Vulnerability Summary for the Week of April 22, 2024

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abdul_hakeem — build_app_online Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. 2024-04-25 9.8 CVE-2023-51478
audit@patchstack.com
algolplus — advanced_order_export_for_woocommerce Improper Control of Generation of Code (‘Code Injection’) vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4. 2024-04-25 9.1 CVE-2024-31266
audit@patchstack.com
andondesign — udesign Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AndonDesign UDesign allows Reflected XSS.This issue affects UDesign: from n/a through 4.7.3. 2024-04-25 7.1 CVE-2024-4077
audit@patchstack.com
ant-media — ant-media-server Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James. Any unprivileged operating system user can connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. This allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the `antmedia` service account on the system. Version 2.9.0 contains a patch for the issue. As a workaround, one may remove certain parameters from the `antmedia.service` file. 2024-04-22 7.8 CVE-2024-32656
security-advisories@github.com
security-advisories@github.com
bdthemes — prime_slider_-_addons_for_elementor Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2. 2024-04-22 7.1 CVE-2024-32682
audit@patchstack.com
bigbluebutton — greenlight Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue. 2024-04-25 9.1 CVE-2022-36028
security-advisories@github.com
security-advisories@github.com
bigbluebutton — greenlight Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue. 2024-04-25 9.1 CVE-2022-36029
security-advisories@github.com
security-advisories@github.com
bloompixel — max_addons_pro_for_bricks Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BloomPixel Max Addons Pro for Bricks allows Reflected XSS.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1. 2024-04-24 7.1 CVE-2024-32952
audit@patchstack.com
brocade — brocade_sannav In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information. 2024-04-25 8.6 CVE-2024-4161
sirt@brocade.com
brocade — brocade_sannav A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav. 2024-04-25 7.6 CVE-2024-4173
sirt@brocade.com
buddyboss_dmcc — buddyboss_theme Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60. 2024-04-24 9.8 CVE-2023-51477
audit@patchstack.com
cisco — adaptive_security_appliance_software A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads. 2024-04-24 8.6 CVE-2024-20353
ykramarz@cisco.com
cisco — cisco_ios_xe_software A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. 2024-04-24 7.4 CVE-2024-20313
ykramarz@cisco.com
cisco — cisco_unified_computing_system_(standalone) A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. 2024-04-24 8.8 CVE-2024-20295
ykramarz@cisco.com
cisco — cisco_unified_computing_system_(standalone) A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root. 2024-04-24 8.7 CVE-2024-20356
ykramarz@cisco.com
coderevolution — wp_setup_wizard Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1. 2024-04-25 8.8 CVE-2024-25917
audit@patchstack.com
creative_interactive_media — 3d_flipbook,_pdf_viewer,_pdf_embedder_-_real_3d_flipbook_wordpress_plugin Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.62. 2024-04-22 7.1 CVE-2024-32694
audit@patchstack.com
crushftp — crushftp A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. 2024-04-22 10 CVE-2024-4040
430a6cef-dc26-47e3-9fa8-52fb7f19644e
430a6cef-dc26-47e3-9fa8-52fb7f19644e
430a6cef-dc26-47e3-9fa8-52fb7f19644e
430a6cef-dc26-47e3-9fa8-52fb7f19644e
430a6cef-dc26-47e3-9fa8-52fb7f19644e
430a6cef-dc26-47e3-9fa8-52fb7f19644e
430a6cef-dc26-47e3-9fa8-52fb7f19644e
danswer-ai — danswer Danswer is the AI Assistant connected to company’s docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer’s slack bot, leading to internal Slack access. This issue was patched in version 3.63. 2024-04-26 9.8 CVE-2024-32881
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
debaat — wp_media_category_management Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DeBAAT WP Media Category Management allows Reflected XSS.This issue affects WP Media Category Management: from n/a through 2.2. 2024-04-24 7.1 CVE-2024-32950
audit@patchstack.com
dell — dell_repository_manager_(drm) Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the running web application. 2024-04-24 8.8 CVE-2024-28976
security_alert@emc.com
dgtlmoon — changedetection.io changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn’t required by the application (not by default and not enforced). 2024-04-26 10 CVE-2024-32651
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
eazyplugins — eazy_plugin_manager Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2. 2024-04-25 9.9 CVE-2023-51482
audit@patchstack.com
eclipse_foundation — eclipse_target_management Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03 2024-04-26 9.8 CVE-2024-0740
emo@eclipse.org
emo@eclipse.org
edmundhung — conform Conform, a type-safe form validation library, allows the parsing of nested objects in the form of `object.property`. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to `parseWith…` functions. Applications that use conform for server-side validation of form data or URL parameters are affected by this vulnerability. Version 1.1.1 contains a patch for the issue. 2024-04-23 8.6 CVE-2024-32866
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
elementor — elementor_website_builder Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4. 2024-04-24 7.5 CVE-2023-47504
audit@patchstack.com
eli_scheetz — anti-malware_security_and_brute-force_firewall Improper Control of Generation of Code (‘Code Injection’) vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96. 2024-04-25 9 CVE-2024-22144
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
freerdp — freerdp FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default). 2024-04-22 9.8 CVE-2024-32039
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
freerdp — freerdp FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead. 2024-04-22 9.8 CVE-2024-32041
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
freerdp — freerdp FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support). 2024-04-22 9.8 CVE-2024-32458
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
freerdp — freerdp FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available. 2024-04-22 9.8 CVE-2024-32459
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
freerdp — freerdp FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available. 2024-04-23 9.8 CVE-2024-32658
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
freerdp — freerdp FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available. 2024-04-23 9.8 CVE-2024-32659
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
freerdp — freerdp FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`). 2024-04-22 8.1 CVE-2024-32040
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
freerdp — freerdp FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support. 2024-04-22 8.1 CVE-2024-32460
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
freerdp — freerdp FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available. 2024-04-23 7.5 CVE-2024-32660
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
freerdp — freerdp FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available. 2024-04-23 7.5 CVE-2024-32661
security-advisories@github.com
security-advisories@github.com
freerdp — freerdp FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available. 2024-04-23 7.5 CVE-2024-32662
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
ggerganov — llama.cpp Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in gguf_init_from_file, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be possible to control this uninitialized value and cause arbitrary address free problems. This may further lead to be exploited. Causes llama.cpp to crash (DoS) and may even lead to arbitrary code execution (RCE). This vulnerability has been patched in commit b2740. 2024-04-26 7.1 CVE-2024-32878
security-advisories@github.com
security-advisories@github.com
giorgos_sarigiannidis — slash_admin Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannidis Slash Admin allows Cross-Site Scripting (XSS).This issue affects Slash Admin: from n/a through 3.8.1. 2024-04-24 7.1 CVE-2024-32958
audit@patchstack.com
gitlab — gitlab An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read. 2024-04-25 8.5 CVE-2024-2434
cve@gitlab.com
cve@gitlab.com
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service. 2024-04-25 7.5 CVE-2024-2829
cve@gitlab.com
cve@gitlab.com
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user’s Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab. 2024-04-25 7.3 CVE-2024-4024
cve@gitlab.com
glpi-project — glpi-agent The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy task is installed, a local malicious user can trigger privilege escalation configuring a malicious server providing its own deploy task payload. GLPI-Agent 1.7.2 contains a patch for this issue. As a workaround, edit GLPI-Agent related key under `HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall` and add `SystemComponent` DWORD value setting it to `1` to hide GLPI-Agent from installed applications. 2024-04-25 7.3 CVE-2024-28240
security-advisories@github.com
security-advisories@github.com
glpi-project — glpi-agent The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which involves installed folder is automatically secured by the system. 2024-04-25 7.3 CVE-2024-28241
security-advisories@github.com
security-advisories@github.com
grassroot_dicom — grassroot_dicom An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2024-04-25 8.1 CVE-2024-22373
talos-cna@cisco.com
grassroot_dicom — grassroot_dicom A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2024-04-25 7.7 CVE-2024-22391
talos-cna@cisco.com
hanwha_vision_co._ltd. — hrx-1620 Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer’s report for details and workarounds. 2024-04-26 8.9 CVE-2023-6095
fc9afe74-3f80-4fb7-a313-e6f036a89882
hanwha_vision_co._ltd. — hrx-1620 Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer’s report for details and workarounds. 2024-04-26 8.9 CVE-2023-6116
fc9afe74-3f80-4fb7-a313-e6f036a89882
hanwha_vision_co._ltd. — hrx-1620 Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer’s report for details and workarounds. 2024-04-26 7.4 CVE-2023-6096
fc9afe74-3f80-4fb7-a313-e6f036a89882
hitachi — hitachi_ops_center_analyzer Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.1-00. 2024-04-23 7.5 CVE-2024-2493
hirt@hitachi.co.jp
ibm — mq_appliance IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137. 2024-04-27 7.5 CVE-2024-25048
psirt@us.ibm.com
psirt@us.ibm.com
jack-kitterhing — wp_smtp The WP SMTP plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in versions 1.2 to 1.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-04-26 7.2 CVE-2024-1789
security@wordfence.com
security@wordfence.com
jacques_malgrange — rencontre_-_dating_site Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. 2024-04-24 9.8 CVE-2023-51425
audit@patchstack.com
jetmonsters — timetable_and_event_schedule_by_motopress The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the ‘events’ attribute of the ‘mp-timetable’ shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-04-27 9.9 CVE-2024-3342
security@wordfence.com
security@wordfence.com
librenms — librenms LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability. 2024-04-22 7.1 CVE-2024-32461
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
librenms — librenms LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability. 2024-04-22 7.1 CVE-2024-32479
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
librenms — librenms LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue. 2024-04-22 7.2 CVE-2024-32480
security-advisories@github.com
security-advisories@github.com
m-files_corporation — m-files_server Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources. 2024-04-26 7.5 CVE-2024-4056
security@m-files.com
marco_gasi — language_switcher_for_transposh Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Marco Gasi Language Switcher for Transposh allows Reflected XSS.This issue affects Language Switcher for Transposh: from n/a through 1.5.9. 2024-04-22 7.1 CVE-2024-32695
audit@patchstack.com
mcu-tools — mcuboot MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV (tag-length-value) structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part of the image signature to avoid tampering. However, the code does not distinguish which TLV entries should be protected or not, so it is possible for an attacker to add unprotected TLV entries that should be protected. Currently, the primary protected TLV entries should be the dependency indication, and the boot record. An injected dependency value would primarily result in an otherwise acceptable image being rejected. A boot record injection could allow fields in a later attestation record to include data not intended, which could cause an image to appear to have properties that it should not have. As a workaround, disable the boot record functionality. 2024-04-26 7.7 CVE-2024-32883
security-advisories@github.com
mestres_do_wp — checkout_mestres_wp Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. 2024-04-24 9.8 CVE-2023-51472
audit@patchstack.com
mestres_do_wp — checkout_mestres_wp Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. 2024-04-24 8.2 CVE-2023-51471
audit@patchstack.com
metagauss — registrationmagic Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2. 2024-04-24 7.5 CVE-2023-23976
audit@patchstack.com
mongodb_inc — mongodb_compass MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0. 2024-04-24 7.1 CVE-2024-3371
cna@mongodb.com
n/a — mysql2 Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function. 2024-04-23 9.8 CVE-2024-21511
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
n/a — newsletters Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through 4.9.5. 2024-04-24 7.5 CVE-2024-32953
audit@patchstack.com
offis — dcmtk An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. 2024-04-23 7.5 CVE-2024-28130
talos-cna@cisco.com
patrick_posner — simply_static Insertion of Sensitive Information into Log File vulnerability in Patrick Posner Simply Static.This issue affects Simply Static: from n/a through 3.1.3. 2024-04-24 7.5 CVE-2024-32825
audit@patchstack.com
pickplugins — post_grid Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78. 2024-04-24 7.5 CVE-2024-32816
audit@patchstack.com
plechev_andrey — wp-recall Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. 2024-04-24 9.3 CVE-2024-32709
audit@patchstack.com
plechev_andrey — wp-recall Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. 2024-04-24 8.5 CVE-2024-32710
audit@patchstack.com
powerdns — recursor A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected. 2024-04-25 7.5 CVE-2024-25583
security@open-xchange.com
pyload — pyload pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication. 2024-04-26 9.1 CVE-2024-32880
security-advisories@github.com
qnap_systems_inc. — media_streaming_add-on_ An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later 2024-04-26 9.6 CVE-2023-47222
security@qnapsecurity.com.tw
qnap_systems_inc. — myqnapcloud_link A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud Link 2.4.51 and later 2024-04-26 9.9 CVE-2024-32764
security@qnapsecurity.com.tw
qnap_systems_inc. — qts An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later 2024-04-26 10 CVE-2024-32766
security@qnapsecurity.com.tw
qnap_systems_inc. — qts A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later 2024-04-26 8.7 CVE-2023-51364
security@qnapsecurity.com.tw
qnap_systems_inc. — qts A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later 2024-04-26 8.7 CVE-2023-51365
security@qnapsecurity.com.tw
qnap_systems_inc. — qts An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later 2024-04-26 7.4 CVE-2023-50363
security@qnapsecurity.com.tw
qnap_systems_inc. — qts An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later 2024-04-26 7.5 CVE-2024-27124
security@qnapsecurity.com.tw
red_hat — mirror_registry_for_red_hat_openshift A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a malicious actor to craft session cookies and as a consequence, it may lead to gaining access to the affected Quay instance. 2024-04-25 8.8 CVE-2024-3622
secalert@redhat.com
secalert@redhat.com
red_hat — mirror_registry_for_red_hat_openshift A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay’s database. 2024-04-25 8.1 CVE-2024-3623
secalert@redhat.com
secalert@redhat.com
red_hat — mirror_registry_for_red_hat_openshift A flaw was found in how Quay’s database is stored in plain-text in mirror-registry on the jinja’s config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay’s database. 2024-04-25 7.3 CVE-2024-3624
secalert@redhat.com
secalert@redhat.com
red_hat — mirror_registry_for_red_hat_openshift A flaw was found in Quay, where Quay’s database is stored in plain text in mirror-registry on Jinja’s config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay’s Redis instance. 2024-04-25 7.3 CVE-2024-3625
secalert@redhat.com
secalert@redhat.com
red_hat — red_hat_ansible_automation_platform_2.4_for_rhel_8 A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system. 2024-04-25 8.1 CVE-2024-1657
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — red_hat_openshift_container_platform_3.11 A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system. 2024-04-26 7.2 CVE-2024-3154
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — red_hat_openshift_container_platform_4.11 An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers. 2024-04-25 7.5 CVE-2023-6596
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — red_hat_openshift_container_platform_4.15 A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret. 2024-04-25 7.7 CVE-2024-1139
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
repute_info_systems — arforms Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4. 2024-04-24 8.5 CVE-2024-32706
audit@patchstack.com
repute_info_systems — arforms Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Repute info systems ARForms allows Reflected XSS.This issue affects ARForms: from n/a through 6.4. 2024-04-24 7.1 CVE-2024-32702
