213 support@hackerone.com
 
Ivanti–DSM
 
Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. 2024-10-18 not yet calculated CVE-2024-29821 support@hackerone.com
 
Kajitori Co.,Ltd–Exment
 
Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table. 2024-10-18 not yet calculated CVE-2024-46897 vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
 
Kajitori Co.,Ltd–Exment
 
Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser of the user. 2024-10-18 not yet calculated CVE-2024-47793 vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
 
Lakeside Software–SysTrack LsiAgent Installer
 
Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access. 2024-10-18 not yet calculated CVE-2023-6080 mandiant-cve@google.com
mandiant-cve@google.com
mandiant-cve@google.com
 
LCDS – Leo Consultoria e Desenvolvimento de Sistemas Ltda ME–LAquis SCADA
 
In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. This could allow an attacker to steal cookies, redirect users, or perform unauthorized actions. 2024-10-17 not yet calculated CVE-2024-9414 ics-cert@hq.dhs.gov
 
matrix-org–matrix-js-sdk
 
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061) and is commonly used to share historical message keys with newly invited users, granting them access to past messages in the room. However, it unconditionally sends these “shared” keys to all of the invited user’s devices, regardless of whether the user’s cryptographic identity is verified or whether the user’s devices are signed by that identity. This allows the attacker to potentially inject its own devices to receive sensitive historical keys without proper security checks. Note that this only affects clients running the SDK with the legacy crypto stack. Clients using the new Rust cryptography stack (i.e. those that call `MatrixClient.initRustCrypto()` instead of `MatrixClient.initCrypto()`) are unaffected by this vulnerability, because `MatrixClient.sendSharedHistoryKeys()` raises an exception in such environments. The vulnerability was fixed in matrix-js-sdk 34.8.0 by removing the vulnerable functionality. As a workaround, remove use of affected functionality from clients. 2024-10-15 not yet calculated CVE-2024-47080 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
matrix-org–matrix-react-sdk
 
matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that room, via injection of a malicious device controlled by the homeserver. This is possible because matrix-react-sdk before 3.102.0 shared historical message keys on invite. Version 3.102.0 fixes this issue by disabling sharing message keys on invite by removing calls to the vulnerable functionality. No known workarounds are available. 2024-10-15 not yet calculated CVE-2024-47824 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
MessagePack-CSharp–MessagePack-CSharp
 
### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialized. This is similar to [a prior advisory](https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf), which provided an inadequate fix for the hash collision part of the vulnerability. ### Patches The following steps are required to mitigate this risk. 1. Upgrade to a version of the library where a fix is available. 1. Review the steps in [this previous advisory](https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf) to ensure you have your application configured for untrusted data. ### Workarounds If upgrading MessagePack to a patched version is not an option for you, you may apply a manual workaround as follows: 1. Declare a class that derives from `MessagePackSecurity`. 2. Override the `GetHashCollisionResistantEqualityComparer<T>` method to provide a collision-resistant hash function of your own and avoid calling `base.GetHashCollisionResistantEqualityComparer<T>()`. 3. Configure a `MessagePackSerializerOptions` with an instance of your derived type by calling `WithSecurity` on an existing options object. 4. Use your custom options object for all deserialization operations. This may be by setting the `MessagePackSerializer.DefaultOptions` static property, if you call methods that rely on this default property, and/or by passing in the options object explicitly to any `Deserialize` method. ### References – Learn more about best security practices when reading untrusted data with [MessagePack 1.x](https://github.com/MessagePack-CSharp/MessagePack-CSharp/tree/v1.x#security) or [MessagePack 2.x](https://github.com/MessagePack-CSharp/MessagePack-CSharp#security). – The .NET team’s [discussion on hash collision vulnerabilities of their `HashCode` struct](https://github.com/GrabYourPitchforks/runtime/blob/threat_models/docs/design/security/System.HashCode.md). ### For more information If you have any questions or comments about this advisory: * [Start a public discussion](https://github.com/MessagePack-CSharp/MessagePack-CSharp/discussions) * [Email us privately](mailto:andrewarnott@live.com) 2024-10-17 not yet calculated CVE-2024-48924 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
Meta–Tacquito
 
Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That would have potentially allowed unauthorized commands to be executed. 2024-10-17 not yet calculated CVE-2024-49400 cve-assign@fb.com
 
Mozilla–Firefox
 
When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3. 2024-10-14 not yet calculated CVE-2024-9936 security@mozilla.org
security@mozilla.org
 
n/a–n/a
 
The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem. 2024-10-15 not yet calculated CVE-2024-44337 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution. 2024-10-18 not yet calculated CVE-2024-45944 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component. 2024-10-15 not yet calculated CVE-2024-48783 cve@mitre.org
 
n/a–n/a
 
The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve’s base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid. 2024-10-15 not yet calculated CVE-2024-48948 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields before 6.3.6.3 (plugins for WordPress), using the Field Group editor to edit one of the plugin’s fields can result in execution of a stored XSS payload. NOTE: if you wish to use the WP Engine alternative update mechanism for the free version of ACF, then you can follow the process shown at the advancedcustomfields.com blog URL within the References section below. 2024-10-17 not yet calculated CVE-2024-49593 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
Nokia–SR OS (7250 IXR, 7450 ESS, 7750 SR, 7950 IXR, VSR), 7705 SAR OS, 7210 SAS OS
 
Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content. 2024-10-17 not yet calculated CVE-2023-6728 b48c3b8f-639e-4c16-8725-497bc411dad0
 
