High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| Acespritech Solutions Pvt. Ltd.–Social Link Groups |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Acespritech Solutions Pvt. Ltd. Social Link Groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through 1.1.0. | 2024-10-20 | 8.5 | CVE-2024-49619 | audit@patchstack.com |
| acm309–PutongOJ |
PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually. | 2024-10-17 | 9.1 | CVE-2024-48920 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| acronis — cyber_files |
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0×24. | 2024-10-17 | 7.8 | CVE-2024-49389 | security@acronis.com |
| acronis — cyber_files |
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0×24. | 2024-10-17 | 7.3 | CVE-2024-49390 | security@acronis.com |
| acronis — cyber_files |
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0×24. | 2024-10-17 | 7.3 | CVE-2024-49391 | security@acronis.com |
| acronis — cyber_protect |
Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | 2024-10-15 | 9.1 | CVE-2024-49388 | security@acronis.com |
| acronis — cyber_protect |
Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | 2024-10-15 | 7.5 | CVE-2024-49387 | security@acronis.com |
| Agustin Berasategui–AB Categories Search Widget |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Agustin Berasategui AB Categories Search Widget allows Reflected XSS.This issue affects AB Categories Search Widget: from n/a through 0.2.5. | 2024-10-18 | 7.1 | CVE-2024-49240 | audit@patchstack.com |
| Ahime–Ahime Image Printer |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Ahime Ahime Image Printer.This issue affects Ahime Image Printer: from n/a through 1.0.0. | 2024-10-16 | 7.5 | CVE-2024-49245 | audit@patchstack.com |
| Ahmet Imamoglu–Ahmeti Wp Timeline |
Cross-Site Request Forgery (CSRF) vulnerability in Ahmet Imamoglu Ahmeti Wp Timeline allows Stored XSS.This issue affects Ahmeti Wp Timeline: from n/a through 5.1. | 2024-10-17 | 7.1 | CVE-2024-49237 | audit@patchstack.com |
| Al Imran Akash–Recently |
Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object Injection.This issue affects Recently: from n/a through 1.1. | 2024-10-16 | 9.8 | CVE-2024-49218 | audit@patchstack.com |
| anand23–Ajax Rating with Custom Login |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in anand23 Ajax Rating with Custom Login allows SQL Injection.This issue affects Ajax Rating with Custom Login: from n/a through 1.1. | 2024-10-17 | 9.3 | CVE-2024-49246 | audit@patchstack.com |
| andrewmrobbins–ShopWP |
The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating the plugin’s settings and injecting malicious scripts. | 2024-10-16 | 7.2 | CVE-2019-25214 | security@wordfence.com security@wordfence.com |
| Apa–Apa Banner Slider |
Cross-Site Request Forgery (CSRF) vulnerability in Apa Apa Banner Slider allows SQL Injection.This issue affects Apa Banner Slider: from n/a through 1.0.0. | 2024-10-20 | 8.2 | CVE-2024-49622 | audit@patchstack.com |
| Apa–APA Register Newsletter Form |
Cross-Site Request Forgery (CSRF) vulnerability in Apa APA Register Newsletter Form allows SQL Injection.This issue affects APA Register Newsletter Form: from n/a through 1.0.0. | 2024-10-20 | 8.2 | CVE-2024-49621 | audit@patchstack.com |
| apache — activemq_artemis |
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE. Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue. | 2024-10-14 | 8.8 | CVE-2023-50780 | security@apache.org |
| apache — cloudstack |
Users logged into the Apache CloudStack’s web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account takeover, disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1 Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. | 2024-10-16 | 8.8 | CVE-2024-45693 | security@apache.org security@apache.org security@apache.org |
| apache — cloudstack |
The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user’s browser can use an unexpired session to gain access to resources owned by the logged out user account. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. | 2024-10-16 | 7.1 | CVE-2024-45462 | security@apache.org security@apache.org security@apache.org |
| Apache Software Foundation–Apache CloudStack |
Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1, an attacker that can upload or register templates and volumes, can use them to deploy malicious instances or attach uploaded volumes to their existing instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Additionally, all user-uploaded or registered KVM-compatible templates and volumes can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run this on their secondary storage(s) and inspect output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. for file in $(find /path/to/storage/ -type f -regex [a-f0-9-]*.*); do echo “Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully.”; qemu-img info -U $file | grep file: ; printf “nn”; done The command can also be run for the file-based primary storages; however, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives. For checking the whole template/volume features of each disk, operators can run the following command: for file in $(find /path/to/storage/ -type f -regex [a-f0-9-]*.*); do echo “Retrieving file [$file] info.”; qemu-img info -U $file; printf “nn”; done | 2024-10-16 | 8.5 | CVE-2024-45219 | security@apache.org security@apache.org security@apache.org |
| Apache Software Foundation–Apache Solr |
Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing. This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0. Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue. | 2024-10-16 | 9.8 | CVE-2024-45216 | security@apache.org |
| Apache Software Foundation–Apache Solr |
Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the “trusted” metadata. ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to “trusted” ConfigSets that may not have been created with an Authenticated request. “trusted” ConfigSets are able to load custom code into classloaders, therefore the flag is supposed to only be set when the request that uploads the ConfigSet is Authenticated & Authorized. This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before 9.7.0. This issue does not affect Solr instances that are secured via Authentication/Authorization. Users are primarily recommended to use Authentication and Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate this issue otherwise. | 2024-10-16 | 8.1 | CVE-2024-45217 | security@apache.org |
| Arif Nezami–Better Author Bio |
Cross-Site Request Forgery (CSRF) vulnerability in Arif Nezami Better Author Bio allows Cross-Site Scripting (XSS).This issue affects Better Author Bio: from n/a through 2.7.10.11. | 2024-10-17 | 7.1 | CVE-2024-49229 | audit@patchstack.com |
| arisoft–ARI Adminer WordPress Database Manager |
The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions such as accessing a site’s database and making changes. | 2024-10-16 | 7.3 | CVE-2019-25215 | security@wordfence.com security@wordfence.com |
| arraytics–WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin |
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to reset the emails and passwords of arbitrary user accounts, including administrators, which makes account takeover and privilege escalation possible. | 2024-10-17 | 9.8 | CVE-2024-9263 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Asep Bagja Priandana–Woostagram Connect |
Unrestricted Upload of File with Dangerous Type vulnerability in Asep Bagja Priandana Woostagram Connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through 1.0.2. | 2024-10-20 | 10 | CVE-2024-49327 | audit@patchstack.com |
| Autodesk–Revit |
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-16 | 7.8 | CVE-2024-7993 | psirt@autodesk.com |
| Autodesk–Revit |
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-16 | 7.8 | CVE-2024-7994 | psirt@autodesk.com |
| Avchat.net–AVChat Video Chat |
Cross-Site Request Forgery (CSRF) vulnerability in Avchat.Net AVChat Video Chat allows Stored XSS.This issue affects AVChat Video Chat: from n/a through 2.2. | 2024-10-20 | 7.1 | CVE-2024-49605 | audit@patchstack.com |
| bc2018–WordPress Landing Page Squeeze Page Responsive Landing Page Builder Free WP Lead Plus X |
The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions, such as adding pages to the site and/or replacing site content with malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-10-16 | 8.3 | CVE-2020-36839 | security@wordfence.com security@wordfence.com security@wordfence.com |
| Bhaskar Dhote–Back Link Tracker |
Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Back Link Tracker allows Blind SQL Injection.This issue affects Back Link Tracker: from n/a through 1.0.0. | 2024-10-20 | 8.2 | CVE-2024-49617 | audit@patchstack.com |
| Boyan Raichev–IP Loc8 |
Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 allows Object Injection.This issue affects IP Loc8: from n/a through 1.1. | 2024-10-16 | 9.8 | CVE-2024-48028 | audit@patchstack.com |
| Brandon Clark–SiteBuilder Dynamic Components |
Deserialization of Untrusted Data vulnerability in Brandon Clark SiteBuilder Dynamic Components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through 1.0. | 2024-10-20 | 9.8 | CVE-2024-49625 | audit@patchstack.com |
| Brandon White–Author Discussion |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Brandon White Author Discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through 0.2.2. | 2024-10-20 | 8.5 | CVE-2024-49609 | audit@patchstack.com |
| brx8r–Nice Backgrounds |
Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through 1.0. | 2024-10-20 | 10 | CVE-2024-49330 | audit@patchstack.com |
| ChanGate–Property Management System |
Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 2024-10-15 | 9.8 | CVE-2024-9972 | twcert@cert.org.tw twcert@cert.org.tw |
| chertz–WP Easy Post Types |
The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the ‘text’ parameter in the ‘ajax_import_content’ function. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-10-18 | 8.8 | CVE-2024-10079 | security@wordfence.com security@wordfence.com |
| chertz–WP Easy Post Types |
The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts. | 2024-10-18 | 7.3 | CVE-2024-10078 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Cisco–Cisco Analog Telephone Adaptor (ATA) Software |
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication on specific HTTP endpoints. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view or delete the configuration or change the firmware. | 2024-10-16 | 8.2 | CVE-2024-20458 | ykramarz@cisco.com |
| Cisco–Cisco Analog Telephone Adaptor (ATA) Software |
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. | 2024-10-16 | 7.1 | CVE-2024-20421 | ykramarz@cisco.com |
| cmssoft–CSV Product Import Export for WooCommerce |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in cmssoft CSV Product Import Export for WooCommerce allows SQL Injection.This issue affects CSV Product Import Export for WooCommerce: from n/a through 1.0.0. | 2024-10-17 | 8.5 | CVE-2024-49244 | audit@patchstack.com |
| code-projects — pharmacy_management_system |
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_customer.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-15 | 9.8 | CVE-2024-9976 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Blood Bank Management System |
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file member_register.php. The manipulation of the argument fullname/username/password/email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “password” to be affected. But it must be assumed that other parameters are affected as well. | 2024-10-15 | 7.3 | CVE-2024-9986 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| CodeFlock–FREE DOWNLOAD MANAGER |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in CodeFlock FREE DOWNLOAD MANAGER allows Path Traversal.This issue affects FREE DOWNLOAD MANAGER: from n/a through 1.0.0. | 2024-10-17 | 8.6 | CVE-2024-49315 | audit@patchstack.com |
| CodePassenger–Job Board Manager for WordPress |
Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0. | 2024-10-17 | 9.8 | CVE-2024-49322 | audit@patchstack.com |
| Codezips–Sales Management System |
A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file deletecustcom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-20 | 7.3 | CVE-2024-10165 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Codezips–Sales Management System |
A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file checkuser.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-20 | 7.3 | CVE-2024-10166 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Codezips–Sales Management System |
A vulnerability classified as critical has been found in Codezips Sales Management System 1.0. This affects an unknown part of the file deletecustind.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-20 | 7.3 | CVE-2024-10167 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Cookie Scanner Nikel Schubert–Cookie Scanner |
Cross-Site Request Forgery (CSRF) vulnerability in Cookie Scanner – Nikel Schubert Cookie Scanner allows Stored XSS.This issue affects Cookie Scanner: from n/a through 1.1. | 2024-10-17 | 7.1 | CVE-2024-49220 | audit@patchstack.com |
| cyberlord92–Miniorange OTP Verification with Firebase |
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and the user current password check is missing. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. | 2024-10-17 | 9.8 | CVE-2024-9862 | security@wordfence.com security@wordfence.com security@wordfence.com |
| cyberlord92–Miniorange OTP Verification with Firebase |
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure ‘administrator’ default value for the ‘default_user_role’ option. This makes it possible for unauthenticated attackers to register an administrator user even if the registration form is disabled. | 2024-10-17 | 9.8 | CVE-2024-9863 | security@wordfence.com security@wordfence.com security@wordfence.com |