audit@patchstack.com
repute_infosystems — armember Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28. 2024-04-24 9.1 CVE-2024-32948
audit@patchstack.com
rtcamp — rtmedia_for_wordpress,_buddypress_and_bbpress The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-04-23 8.8 CVE-2024-3293
security@wordfence.com
security@wordfence.com
seers — seers Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through 8.1.0. 2024-04-24 7.1 CVE-2024-32789
audit@patchstack.com
silabs.com — z/ip_gateway_sdk Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time.  2024-04-26 7.5 CVE-2024-3051
product-security@silabs.com
silabs.com — z/ip_gateway_sdk Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway. 2024-04-26 7.5 CVE-2024-3052
product-security@silabs.com
skylab — iiot_gateway_(igx) The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exec and download functions. By replacing the /etc/passwd file with a new root user entry, the attacker was able to breakout from the limited shell and login to a unrestricted shell with root access. With the root access, the attacker will be able take full control of the IIoT Gateway. 2024-04-26 8 CVE-2024-4163
cve_disclosure@tech.gov.sg
teamnewpipe — newpipe NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in Arbitrary Code Execution. This is because backups are serialized/deserialized using Java’s Object Serialization Stream Protocol, which can allow constructing any class in the app, unless properly restricted. To exploit this vulnerability, an attacker would need to build a backup file containing the exploit, and then persuade a user into importing it. During the import process, the malicious code would be executed, possibly crashing the app, stealing user data from the NewPipe app, performing nasty actions through Android APIs, and attempting Android JVM/Sandbox escapes through vulnerabilities in the Android OS. The attack can take place only if the user imports a malicious backup file, so an attacker would need to trick a user into importing a backup file from a source they can control. The implementation details of the malicious backup file can be independent of the attacked user or the device they are being run on, and do not require additional privileges. All NewPipe versions from 0.13.4 to 0.26.1 are vulnerable. NewPipe version 0.27.0 fixes the issue by doing the following: Restrict the classes that can be deserialized when calling Java’s Object Serialization Stream Protocol, by adding a whitelist with only innocuous data-only classes that can’t lead to Arbitrary Code Execution; deprecate backups serialized with Java’s Object Serialization Stream Protocol; use JSON serialization for all newly created backups (but still include an alternative file serialized with Java’s Object Serialization Stream Protocol in the backup zip for backwards compatibility); show a warning to the user when attempting to import a backup where the only available serialization mode is Java’s Object Serialization Stream Protocol (note that in the future this serialization mode will be removed completely). 2024-04-24 8.5 CVE-2024-32876
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
tenda — 4g300 A vulnerability has been found in Tenda 4G300 1.01.42 and classified as critical. Affected by this vulnerability is the function sub_41E858. The manipulation of the argument GO/page leads to stack-based buffer overflow. The attack can be launched remotely. The identifier VDB-261985 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-25 8.8 CVE-2024-4166
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — 4g300 A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Affected by this issue is the function sub_422AA4. The manipulation of the argument year/month/day/hour/minute/second leads to stack-based buffer overflow. The attack may be launched remotely. VDB-261986 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-25 8.8 CVE-2024-4167
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — 4g300 A vulnerability was found in Tenda 4G300 1.01.42. It has been classified as critical. This affects the function sub_4260F0. The manipulation of the argument upfilen leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-261987. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-25 8.8 CVE-2024-4168
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — 4g300 A vulnerability was found in Tenda 4G300 1.01.42. It has been declared as critical. This vulnerability affects the function sub_42775C/sub_4279CC. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The identifier of this vulnerability is VDB-261988. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-25 8.8 CVE-2024-4169
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — 4g300 A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as critical. This issue affects the function sub_429A30. The manipulation of the argument list1 leads to stack-based buffer overflow. The attack may be initiated remotely. The identifier VDB-261989 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-25 8.8 CVE-2024-4170
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — a301 A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262223. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-27 8.8 CVE-2024-4291
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac8 A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. This vulnerability affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-23 8.8 CVE-2024-4064
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac8 A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated as critical. This issue affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-23 8.8 CVE-2024-4065
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac8 A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. Affected is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation of the argument wanMTU/wanSpeed/cloneType/mac/serviceName/serverName leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-23 8.8 CVE-2024-4066
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ax1803 A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-26 8.8 CVE-2024-4236
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ax1803 A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-26 8.8 CVE-2024-4237
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ax1803 A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-26 8.8 CVE-2024-4238
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ax1803 A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-26 8.8 CVE-2024-4239
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — g3 A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.17(9502). This issue affects the function formModifyPppAuthWhiteMac of the file /goform/ModifyPppAuthWhiteMac. The manipulation of the argument pppoeServerWhiteMacIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261983. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-25 8.8 CVE-2024-4164
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — g3 A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.17(9502). Affected is the function modifyDhcpRule of the file /goform/modifyDhcpRule. The manipulation of the argument bindDhcpIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261984. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-25 8.8 CVE-2024-4165
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — i21 A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). Affected by this issue is the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The identifier of this vulnerability is VDB-262136. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-27 8.8 CVE-2024-4245
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — i21 A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). This affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The identifier VDB-262137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-27 8.8 CVE-2024-4246
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — i21 A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as critical. This vulnerability affects the function formQosManage_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. VDB-262138 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-27 8.8 CVE-2024-4247
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — i21 A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical. This issue affects the function formQosManage_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-262139. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-27 8.8 CVE-2024-4248
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — i21 A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been classified as critical. Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-27 8.8 CVE-2024-4249
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — i21 A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as critical. Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262141 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-27 8.8 CVE-2024-4250
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — i21 A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been rated as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSe. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262142 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-27 8.8 CVE-2024-4251
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — i21 A vulnerability classified as critical has been found in Tenda i22 1.0.0.3(4687). This affects the function formSetUrlFilterRule. The manipulation of the argument groupIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-262143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-27 8.8 CVE-2024-4252
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — tx9 A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated as critical. Affected by this issue is the function sub_42BD7C of the file /goform/SetLEDCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4111
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — tx9 A vulnerability classified as critical has been found in Tenda TX9 22.03.02.10. This affects the function sub_42CB94 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4112
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — tx9 A vulnerability classified as critical was found in Tenda TX9 22.03.02.10. This vulnerability affects the function sub_42D4DC of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4113
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — tx9 A vulnerability, which was classified as critical, has been found in Tenda TX9 22.03.02.10. This issue affects the function sub_42C014 of the file /goform/PowerSaveSet. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4114
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w15e A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is the function formAddDnsForward of the file /goform/AddDnsForward. The manipulation of the argument DnsForwardRule leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4115
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w15e A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this vulnerability is the function formDelDhcpRule of the file /goform/DelDhcpRule. The manipulation of the argument delDhcpIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4116
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w15e A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this issue is the function formDelPortMapping of the file /goform/DelPortMapping. The manipulation of the argument portMappingIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4117
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w15e A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. This affects the function formIPMacBindAdd of the file /goform/addIpMacBind. The manipulation of the argument IPMacBindRule leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4118
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w15e A vulnerability was found in Tenda W15E 15.11.0.14. It has been declared as critical. This vulnerability affects the function formIPMacBindDel of the file /goform/delIpMacBind. The manipulation of the argument IPMacBindIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4119
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w15e A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critical. This issue affects the function formIPMacBindModify of the file /goform/modifyIpMacBind. The manipulation of the argument IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4120
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w15e A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Affected is the function formQOSRuleDel. The manipulation of the argument qosIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-261864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4121
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w15e A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Affected by this vulnerability is the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4122
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w15e A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Affected by this issue is the function formSetPortMapping of the file /goform/SetPortMapping. The manipulation of the argument portMappingServer/portMappingProtocol/portMappingWan/porMappingtInternal/portMappingExternal leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4123
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w15e A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. This affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4124
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w15e A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. This vulnerability affects the function formSetStaticRoute of the file /goform/setStaticRoute. The manipulation of the argument staticRouteIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261868. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4125
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w15e A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261869 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4126
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w15e A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-24 8.8 CVE-2024-4127
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w30e A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the file /goform/WizardHandle. The manipulation of the argument PPW leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-25 8.8 CVE-2024-4171
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w9 A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. This affects the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-262131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-26 8.8 CVE-2024-4240
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w9 A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. This vulnerability affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The identifier of this vulnerability is VDB-262132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-26 8.8 CVE-2024-4241
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w9 A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. This issue affects the function formwrlSSIDget of the file /goform/wifiSSIDget. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-26 8.8 CVE-2024-4242
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w9 A vulnerability classified as critical has been found in Tenda W9 1.0.0.7(4456). Affected is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-262134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-26 8.8 CVE-2024-4243
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — w9 A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4456). Affected by this vulnerability is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-26 8.8 CVE-2024-4244
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
themehigh — email_customizer_for_woocommerce Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0. 2024-04-24 7.5 CVE-2024-32781
audit@patchstack.com
themeisle — product_addons_&_fields_for_woocommerce The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. Successful exploitation requires the PPOM Pro plugin to be installed along with a WooCommerce product that contains a file upload field to retrieve the correct nonce. 2024-04-26 9.8 CVE-2024-3962
security@wordfence.com
security@wordfence.com
security@wordfence.com
tribulant — newsletters Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5. 2024-04-24 9.1 CVE-2024-32954
audit@patchstack.com
unlimited_elements — unlimited_elements_for_elementor_(free_widgets_addons_templates) Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.60. 2024-04-24 9.9 CVE-2023-31090
audit@patchstack.com
valvepress — automatic Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0. 2024-04-22 7.6 CVE-2024-32693
audit@patchstack.com
vinoth06. — frontend_dashboard Exposure of Sensitive Information to an Unauthorized Actor vulnerability in vinoth06. Frontend Dashboard.This issue affects Frontend Dashboard: from n/a through 2.2.2. 2024-04-24 7.5 CVE-2024-32726
audit@patchstack.com
webangon — the_pack_elementor_addons Cross-Site Request Forgery (CSRF) vulnerability in Webangon The Pack Elementor addons allows Cross-Site Scripting (XSS).This issue affects The Pack Elementor addons: from n/a through 2.0.8.3. 2024-04-24 7.1 CVE-2024-32785
audit@patchstack.com
webkul_software — uvdesk_community Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3. 2024-04-25 10 CVE-2024-0916
41c37e40-543d-43a2-b660-2fee83ea851a
41c37e40-543d-43a2-b660-2fee83ea851a
wp — dx-watermark Cross-Site Request Forgery (CSRF) vulnerability in ??WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4. 2024-04-25 9.6 CVE-2024-30560
audit@patchstack.com
wp-buy — login_as_user_or_customer_(user_switching) Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8. 2024-04-25 9.8 CVE-2023-51484
audit@patchstack.com
wp_lab — wp-lister_lite_for_ebay Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.11. 2024-04-24 9.1 CVE-2024-32836
audit@patchstack.com
N/A — N/A An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user. 2024-04-27 8.4 CVE-2022-48684
cve@mitre.org
N/A — N/A