OpenSSL–OpenSSL
 
Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we’re aware of, either only “named curves” are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can’t represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an “exotic” curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with “exotic” explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. 2024-10-16 not yet calculated CVE-2024-9143 openssl-security@openssl.org
openssl-security@openssl.org
openssl-security@openssl.org
openssl-security@openssl.org
openssl-security@openssl.org
openssl-security@openssl.org
openssl-security@openssl.org
 
OpenText–Application Lifecycle Management (ALM),Quality Center
 
Untrusted Search Path vulnerability in OpenTextâ„¢ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation.   This issue affects Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1. 2024-10-16 not yet calculated CVE-2023-32266 security@opentext.com
 
OpenText–OpenText Application Automation Tools
 
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. 2024-10-16 not yet calculated CVE-2024-4184 security@opentext.com
 
OpenText–OpenText Application Automation Tools
 
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. 2024-10-16 not yet calculated CVE-2024-4189 security@opentext.com
 
OpenText–OpenText Application Automation Tools
 
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks – ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Application Automation Tools: 24.1.0 and below. 2024-10-16 not yet calculated CVE-2024-4211 security@opentext.com
 
OpenText–OpenText Application Automation Tools
 
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. 2024-10-16 not yet calculated CVE-2024-4690 security@opentext.com
 
OpenText–OpenText Application Automation Tools
 
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks – Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names. This issue affects OpenText Application Automation Tools: 24.1.0 and below. 2024-10-16 not yet calculated CVE-2024-4692 security@opentext.com
 
rails–rails
 
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to version 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may use Ruby 3.2 as a workaround. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected. 2024-10-16 not yet calculated CVE-2024-41128 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
rails–rails
 
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller’s HTTP Token authentication. For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may choose to use Ruby 3.2 as a workaround.Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected. 2024-10-16 not yet calculated CVE-2024-47887 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
rails–rails
 
Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Carefully crafted text can cause the `plain_text_for_blockquote_node` helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. As a workaround, users can avoid calling `plain_text_for_blockquote_node` or upgrade to Ruby 3.2. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected. 2024-10-16 not yet calculated CVE-2024-47888 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
rails–rails
 
Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. As a workaround, users can avoid calling the `block_format` helper or upgrade to Ruby 3.2. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected. 2024-10-16 not yet calculated CVE-2024-47889 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
RDSaiPlatforms–RDSlight
 
RDS Light is a simplified version of the Reflective Dialogue System (RDS), a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation within the RDS AI framework, specifically within the user input handling code in the main module (`main.py`). This leaves the framework open to injection attacks and potential memory tampering. Any user or external actor providing input to the system could exploit this vulnerability to inject malicious commands, corrupt stored data, or affect API calls. This is particularly critical for users employing RDS AI in production environments where it interacts with sensitive systems, performs dynamic memory caching, or retrieves user-specific data for analysis. Impacted areas include developers using the RDS AI system as a backend for AI-driven applications and systems running RDS AI that may be exposed to untrusted environments or receive unverified user inputs. The vulnerability has been patched in version 1.1.0 of the RDS AI framework. All user inputs are now sanitized and validated against a set of rules designed to mitigate malicious content. Users should upgrade to version 1.1.0 or higher and ensure all dependencies are updated to their latest versions. For users unable to upgrade to the patched version, a workaround can be implemented. The user implementing the workaround should implement custom validation checks for user inputs to filter out unsafe characters and patterns (e.g., SQL injection attempts, script injections) and limit or remove features that allow user input until the system can be patched. 2024-10-16 not yet calculated CVE-2024-48918 security-advisories@github.com
security-advisories@github.com
 
RITTAL GmbH & Co. KG–IoT Interface & CMC III Processing Unit
 
The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the firmware and is freely available for download. This allows crafting malicious “signed” .patch files in order to compromise the device and execute arbitrary code. 2024-10-15 not yet calculated CVE-2024-47943 551230f0-3615-47bd-b7cc-93e92e730bbf
551230f0-3615-47bd-b7cc-93e92e730bbf
 
sakaiproject–sakai
 
Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability. 2024-10-15 not yet calculated CVE-2024-47876 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
Schweizerische Steuerkonferenz–Library taxstatement.jar
 
When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE (XML External Entity) attack. Further information on this can be found on the website of the Open Worldwide Application Security Project (OWASP). An attacker could theoretically leverage this by delivering a manipulated PDF file to the target, and depending on the environment, various actions can be executed. These actions include: * Reading files from the operating system * Crashing the thread handling the parsing or causing it to enter an infinite loop * Executing HTTP requests * Loading additional DTDs or XML files * Under certain conditions, executing OS commands 2024-10-14 not yet calculated CVE-2024-8602 vulnerability@ncsc.ch
 
SUSE–neuvector
 
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. 2024-10-16 not yet calculated CVE-2023-32188 meissner@suse.de
meissner@suse.de
 
torinriley–ACON
 
ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potential vulnerability has been identified in the input validation process, which could lead to arbitrary code execution if exploited. This issue could allow an attacker to submit malicious input data, bypassing input validation, resulting in remote code execution in certain machine learning applications using the ACON library. All users utilizing ACON’s input-handling functions are potentially at risk. Specifically, machine learning models or applications that ingest user-generated data without proper sanitization are the most vulnerable. Users running ACON on production servers are at heightened risk, as the vulnerability could be exploited remotely. As of time of publication, it is unclear whether a fix is available. 2024-10-18 not yet calculated CVE-2024-49361 security-advisories@github.com
 

Back to top

Posted by

in