| cyberlord92–Miniorange OTP Verification with Firebase |
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the phone number associated with that user. | 2024-10-17 | 8.1 | CVE-2024-9861 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Dan Alexander–SermonAudio Widgets |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3. | 2024-10-20 | 8.5 | CVE-2024-49614 | audit@patchstack.com |
| Dassault Systmes–3DSwymer |
An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an authenticated attacker to access some unauthorized data. | 2024-10-16 | 7.7 | CVE-2024-8040 | 3DS.Information-Security@3ds.com |
| Dassault Systmes–ENOVIA Collaborative Industry Innovator |
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user’s browser session. | 2024-10-16 | 8.7 | CVE-2024-6380 | 3DS.Information-Security@3ds.com |
| Dell–Dell OpenManage Enterprise |
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code (‘Code Injection’) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | 2024-10-17 | 8 | CVE-2024-45766 | security_alert@emc.com |
| Denis–Azz Anonim Posting |
Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9. | 2024-10-16 | 10 | CVE-2024-49257 | audit@patchstack.com |
| Dennis Hoppe–Encyclopedia / Glossary / Wiki |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Dennis Hoppe Encyclopedia / Glossary / Wiki allows Reflected XSS.This issue affects Encyclopedia / Glossary / Wiki: from n/a through 1.7.60. | 2024-10-17 | 7.1 | CVE-2024-49320 | audit@patchstack.com |
| didi–DDMQ |
A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-20 | 7.3 | CVE-2024-10173 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Dotsquares–Google Map Locations |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Dotsquares Google Map Locations allows Reflected XSS.This issue affects Google Map Locations: from n/a through 1.0. | 2024-10-20 | 7.1 | CVE-2024-49606 | audit@patchstack.com |
| dueclic — wp_2fa_with_telegram |
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the ‘validate_tg’ action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. | 2024-10-15 | 8.8 | CVE-2024-9687 | security@wordfence.com security@wordfence.com |
| dueclic — wp_2fa_with_telegram |
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication. | 2024-10-15 | 7.5 | CVE-2024-9820 | security@wordfence.com security@wordfence.com |
| easy.jobs–EasyJobs |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in easy.Jobs EasyJobs allows Reflected XSS.This issue affects EasyJobs: from n/a through 2.4.14. | 2024-10-17 | 7.1 | CVE-2024-43997 | audit@patchstack.com |
| edo888–Translate WordPress Google Language Translator |
The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Specifically affects users with older browsers that lack proper URL encoding support. | 2024-10-16 | 7.1 | CVE-2021-4452 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Edush Maxim–GoogleDrive folder list |
Cross-Site Request Forgery (CSRF) vulnerability in Edush Maxim GoogleDrive folder list allows Stored XSS.This issue affects GoogleDrive folder list: from n/a through 2.2.2. | 2024-10-20 | 7.1 | CVE-2024-49335 | audit@patchstack.com |
| emrevona–WP Fastest Cache |
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server. | 2024-10-16 | 8.8 | CVE-2020-36836 | security@wordfence.com security@wordfence.com security@wordfence.com |
| ESi Technology–AIM LINE Marketing Platform |
AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content. | 2024-10-15 | 9.8 | CVE-2024-9982 | twcert@cert.org.tw twcert@cert.org.tw |
| F5–BIG-IP |
BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-10-16 | 7.2 | CVE-2024-45844 | f5sirt@f5.com |
| facebook–Facebook Chat Plugin Live Chat Plugin for WordPress |
The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites. | 2024-10-16 | 7.4 | CVE-2020-36838 | security@wordfence.com security@wordfence.com |
| Fahad Mahmood–Endless Posts Navigation |
Cross-Site Request Forgery (CSRF) vulnerability in Fahad Mahmood Endless Posts Navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through 2.2.7. | 2024-10-20 | 7.1 | CVE-2024-49629 | audit@patchstack.com |
| Fahad Mahmood–Keep Backup Daily |
: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Daily: from n/a through 2.0.7. | 2024-10-17 | 7.5 | CVE-2024-48024 | audit@patchstack.com |
| filemanagerpro — file_manager |
The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the ‘mk_file_folder_manager’ ajax action. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-10-16 | 8.8 | CVE-2024-8507 | security@wordfence.com security@wordfence.com |
| filemanagerpro — file_manager |
The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the ‘mk_file_folder_manager_shortcode’ ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if granted access to the File Manager by an administrator, to download and upload arbitrary backup files on the affected site’s server which may make remote code execution possible. | 2024-10-16 | 8.8 | CVE-2024-8746 | security@wordfence.com security@wordfence.com |
| Fliperrr Team–Creates 3D Flipbook, PDF Flipbook |
Unrestricted Upload of File with Dangerous Type vulnerability in Fliperrr Team Creates 3D Flipbook, PDF Flipbook allows Upload a Web Shell to a Web Server.This issue affects Creates 3D Flipbook, PDF Flipbook: from n/a through 1.2. | 2024-10-16 | 9.9 | CVE-2024-48034 | audit@patchstack.com |
| formosasoft — ee-class |
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents. | 2024-10-15 | 8.8 | CVE-2024-9980 | twcert@cert.org.tw twcert@cert.org.tw |
| formosasoft — ee-class |
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. | 2024-10-15 | 8.8 | CVE-2024-9981 | twcert@cert.org.tw twcert@cert.org.tw |
| Gabriele Valenti–Telecash Ricaricaweb |
Deserialization of Untrusted Data vulnerability in Gabriele Valenti Telecash Ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through 2.2. | 2024-10-16 | 9.8 | CVE-2024-48030 | audit@patchstack.com |
| Gerry Ntabuhashe–GERRYWORKS Post by Mail |
: Incorrect Privilege Assignment vulnerability in Gerry Ntabuhashe GERRYWORKS Post by Mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through 1.0. | 2024-10-20 | 8.8 | CVE-2024-49608 | audit@patchstack.com |
| Giveaway Boost–Giveaway Boost |
Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4. | 2024-10-20 | 9.8 | CVE-2024-49332 | audit@patchstack.com |
| google — chrome |
Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-10-15 | 8.8 | CVE-2024-9954 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome |
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | 2024-10-15 | 8.8 | CVE-2024-9965 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google Cloud–Migrate to Containers |
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local “m2cuser” was greated with administrator privileges. This posed a security risk if the “analyze” or “generate” commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond | 2024-10-16 | 7.8 | CVE-2024-9858 | cve-coordination@google.com |
| Google–Chrome |
Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2024-10-15 | 8.8 | CVE-2024-9955 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2024-10-15 | 8.8 | CVE-2024-9957 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | 2024-10-15 | 8.8 | CVE-2024-9959 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2024-10-15 | 8.8 | CVE-2024-9960 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2024-10-15 | 8.8 | CVE-2024-9961 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | 2024-10-15 | 7.8 | CVE-2024-9956 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Gora Tech LLC–Cooked Pro |
Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0. | 2024-10-17 | 10 | CVE-2024-49291 | audit@patchstack.com |
| Grafana–Grafana |
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana’s $PATH for this attack to function; by default, this binary is not installed in Grafana distributions. | 2024-10-18 | 9.9 | CVE-2024-9264 | security@grafana.com |
| Grayson Robbins–Disc Golf Manager |
Deserialization of Untrusted Data vulnerability in Grayson Robbins Disc Golf Manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through 1.0.0. | 2024-10-16 | 9.8 | CVE-2024-48026 | audit@patchstack.com |
| Hasan Movahed–Duplicate Title Validate |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Hasan Movahed Duplicate Title Validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through 1.0. | 2024-10-20 | 8.5 | CVE-2024-49623 | audit@patchstack.com |
| helmholz — myrex24_v2_virtual_server |
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost. | 2024-10-15 | 7.5 | CVE-2024-45272 | info@cert.vde.com info@cert.vde.com |
| Henrique Rodrigues–SafetyForms |
Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms allows Blind SQL Injection.This issue affects SafetyForms: from n/a through 1.0.0. | 2024-10-20 | 8.2 | CVE-2024-49615 | audit@patchstack.com |
| Hgiga–OAKlouds |
The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently . | 2024-10-14 | 9.8 | CVE-2024-9924 | twcert@cert.org.tw twcert@cert.org.tw |
| HMS Networks–EWON FLEXY 202 |
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials. | 2024-10-17 | 8.2 | CVE-2024-7755 | ics-cert@hq.dhs.gov |
| HP Inc.–Certain HP DesignJet products |
Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials. | 2024-10-15 | 7.5 | CVE-2024-5749 | hp-security-alert@hp.com |
| Hung Trang Si–SB Random Posts Widget |
: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Hung Trang Si SB Random Posts Widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through 1.0. | 2024-10-16 | 7.5 | CVE-2024-48029 | audit@patchstack.com |
| Igor Funa–Ad Inserter |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Igor Funa Ad Inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a through 2.7.37. | 2024-10-17 | 7.1 | CVE-2024-49248 | audit@patchstack.com |
| Imagination Technologies–Graphics DDK |
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. | 2024-10-14 | 7.8 | CVE-2024-43701 | 367425dc-4d06-4041-9650-c2dc6aaa27ce |
| Infotuts–SW Contact Form |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Infotuts SW Contact Form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a through 1.0. | 2024-10-20 | 8.5 | CVE-2024-49612 | audit@patchstack.com |
| Innovaweb Sp. z o.o.–Free Stock Photos Foter |
Deserialization of Untrusted Data vulnerability in Innovaweb Sp. Z o.O. Free Stock Photos Foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through 1.5.4. | 2024-10-16 | 8.8 | CVE-2024-49227 | audit@patchstack.com |
| Jack Zhu–photokit |
Unrestricted Upload of File with Dangerous Type vulnerability in Jack Zhu allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through 1.0. | 2024-10-20 | 10 | CVE-2024-49610 | audit@patchstack.com |
| James Park–Analyse Uploads |
Relative Path Traversal vulnerability in James Park Analyse Uploads allows Relative Path Traversal.This issue affects Analyse Uploads: from n/a through 0.5. | 2024-10-16 | 8.6 | CVE-2024-49253 | audit@patchstack.com |
| JetBrains–YouTrack |
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests | 2024-10-17 | 8.1 | CVE-2024-49579 | cve@jetbrains.com |
| jetmonsters–Timetable and Event Schedule by MotoPress |
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety of actions such as including random template, injecting malicious web scripts, and more. | 2024-10-16 | 7.3 | CVE-2020-36840 | security@wordfence.com security@wordfence.com |
| Jon Vincent Mendoza–Dynamic Elementor Addons |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Jon Vincent Mendoza Dynamic Elementor Addons allows PHP Local File Inclusion.This issue affects Dynamic Elementor Addons: from n/a through 1.0.0. | 2024-10-18 | 7.5 | CVE-2024-49243 | audit@patchstack.com |
| Jordan Lyall–MyTweetLinks |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Jordan Lyall MyTweetLinks allows Blind SQL Injection.This issue affects MyTweetLinks: from n/a through 1.1.1. | 2024-10-20 | 8.5 | CVE-2024-49618 | audit@patchstack.com |
| Joshua Clayton–Feed Comments Number |
Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Clayton Feed Comments Number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a through 0.2.1. | 2024-10-16 | 10 | CVE-2024-49216 | audit@patchstack.com |
| Julian Weinert // cs&m–cSlider |
Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m cSlider allows Stored XSS.This issue affects cSlider: from n/a through 2.4.2. | 2024-10-17 | 7.1 | CVE-2024-49221 | audit@patchstack.com |
| Kubernetes–Image Builder |
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider. | 2024-10-15 | 9.8 | CVE-2024-9486 | jordan@liggitt.net jordan@liggitt.net jordan@liggitt.net |
| Limb–WordPress Gallery Plugin Limb Image Gallery |
Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. | 2024-10-16 | 9.9 | CVE-2024-49260 | audit@patchstack.com |
| LiteSpeed Technologies–LiteSpeed Cache |
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1. | 2024-10-20 | 9.8 | CVE-2024-44000 | audit@patchstack.com audit@patchstack.com |
| LiteSpeed Technologies–LiteSpeed Cache |
: Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through 6.4.1. | 2024-10-16 | 8.8 | CVE-2024-47637 | audit@patchstack.com |
| Lodel Geraldo–Simple Code Insert Shortcode |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Lodel Geraldo Simple Code Insert Shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through 1.0. | 2024-10-20 | 8.5 | CVE-2024-49613 | audit@patchstack.com |
| M. Konieczny, DH9SB–ADIF Log Search Widget |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in M. Konieczny, DH9SB ADIF Log Search Widget allows Reflected XSS.This issue affects ADIF Log Search Widget: from n/a through 1.0f. | 2024-10-18 | 7.1 | CVE-2024-49238 | audit@patchstack.com |
| Maantheme–Maan Addons For Elementor |