 

An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation. 2024-04-27 7.7 CVE-2022-48685
cve@mitre.org
N/A — N/A

 

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files. 2024-04-26 7.7 CVE-2024-33671
cve@mitre.org
N/A — N/A

 

An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files. 2024-04-26 7.7 CVE-2024-33672
cve@mitre.org
N/A — N/A

 

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path. 2024-04-26 7.8 CVE-2024-33673
cve@mitre.org

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
10web — form_maker_by_10web_-_mobile-friendly_drag_&_drop_contact_form_builder The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user’s display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-27 4.4 CVE-2024-2258
security@wordfence.com
security@wordfence.com
2day.sk,_webikon — superfaktura_woocommerce Server-Side Request Forgery (SSRF) vulnerability in 2day.Sk, Webikon SuperFaktura WooCommerce.This issue affects SuperFaktura WooCommerce: from n/a through 1.40.3. 2024-04-24 6.4 CVE-2024-32803
audit@patchstack.com
aazztech — post_slider Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7. 2024-04-26 5.4 CVE-2022-40975
audit@patchstack.com
accessally — popupally Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1. 2024-04-26 5.9 CVE-2024-33639
audit@patchstack.com
advancedcoding — comments_-_wpdiscuz The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Alternative Text’ field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-23 6.4 CVE-2024-2477
security@wordfence.com
security@wordfence.com
alumnionline_web_services_llc — wp_ada_compliance_check_basic Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through 3.1.3. 2024-04-24 4.3 CVE-2024-32947
audit@patchstack.com
amd — amd_software:_adrenalin_edition_ An out of bounds write vulnerability in the AMD Radeonâ„¢ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. 2024-04-23 5.3 CVE-2024-21972
psirt@amd.com
amd — amd_software:_adrenalin_edition_ An out of bounds write vulnerability in the AMD Radeonâ„¢ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. 2024-04-23 5.3 CVE-2024-21979
psirt@amd.com
automattic — jetpack Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7. 2024-04-24 5.4 CVE-2023-47774
audit@patchstack.com
bdthemes — prime_slider_-_addons_for_elementor Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2. 2024-04-22 4.3 CVE-2024-32681
audit@patchstack.com
bkav_corporation — bkav_home Bkav Home v7816, build 2403161130 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x222240 IOCTL code of the BkavSDFlt.sys driver. 2024-04-23 5.5 CVE-2024-2760
help@fluidattacks.com
help@fluidattacks.com
bloompixel — max_addons_pro_for_bricks Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1. 2024-04-24 6.5 CVE-2024-32951
audit@patchstack.com
bluenet_technology — clinical_browsing_system A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262149 was assigned to this vulnerability. 2024-04-27 6.3 CVE-2024-4257
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
brijesh_kothari — smart_maintenance_mode Cross-Site Request Forgery (CSRF) vulnerability in Brijesh Kothari Smart Maintenance Mode.This issue affects Smart Maintenance Mode: from n/a through 1.4.4. 2024-04-26 5.4 CVE-2024-33638
audit@patchstack.com
broadstreet_xpress — wordpress_ad_widget Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Broadstreet XPRESS WordPress Ad Widget allows Stored XSS.This issue affects WordPress Ad Widget: from n/a through 2.20.0. 2024-04-26 5.9 CVE-2024-33696
audit@patchstack.com
brocade — brocade_sannav By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account. 2024-04-27 6.8 CVE-2024-2859
sirt@brocade.com
brocade — brocade_sannav Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information. 2024-04-25 4.3 CVE-2024-4159
sirt@brocade.com
byron — gitoxide gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs. This is related to the patched vulnerability GHSA-rrjw-j4m2-mf34, but appears less severe due to a greater attack complexity. This issue has been patched in versions 0.35.0, 0.42.0 and 0.62.0. 2024-04-26 6.4 CVE-2024-32884
security-advisories@github.com
security-advisories@github.com
cbutlerjr — wp-members_membership_plugin The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible for unauthenticated attackers to view files uploaded by other users which may contain sensitive information. 2024-04-26 5.3 CVE-2024-2920
security@wordfence.com
security@wordfence.com
checkmk_gmbh — checkmk Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing. 2024-04-24 5.9 CVE-2024-28825
security@checkmk.com
cisco — cisco_adaptive_security_appliance_(asa)_software A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root. 2024-04-24 6 CVE-2024-20358
ykramarz@cisco.com
cisco — cisco_adaptive_security_appliance_(asa)_software A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. 2024-04-24 6 CVE-2024-20359
ykramarz@cisco.com
cisco — cisco_telepresence_management_suite_(tms) A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2024-04-24 5.4 CVE-2023-20249
ykramarz@cisco.com
clickcease — clickcease_click_fraud_protection URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212. 2024-04-24 4.1 CVE-2024-32078
audit@patchstack.com
clickcease — clickcease_click_fraud_protection Cross-Site Request Forgery (CSRF) vulnerability in ClickCease ClickCease Click Fraud Protection.This issue affects ClickCease Click Fraud Protection: from n/a through 3.2.4. 2024-04-26 4.3 CVE-2024-33678
audit@patchstack.com
code_tides — advanced_floating_content Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Code Tides Advanced Floating Content allows Stored XSS.This issue affects Advanced Floating Content: from n/a through 1.2.5. 2024-04-24 5.9 CVE-2024-32723
audit@patchstack.com
contemporary_controls — basrouter_bacnet_basrt-b A vulnerability classified as critical has been found in Contemporary Controls BASrouter BACnet BASRT-B 2.7.2. Affected is an unknown function of the component Device-Communication-Control Service. The manipulation with the input 55ff0500370015f30104025506110afb7519035d0841e4bece257b6acfc71f leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262224. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-27 6.5 CVE-2024-4292
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cookie_information_a/s — wp_gdpr_compliance Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through 2.0.23. 2024-04-26 5.4 CVE-2024-33682
audit@patchstack.com
coschedule — headline_analyzer Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule Headline Analyzer.This issue affects Headline Analyzer: from n/a through 1.3.3. 2024-04-24 4.3 CVE-2024-32806
audit@patchstack.com
cozmoslabs — paid_member_subscriptions Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0. 2024-04-24 4.3 CVE-2024-32728
audit@patchstack.com
creative_themes_hq — blocksy Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Creative Themes HQ Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.33. 2024-04-25 6.5 CVE-2024-32961
audit@patchstack.com
crocoblock — jetformbuilder Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4. 2024-04-24 5.3 CVE-2023-48763
audit@patchstack.com
cryout_creations — serious_slider Cross-Site Request Forgery (CSRF) vulnerability in Cryout Creations Serious Slider.This issue affects Serious Slider: from n/a through 1.2.4. 2024-04-26 4.3 CVE-2024-33650
audit@patchstack.com
culqi — culqi Server-Side Request Forgery (SSRF) vulnerability in Culqi.This issue affects Culqi: from n/a through 3.0.14. 2024-04-24 4.9 CVE-2024-32819
audit@patchstack.com
cyanomiko — dcnnt-py A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has been classified as critical. Affected is the function main of the file dcnnt/plugins/notifications.py of the component Notification Handler. The manipulation leads to command injection. It is possible to launch the attack remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is identified as b4021d784a97e25151a5353aa763a741e9a148f5. It is recommended to upgrade the affected component. VDB-262230 is the identifier assigned to this vulnerability. 2024-04-27 6.3 CVE-2023-1000
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
daniel_powney — multi_rating Missing Authorization vulnerability in Daniel Powney Multi Rating allows Functionality Misuse.This issue affects Multi Rating: from n/a through 5.0.6. 2024-04-24 5.3 CVE-2023-32127
audit@patchstack.com
dell — wyse_proprietary_os_(modern_thinos) Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information. 2024-04-24 6.2 CVE-2024-28963
security_alert@emc.com
dfir-iris — iris-web Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web` is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability can lead to an arbitrary Remote Code Execution. An authenticated administrator has to upload a crafted report template containing the payload. Upon generation of a report based on the weaponized report, any user can trigger the vulnerability. The vulnerability is patched in IRIS v2.4.6. No workaround is available. It is recommended to update as soon as possible. Until patching, review the report templates and keep the administrative privileges that include the upload of report templates limited to dedicated users. 2024-04-25 6.8 CVE-2024-25624
security-advisories@github.com
e4j_s.r.l. — vikrentcar Exposure of Sensitive Information to an Unauthorized Actor vulnerability in E4J s.R.L. VikRentCar.This issue affects VikRentCar: from n/a through 1.3.2. 2024-04-24 5.9 CVE-2024-32780
audit@patchstack.com
ekojr — advanced_post_list Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in EkoJR Advanced Post List allows Stored XSS.This issue affects Advanced Post List: from n/a through 0.5.6.1. 2024-04-26 5.9 CVE-2024-33642
audit@patchstack.com
element-hq — synapse Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. Server administrators should upgrade to 1.105.1 or later. Some workarounds are available. One can ban the malicious users or ACL block servers from the rooms and/or leave the room and purge the room using the admin API. 2024-04-23 6.5 CVE-2024-31208
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
elespare — elespare_-_blog_magazine_and_newspaper_addons_for_elementor_with_templates_widgets_kits,_and_header/footer_builder._one_click_import:_no_coding_required The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_create_post() function hooked via AJAX in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary posts. 2024-04-23 4.3 CVE-2024-0900
security@wordfence.com
security@wordfence.com
essential_addons — essential_addons_for_elementor_pro The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘title_html_tag’. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-22 6.4 CVE-2024-3645
security@wordfence.com
security@wordfence.com
extend_themes — teluro Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31. 2024-04-26 4.3 CVE-2024-33688
audit@patchstack.com
fahad_mahmood — rss_feed_widget Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Fahad Mahmood RSS Feed Widget allows Stored XSS.This issue affects RSS Feed Widget: from n/a through 2.9.7. 2024-04-22 5.9 CVE-2024-32690
audit@patchstack.com
famethemes — fametheme_demo_importer Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.This issue affects FameTheme Demo Importer: from n/a through 1.1.5. 2024-04-26 4.3 CVE-2024-33679
audit@patchstack.com
feedbackwp — rate_my_post_-_wp_rating_system Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.4. 2024-04-24 5.3 CVE-2024-32823
audit@patchstack.com
foliovision — fv_flowplayer_video_player Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.43.7212. 2024-04-24 4.9 CVE-2024-32955
audit@patchstack.com
formassembly_/_drew_buschhorn — wp-formassembly Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5. 2024-04-24 6.5 CVE-2022-45852
audit@patchstack.com
fr-d-ric_gilles — fg_joomla_to_wordpress Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2. 2024-04-24 5.3 CVE-2024-32788
audit@patchstack.com
ghozylab — image_slider_widget Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GhozyLab Image Slider Widget allows Stored XSS.This issue affects Image Slider Widget: from n/a through 1.1.125. 2024-04-24 5.9 CVE-2024-32707
audit@patchstack.com
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group. 2024-04-25 4.3 CVE-2024-1347
cve@gitlab.com
cve@gitlab.com
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions 2024-04-25 4.3 CVE-2024-4006
cve@gitlab.com
gohugoio — hugo Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The issue is patched in v0.125.3. As a workaround, replace the templates with user defined templates or disable the internal templates. 2024-04-23 6.1 CVE-2024-32875
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
grassroot_dicom — grassroot_dicom An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability. 2024-04-25 6.5 CVE-2024-25569
talos-cna@cisco.com
gt3themes — photo_gallery_-_gt3_image_gallery_&_gutenberg_block_gallery The Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.7.7.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-25 6.4 CVE-2024-4035
security@wordfence.com
security@wordfence.com
hasthemes — ht_mega Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HasThemes HT Mega.This issue affects HT Mega: from n/a through 2.4.7. 2024-04-24 4.3 CVE-2024-32782
audit@patchstack.com
helloasso — helloasso Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.5. 2024-04-22 6.5 CVE-2024-32697
audit@patchstack.com
hinjiriyo — quick_featured_images The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the set_thumbnail and delete_thumbnail functions in all versions up to, and including, 13.7.0. This makes it possible for authenticated attackers, with contributor-level access and above, to delete thumbnails and add thumbnails to posts they did not author. 2024-04-23 4.3 CVE-2024-3664
security@wordfence.com
security@wordfence.com
hitachi — hitachi_ops_center_administrator Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 11.0.1. 2024-04-23 4.4 CVE-2023-6833
hirt@hitachi.co.jp
holded — holded Cross-Site Scripting (XSS) vulnerability in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within all editable parameters within the ‘General’ and ‘Team ID’ functionalities, which could result in a session takeover. 2024-04-22 4.6 CVE-2024-4026
cve-coordination@incibe.es
honojs — hono Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where `main.ts` is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for the issue. 2024-04-23 5.3 CVE-2024-32869
security-advisories@github.com
security-advisories@github.com
hyperion — hyperion_web_server Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affecting version 2.0.15. This vulnerability could allow an attacker to execute malicious Javascript code on the client by injecting that code into the URL. 2024-04-25 5.4 CVE-2024-4174
cve-coordination@incibe.es
hyperion — hyperion_web_server Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an attacker to send a malicious payload with Unicode characters that will be replaced by ASCII characters. 2024-04-25 5.4 CVE-2024-4175
cve-coordination@incibe.es
ibm — qradar_suite_software IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 272203. 2024-04-23 5.4 CVE-2023-47731
psirt@us.ibm.com
psirt@us.ibm.com
ibm — websphere_application_server IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516. 2024-04-25 5.9 CVE-2024-25026
psirt@us.ibm.com
psirt@us.ibm.com
implecode — reviews_plus Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through 1.3.4. 2024-04-26 4.3 CVE-2024-32822
audit@patchstack.com
jegstudio — financio Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio.This issue affects Financio: from n/a through 1.1.3. 2024-04-26 4.3 CVE-2024-33690
audit@patchstack.com
jegtheme — jeg_elementor_kit Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.3. 2024-04-24 6.5 CVE-2024-32721
audit@patchstack.com
jeroen_peters — all-in-one_like_widget Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jeroen Peters All-in-one Like Widget allows Stored XSS.This issue affects All-in-one Like Widget: from n/a through 2.2.7. 2024-04-24 5.9 CVE-2024-32815
audit@patchstack.com
kashipara — online_furniture_shopping_ecommerce_website A vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file search.php. The manipulation of the argument txtSearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261795. 2024-04-23 6.3 CVE-2024-4069
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kashipara — online_furniture_shopping_ecommerce_website A vulnerability has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file prodList.php. The manipulation of the argument prodType leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261796. 2024-04-23 6.3 CVE-2024-4070
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kashipara — online_furniture_shopping_ecommerce_website A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261797 was assigned to this vulnerability. 2024-04-23 6.3 CVE-2024-4071
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
keenetic — kn-1010 A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /ndmComponents.js of the component Configuration Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261673 was assigned to this vulnerability. NOTE: The vendor is aware of this issue and plans to fix it by the end of 2024. 2024-04-21 5.3 CVE-2024-4021
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
keenetic — kn-1010 A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /version.js of the component Version Data Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261674 is the identifier assigned to this vulnerability. NOTE: The vendor is aware of this issue and plans to fix it by the end of 2024. 2024-04-21 5.3 CVE-2024-4022
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
leap13 — premium_addons_for_elementor Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.25. 2024-04-24 6.5 CVE-2024-32791
audit@patchstack.com
leevio — happy_addons_for_elementor Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.4. 2024-04-22 6.5 CVE-2024-32698
audit@patchstack.com
live_composer_team — page_builder:_live_composer Missing Authorization vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.38. 2024-04-26 4.7 CVE-2024-32957
audit@patchstack.com
loginpress — loginpress_pro Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0. 2024-04-24 6.5 CVE-2024-32677
audit@patchstack.com
loginpress — loginpress_pro Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0. 2024-04-25 5.3 CVE-2024-32676
audit@patchstack.com
logitech — mevo_webcam_app Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code. 2024-04-23 4.4 CVE-2024-4031
cve-coordination@logitech.com
long_watch_studio — myrewards Missing Authorization vulnerability in Long Watch Studio MyRewards.This issue affects MyRewards: from n/a through 5.3.0. 2024-04-22 6.5 CVE-2024-32688
audit@patchstack.com
magazine3 — schema_&_structured_data_for_wp_&_amp The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s “How To” and “FAQ” Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-23 6.4 CVE-2024-3491
security@wordfence.com
security@wordfence.com
mainwp — mainwp_child_reports Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1. 2024-04-26 5.4 CVE-2024-33680
audit@patchstack.com
mattermost — mattermost Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored 2024-04-26 4.3 CVE-2024-32046
responsibledisclosure@mattermost.com
mattermost — mattermost Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash other users’ web clients via a malformed custom status. 2024-04-26 4.3 CVE-2024-4182
responsibledisclosure@mattermost.com
mattermost — mattermost Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table. 2024-04-26 4.3 CVE-2024-4183
responsibledisclosure@mattermost.com
matthew_fries — mf_gig_calendar_ Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1. 2024-04-26 5.4 CVE-2024-33651
audit@patchstack.com
meks — meks_smart_social_widget Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Meks Meks Smart Social Widget allows Stored XSS.This issue affects Meks Smart Social Widget: from n/a through 1.6.4. 2024-04-26 5.9 CVE-2024-33693
audit@patchstack.com
meks — meks_themeforest_smart_widget Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5. 2024-04-26 5.9 CVE-2024-33694
audit@patchstack.com
metagauss — profilegrid_ Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. 2024-04-24 5.4 CVE-2024-32808
audit@patchstack.com
metagauss — profilegrid_ Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. 2024-04-24 4.3 CVE-2024-32772
audit@patchstack.com
metagauss — registrationmagic Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.1.9.2. 2024-04-24 5.3 CVE-2023-23989
audit@patchstack.com
metersphere — metersphere MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue. 2024-04-25 5.7 CVE-2024-32467
security-advisories@github.com
monsterinsights — google_analytics_by_monster_insights Missing Authorization vulnerability in MonsterInsights Google Analytics by Monster Insights.This issue affects Google Analytics by Monster Insights: from n/a through 8.21.0. 2024-04-25 4.3 CVE-2023-52220
audit@patchstack.com
mra13 — simple_membership The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘swpm_paypal_subscription_cancel_link’ shortcode in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-25 5.4 CVE-2024-3730
security@wordfence.com
security@wordfence.com
mycred — mycred Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a through 2.6.3. 2024-04-24 6.5 CVE-2024-32711
audit@patchstack.com
n/a — coupon_&_discount_code_reveal_button Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Coupon & Discount Code Reveal Button allows Stored XSS.This issue affects Coupon & Discount Code Reveal Button: from n/a through 1.2.5. 2024-04-24 5.9 CVE-2024-32722
audit@patchstack.com
n/a — idccms A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261991. 2024-04-25 4.3 CVE-2024-4172
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a — import_and_export_users_and_customers Deserialization of Untrusted Data vulnerability in Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.26.2. 2024-04-24 4.4 CVE-2024-32817
audit@patchstack.com
nick_halsey — list_custom_taxonomy_widget Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nick Halsey List Custom Taxonomy Widget allows Stored XSS.This issue affects List Custom Taxonomy Widget: from n/a through 4.1. 2024-04-24 5.9 CVE-2024-32833
audit@patchstack.com
nixos — hydra Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is serving NixOS `.iso` files. The issue is only with html files served by Hydra. The issue has been patched on https://hydra.nixos.org around 2024-04-21 14:30 UTC. The nixpkgs package were fixed in unstable and 23.11. Users with custom Hydra packages can apply the fix commit to their local installations. The vulnerability is only triggered when opening HTML build artifacts, so not opening them until the vulnerability is fixed works around the issue. 2024-04-22 4.6 CVE-2024-32657
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
octolize — flexible_shipping Missing Authorization vulnerability in Octolize Flexible Shipping.This issue affects Flexible Shipping: from n/a through 4.24.15. 2024-04-26 4.3 CVE-2024-32828
audit@patchstack.com
optinmonster_popup_builder_team — optinmonster Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3. 2024-04-26 4.3 CVE-2024-33691
audit@patchstack.com
ovic_team — ovic_addon_toolkit Missing Authorization vulnerability in Ovic Team Ovic Addon Toolkit.This issue affects Ovic Addon Toolkit: from n/a through 2.6.1. 2024-04-24 4.3 CVE-2024-32432
audit@patchstack.com
paid_memberships_pro — paid_memberships_pro Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. 2024-04-24 5.4 CVE-2024-32793
audit@patchstack.com
paid_memberships_pro — paid_memberships_pro Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. 2024-04-24 4.3 CVE-2024-32794
audit@patchstack.com
paoltaia — geodirectory_-_wordpress_business_directory_plugin_or_classified_directory The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘gd_single_tabs’ shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-23 6.4 CVE-2024-3732
security@wordfence.com
security@wordfence.com
pavex — embed_google_photos_album Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9. 2024-04-24 4.9 CVE-2024-32775
audit@patchstack.com
phpgurukul — doctor_appointment_management_system A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulation of the argument editid leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262226 is the identifier assigned to this vulnerability. 2024-04-27 6.3 CVE-2024-4294
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
podlove — podlove_podcast_publisher Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11. 2024-04-24 5.4 CVE-2024-32812
audit@patchstack.com
pr-gateway — blog2social:_social_media_auto_post_&_scheduler The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts. 2024-04-26 5.3 CVE-2024-3678
security@wordfence.com
security@wordfence.com
security@wordfence.com
pt-guy — content_views_-_post_grid_&_filter,_recent_posts,_category_posts,_&_more_(gutenberg_blocks_and_shortcode) The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Widget Post Overlay block in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-25 6.4 CVE-2024-3929
security@wordfence.com
security@wordfence.com
python-social-auth — social-app-django Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field. 2024-04-24 4.9 CVE-2024-32879
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
qnap_systems_inc. — qts An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later 2024-04-26 6.5 CVE-2024-21905
security@qnapsecurity.com.tw
qnap_systems_inc. — qts A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later 2024-04-26 5 CVE-2023-50361
security@qnapsecurity.com.tw
qnap_systems_inc. — qts A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later 2024-04-26 5 CVE-2023-50362
security@qnapsecurity.com.tw
qnap_systems_inc. — qts A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later 2024-04-26 5.5 CVE-2023-50364
security@qnapsecurity.com.tw
qnap_systems_inc. — qufirewall A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: QuFirewall 2.4.1 ( 2024/02/01 ) and later 2024-04-26 5.5 CVE-2023-41291
security@qnapsecurity.com.tw
qnap_systems_inc. — qufirewall A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: QuFirewall 2.4.1 ( 2024/02/01 ) and later 2024-04-26 4.1 CVE-2023-41290
security@qnapsecurity.com.tw
qodeinteractive — qi_addons_for_elementor The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget’s attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-27 6.4 CVE-2024-3309
security@wordfence.com
security@wordfence.com
quantumcloud — infographic_maker_-_ilist Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in QuantumCloud Infographic Maker – iList allows Stored XSS.This issue affects Infographic Maker – iList: from n/a through 4.6.6. 2024-04-22 6.5 CVE-2024-32696
audit@patchstack.com
rankmath — rank_math_seo_with_ai_best_seo_tools The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-23 6.4 CVE-2024-3665
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
rapid7 — insight_agent A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This was fixed in the Rapid7 platform starting 3 April 2024 via the introduction of a restricted role and the removal of automatic API key generation on installation of an agent. 2024-04-23 6.8 CVE-2024-3185
cve@rapid7.com
realmag777 — active_products_tables_for_woocommerce Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.2. 2024-04-22 5.3 CVE-2024-32691
audit@patchstack.com
red_hat — logging_subsystem_for_red_hat_openshift A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching. 2024-04-25 5.3 CVE-2024-0874
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — red_hat_build_of_keycloak A vulnerability was found in jberet-core logging. An exception in ‘dbProperties’ might display user credentials such as the username and password for the database-connection. 2024-04-25 6.5 CVE-2024-1102
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — red_hat_build_of_keycloak_22 A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance. 2024-04-25 6 CVE-2023-6717
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — red_hat_build_of_keycloak_22 A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter “prompt=login,” prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting “Restart login,” an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session. 2024-04-25 6.5 CVE-2023-6787
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — red_hat_build_of_keycloak_22 A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication. 2024-04-25 5 CVE-2023-3597
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — red_hat_build_of_keycloak_22 A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity. 2024-04-25 5.3 CVE-2023-6484
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — red_hat_build_of_keycloak_22 A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized. 2024-04-25 5.4 CVE-2023-6544
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — red_hat_build_of_quarkus_2.13.9.final A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either ‘quarkus.security.jaxrs.deny-unannotated-endpoints’ or ‘quarkus.security.jaxrs.default-roles-allowed’ properties. 2024-04-25 6.5 CVE-2023-5675
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — red_hat_build_of_quarkus_3.2.11.final A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service. 2024-04-25 5.3 CVE-2024-1726
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — red_hat_enterprise_linux_6 A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode. 2024-04-25 5.9 CVE-2024-2467
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — red_hat_enterprise_linux_8 A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access. 2024-04-25 6.2 CVE-2024-2905
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — red_hat_trusted_profile_analyzer A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed. 2024-04-25 4.3 CVE-2024-3508
secalert@redhat.com
secalert@redhat.com
renehermi — wp_staging_wordpress_backup_plugin_-_migration_backup_restore The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract sensitive data from a log file, including system information and (in the Pro version) license keys. Successful exploitation requires an administrator to have used the ‘Contact Us’ functionality along with the “Enable this option to automatically submit the log files.” option. 2024-04-26 5.3 CVE-2024-3682
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
renzo_johnson — contact_form_7_extension_for_mailchimp Cross-Site Request Forgery (CSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70. 2024-04-26 4.3 CVE-2024-33677
audit@patchstack.com
repute_infosystems — bookingpress Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BookingPress: from n/a through 1.0.74. 2024-04-24 5.3 CVE-2023-51405
audit@patchstack.com
revmakx — wpcal.io_-_easy_meeting_scheduler Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8. 2024-04-24 4.3 CVE-2024-32795
audit@patchstack.com
rimes_gold — cf7_file_download_-_file_download_for_cf7 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rimes Gold CF7 File Download – File Download for CF7 allows Stored XSS.This issue affects CF7 File Download – File Download for CF7: from n/a through 2.0. 2024-04-26 5.9 CVE-2024-33697
audit@patchstack.com
rometheme — romethemekit_for_elementor Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1. 2024-04-24 6.5 CVE-2024-32956
audit@patchstack.com
ruijie — rg-uac A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240419. This issue affects some unknown processing of the file /view/network Config/GRE/gre_edit_commit.php. The manipulation of the argument name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262145 was assigned to this vulnerability. 2024-04-27 4.7 CVE-2024-4255
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
satrya — smart_recent_posts_widget Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Satrya Smart Recent Posts Widget allows Stored XSS.This issue affects Smart Recent Posts Widget: from n/a through 1.0.3. 2024-04-26 5.9 CVE-2024-33692
audit@patchstack.com
sayful_islam — filterable_portfolio Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Sayful Islam Filterable Portfolio allows Stored XSS.This issue affects Filterable Portfolio: from n/a through 1.6.4. 2024-04-26 5.9 CVE-2024-4234
audit@patchstack.com
shaonsina — sina_extension_for_elementor_(slider_gallery_form_modal_data_table_tab_particle_free_elementor_widgets_&_elementor_templates) The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Sina Fancy Text Widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-25 6.4 CVE-2024-3988
security@wordfence.com
security@wordfence.com
security@wordfence.com
shapedplugin — widget_post_slider Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ShapedPlugin Widget Post Slider allows Stored XSS.This issue affects Widget Post Slider: from n/a through 1.3.5. 2024-04-24 5.9 CVE-2024-32801
audit@patchstack.com
shared_files_pro — shared_files Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through 1.7.16. 2024-04-23 5.3 CVE-2024-32679
audit@patchstack.com
shoaib_saleem — wp_post_rating Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5. 2024-04-24 5.3 CVE-2023-25785
audit@patchstack.com
sidekiq — sidekiq Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the application. An attacker could exploit it to target users of the Sidekiq Web UI. Moreover, if other applications are deployed on the same domain or website as Sidekiq, users of those applications could also be affected, leading to a broader scope of compromise. Potentially compromising their accounts, forcing the users to perform sensitive actions, stealing sensitive data, performing CORS attacks, defacement of the web application, etc. This issue has been patched in version 7.2.4. 2024-04-26 5.5 CVE-2024-32887
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
skylot — jadx jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability. 2024-04-22 6.1 CVE-2024-32653
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
softlab — radio_player Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. 2024-04-25 5.4 CVE-2024-33592
audit@patchstack.com
sourcecodester — simple_subscription_website A vulnerability, which was classified as critical, was found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file view_application.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261822 is the identifier assigned to this vulnerability. 2024-04-24 6.3 CVE-2024-4093
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
streamweasels — streamweasels_twitch_integration Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StreamWeasels StreamWeasels Twitch Integration.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.8. 2024-04-24 5.3 CVE-2024-32716
audit@patchstack.com
supsystic — data_tables_generator_by_supsystic Missing Authorization vulnerability in Supsystic Data Tables Generator by Supsystic.This issue affects Data Tables Generator by Supsystic: from n/a through 1.10.31. 2024-04-26 4.3 CVE-2024-32829
audit@patchstack.com
techlabpro1 — classified_listing_-_classified_ads_&_business_directory_plugin The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachements. 2024-04-25 5.3 CVE-2024-3893
security@wordfence.com
security@wordfence.com
thehappymonster — happy_addons_for_elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-26 6.4 CVE-2024-3890
security@wordfence.com
security@wordfence.com
themencode — fan_page_widget_by_themencode Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeNcode Fan Page Widget by ThemeNcode allows Stored XSS.This issue affects Fan Page Widget by ThemeNcode: from n/a through 2.0. 2024-04-26 5.9 CVE-2024-33695
audit@patchstack.com
themeum — tutor_lms_-_elearning_and_online_course_solution The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘tutor_instructor_list’ shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-25 5.4 CVE-2024-3994
security@wordfence.com
security@wordfence.com
tony_zeoli,_tony_hayes — radio_station Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Hayes Radio Station.This issue affects Radio Station: from n/a through 2.5.7. 2024-04-26 4.3 CVE-2024-33689
audit@patchstack.com
trackship — trackship_for_woocommerce Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.This issue affects TrackShip for WooCommerce: from n/a through 1.7.5. 2024-04-24 5.3 CVE-2024-32678
audit@patchstack.com
twinpictures — annual_archive Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0. 2024-04-26 5.9 CVE-2024-33598
audit@patchstack.com
umbraco — umbraco.workflow.issues Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6, 13.0.6, as well as Umbraco Plumber version 10.1.2, contain a patch for this issue. 2024-04-24 5.5 CVE-2024-32872
security-advisories@github.com
vektor,inc. — vk_block_patterns Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through 1.31.0. 2024-04-26 5.3 CVE-2024-32826
audit@patchstack.com
very_good_plugins — wp_fusion_lite Insertion of Sensitive Information into Log File vulnerability in Very Good Plugins WP Fusion Lite.This issue affects WP Fusion Lite: from n/a through 3.42.10. 2024-04-24 4.3 CVE-2024-32796
audit@patchstack.com
vyperlang — vyper Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a `range` of the form `range(start, start + N)`, if `start` is negative, the execution will always revert. This issue is caused by an incorrect assertion inserted by the code generation of the range `stmt.parse_For_range()`. The issue arises when `start` is signed, instead of using `sle`, `le` is used and `start` is interpreted as an unsigned integer for the comparison. If it is a negative number, its 255th bit is set to `1` and is hence interpreted as a very large unsigned integer making the assertion always fail. Any contract having a `range(start, start + N)` where `start` is a signed integer with the possibility for `start` to be negative is affected. If a call goes through the loop while supplying a negative `start` the execution will revert. Version 0.4.0b1 fixes the issue. 2024-04-25 5.3 CVE-2024-32481
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
vyperlang — vyper Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available. 2024-04-25 5.3 CVE-2024-32645
security-advisories@github.com
vyperlang — vyper Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double eval vulnerability when the buffer argument is either `msg.data`, `self.code` or `<address>.code` and either the `start` or `length` arguments have side-effects. It can be easily triggered only with the versions `<0.3.4` as `0.3.4` introduced the unique symbol fence. No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available. 2024-04-25 5.3 CVE-2024-32646
security-advisories@github.com
vyperlang — vyper Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `create_from_blueprint` builtin can result in a double eval vulnerability when `raw_args=True` and the `args` argument has side-effects. It can be seen that the `_build_create_IR` function of the `create_from_blueprint` builtin doesn’t cache the mentioned `args` argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions exist. 2024-04-25 5.3 CVE-2024-32647
security-advisories@github.com
security-advisories@github.com
vyperlang — vyper Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0, default functions don’t respect nonreentrancy keys and the lock isn’t emitted. No vulnerable production contracts were found. Additionally, using a lock on a `default` function is a very sparsely used pattern. As such, the impact is low. Version 0.3.0 contains a patch for the issue. 2024-04-25 5.3 CVE-2024-32648
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
vyperlang — vyper Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the `build_IR` function of the `sqrt` builtin doesn’t cache the argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available. 2024-04-25 5.3 CVE-2024-32649
security-advisories@github.com
watchdog — watchdog_antivirus Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002014 IOCTL code of the wsdk-driver.sys driver. 2024-04-23 5.5 CVE-2024-1241
help@fluidattacks.com
help@fluidattacks.com
webangon — the_pack_elementor_addons Server-Side Request Forgery (SSRF) vulnerability in Webangon The Pack Elementor.This issue affects The Pack Elementor addons: from n/a through 2.0.8.2. 2024-04-24 4.9 CVE-2024-32718
audit@patchstack.com
webtoffee — import_export_wordpress_users Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3. 2024-04-24 5.4 CVE-2024-32835
audit@patchstack.com
webtoffee — woocommerce_shipping_label Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebToffee WooCommerce Shipping Label allows Stored XSS.This issue affects WooCommerce Shipping Label: from n/a through 2.3.8. 2024-04-24 5.9 CVE-2024-32834
audit@patchstack.com
welotec — smart_ems An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames.  2024-04-23 6.5 CVE-2024-3911
info@cert.vde.com
wp_republic — hide_dashboard_notifications Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Dashboard Notifications.This issue affects Hide Dashboard Notifications: from n/a through 1.2.3. 2024-04-26 4.3 CVE-2024-33683
audit@patchstack.com
wp_royal — royal_elementor_kit Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Royal Elementor Kit.This issue affects Royal Elementor Kit: from n/a through 1.0.116. 2024-04-24 4.3 CVE-2024-32773
audit@patchstack.com
wpclever — wpc_composite_products_for_woocommerce The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wooco_components[0][name]’ parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing authorization on the ajax_save_components function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-27 6.4 CVE-2024-2838
security@wordfence.com
security@wordfence.com
wpclever — wpc_frequently_bought_together_for_woocommerce Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.0.3. 2024-04-22 4.3 CVE-2024-32687
audit@patchstack.com
wpdevteam — essential_addons_for_elementor_-_best_elementor_templates,_widgets,_kits_&_woocommerce_builders The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and ajax_eael_product_gallery() functions. This makes it possible for unauthenticated attackers to extract posts that may be in private or draft status. 2024-04-25 5.3 CVE-2024-3733
security@wordfence.com
security@wordfence.com
wpmet — wp_ultimate_review Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5. 2024-04-22 5.3 CVE-2024-32684
audit@patchstack.com
wproyal — royal_elementor_addons_and_templates The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widget containers in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-23 6.5 CVE-2024-2798
security@wordfence.com
security@wordfence.com
wproyal — royal_elementor_addons_and_templates The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including, 1.3.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-23 6.4 CVE-2024-2799
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wproyal — royal_elementor_addons_and_templates The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Advanced Accordion widget in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes like ‘accordion_title_tag’. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-23 6.4 CVE-2024-3889
security@wordfence.com
security@wordfence.com
xfinity_soft — order_limit_for_woocommerce Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.This issue affects Order Limit for WooCommerce: from n/a through 2.0.0. 2024-04-24 6.5 CVE-2024-32675
audit@patchstack.com
xtemos — woodmart Improper Authentication, Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4. 2024-04-24 5.3 CVE-2023-25790
audit@patchstack.com
yith — yith_woocommerce_compare Cross-Site Request Forgery (CSRF) vulnerability in YITH YITH WooCommerce Compare.This issue affects YITH WooCommerce Compare: from n/a through 2.37.0. 2024-04-24 4.3 CVE-2024-32699
audit@patchstack.com
zitadel — zitadel ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a `Lockout Policy` with a maximum amount of failed password check attempts, there was no such mechanism for (T)OTP checks. This issue has been patched in version 2.50.0. 2024-04-26 6.5 CVE-2024-32868
security-advisories@github.com
security-advisories@github.com
N/A — N/A