: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Maantheme Maan Addons For Elementor allows Local Code Inclusion.This issue affects Maan Addons For Elementor: from n/a through 1.0.1. | 2024-10-16 | 7.5 | CVE-2024-49251 | audit@patchstack.com |
| Madiri Salman Aashish–Adding drop down roles in registration |
Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1. | 2024-10-17 | 9.8 | CVE-2024-49217 | audit@patchstack.com |
| magicbug — cloudlog |
Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection. | 2024-10-14 | 9.8 | CVE-2024-48253 | cve@mitre.org cve@mitre.org cve@mitre.org |
| magicbug — cloudlog |
Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection. | 2024-10-14 | 9.8 | CVE-2024-48255 | cve@mitre.org cve@mitre.org cve@mitre.org |
| Mahesh Patel–Mitm Bug Tracker |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Mahesh Patel Mitm Bug Tracker allows Reflected XSS.This issue affects Mitm Bug Tracker: from n/a through 1.0. | 2024-10-18 | 7.1 | CVE-2024-49224 | audit@patchstack.com |
| mainwp–MainWP Dashboard: WordPress Management without the SaaS |
The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwp_setup_purchase_username’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-16 | 7.2 | CVE-2016-15041 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Marco Heine–PDF-Rechnungsverwaltung |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Marco Heine PDF-Rechnungsverwaltung allows PHP Local File Inclusion.This issue affects PDF-Rechnungsverwaltung: from n/a through 0.0.1. | 2024-10-17 | 7.5 | CVE-2024-49287 | audit@patchstack.com |
| MB connect line–mbNET.mini |
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. | 2024-10-15 | 8.4 | CVE-2024-45271 | info@cert.vde.com info@cert.vde.com |
| mbconnectline — mbnet.mini_firmware |
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. | 2024-10-15 | 9.8 | CVE-2024-45274 | info@cert.vde.com info@cert.vde.com |
| mbconnectline — mbnet.mini_firmware |
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices. | 2024-10-15 | 9.8 | CVE-2024-45275 | info@cert.vde.com info@cert.vde.com |
| mbconnectline — mbnet.mini_firmware |
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. | 2024-10-15 | 7.8 | CVE-2024-45273 | info@cert.vde.com info@cert.vde.com info@cert.vde.com info@cert.vde.com |
| mbconnectline — mbnet.mini_firmware |
An unauthenticated remote attacker can get read access to files in the “/tmp” directory due to missing authentication. | 2024-10-15 | 7.5 | CVE-2024-45276 | info@cert.vde.com info@cert.vde.com |
| microsoft — edge_chromium |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2024-10-17 | 9.8 | CVE-2024-43566 | secure@microsoft.com |
| microsoft — edge_chromium |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2024-10-17 | 8.3 | CVE-2024-43578 | secure@microsoft.com |
| microsoft — edge_chromium |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2024-10-17 | 8.3 | CVE-2024-43579 | secure@microsoft.com |
| microsoft — edge_chromium |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2024-10-17 | 8.1 | CVE-2024-43587 | secure@microsoft.com |
| microsoft — edge_chromium |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2024-10-17 | 8.8 | CVE-2024-43595 | secure@microsoft.com |
| microsoft — edge_chromium |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2024-10-17 | 8.8 | CVE-2024-43596 | secure@microsoft.com |
| Microsoft–Microsoft Azure Functions |
Improper Access Control in Imagine Cup allows an authorized attacker to elevate privileges over a network. | 2024-10-15 | 7.5 | CVE-2024-38204 | secure@microsoft.com |
| Microsoft–Microsoft Dataverse |
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | 2024-10-15 | 8.7 | CVE-2024-38139 | secure@microsoft.com |
| Microsoft–Microsoft Power Platform |
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. | 2024-10-15 | 8.6 | CVE-2024-38190 | secure@microsoft.com |
| mndpsingh287–File Manager |
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution. | 2024-10-16 | 9.8 | CVE-2018-25105 | security@wordfence.com security@wordfence.com |
| Moridrin–SSV Events |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Moridrin SSV Events allows PHP Local File Inclusion.This issue affects SSV Events: from n/a through 3.2.7. | 2024-10-20 | 9.6 | CVE-2024-49286 | audit@patchstack.com |
| Moridrin–SSV MailChimp |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Moridrin SSV MailChimp allows PHP Local File Inclusion.This issue affects SSV MailChimp: from n/a through 3.1.5. | 2024-10-17 | 7.5 | CVE-2024-49285 | audit@patchstack.com |
| moxa — mxsecurity |
MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data. | 2024-10-18 | 7.5 | CVE-2024-4740 | psirt@moxa.com |
| Moxa–EDR-8010 Series |
The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. | 2024-10-14 | 9.4 | CVE-2024-9137 | psirt@moxa.com |
| Moxa–EDR-8010 Series |
The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. | 2024-10-14 | 7.2 | CVE-2024-9139 | psirt@moxa.com |
| Mozilla–Firefox for iOS |
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2. | 2024-10-15 | 9.1 | CVE-2024-10004 | security@mozilla.org security@mozilla.org |
| Myriad Solutionz–Property Lot Management System |
Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38. | 2024-10-20 | 9.9 | CVE-2024-49331 | audit@patchstack.com |
| n/a–http-proxy-middleware |
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths. | 2024-10-19 | 7.5 | CVE-2024-21536 | report@snyk.io report@snyk.io report@snyk.io report@snyk.io |
| n/a–Kento Post View Counter |
The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the ‘kento_pvc_geo’ parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-10-16 | 9.8 | CVE-2016-15040 | security@wordfence.com security@wordfence.com |
| n/a–n/a |
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a “create function” statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. | 2024-10-17 | 9.8 | CVE-2023-26785 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
Nagios XI before 5.11.3 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate. | 2024-10-14 | 9.1 | CVE-2023-48082 | cve@mitre.org |
| n/a–n/a |
Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg. | 2024-10-14 | 9.8 | CVE-2024-46535 | cve@mitre.org |
| n/a–n/a |
D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function. | 2024-10-14 | 9.8 | CVE-2024-48150 | cve@mitre.org |
| n/a–n/a |
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. | 2024-10-14 | 9.8 | CVE-2024-48153 | cve@mitre.org |
| n/a–n/a |
A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code. | 2024-10-14 | 9.8 | CVE-2024-48168 | cve@mitre.org |
| n/a–n/a |
ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code. | 2024-10-16 | 9.8 | CVE-2024-48180 | cve@mitre.org |
| n/a–n/a |
Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter. | 2024-10-15 | 9.8 | CVE-2024-48283 | cve@mitre.org |
| n/a–n/a |
itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to SQL Injection (SQLI) via a crafted payload to the val-email parameter in forget_password.php. | 2024-10-15 | 9.8 | CVE-2024-48411 | cve@mitre.org |
| n/a–n/a |
An issue in Wanxing Technology’s Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory. | 2024-10-15 | 9.8 | CVE-2024-48779 | cve@mitre.org |
| n/a–n/a |
An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat. | 2024-10-15 | 9.8 | CVE-2024-48781 | cve@mitre.org |
| n/a–n/a |
File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end. | 2024-10-15 | 9.8 | CVE-2024-48782 | cve@mitre.org |
| n/a–n/a |
Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page. | 2024-10-14 | 9.8 | CVE-2024-48823 | cve@mitre.org |
| n/a–n/a |
Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair | 2024-10-15 | 9.8 | CVE-2024-49195 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component. | 2024-10-17 | 8.1 | CVE-2024-33453 | cve@mitre.org |
| n/a–n/a |
SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the lack to sanitisation. The application takes arbitrary value from “X-Forwarded-For” header and appends it to a SQL INSERT statement directly, leading to SQL Injection. | 2024-10-15 | 8.8 | CVE-2024-35584 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. | 2024-10-15 | 8.1 | CVE-2024-41311 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root | 2024-10-17 | 8 | CVE-2024-48192 | cve@mitre.org |
| n/a–n/a |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | 2024-10-17 | 8 | CVE-2024-48629 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | 2024-10-17 | 8 | CVE-2024-48630 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | 2024-10-17 | 8 | CVE-2024-48631 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | 2024-10-17 | 8 | CVE-2024-48632 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | 2024-10-17 | 8 | CVE-2024-48633 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | 2024-10-17 | 8 | CVE-2024-48634 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | 2024-10-17 | 8 | CVE-2024-48635 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | 2024-10-17 | 8 | CVE-2024-48636 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | 2024-10-17 | 8 | CVE-2024-48637 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | 2024-10-17 | 8 | CVE-2024-48638 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php page. | 2024-10-14 | 8.8 | CVE-2024-48822 | cve@mitre.org |
| n/a–n/a |
Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. | 2024-10-17 | 7.1 | CVE-2024-30875 | cve@mitre.org |
| n/a–n/a |
A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges. | 2024-10-15 | 7.5 | CVE-2024-41344 | cve@mitre.org |
| n/a–n/a |
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request. | 2024-10-15 | 7.5 | CVE-2024-44775 | cve@mitre.org |
| n/a–n/a |
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. | 2024-10-16 | 7.2 | CVE-2024-46213 | cve@mitre.org |
| n/a–n/a |
Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode. | 2024-10-14 | 7.3 | CVE-2024-48249 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station_id or callsign. | 2024-10-14 | 7.3 | CVE-2024-48259 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request. | 2024-10-15 | 7.6 | CVE-2024-48279 | cve@mitre.org |
| n/a–n/a |
A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request. | 2024-10-15 | 7.6 | CVE-2024-48280 | cve@mitre.org |
| n/a–n/a |
A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail parameter in a POST HTTP request. | 2024-10-15 | 7.6 | CVE-2024-48282 | cve@mitre.org |
| n/a–n/a |
An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process. | 2024-10-14 | 7.5 | CVE-2024-48789 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to obtain sensitive information via the firmware update process | 2024-10-14 | 7.5 | CVE-2024-48791 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-14 | 7.5 | CVE-2024-48792 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-14 | 7.5 | CVE-2024-48796 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-14 | 7.5 | CVE-2024-48797 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-14 | 7.5 | CVE-2024-48798 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-14 | 7.5 | CVE-2024-48799 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to obtain sensitive information via the Racine & FileName parameters in the download-file.php component. | 2024-10-14 | 7.5 | CVE-2024-48824 | cve@mitre.org |
| n/a–n/a |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Digitally allows Reflected XSS.This issue affects Digitally: from n/a through 1.0.8. | 2024-10-17 | 7.1 | CVE-2024-49309 | audit@patchstack.com |
| N/A–VMware HCX |
An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. Updates are available to remediate this vulnerability in affected VMware products. | 2024-10-16 | 8.8 | CVE-2024-38814 | security@vmware.com |
| JiangQie–JiangQie Free Mini Program |
Unrestricted Upload of File with Dangerous Type vulnerability in ?? JiangQie Free Mini Program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through 2.5.2. | 2024-10-17 | 10 | CVE-2024-49314 | audit@patchstack.com |
| Najeeb Ahmad–Simple User Registration |
Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5. | 2024-10-20 | 9.8 | CVE-2024-49604 | audit@patchstack.com |
| Naudin Vladimir–FERMA.ru.net |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Naudin Vladimir FERMA.Ru.Net allows Blind SQL Injection.This issue affects FERMA.Ru.Net: from n/a through 1.3.3. | 2024-10-20 | 8.5 | CVE-2024-49620 | audit@patchstack.com |
| newtype — flowmaster_bpm_plus |
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie. | 2024-10-15 | 8.8 | CVE-2024-9970 | twcert@cert.org.tw twcert@cert.org.tw |
| newtype — flowmaster_bpm_plus |
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents. | 2024-10-15 | 8.8 | CVE-2024-9971 | twcert@cert.org.tw twcert@cert.org.tw |
| newtype — webeip |
WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended to upgrade to the new product. | 2024-10-15 | 8.8 | CVE-2024-9968 | twcert@cert.org.tw twcert@cert.org.tw |
| nextendweb–Nextend Social Login Pro |
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | 2024-10-16 | 9.8 | CVE-2024-9893 | security@wordfence.com security@wordfence.com security@wordfence.com |
| Nikhil Vaghela–Add Categories Post Footer |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Nikhil Vaghela Add Categories Post Footer allows Reflected XSS.This issue affects Add Categories Post Footer: from n/a through 2.2.2. | 2024-10-18 | 7.1 | CVE-2024-49239 | audit@patchstack.com |
| nmedia–N-Media Post Front-end Form |
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | 2024-10-16 | 9.8 | CVE-2016-15042 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Nokia–SR OS (7250 IXR, 7450 ESS, 7750 SR, 7950 IXR, VSR), 7705 SAR OS, 7210 SAS OS |
Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with “access console.” Consequently, a low privilege authenticated user with “access console” can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted. | 2024-10-17 | 7.3 | CVE-2023-6729 | b48c3b8f-639e-4c16-8725-497bc411dad0 |
| numanrki–AADMY Add Auto Date Month Year Into Posts |
The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-10-15 | 7.3 | CVE-2024-9837 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Nyasro–Rate Own Post |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Nyasro Rate Own Post allows Blind SQL Injection.This issue affects Rate Own Post: from n/a through 1.0. | 2024-10-20 | 8.5 | CVE-2024-49616 | audit@patchstack.com |
| OISF–libhtp |
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49. | 2024-10-16 | 7.5 | CVE-2024-45797 | security-advisories@github.com security-advisories@github.com |
| OISF–suricata |
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented “unset” option can trigger an assertion during traffic parsing, leading to denial of service. This issue is addressed in 7.0.7. As a workaround, use only trusted and well tested rulesets. | 2024-10-16 | 7.5 | CVE-2024-45795 | security-advisories@github.com security-advisories@github.com |
| OISF–suricata |
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for “thash” leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules. | 2024-10-16 | 7.5 | CVE-2024-47187 | security-advisories@github.com security-advisories@github.com |
| OISF–suricata |
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for “thash” leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7. | 2024-10-16 | 7.5 | CVE-2024-47188 | security-advisories@github.com security-advisories@github.com |
| OISF–suricata |
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround. | 2024-10-16 | 7.5 | CVE-2024-47522 | security-advisories@github.com security-advisories@github.com |
| OpenSight Software–FlashFXP |
A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-17 | 7.8 | CVE-2024-10068 | cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| oracle — banking_liquidity_management |
Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 14.5.0.12.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). | 2024-10-15 | 7.1 | CVE-2024-21284 | secalert_us@oracle.com |
| oracle — banking_liquidity_management |
Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 14.5.0.12.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). | 2024-10-15 | 7.1 | CVE-2024-21285 | secalert_us@oracle.com |
| oracle — bi_publisher |
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | 2024-10-15 | 8.8 | CVE-2024-21254 | secalert_us@oracle.com |
| oracle — bi_publisher |
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Layout Templates). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). | 2024-10-15 | 7.6 | CVE-2024-21195 | secalert_us@oracle.com |
| oracle — fusion_middleware |
Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Global Lifecycle Management FMW Installer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management FMW Installer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). | 2024-10-15 | 7.5 | CVE-2024-21190 | secalert_us@oracle.com |
| oracle — fusion_middleware |
Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Fusion Middleware Control. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Fusion Middleware Control, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Fusion Middleware Control accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Fusion Middleware Control accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N). | 2024-10-15 | 7.6 | CVE-2024-21191 | secalert_us@oracle.com |
| oracle — fusion_middleware |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 7.5 | CVE-2024-21215 | secalert_us@oracle.com |
| oracle — peoplesoft_enterprise_peopletools |
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21214 | secalert_us@oracle.com |
| oracle — peoplesoft_enterprise_peopletools |
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XMLPublisher). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | 2024-10-15 | 8.8 | CVE-2024-21255 | secalert_us@oracle.com |
| oracle — product_hub |
Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item Catalog). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Product Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Product Hub accessible data as well as unauthorized access to critical data or complete access to all Oracle Product Hub accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21252 | secalert_us@oracle.com |
| oracle — service_bus |
Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 2024-10-15 | 7.5 | CVE-2024-21246 | secalert_us@oracle.com |
| oracle — vm_virtualbox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | 2024-10-15 | 7.5 | CVE-2024-21259 | secalert_us@oracle.com |
| oracle — weblogic_server |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 2024-10-15 | 9.8 | CVE-2024-21216 | secalert_us@oracle.com |
| oracle — weblogic_server |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 2024-10-15 | 7.5 | CVE-2024-21234 | secalert_us@oracle.com |
| oracle — weblogic_server |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 7.5 | CVE-2024-21260 | secalert_us@oracle.com |
| oracle — weblogic_server |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 7.5 | CVE-2024-21274 | secalert_us@oracle.com |
| Oracle Corporation–MySQL Connectors |
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). | 2024-10-15 | 7.5 | CVE-2024-21272 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Advanced Pricing |
Vulnerability in the Oracle Advanced Pricing product of Oracle E-Business Suite (component: Price List). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Pricing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Pricing accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Pricing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21266 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Applications Manager |
Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21268 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Common Applications Calendar |
Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.2.6-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Common Applications Calendar accessible data as well as unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21270 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Contract Lifecycle Management for Public Sector |
Vulnerability in the Oracle Contract Lifecycle Management for Public Sector product of Oracle E-Business Suite (component: Award Processes). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Contract Lifecycle Management for Public Sector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Contract Lifecycle Management for Public Sector accessible data as well as unauthorized access to critical data or complete access to all Oracle Contract Lifecycle Management for Public Sector accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21278 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Cost Management |
Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.12-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Cost Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Cost Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Cost Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21267 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Field Service |
Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Field Service Engineer Portal). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Field Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Field Service accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21271 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Financials |
Vulnerability in the Oracle Financials product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financials. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financials accessible data as well as unauthorized access to critical data or complete access to all Oracle Financials accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21282 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Hospitality OPERA 5 |
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.19, 5.6.25.8 and 5.6.26.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. While the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). | 2024-10-15 | 9 | CVE-2024-21172 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Incentive Compensation |
Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: Compensation Plan). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Incentive Compensation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Incentive Compensation accessible data as well as unauthorized access to critical data or complete access to all Oracle Incentive Compensation accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21269 | secalert_us@oracle.com |
| Oracle Corporation–Oracle MES for Process Manufacturing |
Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Device Integration). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle MES for Process Manufacturing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle MES for Process Manufacturing accessible data as well as unauthorized access to critical data or complete access to all Oracle MES for Process Manufacturing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21277 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Process Manufacturing Product Development |
Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Manager Specification). Supported versions that are affected are 12.2.13-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Product Development. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Process Manufacturing Product Development accessible data as well as unauthorized access to critical data or complete access to all Oracle Process Manufacturing Product Development accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21250 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Quoting |
Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.7-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Quoting accessible data as well as unauthorized access to critical data or complete access to all Oracle Quoting accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21275 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Service Contracts |
Vulnerability in the Oracle Service Contracts product of Oracle E-Business Suite (component: Authoring). Supported versions that are affected are 12.2.5-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Contracts. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Service Contracts accessible data as well as unauthorized access to critical data or complete access to all Oracle Service Contracts accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21280 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Site Hub |
Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Site Hierarchy Flows). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Site Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Site Hub accessible data as well as unauthorized access to critical data or complete access to all Oracle Site Hub accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21265 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Sourcing |
Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Auctions). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Sourcing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sourcing accessible data as well as unauthorized access to critical data or complete access to all Oracle Sourcing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21279 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Work in Process |
Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite (component: Messages). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Work in Process. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Work in Process accessible data as well as unauthorized access to critical data or complete access to all Oracle Work in Process accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21276 | secalert_us@oracle.com |
| Oracle Corporation–PeopleSoft Enterprise HCM Global Payroll Core |
Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are affected are 9.2.48-9.2.50. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Global Payroll Core accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2024-10-15 | 8.1 | CVE-2024-21283 | secalert_us@oracle.com |
| oretnom23 — online_eyewear_shop |
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=reports of the component Report Viewing Page. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-15 | 9.8 | CVE-2024-9973 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| oretnom23 — online_eyewear_shop |
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=add_to_card of the component POST Request Handler. The manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-15 | 9.8 | CVE-2024-9974 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Paxman–Product Website Showcase |
Unrestricted Upload of File with Dangerous Type vulnerability in Paxman Product Website Showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a through 1.0. | 2024-10-20 | 10 | CVE-2024-49611 | audit@patchstack.com |
| paytium — paytium |
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to set up a mollie account. | 2024-10-16 | 8.1 | CVE-2023-7291 | security@wordfence.com security@wordfence.com |
| PHPGurukul–Boat Booking System |
A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Sign In Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-19 | 7.3 | CVE-2024-10156 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| PHPGurukul–Boat Booking System |
A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/password-recovery.php of the component Reset Your Password Page. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-19 | 7.3 | CVE-2024-10157 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| PHPGurukul–Boat Booking System |