 

In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink. 2024-04-26 6 CVE-2022-48682
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A

 

An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt’s HTTPS queries to the Pwned Password API to more easily brute force passwords that are manually typed by the user. 2024-04-26 6.1 CVE-2024-33669
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A

 

Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact the appearance and user interaction of the page. 2024-04-26 4.3 CVE-2024-33670
cve@mitre.org
cve@mitre.org
cve@mitre.org

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
dell — dell_repository_manager_(drm) Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with the privileges of the running web application. 2024-04-24 3.3 CVE-2024-28977
security_alert@emc.com
ezviz — cs-c6-21wfr-8 A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as problematic. This affects an unknown part of the component Davinci Application. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-261789 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-23 3.7 CVE-2024-4063
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
hualai_xiaofang — isc5 A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-261788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-23 3.7 CVE-2024-4062
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kashipara — online_furniture_shopping_ecommerce_website A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been classified as problematic. Affected is an unknown function of the file search.php. The manipulation of the argument txtSearch leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261798 is the identifier assigned to this vulnerability. 2024-04-23 3.5 CVE-2024-4072
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kashipara — online_furniture_shopping_ecommerce_website A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file prodList.php. The manipulation of the argument prodType leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261799. 2024-04-23 3.5 CVE-2024-4073
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kashipara — online_furniture_shopping_ecommerce_website A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file prodInfo.php. The manipulation of the argument prodId leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261800. 2024-04-23 3.5 CVE-2024-4074
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kashipara — online_furniture_shopping_ecommerce_website A vulnerability classified as problematic has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file login.php. The manipulation of the argument txtAddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261801 was assigned to this vulnerability. 2024-04-23 3.5 CVE-2024-4075
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kubernetes — kubernetes A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated. 2024-04-22 2.7 CVE-2024-3177
jordan@liggitt.net
jordan@liggitt.net
jordan@liggitt.net
jordan@liggitt.net
l2c2technologies — koha A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2″><TEST> leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 950fc8e101886821879066b33e389a47fb0a9782. It is recommended to upgrade the affected component. The identifier VDB-261677 was assigned to this vulnerability. 2024-04-22 3.5 CVE-2018-25101
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
mattermost — mattermost Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 and 8.1.x <= 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request paths 2024-04-26 3.1 CVE-2024-22091
responsibledisclosure@mattermost.com
mattermost — mattermost Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests. 2024-04-26 2.7 CVE-2024-4195
responsibledisclosure@mattermost.com
mattermost — mattermost Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests. 2024-04-26 2.7 CVE-2024-4198
responsibledisclosure@mattermost.com
netgear — dg834gv5 A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-26 2.7 CVE-2024-4235
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul — doctor_appointment_management_system A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262225 was assigned to this vulnerability. 2024-04-27 3.5 CVE-2024-4293
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
quiz_maker_team — quiz_maker Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4. 2024-04-24 3.7 CVE-2023-23985
audit@patchstack.com
techkshetra_info_solutions — savsoft_quiz A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /public/index.php/Qbank/editCategory of the component Category Page. The manipulation of the argument category_name with the input ><script>alert(‘XSS’)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-27 2.4 CVE-2024-4256
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
thimo_grauerholz — wp-spreadplugin A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulation of the argument Spreadplugin leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.8.6.6 is able to address this issue. The name of the patch is a9b9afc641854698e80aa5dd9ababfc8e0e57d69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-261676. 2024-04-21 3.5 CVE-2015-10132
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tillitis — tkey-device-signer The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications integrating tkey-device-signer should upgrade to version 1.0.0 to receive a fix. No known workarounds are available. 2024-04-23 2.2 CVE-2024-32482
security-advisories@github.com
security-advisories@github.com
willmot — backupwordpress The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse directories outside of the context in which the plugin should allow. 2024-04-27 2.7 CVE-2024-3034
security@wordfence.com
security@wordfence.com
xpdf — xpdf Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. 2024-04-24 2.9 CVE-2024-4141
xpdf@xpdfreader.com