A vulnerability classified as critical was found in PHPGurukul Boat Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php of the component My Profile Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “mobilenumber” to be affected. But it must be assumed that other parameters are affected as well. | 2024-10-20 | 7.3 | CVE-2024-10159 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| pickplugins–Post Grid and Gutenberg Blocks |
The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-10-16 | 8.8 | CVE-2021-4450 | security@wordfence.com security@wordfence.com |
| Piyushmca–Shipyaari Shipping Management |
Deserialization of Untrusted Data vulnerability in Piyushmca Shipyaari Shipping Management allows Object Injection.This issue affects Shipyaari Shipping Management: from n/a through 1.2. | 2024-10-20 | 9.8 | CVE-2024-49626 | audit@patchstack.com |
| publishpress–Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors |
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the action_edited_author() due to missing validation on the ‘authors-user_id’ user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update arbitrary user accounts email addresses, including administrators, which can then be leveraged to reset that user’s account password and gain access. | 2024-10-17 | 8.8 | CVE-2024-9215 | security@wordfence.com security@wordfence.com security@wordfence.com |
| quadlayers–WordPress Mega Menu QuadMenu |
The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code. | 2024-10-16 | 9.8 | CVE-2021-4443 | security@wordfence.com security@wordfence.com security@wordfence.com |
| ragic — enterprise_cloud_database |
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user’s session cookie. | 2024-10-15 | 9.8 | CVE-2024-9984 | twcert@cert.org.tw twcert@cert.org.tw |
| ragic — enterprise_cloud_database |
Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. | 2024-10-15 | 9.8 | CVE-2024-9985 | twcert@cert.org.tw twcert@cert.org.tw |
| ragic — enterprise_cloud_database |
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | 2024-10-15 | 7.5 | CVE-2024-9983 | twcert@cert.org.tw twcert@cert.org.tw |
| Redwan Hilali–WP Dropbox Dropins |
Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0. | 2024-10-20 | 10 | CVE-2024-49607 | audit@patchstack.com |
| rems — drag_and_drop_image_upload |
A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-15 | 8.8 | CVE-2024-9975 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| RestaurantConnect, Inc–Restaurant Reservations Widget |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in RestaurantConnect, Inc Restaurant Reservations Widget allows Reflected XSS.This issue affects Restaurant Reservations Widget: from n/a through 1.0. | 2024-10-17 | 7.1 | CVE-2024-48023 | audit@patchstack.com |
| RITTAL GmbH & Co. KG–IoT Interface & CMC III Processing Unit |
The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions. This is not only due to the use of an (insecure) rand() function call but also because of missing initialization via srand(). As a result only the PIDs are effectively used as seed. | 2024-10-15 | 9.1 | CVE-2024-47945 | 551230f0-3615-47bd-b7cc-93e92e730bbf 551230f0-3615-47bd-b7cc-93e92e730bbf |
| Rockwell Automation–ControlLogix 5580 |
CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running. | 2024-10-14 | 7.5 | CVE-2024-6207 | PSIRT@rockwellautomation.com |
| Rockwell Automation–RSLogix 500 |
VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research – Team82. A feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been opened without user intervention. This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. Connected devices may also be impacted by exploitation of this vulnerability. | 2024-10-14 | 7.7 | CVE-2024-7847 | PSIRT@rockwellautomation.com |
| RudeStan–VKontakte Wall Post |
Cross-Site Request Forgery (CSRF) vulnerability in RudeStan VKontakte Wall Post allows Stored XSS.This issue affects VKontakte Wall Post: from n/a through 2.0. | 2024-10-17 | 7.1 | CVE-2024-49313 | audit@patchstack.com |
| Sajid Javed–Top Bar PopUps by WPOptin |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Sajid Javed Top Bar – PopUps – by WPOptin allows PHP Local File Inclusion.This issue affects Top Bar – PopUps – by WPOptin: from n/a through 2.0.1. | 2024-10-16 | 7.5 | CVE-2024-47645 | audit@patchstack.com |
| SayenThemes–Kaswara Modern VC Addons |
The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions such as importing data, uploading arbitrary files, deleting arbitrary files, and more. | 2024-10-16 | 7.3 | CVE-2021-4448 | security@wordfence.com security@wordfence.com |
| ScienceLogic–SL1 |
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x. | 2024-10-18 | 9.8 | CVE-2024-9537 | 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 |
| Scott Olson–My Reading Library |
Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object Injection.This issue affects My Reading Library: from n/a through 1.0. | 2024-10-17 | 9.8 | CVE-2024-49318 | audit@patchstack.com |
| Scott Paterson–Contact Form 7 PayPal & Stripe Add-on |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.3. | 2024-10-17 | 7.1 | CVE-2024-48021 | audit@patchstack.com |
| Scott Paterson–Time Clock Pro |
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the ‘etimeclockwp_load_function_callback’ function. This allows unauthenticated attackers to execute code on the server. The invoked function’s parameters cannot be specified. | 2024-10-18 | 8.3 | CVE-2024-9593 | security@wordfence.com security@wordfence.com security@wordfence.com |
| scottopolis–AppPresser Mobile App Framework |
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_password() and validate_reset_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator. | 2024-10-16 | 8.1 | CVE-2024-9305 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| SECOM–WRTM326 |
The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests. | 2024-10-18 | 9.8 | CVE-2024-10119 | twcert@cert.org.tw twcert@cert.org.tw |
| SECOM–WRTR-304GN-304TW-UPSC |
SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. | 2024-10-18 | 9.8 | CVE-2024-10118 | twcert@cert.org.tw twcert@cert.org.tw |
| sekler–Mapplic Lite |
The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site’s server and ultimately perform an XSS attack if requesting an SVG file. | 2024-10-16 | 8.3 | CVE-2012-10018 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| sendpulse–SendPulse Free Web Push |
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-17 | 7.2 | CVE-2024-9184 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Shafiq–Digital Lottery |
Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5. | 2024-10-16 | 10 | CVE-2024-49242 | audit@patchstack.com |
| Shibu Lijack a.k.a CyberJack–CJ Change Howdy |
Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.K.A CyberJack CJ Change Howdy allows Stored XSS.This issue affects CJ Change Howdy: from n/a through 3.3.1. | 2024-10-17 | 7.1 | CVE-2024-49223 | audit@patchstack.com |
| ShortPixel–ShortPixel Image Optimizer |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ShortPixel ShortPixel Image Optimizer allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3. | 2024-10-17 | 7.6 | CVE-2024-48043 | audit@patchstack.com |
| SICK AG–SICK CLV6xx |
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password. | 2024-10-17 | 9.1 | CVE-2024-10025 | psirt@sick.de psirt@sick.de psirt@sick.de psirt@sick.de psirt@sick.de psirt@sick.de |
| siteground–Speed Optimizer The All-In-One Performance-Boosting Plugin |
The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switch_php function called via the /switch-php REST API route. This allows attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-10-16 | 9.8 | CVE-2019-25217 | security@wordfence.com security@wordfence.com |
| Smartdevth–Advanced Advertising System |
Deserialization of Untrusted Data vulnerability in Smartdevth Advanced Advertising System allows Object Injection.This issue affects Advanced Advertising System: from n/a through 1.3.1. | 2024-10-20 | 9.8 | CVE-2024-49624 | audit@patchstack.com |
| solarwinds — serv-u |
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability | 2024-10-16 | 8.8 | CVE-2024-45711 | psirt@solarwinds.com |
| solarwinds — solarwinds_platform |
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine. | 2024-10-16 | 7.8 | CVE-2024-45710 | psirt@solarwinds.com |
| SolarWinds–SolarWinds Platform |
The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. | 2024-10-16 | 7.1 | CVE-2024-45715 | psirt@solarwinds.com |
| sooskriszta, webforza–BuddyPress Better Registration |
: Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza BuddyPress Better Registration allows : Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through 1.6. | 2024-10-16 | 9.8 | CVE-2024-49247 | audit@patchstack.com |
| Sourav–All in One Slider |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Sourav All in One Slider allows Reflected XSS.This issue affects All in One Slider: from n/a through 1.1. | 2024-10-20 | 7.1 | CVE-2024-49323 | audit@patchstack.com |
| Sovratec–Sovratec Case Management |
Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through 1.0.0. | 2024-10-20 | 10 | CVE-2024-49324 | audit@patchstack.com |
| splunk — splunk |
In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the “admin” or “power” Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive. | 2024-10-14 | 8 | CVE-2024-45731 | prodsec@splunk.com prodsec@splunk.com |
| splunk — splunk |
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the “admin” or “power” Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration. | 2024-10-14 | 8.8 | CVE-2024-45733 | prodsec@splunk.com prodsec@splunk.com |
| ss-proj — shirasagi |
SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests. | 2024-10-15 | 7.5 | CVE-2024-46898 | vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
| starfishwp–Rich Reviews by Starfish |
The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body ‘update’ parameter in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-16 | 7.2 | CVE-2019-25216 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| strategy11team–Formidable Forms Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder |
The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like ‘after_html’ in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim’s browser. | 2024-10-16 | 8.3 | CVE-2017-20192 | security@wordfence.com security@wordfence.com security@wordfence.com |
| Sumit Surai–Featured Posts with Multiple Custom Groups (FPMCG) |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Sumit Surai Featured Posts with Multiple Custom Groups (FPMCG) allows Reflected XSS.This issue affects Featured Posts with Multiple Custom Groups (FPMCG): from n/a through 4.0. | 2024-10-17 | 7.1 | CVE-2024-48032 | audit@patchstack.com |
| sunburntkamel–disconnected |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in sunburntkamel disconnected allows Reflected XSS.This issue affects disconnected: from n/a through 1.3.0. | 2024-10-16 | 7.1 | CVE-2024-49268 | audit@patchstack.com |
| Sunjianle–ajax-extend |
Improper Control of Generation of Code (‘Code Injection’) vulnerability in Sunjianle allows Code Injection.This issue affects ajax-extend: from n/a through 1.0. | 2024-10-16 | 10 | CVE-2024-49254 | audit@patchstack.com |
| Supsystic–Contact Form by Supsystic |
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Contact Form by Supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through 1.7.28. | 2024-10-16 | 9.1 | CVE-2024-48042 | audit@patchstack.com |
| Surfer–Surfer |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Surfer allows SQL Injection.This issue affects Surfer: from n/a through 1.5.0.502. | 2024-10-17 | 7.6 | CVE-2024-49299 | audit@patchstack.com |
| SUSE–apiserver |
A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server’s public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser | 2024-10-16 | 8.3 | CVE-2023-32192 | meissner@suse.de meissner@suse.de |
| SUSE–Container suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122 |
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root | 2024-10-16 | 7.8 | CVE-2024-22029 | meissner@suse.de |
| SUSE–norman |
A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman’s public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. | 2024-10-16 | 8.3 | CVE-2023-32193 | meissner@suse.de meissner@suse.de |
| SUSE–openSUSE Tumbleweed |
mlocate’s %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges. | 2024-10-16 | 7.8 | CVE-2023-32190 | meissner@suse.de |
| SUSE–rancher |
A vulnerability has been identified which may lead to sensitive data being leaked into Rancher’s audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) set to `1 or above` are impacted by this issue. | 2024-10-16 | 8.4 | CVE-2023-22649 | meissner@suse.de meissner@suse.de |
| SUSE–rancher |
A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s tokens still usable. | 2024-10-16 | 8.8 | CVE-2023-22650 | meissner@suse.de meissner@suse.de |
| SUSE–rancher |
A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL. | 2024-10-16 | 8 | CVE-2024-22030 | meissner@suse.de meissner@suse.de |
| SUSE–rancher |
A vulnerability has been identified when granting a create or * global role for a resource type of “namespaces”; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project. | 2024-10-16 | 7.2 | CVE-2023-32194 | meissner@suse.de meissner@suse.de |
| SUSE–rke |
When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin. | 2024-10-16 | 9.9 | CVE-2023-32191 | meissner@suse.de meissner@suse.de |
| taismartfactory — qplant_sf |
SQL injection vulnerability in TAI Smart Factory’s QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the ’email’ parameter on the ‘RequestPasswordChange’ endpoint. | 2024-10-15 | 9.8 | CVE-2024-9925 | cve-coordination@incibe.es |
| Takayuki Imanishi–ACF Images Search And Insert |
Unrestricted Upload of File with Dangerous Type vulnerability in Takayuki Imanishi ACF Images Search And Insert allows Upload a Web Shell to a Web Server.This issue affects ACF Images Search And Insert: from n/a through 1.1.4. | 2024-10-16 | 9.9 | CVE-2024-48035 | audit@patchstack.com |
| TAKETIN–TAKETIN To WP Membership |
Deserialization of Untrusted Data vulnerability in TAKETIN TAKETIN To WP Membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through 2.8.0. | 2024-10-16 | 8.8 | CVE-2024-49226 | audit@patchstack.com |
| teamplus technology–team+ |
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents. | 2024-10-14 | 9.8 | CVE-2024-9921 | twcert@cert.org.tw twcert@cert.org.tw |
| teamplus technology–team+ |
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | 2024-10-14 | 7.5 | CVE-2024-9922 | twcert@cert.org.tw twcert@cert.org.tw |
| TECNO–com.transsion.aivoiceassistant |
Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component. | 2024-10-16 | 9.8 | CVE-2024-10018 | 907edf6c-bf03-423e-ab1a-8da27e1aa1ea 907edf6c-bf03-423e-ab1a-8da27e1aa1ea |
| Tenda–AC8 |
A vulnerability was found in Tenda AC8 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function compare_parentcontrol_time of the file /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This is not the same issue like CVE-2023-33671. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-18 | 8.8 | CVE-2024-10123 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Tenda–AC8 |
A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. This vulnerability affects the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-18 | 8.8 | CVE-2024-10130 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| THATplugin–Iconize |
Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize.This issue affects Iconize: from n/a through 1.2.4. | 2024-10-16 | 9.1 | CVE-2024-47649 | audit@patchstack.com |
| The CSSIgniter Team–MaxSlider |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in The CSSIgniter Team MaxSlider allows Path Traversal.This issue affects MaxSlider: from n/a through 1.2.3. | 2024-10-16 | 7.5 | CVE-2024-47351 | audit@patchstack.com |
| themegrill–ThemeGrill Demo Importer |
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named ‘admin’, the attacker will become automatically logged in as an administrator. | 2024-10-16 | 9.9 | CVE-2020-36837 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| themehunk–WP Popup Builder Popup Forms and Marketing Lead Generation |
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. NOTE: This vulnerability was partially fixed in version 1.3.5 with a nonce check, which effectively prevented access to the affected function. However, version 1.3.6 incorporates the correct authorization check to prevent unauthorized access. | 2024-10-16 | 7.3 | CVE-2024-9061 | security@wordfence.com security@wordfence.com |
| Themeisle–Multiple Page Generator Plugin MPG |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7. | 2024-10-20 | 8.5 | CVE-2024-47325 | audit@patchstack.com |
| themexpo–RS-Members |
Incorrect Privilege Assignment vulnerability in themexpo RS-Members allows Privilege Escalation.This issue affects RS-Members: from n/a through 1.0.3. | 2024-10-17 | 8.8 | CVE-2024-49219 | audit@patchstack.com |
| Themis Solutions, Inc.–Clio Grow |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Themis Solutions, Inc. Clio Grow allows Reflected XSS.This issue affects Clio Grow: from n/a through 1.0.2. | 2024-10-17 | 7.1 | CVE-2024-49276 | audit@patchstack.com |
| thinkst — opencanary |
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon. Version 0.9.4 contains a fix for the issue. | 2024-10-14 | 7.8 | CVE-2024-48911 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| Toast Plugins–Animator |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Toast Plugins Animator allows Reflected XSS.This issue affects Animator: from n/a through 3.0.11. | 2024-10-17 | 7.1 | CVE-2024-49308 | audit@patchstack.com |
| Tophive–Ultimate AI |
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the ‘ultimate_ai_register_or_login_with_google’ function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | 2024-10-16 | 9.8 | CVE-2024-9105 | security@wordfence.com security@wordfence.com |
| Unizoe Web Solutions–jLayer Parallax Slider |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Unizoe Web Solutions jLayer Parallax Slider allows Reflected XSS.This issue affects jLayer Parallax Slider: from n/a through 1.0. | 2024-10-20 | 7.1 | CVE-2024-49334 | audit@patchstack.com |
| Unknown–Logo Slider |
The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2024-10-17 | 7.6 | CVE-2024-5429 | contact@wpscan.com |
| Unlimited Elements–Unlimited Elements For Elementor (Free Widgets, Addons, Templates) |
: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows : Command Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121. | 2024-10-16 | 9.1 | CVE-2024-49271 | audit@patchstack.com |
| Vasilis Kerasiotis–Affiliator |
Unrestricted Upload of File with Dangerous Type vulnerability in Vasilis Kerasiotis Affiliator allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through 2.1.3. | 2024-10-20 | 10 | CVE-2024-49326 | audit@patchstack.com |
| vasyltech–Advanced Access Manager Restricted Content, Users & Roles, Enhanced Security and More |
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php | 2024-10-16 | 9.8 | CVE-2019-25213 | security@wordfence.com security@wordfence.com |
| vendure-ecommerce–vendure |
Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure’s asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI. Patches are available in versions 3.0.5 and 2.3.3. Some workarounds are also available. One may use object storage rather than the local file system, e.g. MinIO or S3, or define middleware which detects and blocks requests with urls containing `/../`. | 2024-10-15 | 9.1 | CVE-2024-48914 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| VideoWhisper.com–Contact Forms, Live Support, CRM, Video Messages |
Insertion of Sensitive Information Into Sent Data vulnerability in VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through 1.10.2. | 2024-10-17 | 7.5 | CVE-2024-49235 | audit@patchstack.com |
| VillaTheme–CURCY |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in VillaTheme CURCY allows Reflected XSS.This issue affects CURCY: from n/a through 2.2.3. | 2024-10-17 | 7.1 | CVE-2024-49283 | audit@patchstack.com |
| Vivek Tamrakar–WP REST API FNS |
Unrestricted Upload of File with Dangerous Type vulnerability in Vivek Tamrakar WP REST API FNS allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through 1.0.0. | 2024-10-20 | 10 | CVE-2024-49329 | audit@patchstack.com |
| Vivek Tamrakar–WP REST API FNS |
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0. | 2024-10-20 | 9.8 | CVE-2024-49328 | audit@patchstack.com |
| VSO–ConvertXtoDvd |
A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-17 | 7.8 | CVE-2024-10093 | cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| wavelog — wavelog |
Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode. | 2024-10-14 | 9.8 | CVE-2024-48251 | cve@mitre.org cve@mitre.org cve@mitre.org |
| wavelog — wavelog |
Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin. | 2024-10-14 | 9.8 | CVE-2024-48257 | cve@mitre.org cve@mitre.org cve@mitre.org |
| WAVLINK–WN530H4 |
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-20 | 8.8 | CVE-2024-10194 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| webdevmattcrom–GiveWP Donation Plugin and Fundraising Platform |
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the give_company_name parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to achieve remote code execution. | 2024-10-16 | 9.8 | CVE-2024-9634 | security@wordfence.com security@wordfence.com security@wordfence.com |
| wfh45678–Radar |
A vulnerability has been found in wfh45678 Radar up to 1.0.8 and classified as critical. This vulnerability affects unknown code of the file /services/v1/common/upload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-18 | 7.3 | CVE-2024-10120 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| wfh45678–Radar |
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This appears not to be a path traversal weakness. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-18 | 7.3 | CVE-2024-10121 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| woobewoo–Product Filter by WBW |
The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery. | 2024-10-16 | 7.3 | CVE-2021-4444 | security@wordfence.com security@wordfence.com |
| wpchill–Download Monitor |
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators. | 2024-10-16 | 7.5 | CVE-2022-4972 | security@wordfence.com security@wordfence.com |
| wpdevteam–Essential Addons for Elementor Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders |
The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user. | 2024-10-16 | 8.8 | CVE-2021-4447 | security@wordfence.com security@wordfence.com |
| WPFactory–Email Verification for WooCommerce |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPFactory Email Verification for WooCommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through 2.8.10. | 2024-10-17 | 9.3 | CVE-2024-49305 | audit@patchstack.com |
| WPFactory–EU/UK VAT Manager for WooCommerce |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPFactory EU/UK VAT Manager for WooCommerce allows Cross-Site Scripting (XSS).This issue affects EU/UK VAT Manager for WooCommerce: from n/a through 2.12.14. | 2024-10-20 | 7.1 | CVE-2024-44061 | audit@patchstack.com |
| WPGrim–Classic Editor and Classic Widgets |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPGrim Classic Editor and Classic Widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through 1.4.1. | 2024-10-17 | 8.5 | CVE-2024-47312 | audit@patchstack.com |
| wpindeed–Indeed Membership Pro |
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via the username or user ID. | 2024-10-16 | 9.8 | CVE-2020-36832 | security@wordfence.com security@wordfence.com security@wordfence.com |
| WPManageNinja LLC–Fluent Support |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPManageNinja LLC Fluent Support allows SQL Injection.This issue affects Fluent Support: from n/a through 1.8.0. | 2024-10-17 | 8.5 | CVE-2024-47304 | audit@patchstack.com |
| wpvividplugins–Migration, Backup, Staging WPvivid |
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. This affects versions up to, and including 0.9.35. | 2024-10-16 | 8.8 | CVE-2020-36842 | security@wordfence.com security@wordfence.com security@wordfence.com |
| WSIFY Sales can fly–Wsify Widget |
Cross-Site Request Forgery (CSRF) vulnerability in WSIFY – Sales can fly Wsify Widget allows Stored XSS.This issue affects Wsify Widget: from n/a through 1.0. | 2024-10-17 | 7.1 | CVE-2024-48048 | audit@patchstack.com |
| xaraartech–External featured image from bing |
Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through 1.0.2. | 2024-10-16 | 9.9 | CVE-2024-48027 | audit@patchstack.com |
| Xerox–AltaLink B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807 |
Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products. | 2024-10-17 | 7.2 | CVE-2024-6333 | 10b61619-3869-496c-8a1e-f291b0e71e3f |
| ZIPANG–Point Maker |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ZIPANG Point Maker allows PHP Local File Inclusion.This issue affects Point Maker: from n/a through 0.1.4. | 2024-10-17 | 7.5 | CVE-2024-49317 | audit@patchstack.com |
| zodiac–Akismet htaccess writer |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in zodiac Akismet htaccess writer allows Reflected XSS.This issue affects Akismet htaccess writer: from n/a through 1.0.1. | 2024-10-17 | 7.1 | CVE-2024-49316 | audit@patchstack.com |
| Zoho CRM–Zoho CRM Lead Magnet |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Zoho CRM Zoho CRM Lead Magnet allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through 1.7.9.0. | 2024-10-17 | 8.5 | CVE-2024-49297 | audit@patchstack.com |
| ZoomIt–ZoomSounds – WordPress Wave Audio Player with Playlist |
The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘savepng.php’ file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2024-10-16 | 9.8 | CVE-2021-4449 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| A WP Life–Contact Form Widget |
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.4.2. | 2024-10-17 | 5.4 | CVE-2024-48037 | audit@patchstack.com |
| acronis — cyber_files |
Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0×24. | 2024-10-17 | 5.7 | CVE-2024-49386 | security@acronis.com |
| acronis — cyber_files |
Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0×24. | 2024-10-17 | 4.8 | CVE-2024-49392 | security@acronis.com |
| acronis — cyber_protect |
Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | 2024-10-15 | 4.3 | CVE-2024-49382 | security@acronis.com |
| acronis — cyber_protect |
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | 2024-10-15 | 4.3 | CVE-2024-49383 | security@acronis.com |
| acronis — cyber_protect |
Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | 2024-10-15 | 4.3 | CVE-2024-49384 | security@acronis.com |
| Adobe–Substance3D – Sampler |
Substance3D – Sampler versions 4.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-17 | 5.5 | CVE-2024-47459 | psirt@adobe.com |
| alimir–WP ULike All-in-One Engagement Toolkit |
The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or incorrect nonce validation on the wp_ulike_delete_history_api() function. This makes it possible for unauthenticated attackers to delete engagements via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-10-16 | 4.3 | CVE-2024-9649 | security@wordfence.com security@wordfence.com security@wordfence.com |
| apache — cloudstack |