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache_software_foundation — apache_airflow_ftp_provider Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.create_default_context() during FTP_TLS instantiation is used as mitigation to validate the certificates properly. This issue affects Apache Airflow FTP Provider: before 3.7.0. Users are recommended to upgrade to version 3.7.0, which fixes the issue. 2024-04-21 not yet calculated CVE-2024-29733
security@apache.org
security@apache.org
security@apache.org
security@apache.org
apache_software_foundation — apache_answer Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue. 2024-04-21 not yet calculated CVE-2024-29217
security@apache.org
apache_software_foundation — apache_hugegraph-hubble Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue. 2024-04-22 not yet calculated CVE-2024-27347
security@apache.org
apache_software_foundation — apache_hugegraph-hubble RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. 2024-04-22 not yet calculated CVE-2024-27348
security@apache.org
security@apache.org
apache_software_foundation — apache_hugegraph-hubble Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue. 2024-04-22 not yet calculated CVE-2024-27349
security@apache.org
apple — ios_and_ipados This issue was addressed through improved state management. This issue is fixed in iOS 17.3 and iPadOS 17.3. Locked Notes content may have been unexpectedly unlocked. 2024-04-24 not yet calculated CVE-2024-23228
product-security@apple.com
apple — ios_and_ipados A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior. 2024-04-24 not yet calculated CVE-2024-23271
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — itunes_for_windows A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. 2024-04-26 not yet calculated CVE-2022-48611
product-security@apple.com
apple — macos The issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, tvOS 17.3, macOS Ventura 13.6.4, iOS 16.7.5 and iPadOS 16.7.5, macOS Monterey 12.7.3, macOS Sonoma 14.3. An app may be able to corrupt coprocessor memory. 2024-04-24 not yet calculated CVE-2024-27791
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
arm — arm_v8-m_security_extensions_requirements_on_development_tools Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement ‘Arm v8-M Security Extensions Requirements on Development Tools’ prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state. 2024-04-24 not yet calculated CVE-2024-0151
arm-security@arm.com
cisco — cisco_telepresence_management_suite_(tms) A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2024-04-24 not yet calculated CVE-2023-20248
ykramarz@cisco.com
ivanti — avalanche An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. 2024-04-25 not yet calculated CVE-2024-23527
support@hackerone.com
ivanti — connect_secure An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions. 2024-04-25 not yet calculated CVE-2024-29205
support@hackerone.com
linux — linux In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 (“aio: Make it possible to remap aio ring”) introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set to NULL. [jmoyer@redhat.com: fix 80 column issue] 2024-04-26 not yet calculated CVE-2023-52646
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place. 2024-04-23 not yet calculated CVE-2024-26922
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two consecutive passes of scan_children() may see a different set of children. Leading to an incorrectly elevated inflight count, and then a dangling pointer within the gc_inflight_list. sockets are AF_UNIX/SOCK_STREAM S is an unconnected socket L is a listening in-flight socket bound to addr, not in fdtable V’s fd will be passed via sendmsg(), gets inflight count bumped connect(S, addr) sendmsg(S, [V]); close(V) __unix_gc() —————- ————————- ———– NS = unix_create1() skb1 = sock_wmalloc(NS) L = unix_find_other(addr) unix_state_lock(L) unix_peer(S) = NS // V count=1 inflight=0 NS = unix_peer(S) skb2 = sock_alloc() skb_queue_tail(NS, skb2[V]) // V became in-flight // V count=2 inflight=1 close(V) // V count=1 inflight=1 // GC candidate condition met for u in gc_inflight_list: if (total_refs == inflight_refs) add u to gc_candidates // gc_candidates={L, V} for u in gc_candidates: scan_children(u, dec_inflight) // embryo (skb1) was not // reachable from L yet, so V’s // inflight remains unchanged __skb_queue_tail(L, skb1) unix_state_unlock(L) for u in gc_candidates: if (u.inflight) scan_children(u, inc_inflight_move_tail) // V count=1 inflight=2 (!) If there is a GC-candidate listening socket, lock/unlock its state. This makes GC wait until the end of any ongoing connect() to that socket. After flipping the lock, a possibly SCM-laden embryo is already enqueued. And if there is another embryo coming, it can not possibly carry SCM_RIGHTS. At this point, unix_inflight() can not happen because unix_gc_lock is already taken. Inflight graph remains unaffected. 2024-04-25 not yet calculated CVE-2024-26923
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem(“00000000”) timeout 100 ms … add_elem(“0000000X”) timeout 100 ms del_elem(“0000000X”) <—————- delete one that was just added … add_elem(“00005000”) timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano) 2024-04-25 not yet calculated CVE-2024-26924
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called. 2024-04-25 not yet calculated CVE-2024-26925
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 (“binder: avoid potential data leakage when copying txn”) introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. This avoids later complications when unwinding the objects gets harder. It is worth noting this check existed prior to commit 7a67a39320df (“binder: add function to copy binder object from buffer”), likely removed due to redundancy at the time. 2024-04-25 not yet calculated CVE-2024-26926
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
openssl — openssl Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL pkey command line application. For that reason that application is also vulnerable if used with the ‘-pubin’ and ‘-check’ options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. 2024-04-25 not yet calculated CVE-2023-6237
openssl-security@openssl.org
openssl-security@openssl.org
openssl-security@openssl.org
openssl-security@openssl.org
roamwifi_technology_co._ltd. — roamwifi_r10 Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized operations. 2024-04-24 not yet calculated CVE-2024-31406
vultures@jpcert.or.jp
vultures@jpcert.or.jp
roamwifi_technology_co._ltd. — roamwifi_r10 Insertion of sensitive information into log file issue exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may obtain sensitive information. 2024-04-24 not yet calculated CVE-2024-32051
vultures@jpcert.or.jp
vultures@jpcert.or.jp
unknown — advanced_search The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations. 2024-04-25 not yet calculated CVE-2024-3265
contact@wpscan.com
unknown — agca_ The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-04-25 not yet calculated CVE-2024-2907
contact@wpscan.com
unknown — bannerlid The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators 2024-04-26 not yet calculated CVE-2024-3048
contact@wpscan.com
unknown — better_comments The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-04-24 not yet calculated CVE-2024-2402
contact@wpscan.com
unknown — better_comments The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks. 2024-04-24 not yet calculated CVE-2024-2404
contact@wpscan.com
unknown — call_now_button_ The Call Now Button WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-04-26 not yet calculated CVE-2024-2908
contact@wpscan.com
unknown — enl_newsletter The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack 2024-04-26 not yet calculated CVE-2024-3058
contact@wpscan.com
unknown — enl_newsletter The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack 2024-04-26 not yet calculated CVE-2024-3059
contact@wpscan.com
unknown — enl_newsletter The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks 2024-04-26 not yet calculated CVE-2024-3060
contact@wpscan.com
unknown — fancy_product_designer The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users 2024-04-26 not yet calculated CVE-2024-0905
contact@wpscan.com
unknown — floating_chat_widget:_contact_chat_icons_whatsapp_telegram_chat_line_messenger_wechat_email_sms_call_button_ The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-04-24 not yet calculated CVE-2024-2972
contact@wpscan.com
unknown — import_wp_ The Import WP WordPress plugin before 2.13.1 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. 2024-04-24 not yet calculated CVE-2023-7253
contact@wpscan.com
unknown — mm-email2image The MM-email2image WordPress plugin through 0.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2024-04-26 not yet calculated CVE-2024-3075
contact@wpscan.com
unknown — mm-email2image The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack 2024-04-26 not yet calculated CVE-2024-3076
contact@wpscan.com
unknown — salon_booking_system The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2024-04-26 not yet calculated CVE-2024-2429
contact@wpscan.com
unknown — salon_booking_system The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-04-26 not yet calculated CVE-2024-2439
contact@wpscan.com
unknown — salon_booking_system The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-04-26 not yet calculated CVE-2024-2603
contact@wpscan.com
unknown — social_sharing_plugin_ The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2024-04-26 not yet calculated CVE-2024-2159
contact@wpscan.com
unknown — strong_testimonials The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed 2024-04-24 not yet calculated CVE-2024-3261
contact@wpscan.com
unknown — tickera_ The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users’ tickets. 2024-04-22 not yet calculated CVE-2023-7252
contact@wpscan.com
unknown — woocommerce_customers_manager The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2024-04-24 not yet calculated CVE-2024-1743
contact@wpscan.com
unknown — woocommerce_customers_manager The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name 2024-04-24 not yet calculated CVE-2024-1756
contact@wpscan.com
unknown — wp_chat_app The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2024-04-26 not yet calculated CVE-2024-2837
contact@wpscan.com
unknown — wp_google_review_slider The WP Google Review Slider WordPress plugin before 13.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-04-26 not yet calculated CVE-2024-2310
contact@wpscan.com
unknown — wp_shortcodes_plugin_-_shortcodes_ultimate The WP Shortcodes Plugin – Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2024-04-26 not yet calculated CVE-2024-3188
contact@wpscan.com
wpmu_dev — forminator Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition. 2024-04-23 not yet calculated CVE-2024-28890
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
wpmu_dev — forminator Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any information in the database and cause a denial-of-service (DoS) condition. 2024-04-23 not yet calculated CVE-2024-31077
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
N/A — N/A

 

A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter. 2024-04-22 not yet calculated CVE-2022-34560
cve@mitre.org
cve@mitre.org
N/A — N/A

 

A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter. 2024-04-22 not yet calculated CVE-2022-34561
cve@mitre.org
cve@mitre.org
N/A — N/A

 

A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box. 2024-04-22 not yet calculated CVE-2022-34562
cve@mitre.org
cve@mitre.org
N/A — N/A

 

Improper verification of a user input in Open Source MANO v7-v12 allows an authenticated attacker to execute arbitrary code within the LCM module container via a Virtual Network Function (VNF) descriptor. An attacker may be able execute code to change the normal execution of the OSM components, retrieve confidential information, or gain access other parts of a Telco Operator infrastructure other than OSM itself. 2024-04-22 not yet calculated CVE-2022-35503
cve@mitre.org
cve@mitre.org
N/A — N/A

 

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions. 2024-04-22 not yet calculated CVE-2022-46897
cve@mitre.org
N/A — N/A

 

JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory with Insecure Permissions. This allows privilege escalation to SYSTEM via a repair action in the installer. 2024-04-26 not yet calculated CVE-2023-26603
cve@mitre.org
cve@mitre.org
N/A — N/A

 

Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc (versionCode=’9020801′, versionName=’9.0208.01′ ; versionCode=’9020913′, versionName=’9.0209.13′ ; versionCode=’9021203′, versionName=’9.0212.03′) that allows local third-party apps to execute arbitrary shell commands in its context (system user) due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.evenwell.fqc app. No user interaction is required beyond installing and running a third-party app. The vulnerability allows local apps to access sensitive functionality that is generally restricted to pre-installed apps, such as programmatically performing the following actions: granting arbitrary permissions (which can be used to obtain sensitive user data), installing arbitrary apps, video recording the screen, wiping the device (removing the user’s apps and data), injecting arbitrary input events, calling emergency phone numbers, disabling apps, accessing notifications, and much more. The software build fingerprints for each confirmed vulnerable device are as follows: BLU View 2 (BLU/B131DL/B130DL:11/RP1A.200720.011/1672046950:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1663816427:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1656476696:user/release-keys, BLU/B131DL/B130DL:11/RP1A.200720.011/1647856638:user/release-keys) and Sharp Rouvo V (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_460:user/release-keys and SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys). This malicious app starts an exported activity named com.evenwell.fqc/.activity.ClickTest, crashes the com.evenwell.fqc app by sending an empty Intent (i.e., having not extras) to the com.evenwell.fqc/.FQCBroadcastReceiver receiver component, and then it sends command arbitrary shell commands to the com.evenwell.fqc/.FQCService service component which executes them with “system” privileges. 2024-04-22 not yet calculated CVE-2023-38290
cve@mitre.org
N/A — N/A

 

An issue was discovered in a third-party component related to ro.boot.wifimacaddr, shipped on devices from multiple device manufacturers. Various software builds for the following TCL devices (30Z and 10L) and Motorola devices (Moto G Pure and Moto G Power) leak the Wi-Fi MAC address to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: TCL A3X (TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAAZ:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB3:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB7:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABA:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABM:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABP:user/release-keys, and TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABS:user/release-keys); TCL 10L (TCL/T770B/T1_LITE:10/QKQ1.200329.002/3CJ0:user/release-keys and TCL/T770B/T1_LITE:11/RKQ1.210107.001/8BIC:user/release-keys); Motorola Moto G Pure (motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-2/74844:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-7/5cde8:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-10/d67faa:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-13/b4a29:user/release-keys, motorola/ellis_trac/ellis:12/S3RH32.20-42-10/1c2540:user/release-keys, motorola/ellis_trac/ellis:12/S3RHS32.20-42-13-2-1/6368dd:user/release-keys, motorola/ellis_a/ellis:11/RRH31.Q3-46-50-2/20fec:user/release-keys, motorola/ellis_vzw/ellis:11/RRH31.Q3-46-138/103bd:user/release-keys, motorola/ellis_vzw/ellis:11/RRHS31.Q3-46-138-2/e5502:user/release-keys, and motorola/ellis_vzw/ellis:12/S3RHS32.20-42-10-14-2/5e0b0:user/release-keys); and Motorola Moto G Power (motorola/tonga_g/tonga:11/RRQ31.Q3-68-16-2/e5877:user/release-keys and motorola/tonga_g/tonga:12/S3RQS32.20-42-10-6/f876d3:user/release-keys). This malicious app reads from the “ro.boot.wifimacaddr” system property to indirectly obtain the Wi-Fi MAC address. 2024-04-22 not yet calculated CVE-2023-38291
cve@mitre.org
N/A — N/A

 

Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy (versionCode=’2′, versionName=’v11.0.1.0.0201.0′) that allows local third-party apps to programmatically perform a factory reset due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.tct.gcs.hiddenmenuproxy app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable build are as follows: TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB83-0:user/release-keys. This malicious app sends a broadcast intent to the exported com.tct.gcs.hiddenmenuproxy/.rtn.FactoryResetReceiver receiver component, which initiates a programmatic factory reset. 2024-04-22 not yet calculated CVE-2023-38292
cve@mitre.org
N/A — N/A

 

Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus (versionCode=’31’, versionName=’12’) that allows local third-party apps to execute arbitrary AT commands in its context (radio user) via AT command injection due to inadequate access control and inadequate input filtering. No permissions or special privileges are necessary to exploit the vulnerability in the com.tracfone.tfstatus app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable device are as follows: Nokia C200 (Nokia/Drake_02US/DRK:12/SP1A.210812.016/02US_1_080:user/release-keys and Nokia/Drake_02US/DRK:12/SP1A.210812.016/02US_1_040:user/release-keys) and Nokia C100 (Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_270:user/release-keys, Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_190:user/release-keys, Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_130:user/release-keys, Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_110:user/release-keys, Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_080:user/release-keys, and Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_050:user/release-keys). This malicious app sends a broadcast Intent to the receiver component named com.tracfone.tfstatus/.TFStatus. This broadcast receiver extracts a string from the Intent and uses it as an extra when it starts the com.tracfone.tfstatus/.TFStatusActivity activity component which uses the externally controlled string as an input to execute an AT command. There are two different injection techniques to successfully inject arbitrary AT commands to execute. 2024-04-22 not yet calculated CVE-2023-38293
cve@mitre.org
N/A — N/A

 

Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory (versionCode=’7′, versionName=’1.8.0(220310_1027)’) that allows local third-party apps to execute arbitrary shell commands in its context (system user) due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.transsion.autotest.factory app. No user interaction is required beyond installing and running a third-party app. The vulnerability allows local apps to access sensitive functionality that is generally restricted to pre-installed apps, such as programmatically performing the following actions: granting arbitrary permissions (which can be used to obtain sensitive user data), installing arbitrary apps, video recording the screen, wiping the device (removing the user’s apps and data), injecting arbitrary input events, calling emergency phone numbers, disabling apps, accessing notifications, and much more. The confirmed vulnerable software build fingerprints for the Itel Vision 3 Turbo device are as follows: Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V92-20230105:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V86-20221118:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V78-20221101:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V64-20220803:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V61-20220721:user/release-keys, Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V58-20220712:user/release-keys, and Itel/F6321/itel-S661LP:11/RP1A.201005.001/GL-V051-20220613:user/release-keys. This malicious app sends a broadcast Intent to the receiver component named com.transsion.autotest.factory/.broadcast.CommandReceiver with the path to a shell script that it creates in its scoped storage directory. Then the com.transsion.autotest.factory app will execute the shell script with “system” privileges. 2024-04-22 not yet calculated CVE-2023-38294
cve@mitre.org
cve@mitre.org
N/A — N/A

 

Certain software builds for the TCL 30Z and TCL 10 Android devices contain a vulnerable, pre-installed app that relies on a missing permission that provides no protection at runtime. The missing permission is required as an access permission by components in various pre-installed apps. On the TCL 30Z device, the vulnerable app has a package name of com.tcl.screenrecorder (versionCode=’1221092802′, versionName=’v5.2120.02.12008.1.T’ ; versionCode=’1221092805′, versionName=’v5.2120.02.12008.2.T’). On the TCL 10L device, the vulnerable app has a package name of com.tcl.sos (versionCode=’2020102827′, versionName=’v3.2014.12.1012.B’). When a third-party app declares and requests the missing permission, it can interact with certain service components in the aforementioned apps (that execute with “system” privileges) to perform arbitrary files reads/writes in its context. An app exploiting this vulnerability only needs to declare and request the single missing permission and no user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable device are as follows: TCL 10L (TCL/T770B/T1_LITE:11/RKQ1.210107.001/8BIC:user/release-keys) and TCL 30Z (TCL/4188R/Jetta_ATT:12/SP1A.210812.016/LV8E:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU5P:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU61:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU66:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU68:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6P:user/release-keys, and TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6X:user/release-keys). This malicious app declares the missing permission named com.tct.smart.switchphone.permission.SWITCH_DATA as a normal permission, requests the missing permission, and uses it to interact with the com.tct.smart.switchdata.DataService service component that is declared in vulnerable apps that execute with “system” privileges to perform arbitrary file reads/writes. 2024-04-22 not yet calculated CVE-2023-38295
cve@mitre.org
N/A — N/A

 

Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: TCL 30Z (TCL/4188R/Jetta_ATT:12/SP1A.210812.016/LV8E:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU5P:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU61:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU66:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU68:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6P:user/release-keys, and TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6X:user/release-keys) and TCL A3X (TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAAZ:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB3:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB7:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABA:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABM:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABP:user/release-keys, and TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABS:user/release-keys). This malicious app reads from the “persist.sys.tctPowerIccid” system property to indirectly obtain the ICCID. 2024-04-22 not yet calculated CVE-2023-38296
cve@mitre.org
N/A — N/A

 

An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of com.factory.mmigroup (versionCode=’3′, versionName=’2.1) that allows local third-party apps to perform various actions, due to inadequate access control, in its context (system user), but the functionalities exposed depend on the specific device. The following capabilities are exposed to zero-permission, third-party apps on the following devices: arbitrary AT command execution via AT command injection (T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, and Boost Mobile Celero 5G); programmatic factory reset (Samsung Galaxy A03S, T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, Boost Mobile Celero, Realme C25Y, and Lenovo Tab M8 HD), leaking IMEI (Samsung Galaxy A03S, T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, Boost Mobile Celero, and Realme C25Y); leaking serial number (Samsung Galaxy A03s, T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, Boost Mobile Celero, Realme C25Y, and Lenovo Tab M8 HD); powering off the device (Realme C25Y, Samsung Galaxy A03S, and T-Mobile Revvl 6 Pro 5G); and programmatically enabling/disabling airplane mode (Samsung Galaxy A03S, T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, Boost Mobile Celero, and Realme C25Y); and enabling Wi-Fi, Bluetooth, and GPS (Samsung Galaxy A03S, T-Mobile Revvl 6 Pro 5G, T-Mobile Revvl V+ 5G, Boost Mobile Celero, and Realme C25Y). No permissions or special privileges are necessary to exploit the vulnerabilities in the com.factory.mmigroup app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable device are as follows: Boost Mobile Celero 5G (Celero5G/Jupiter/Jupiter:11/RP1A.200720.011/SW_S98119AA1_V067:user/release-keys, Celero5G/Jupiter/Jupiter:11/RP1A.200720.011/SW_S98119AA1_V064:user/release-keys, Celero5G/Jupiter/Jupiter:11/RP1A.200720.011/SW_S98119AA1_V061:user/release-keys, and Celero5G/Jupiter/Jupiter:11/RP1A.200720.011/SW_S98119AA1_V052:user/release-keys); Samsung Galaxy A03S (samsung/a03sutfn/a03su:13/TP1A.220624.014/S134DLUDU6CWB6:user/release-keys and samsung/a03sutfn/a03su:12/SP1A.210812.016/S134DLUDS5BWA1:user/release-keys); Lenovo Tab M8 HD (Lenovo/LenovoTB-8505F/8505F:10/QP1A.190711.020/S300637_220706_BMP:user/release-keys and Lenovo/LenovoTB-8505F/8505F:10/QP1A.190711.020/S300448_220114_BMP:user/release-keys); T-Mobile Revvl 6 Pro 5G (T-Mobile/Augusta/Augusta:12/SP1A.210812.016/SW_S98121AA1_V070:user/release-keys and T-Mobile/Augusta/Augusta:12/SP1A.210812.016/SW_S98121AA1_V066:user/release-keys); T-Mobile Revvl V+ 5G (T-Mobile/Sprout/Sprout:11/RP1A.200720.011/SW_S98115AA1_V077:user/release-keys and T-Mobile/Sprout/Sprout:11/RP1A.200720.011/SW_S98115AA1_V060:user/release-keys); and Realme C25Y (realme/RMX3269/RED8F6:11/RP1A.201005.001/1675861640000:user/release-keys, realme/RMX3269/RED8F6:11/RP1A.201005.001/1664031768000:user/release-keys, realme/RMX3269/RED8F6:11/RP1A.201005.001/1652814687000:user/release-keys, and realme/RMX3269/RED8F6:11/RP1A.201005.001/1635785712000:user/release-keys). This malicious app sends a broadcast Intent to com.factory.mmigroup/.MMIGroupReceiver. This causes the com.factory.mmigroup app to dynamically register for various action strings. The malicious app can then send these strings, allowing it to perform various behaviors that the com.factory.mmigroup app exposes. The actual behaviors exposed by the com.factory.mmigroup app depend on device model and chipset. The com.factory.mmigroup app executes as the “system” user, allowing it to interact with the baseband processor and perform various other sensitive actions. 2024-04-22 not yet calculated CVE-2023-38297
cve@mitre.org
N/A — N/A

 

Various software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: TCL 30Z (TCL/4188R/Jetta_ATT:12/SP1A.210812.016/LV8E:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU5P:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU61:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU66:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU68:user/release-keys, TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6P:user/release-keys, and TCL/T602DL/Jetta_TF:12/SP1A.210812.016/vU6X:user/release-keys); TCL A3X (TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAAZ:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB3:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vAB7:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABA:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABM:user/release-keys, TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABP:user/release-keys, and TCL/A600DL/Delhi_TF:11/RKQ1.201202.002/vABS:user/release-keys); TCL 20XE (TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB83-0:user/release-keys); and TCL 10L (TCL/T770B/T1_LITE:10/QKQ1.200329.002/3CJ0:user/release-keys and TCL/T770B/T1_LITE:11/RKQ1.210107.001/8BIC:user/release-keys). This malicious app reads from the “gsm.device.imei0” system property to indirectly obtain the device IMEI. 2024-04-22 not yet calculated CVE-2023-38298
cve@mitre.org
N/A — N/A

 

Various software builds for the AT&T Calypso, Nokia C100, Nokia C200, and BLU View 3 devices leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: AT&T Calypso (ATT/U318AA/U318AA:10/QP1A.190711.020/1632369780:user/release-keys); Nokia C100 (Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_190:user/release-keys and Nokia/DrakeLite_02US/DKT:12/SP1A.210812.016/02US_1_270:user/release-keys); Nokia C200 (Nokia/Drake_02US/DRK:12/SP1A.210812.016/02US_1_080:user/release-keys); and BLU View 3 (BLU/B140DL/B140DL:11/RP1A.200720.011/1628014629:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1632535579:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1637325978:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1650073052:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1657087912:user/release-keys, BLU/B140DL/B140DL:11/RP1A.200720.011/1666316280:user/release-keys, and BLU/B140DL/B140DL:11/RP1A.200720.011/1672371162:user/release-keys). This malicious app reads from the “persist.sys.imei1” system property to indirectly obtain the device IMEI. 2024-04-22 not yet calculated CVE-2023-38299
cve@mitre.org
N/A — N/A

 

A certain software build for the Orbic Maui device (Orbic/RC545L/RC545L:10/ORB545L_V1.4.2_BVZPP/230106:user/release-keys) leaks the IMEI and the ICCID to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in this instance they are leaked by a high-privilege process and can be obtained indirectly. This malicious app reads from the “persist.sys.verizon_test_plan_imei” system property to indirectly obtain the IMEI and reads the “persist.sys.verizon_test_plan_iccid” system property to obtain the ICCID. 2024-04-22 not yet calculated CVE-2023-38300
cve@mitre.org
N/A — N/A

 

An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and T-Mobile Revvl V+ 5G devices leak the device serial number to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances they are leaked by a high-privilege process and can be obtained indirectly. The software build fingerprints for each confirmed vulnerable device are as follows: BLU View 2 (BLU/B131DL/B130DL:11/RP1A.200720.011/1672046950:user/release-keys); Boost Mobile Celero 5G (Celero5G/Jupiter/Jupiter:11/RP1A.200720.011/SW_S98119AA1_V067:user/release-keys); Sharp Rouvo V (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys); Motorola Moto G Pure (motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-2/74844:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-7/5cde8:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-10/d67faa:user/release-keys, motorola/ellis_trac/ellis:11/RRHS31.Q3-46-110-13/b4a29:user/release-keys, motorola/ellis_trac/ellis:12/S3RH32.20-42-10/1c2540:user/release-keys, motorola/ellis_trac/ellis:12/S3RHS32.20-42-13-2-1/6368dd:user/release-keys, motorola/ellis_a/ellis:11/RRH31.Q3-46-50-2/20fec:user/release-keys, motorola/ellis_vzw/ellis:11/RRH31.Q3-46-138/103bd:user/release-keys, motorola/ellis_vzw/ellis:11/RRHS31.Q3-46-138-2/e5502:user/release-keys, and motorola/ellis_vzw/ellis:12/S3RHS32.20-42-10-14-2/5e0b0:user/release-keys); Motorola Moto G Power (motorola/tonga_g/tonga:11/RRQ31.Q3-68-16-2/e5877:user/release-keys and motorola/tonga_g/tonga:12/S3RQS32.20-42-10-6/f876d3:user/release-keys); T-Mobile Revvl 6 Pro 5G (T-Mobile/Augusta/Augusta:12/SP1A.210812.016/SW_S98121AA1_V070:user/release-keys); and T-Mobile Revvl V+ 5G (T-Mobile/Sprout/Sprout:11/RP1A.200720.011/SW_S98115AA1_V077:user/release-keys). This malicious app reads from the “vendor.gsm.serial” system property to indirectly obtain the device serial number. 2024-04-22 not yet calculated CVE-2023-38301
cve@mitre.org
N/A — N/A