The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Alternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting “quota.enable.service” to “false”. | 2024-10-16 | 6.3 | CVE-2024-45461 | security@apache.org security@apache.org security@apache.org |
| apintop–Add Widget After Content |
The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-10-18 | 4.4 | CVE-2024-9892 | security@wordfence.com security@wordfence.com |
| B.M. Rafiul Alam–Awesome Contact Form7 for Elementor |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in B.M. Rafiul Alam Awesome Contact Form7 for Elementor allows Stored XSS.This issue affects Awesome Contact Form7 for Elementor: from n/a through 3.0. | 2024-10-17 | 6.5 | CVE-2024-49319 | audit@patchstack.com |
| Bert Kler–Movie Database |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Bert Kößler Movie Database allows Stored XSS.This issue affects Movie Database: from n/a through 1.0.11. | 2024-10-18 | 5.9 | CVE-2024-43300 | audit@patchstack.com |
| blindsidenetworks–BigBlueButton |
The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the moderator code and viewer code fields in versions up to, and including, 3.0.0-beta.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author privileges or higher to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-16 | 6.4 | CVE-2023-7296 | security@wordfence.com security@wordfence.com |
| BogdanFix–WP SendFox |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox allows Retrieve Embedded Sensitive Data.This issue affects WP SendFox: from n/a through 1.3.1. | 2024-10-17 | 5.3 | CVE-2024-49284 | audit@patchstack.com |
| bqworks–Accordion Slider |
The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Successful exploitation by Contributor-level users requires an Administrator-level user to provide access to the plugin’s admin area via the `Access` plugin setting, which is restricted to administrators by default. | 2024-10-16 | 6.4 | CVE-2024-9582 | security@wordfence.com security@wordfence.com |
| cert — vince |
A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profile, which may lead to a DoS condition when the profile is accessed. While the Django server restricts unpickling to prevent server crashes, this vulnerability could still disrupt operations. | 2024-10-14 | 4.9 | CVE-2024-9953 | cret@cert.org |
| chertz–WP Easy Post Types |
The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-18 | 6.4 | CVE-2024-10080 | security@wordfence.com security@wordfence.com |
| Cisco–Cisco Analog Telephone Adaptor (ATA) Software |
A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system. This vulnerability is due to a lack of input sanitization in the web-based management interface. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. | 2024-10-16 | 6.5 | CVE-2024-20459 | ykramarz@cisco.com |
| Cisco–Cisco Analog Telephone Adaptor (ATA) Software |
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information on an affected device. | 2024-10-16 | 6.1 | CVE-2024-20460 | ykramarz@cisco.com |
| Cisco–Cisco Analog Telephone Adaptor (ATA) Software |
A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user. This vulnerability exists because CLI input is not properly sanitized. An attacker could exploit this vulnerability by sending malicious characters to the CLI. A successful exploit could allow the attacker to read and write to the underlying operating system as the root user. | 2024-10-16 | 6 | CVE-2024-20461 | ykramarz@cisco.com |
| Cisco–Cisco Analog Telephone Adaptor (ATA) Software |
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect authorization verification by the HTTP server. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to run commands as the Admin user. | 2024-10-16 | 5.4 | CVE-2024-20420 | ykramarz@cisco.com |
| Cisco–Cisco Analog Telephone Adaptor (ATA) Software |
A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users. | 2024-10-16 | 5.5 | CVE-2024-20462 | ykramarz@cisco.com |
| Cisco–Cisco Analog Telephone Adaptor (ATA) Software |
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface on an affected device. A successful exploit could allow the attacker to make limited modifications to the configuration or reboot the device, resulting in a denial of service (DoS) condition. | 2024-10-16 | 5.4 | CVE-2024-20463 | ykramarz@cisco.com |
| Cisco–Cisco Unified Computing System Central Software |
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attacker with access to a backup file to learn sensitive information that is stored in full state backup files and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key. | 2024-10-16 | 6.3 | CVE-2024-20280 | ykramarz@cisco.com |
| Cisco–Cisco Unified Contact Center Management Portal |
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | 2024-10-16 | 6.1 | CVE-2024-20512 | ykramarz@cisco.com |
| code-projects–Blood Bank System |
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-20 | 4.7 | CVE-2024-10171 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Hospital Management System |
A vulnerability classified as critical was found in code-projects Hospital Management System 1.0. This vulnerability affects unknown code of the file change-password.php. The manipulation of the argument cpass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-20 | 6.3 | CVE-2024-10169 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Hospital Management System |
A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. This issue affects some unknown processing of the file get_doctor.php. The manipulation of the argument specilizationid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-20 | 6.3 | CVE-2024-10170 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Pharmacy Management System |
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/manage_purchase.php?action=search&tag=VOUCHER_NUMBER. The manipulation of the argument text leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-16 | 6.3 | CVE-2024-10021 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Pharmacy Management System |
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_supplier.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-16 | 6.3 | CVE-2024-10022 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Pharmacy Management System |
A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/add_new_medicine.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-16 | 6.3 | CVE-2024-10023 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Pharmacy Management System |
A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. This issue affects some unknown processing of the file /php/manage_medicine_stock.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-16 | 6.3 | CVE-2024-10024 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Pharmacy Management System |
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_invoice.php. The manipulation of the argument invoice_number leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-19 | 6.3 | CVE-2024-10136 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Pharmacy Management System |
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /manage_medicine.php?action=delete. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-19 | 6.3 | CVE-2024-10137 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Pharmacy Management System |
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. Affected is an unknown function of the file /add_new_purchase.php?action=is_supplier. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-19 | 6.3 | CVE-2024-10138 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Pharmacy Management System |
A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add_new_supplier.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-19 | 6.3 | CVE-2024-10139 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Pharmacy Management System |
A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. Affected by this issue is some unknown functionality of the file /manage_supplier.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-19 | 6.3 | CVE-2024-10140 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| CodeAstrology Team–UltraAddons Elementor Lite |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CodeAstrology Team UltraAddons Elementor Lite allows Stored XSS.This issue affects UltraAddons Elementor Lite: from n/a through 1.1.8. | 2024-10-17 | 6.5 | CVE-2024-49277 | audit@patchstack.com |
| codepeople–Calculated Fields Form |
The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views form submissions in their email. | 2024-10-17 | 5.3 | CVE-2024-9940 | security@wordfence.com security@wordfence.com |
| Coder426–Custom Add to Cart Button Label and Link |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Coder426 Custom Add to Cart Button Label and Link allows Stored XSS.This issue affects Custom Add to Cart Button Label and Link: from n/a through 1.6.1. | 2024-10-17 | 6.5 | CVE-2024-49296 | audit@patchstack.com |
| CrossedCode–bVerse Convert |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CrossedCode bVerse Convert allows Stored XSS.This issue affects bVerse Convert: from n/a through 1.3.7.1. | 2024-10-18 | 6.5 | CVE-2024-49228 | audit@patchstack.com |
| Daniele Alessandra–Da Reactions |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Daniele Alessandra Da Reactions allows Stored XSS.This issue affects Da Reactions: from n/a through 5.1.5. | 2024-10-17 | 6.5 | CVE-2024-49255 | audit@patchstack.com |
| Dell–Dell OpenManage Enterprise |
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | 2024-10-17 | 4.3 | CVE-2024-45767 | security_alert@emc.com |
| Dell–Secure Connect Gateway (SCG) 5.0 Appliance – SRS |
Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition. | 2024-10-18 | 5.5 | CVE-2024-47240 | security_alert@emc.com |
| Dell–Secure Connect Gateway (SCG) 5.0 Appliance – SRS |
Dell Secure Connect Gateway (SCG) 5.0 Appliance – SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data. | 2024-10-18 | 5.5 | CVE-2024-47241 | security_alert@emc.com |
| Dell–Secure Connect Gateway (SCG) 5.0 Appliance – SRS |
Dell Secure Connect Gateway (SCG) 5.0 Appliance – SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account. | 2024-10-18 | 4.6 | CVE-2024-48016 | security_alert@emc.com |
| dFactory–Responsive Lightbox |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in dFactory Responsive Lightbox allows Stored XSS.This issue affects Responsive Lightbox: from n/a through 2.4.8. | 2024-10-17 | 5.9 | CVE-2024-49282 | audit@patchstack.com |
| DOGROW.NET–Simple Baseball Scoreboard |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in DOGROW.NET Simple Baseball Scoreboard allows Stored XSS.This issue affects Simple Baseball Scoreboard: from n/a through 1.3. | 2024-10-17 | 6.5 | CVE-2024-48025 | audit@patchstack.com |
| dpdbaltics–DPD Baltic Shipping |
The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_value’ parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-18 | 6.1 | CVE-2024-9350 | security@wordfence.com security@wordfence.com |
| Eclipse Foundation–Jetty |
There exists a security vulnerability in Jetty’s ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server’s memory. | 2024-10-14 | 5.9 | CVE-2024-8184 | emo@eclipse.org emo@eclipse.org emo@eclipse.org |
| Eclipse Foundation–Jetty |
There exists a security vulnerability in Jetty’s DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server’s memory finally. | 2024-10-14 | 5.3 | CVE-2024-9823 | emo@eclipse.org emo@eclipse.org emo@eclipse.org |
| elbanyaoui–Smart Online Order for Clover |
The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-16 | 6.1 | CVE-2024-8787 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| elementinvader–ElementInvader Addons for Elementor |
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s contact form widget redirect URL in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-16 | 5.4 | CVE-2024-9888 | security@wordfence.com security@wordfence.com |
| elementinvader–ElementInvader Addons for Elementor |
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level access and above, to view private/draft/password protected posts, pages, and Elementor templates that they should not have access to. | 2024-10-19 | 4.3 | CVE-2024-9889 | security@wordfence.com security@wordfence.com |
| elementor — website_builder |
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract either excerpt data or titles of private or password-protected posts. | 2024-10-15 | 4.3 | CVE-2024-6757 | security@wordfence.com security@wordfence.com |
| EmbedThis–GoAhead |
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS). | 2024-10-17 | 5.9 | CVE-2024-3184 | prodsec@nozominetworks.com |
| EmbedThis–GoAhead |
CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template (JST) files to trigger a crash and cause a Denial of Service (DoS) by providing malicious templates. | 2024-10-17 | 5.3 | CVE-2024-3186 | prodsec@nozominetworks.com |
| EmbedThis–GoAhead |
This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent. | 2024-10-17 | 5.9 | CVE-2024-3187 | prodsec@nozominetworks.com |
| enalean — tuleap |
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to. Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue. | 2024-10-14 | 5.7 | CVE-2024-46988 | security-advisories@github.com security-advisories@github.com |
| enalean — tuleap |
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward label allowing them to execute uncontrolled code (or at least achieve content injection) in a mail client. Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue. | 2024-10-14 | 4.8 | CVE-2024-46980 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| enalean — tuleap |
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue. | 2024-10-14 | 4.9 | CVE-2024-47766 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| enalean — tuleap |