 

A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys) leaks the Wi-Fi MAC address and the Bluetooth MAC address to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in this instance they are leaked by a high-privilege process and can be obtained indirectly. This malicious app reads from the “ro.boot.wifi_mac” system property to indirectly obtain the Wi-Fi MAC address and reads the “ro.boot.bt_mac” system property to obtain the Bluetooth MAC address. 2024-04-22 not yet calculated CVE-2023-38302
cve@mitre.org
N/A — N/A

 

An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could lead to possible circumstances where the data immediately following the command buffer could be destroyed with a fixed value. This is fixed in kernel 5.2 v05.28.45, kernel 5.3 v05.37.45, kernel 5.4 v05.45.45, kernel 5.5 v05.53.45, and kernel 5.6 v05.60.45. 2024-04-26 not yet calculated CVE-2023-47252
cve@mitre.org
N/A — N/A

 

QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer dereference because of an erroneous lexical scope of “this” with eval. 2024-04-23 not yet calculated CVE-2023-48183
cve@mitre.org
cve@mitre.org
N/A — N/A

 

QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures. 2024-04-23 not yet calculated CVE-2023-48184
cve@mitre.org
N/A — N/A

 

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. 2024-04-26 not yet calculated CVE-2023-51794
cve@mitre.org
N/A — N/A

 

Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hmsg parameter. This vulnerability is triggered via a crafted POST request. 2024-04-26 not yet calculated CVE-2024-22632
cve@mitre.org
N/A — N/A

 

Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request. 2024-04-26 not yet calculated CVE-2024-22633
cve@mitre.org
N/A — N/A

 

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption. 2024-04-22 not yet calculated CVE-2024-22807
cve@mitre.org
N/A — N/A

 

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the card’s name in the device memory. 2024-04-22 not yet calculated CVE-2024-22808
cve@mitre.org
N/A — N/A

 

Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code’s shared folder and view sensitive information. 2024-04-22 not yet calculated CVE-2024-22809
cve@mitre.org
N/A — N/A

 

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the Hostmot2 configuration cookie in the device memory. 2024-04-22 not yet calculated CVE-2024-22811
cve@mitre.org
N/A — N/A

 

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to overwrite the hardcoded IP address in the device memory, disrupting network connectivity between the router and the controller. 2024-04-22 not yet calculated CVE-2024-22813
cve@mitre.org
N/A — N/A

 

An issue in the communication protocol of Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) via crafted commands. 2024-04-22 not yet calculated CVE-2024-22815
cve@mitre.org
N/A — N/A

 

A SQL injection vulnerability via the Save Favorite Search function in Axefinance Axe Credit Portal >= v.3.0 allows authenticated attackers to execute unintended queries and disclose sensitive information from DB tables via crafted requests. 2024-04-22 not yet calculated CVE-2024-22856
cve@mitre.org
N/A — N/A

 

Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords. 2024-04-26 not yet calculated CVE-2024-25343
cve@mitre.org
cve@mitre.org
N/A — N/A

 

SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters. 2024-04-22 not yet calculated CVE-2024-27574
cve@mitre.org
N/A — N/A

 

SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a crafted POST request. 2024-04-26 not yet calculated CVE-2024-28322
cve@mitre.org
cve@mitre.org
N/A — N/A

 

Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings. 2024-04-26 not yet calculated CVE-2024-28325
cve@mitre.org
cve@mitre.org
N/A — N/A

 

Incorrect Access Control in Asus RT-N12+ B1 routers allows local attackers to obtain root terminal access via the the UART interface. 2024-04-26 not yet calculated CVE-2024-28326
cve@mitre.org
cve@mitre.org
N/A — N/A

 

Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings. 2024-04-26 not yet calculated CVE-2024-28327
cve@mitre.org
cve@mitre.org
N/A — N/A

 

CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format. 2024-04-26 not yet calculated CVE-2024-28328
cve@mitre.org
cve@mitre.org
N/A — N/A

 

Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2590, DAP-2690, DAP-2695, DAP-3520, DAP-3662 allows a remote attacker to execute arbitrary code via the reload parameter in the session_login.php component. 2024-04-22 not yet calculated CVE-2024-28436
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A

 

SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive information via the task_id parameter of the task-details.php, and edit-task.php component. 2024-04-24 not yet calculated CVE-2024-28613
cve@mitre.org
cve@mitre.org
N/A — N/A

 

An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file. 2024-04-23 not yet calculated CVE-2024-28627
cve@mitre.org
cve@mitre.org
N/A — N/A

 

A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code via the GString::copy() and ImgOutputDev::ImgOutputDev function. 2024-04-22 not yet calculated CVE-2024-28699
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A

 

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component. 2024-04-22 not yet calculated CVE-2024-28717
cve@mitre.org
cve@mitre.org
N/A — N/A

 

Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint 2024-04-22 not yet calculated CVE-2024-28722
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A

 

An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content. 2024-04-22 not yet calculated CVE-2024-29368
cve@mitre.org
N/A — N/A

 

Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the “Province” field in Address Book. 2024-04-22 not yet calculated CVE-2024-29376
cve@mitre.org
N/A — N/A

 

Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component. 2024-04-25 not yet calculated CVE-2024-29660
cve@mitre.org
N/A — N/A

 

A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload. 2024-04-22 not yet calculated CVE-2024-29661
cve@mitre.org
N/A — N/A

 

An issue in PX4 Autopilot v1.14 and before allows a remote attacker to execute arbitrary code and cause a denial of service via the Breach Return Point function. 2024-04-22 not yet calculated CVE-2024-30799
cve@mitre.org
N/A — N/A

 

PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function. 2024-04-23 not yet calculated CVE-2024-30800
cve@mitre.org
cve@mitre.org
N/A — N/A

 

An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests. 2024-04-26 not yet calculated CVE-2024-30804
cve@mitre.org
N/A — N/A

 

A stored cross-site scripting (XSS) vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter. 2024-04-23 not yet calculated CVE-2024-30886
cve@mitre.org
N/A — N/A

 

Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacker to obtain sensitive information via the categories.php component. 2024-04-25 not yet calculated CVE-2024-30890
cve@mitre.org
N/A — N/A

 

An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure. 2024-04-25 not yet calculated CVE-2024-30939
cve@mitre.org
N/A — N/A

 

A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams. 2024-04-22 not yet calculated CVE-2024-31036
cve@mitre.org
N/A — N/A

 

An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate privileges via a crafted POST request to /admin/core/new_staff. 2024-04-26 not yet calculated CVE-2024-31502
cve@mitre.org
N/A — N/A

 

Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the “id” parameter of /admin/?page=user/manage_user&id=6. 2024-04-22 not yet calculated CVE-2024-31545
cve@mitre.org
N/A — N/A

 

Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request. 2024-04-26 not yet calculated CVE-2024-31551
cve@mitre.org
N/A — N/A

 

Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted script 2024-04-25 not yet calculated CVE-2024-31574
cve@mitre.org
N/A — N/A

 

An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component. 2024-04-26 not yet calculated CVE-2024-31601
cve@mitre.org
N/A — N/A

 

Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration. 2024-04-25 not yet calculated CVE-2024-31609
cve@mitre.org
N/A — N/A

 

File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file. 2024-04-25 not yet calculated CVE-2024-31610
cve@mitre.org
N/A — N/A

 

ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php. 2024-04-25 not yet calculated CVE-2024-31615
cve@mitre.org
N/A — N/A

 

An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the common_quick_config.lua file. 2024-04-23 not yet calculated CVE-2024-31616
cve@mitre.org
N/A — N/A

 

An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component. 2024-04-22 not yet calculated CVE-2024-31666
cve@mitre.org
N/A — N/A

 

Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login. 2024-04-26 not yet calculated CVE-2024-31741
cve@mitre.org
N/A — N/A

 

cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. 2024-04-26 not yet calculated CVE-2024-31755
cve@mitre.org
N/A — N/A

 

An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component. 2024-04-23 not yet calculated CVE-2024-31804
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A

 

Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the URL. 2024-04-26 not yet calculated CVE-2024-31828
cve@mitre.org
N/A — N/A

 

Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain user information etc. and alter the page contents on the user’s web browser. 2024-04-23 not yet calculated CVE-2024-31857
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
N/A — N/A

 

An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component. 2024-04-25 not yet calculated CVE-2024-32236
cve@mitre.org
N/A — N/A

 

H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router’s management system can be accessed via the management system page login interface. 2024-04-22 not yet calculated CVE-2024-32238
cve@mitre.org
cve@mitre.org
N/A — N/A

 

The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM. 2024-04-23 not yet calculated CVE-2024-32258
cve@mitre.org
cve@mitre.org
N/A — N/A

 

Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc program. 2024-04-25 not yet calculated CVE-2024-32324
cve@mitre.org
N/A — N/A

 

An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function. 2024-04-25 not yet calculated CVE-2024-32358
cve@mitre.org
cve@mitre.org
N/A — N/A

 

Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor FW Version 3.0 allows a local attacker to cause a denial of service via the Bluetooth Low Energy (BLE) component. 2024-04-22 not yet calculated CVE-2024-32368
cve@mitre.org
cve@mitre.org
N/A — N/A

 

An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 and RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request. 2024-04-22 not yet calculated CVE-2024-32394
cve@mitre.org
N/A — N/A

 

Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component. 2024-04-22 not yet calculated CVE-2024-32399
cve@mitre.org
cve@mitre.org
N/A — N/A

 

Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature. 2024-04-26 not yet calculated CVE-2024-32404
cve@mitre.org
N/A — N/A

 

Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function. 2024-04-22 not yet calculated CVE-2024-32405
cve@mitre.org
cve@mitre.org
N/A — N/A

 

Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function. 2024-04-26 not yet calculated CVE-2024-32406
cve@mitre.org
N/A — N/A

 

An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. 2024-04-22 not yet calculated CVE-2024-32407
cve@mitre.org
cve@mitre.org
N/A — N/A

 

An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component. 2024-04-22 not yet calculated CVE-2024-32418
cve@mitre.org
N/A — N/A

 

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in ip/goform/QuickIndex. 2024-04-23 not yet calculated CVE-2024-33211
cve@mitre.org
N/A — N/A

 

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm. 2024-04-23 not yet calculated CVE-2024-33212
cve@mitre.org
N/A — N/A

 

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic. 2024-04-23 not yet calculated CVE-2024-33213
cve@mitre.org
N/A — N/A

 

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in ip/goform/RouteStatic. 2024-04-23 not yet calculated CVE-2024-33214
cve@mitre.org
N/A — N/A

 

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat. 2024-04-23 not yet calculated CVE-2024-33215
cve@mitre.org
N/A — N/A

 

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat. 2024-04-23 not yet calculated CVE-2024-33217
cve@mitre.org
N/A — N/A

 

Sourcecodester Employee Task Management System v1.0 is vulnerable to SQL Injection via admin-manage-user.php. 2024-04-25 not yet calculated CVE-2024-33247
cve@mitre.org
N/A — N/A

 

Jerryscript commit cefd391 was discovered to contain an Assertion Failure via ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p) in ecma_free_string_list. 2024-04-26 not yet calculated CVE-2024-33255
cve@mitre.org
N/A — N/A

 

Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vm_loop at jerry-core/vm/vm.c. 2024-04-26 not yet calculated CVE-2024-33258
cve@mitre.org
N/A — N/A

 

Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component scanner_seek at jerry-core/parser/js/js-scanner-util.c. 2024-04-26 not yet calculated CVE-2024-33259
cve@mitre.org
N/A — N/A

 

Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c 2024-04-26 not yet calculated CVE-2024-33260
cve@mitre.org
N/A — N/A

 

D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. 2024-04-26 not yet calculated CVE-2024-33342
cve@mitre.org
cve@mitre.org
N/A — N/A

 

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. 2024-04-26 not yet calculated CVE-2024-33343
cve@mitre.org
cve@mitre.org
N/A — N/A

 

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. 2024-04-26 not yet calculated CVE-2024-33344
cve@mitre.org
cve@mitre.org
N/A — N/A

 

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM. 2024-04-24 not yet calculated CVE-2024-33531
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A

 

Portainer before 2.20.0 allows redirects when the target is not index.yaml. 2024-04-26 not yet calculated CVE-2024-33661
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A

 

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. 2024-04-26 not yet calculated CVE-2024-33663
cve@mitre.org
N/A — N/A

 

python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a “JWT bomb.” This is similar to CVE-2024-21319. 2024-04-26 not yet calculated CVE-2024-33664
cve@mitre.org
cve@mitre.org
N/A — N/A

 

angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks. 2024-04-26 not yet calculated CVE-2024-33665
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A

 

An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to agents. 2024-04-26 not yet calculated CVE-2024-33666
cve@mitre.org
N/A — N/A

 

An issue was discovered in Zammad before 6.3.0. An authenticated agent could perform a remote Denial of Service attack by calling an endpoint that accepts a generic method name, which was not properly sanitized against an allowlist. 2024-04-26 not yet calculated CVE-2024-33667
cve@mitre.org
N/A — N/A

 

An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to. 2024-04-26 not yet calculated CVE-2024-33668
cve@mitre.org
N/A — N/A

 

phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. (This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library.) 2024-04-27 not yet calculated CVE-2024-33851
cve@mitre.org

Back to top