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not have access to. Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue. | 2024-10-14 | 4.3 | CVE-2024-47767 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| ESAFENET–CDG |
A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function actionPassMainApplication of the file /com/esafenet/servlet/client/MailDecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-17 | 6.3 | CVE-2024-10069 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| ESAFENET–CDG |
A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function actionPolicyPush of the file /com/esafenet/policy/action/PolicyPushControlAction.java. The manipulation of the argument policyId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-17 | 6.3 | CVE-2024-10070 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| ESAFENET–CDG |
A vulnerability classified as critical was found in ESAFENET CDG 5. This vulnerability affects the function actionUpdateEncryptPolicyEdit of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument encryptPolicyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-17 | 6.3 | CVE-2024-10071 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| ESAFENET–CDG |
A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. This issue affects the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument checklist leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-17 | 6.3 | CVE-2024-10072 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| ESAFENET–CDG |
A vulnerability has been found in ESAFENET CDG 5 and classified as critical. Affected by this vulnerability is the function updateNetSecPolicyPriority of the file /com/esafenet/servlet/ajax/NetSecPolicyAjax.java. The manipulation of the argument id/frontId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-19 | 6.3 | CVE-2024-10133 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| ESAFENET–CDG |
A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is the function connectLogout of the file /com/esafenet/servlet/ajax/MultiServerAjax.java. The manipulation of the argument servername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-19 | 6.3 | CVE-2024-10134 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| ESAFENET–CDG |
A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects the function actionDelNetSecConfig of the file /com/esafenet/servlet/netSec/NetSecConfigService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-19 | 6.3 | CVE-2024-10135 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| EventON–EventON Pro |
The EventON PRO – WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. This makes it possible for unauthenticated attackers to send test emails to arbitrary email addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-10-19 | 4.3 | CVE-2023-6243 | security@wordfence.com security@wordfence.com security@wordfence.com |
| Exclusive Addons–Exclusive Addons Elementor |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.7.1. | 2024-10-17 | 6.5 | CVE-2024-49292 | audit@patchstack.com |
| F5–BIG-IQ |
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-10-16 | 6.8 | CVE-2024-47139 | f5sirt@f5.com |
| fahadmahmood–RSS Feed Widget |
The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s rfw-youtube-videos shortcode in all versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-18 | 6.4 | CVE-2024-10057 | security@wordfence.com security@wordfence.com security@wordfence.com |
| fatcatapps–GetResponse Forms by Optin Cat |
The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-18 | 6.1 | CVE-2024-8740 | security@wordfence.com security@wordfence.com |
| filemanagerpro — file_manager |
The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting. | 2024-10-16 | 5.4 | CVE-2024-8918 | security@wordfence.com security@wordfence.com |
| flairNLP–flair |
A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flairmodelsclustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-17 | 5 | CVE-2024-10073 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| flexmls–Flexmls IDX Plugin |
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters like ‘MaxBeds’ and ‘MinBeds’ in all versions up to, and including, 3.14.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-17 | 6.1 | CVE-2024-8719 | security@wordfence.com security@wordfence.com |
| flycart–Discount Rules for WooCommerce Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons |
The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying rules and saving configurations. | 2024-10-16 | 6.3 | CVE-2020-36834 | security@wordfence.com security@wordfence.com |
| flycart–Discount Rules for WooCommerce Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons |
The Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a site administrator into performing an action such as clicking on a link. Please note that this is only exploitable when the ‘Leave a Review’ notice is present, which occurs after 100 orders are made and disappears after a user dismisses the notice. | 2024-10-16 | 4.7 | CVE-2024-8541 | security@wordfence.com security@wordfence.com security@wordfence.com |
| gantry–Gantry 4 Framework |
The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘override_id’ parameter in all versions up to, and including, 4.1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-18 | 6.1 | CVE-2024-9382 | security@wordfence.com security@wordfence.com |
| giuliopanda–Bulk images optimizer: Resize, optimize, convert to webp, rename |
The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘save_configuration’ function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options. | 2024-10-18 | 4.3 | CVE-2024-9361 | security@wordfence.com security@wordfence.com |
| google — chrome |
Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | 2024-10-15 | 5.3 | CVE-2024-9966 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome |
Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2024-10-15 | 4.3 | CVE-2024-9958 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome |
Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2024-10-15 | 4.3 | CVE-2024-9962 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome |
Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2024-10-15 | 4.3 | CVE-2024-9963 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome |
Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | 2024-10-15 | 4.3 | CVE-2024-9964 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Gora Tech LLC–Cooked Pro |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Gora Tech LLC Cooked Pro allows Stored XSS.This issue affects Cooked Pro: from n/a before 1.8.0. | 2024-10-17 | 6.5 | CVE-2024-49289 | audit@patchstack.com |
| Gora Tech LLC–Cooked Pro |
Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0. | 2024-10-20 | 4.3 | CVE-2024-49290 | audit@patchstack.com |
| Hafiz Uddin Ahmed–Crazy Call To Action Box |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Hafiz Uddin Ahmed Crazy Call To Action Box allows Stored XSS.This issue affects Crazy Call To Action Box: from n/a through 1.0.5. | 2024-10-18 | 6.5 | CVE-2024-49236 | audit@patchstack.com |
| Hans Matzen–wp-Monalisa |
Cross-Site Request Forgery (CSRF) vulnerability in Hans Matzen wp-Monalisa allows Cross Site Request Forgery.This issue affects wp-Monalisa: from n/a through 6.4. | 2024-10-17 | 4.3 | CVE-2024-48038 | audit@patchstack.com |
| Harpreet Singh–Ajax Custom CSS/JS |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Harpreet Singh Ajax Custom CSS/JS allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through 2.0.4. | 2024-10-18 | 6.5 | CVE-2024-49230 | audit@patchstack.com |
| HashThemes–Smart Blocks |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in HashThemes Smart Blocks allows Stored XSS.This issue affects Smart Blocks: from n/a through 2.0. | 2024-10-16 | 6.5 | CVE-2024-49270 | audit@patchstack.com |
| hcltech — bigfix_platform |
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances. | 2024-10-14 | 5.3 | CVE-2024-30117 | psirt@hcl.com |
| heateor–Social Sharing Plugin Sassy Social Share |
The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘urls’ parameter called via the ‘heateor_sss_sharing_count’ AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-16 | 6.1 | CVE-2022-4971 | security@wordfence.com security@wordfence.com |
| HFO4–shudong-share |
A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/create_share.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-18 | 6.3 | CVE-2024-10129 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| honojs–hono |
Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. This can allow an attacker to bypass CSRF protection implemented with Hono CSRF middleware. Version 4.6.5 fixes this issue. | 2024-10-15 | 5.9 | CVE-2024-48913 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| HT Plugins–WP Education |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in HT Plugins WP Education allows Stored XSS.This issue affects WP Education: from n/a through 1.2.8. | 2024-10-20 | 6.5 | CVE-2024-49630 | audit@patchstack.com |
| IBM–Watson Studio Local |
IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 2024-10-16 | 4.3 | CVE-2024-49340 | psirt@us.ibm.com |
| IBM–WebSphere Application Server |
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2024-10-16 | 5.5 | CVE-2024-45071 | psirt@us.ibm.com |
| IBM–WebSphere Application Server |
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. | 2024-10-16 | 5.5 | CVE-2024-45072 | psirt@us.ibm.com |
| IBM–WebSphere Application Server |
IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service. | 2024-10-15 | 5.9 | CVE-2024-45085 | psirt@us.ibm.com |
| india-web-developer–SEO Manager |
The SEO Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-16 | 6.4 | CVE-2024-9521 | security@wordfence.com security@wordfence.com |
| Infomaniak Staff–VOD Infomaniak |
Cross-Site Request Forgery (CSRF) vulnerability in Infomaniak Staff VOD Infomaniak allows Cross Site Request Forgery.This issue affects VOD Infomaniak: from n/a through 1.5.7. | 2024-10-20 | 5.4 | CVE-2024-49274 | audit@patchstack.com |
| ioannup–Edit WooCommerce Templates |
The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-18 | 6.1 | CVE-2024-10049 | security@wordfence.com security@wordfence.com |
| Javier Loureiro–El mejor Cluster |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Javier Loureiro El mejor Cluster allows DOM-Based XSS.This issue affects El mejor Cluster: from n/a through 1.1.14. | 2024-10-18 | 6.5 | CVE-2024-49232 | audit@patchstack.com |
| JetBrains–Ktor |
In JetBrains Ktor before 3.0.0 improper caching in HttpCache Plugin could lead to response information disclosure | 2024-10-17 | 5.3 | CVE-2024-49580 | cve@jetbrains.com |
| k2servicecom–Product Customizer Light |
The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-18 | 6.4 | CVE-2024-9848 | security@wordfence.com security@wordfence.com |
| Kubernetes–Image Builder |
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time the image build was occurring. | 2024-10-15 | 6.3 | CVE-2024-9594 | jordan@liggitt.net jordan@liggitt.net jordan@liggitt.net |
| leap13–Premium Addons for Elementor |
The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the pa_dismiss_admin_notice AJAX action. This makes it possible for authenticated subscriber+ attackers to change arbitrary options with a restricted value of 1 on vulnerable WordPress sites. | 2024-10-16 | 6.5 | CVE-2021-4445 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Limb–WordPress Gallery Plugin Limb Image Gallery |
Path Traversal: ‘…/…//’ vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. | 2024-10-16 | 6.5 | CVE-2024-49258 | audit@patchstack.com |
| linux — linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping – it is just a raw mapping of PFNs with no reference counting of a ‘struct page’. That’s all very much intentional, but it does mean that it’s easy to mess up the cleanup in case of errors. Yes, a failed mmap() will always eventually clean up any partial mappings, but without any explicit lifetime in the page table mapping itself, it’s very easy to do the error handling in the wrong order. In particular, it’s easy to mistakenly free the physical backing store before the page tables are actually cleaned up and (temporarily) have stale dangling PTE entries. To make this situation less error-prone, just make sure that any partial pfn mapping is torn down early, before any other error handling. | 2024-10-15 | 5.5 | CVE-2024-47674 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| lolitaframework–Branding |
The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-18 | 6.4 | CVE-2024-9452 | security@wordfence.com security@wordfence.com |
| LOOS,Inc.–Arkhe Blocks |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.23.0. | 2024-10-17 | 6.5 | CVE-2024-49261 | audit@patchstack.com |
| madrasthemes–MAS Companies For WP Job Manager |
The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.13. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-18 | 6.1 | CVE-2024-9206 | security@wordfence.com security@wordfence.com security@wordfence.com |
| MadrasThemes–MAS Elementor |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in MadrasThemes MAS Elementor allows DOM-Based XSS.This issue affects MAS Elementor: from n/a through 1.1.6. | 2024-10-18 | 6.5 | CVE-2024-49233 | audit@patchstack.com |
| Martin Gibson–IdeaPush |
Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson IdeaPush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through 8.69. | 2024-10-20 | 4.3 | CVE-2024-49275 | audit@patchstack.com |
| maxfoundry–WordPress Social Share Buttons |
The WordPress Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-19 | 6.1 | CVE-2024-9219 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Md Abdul Kader–Easy Addons for Elementor |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Md Abdul Kader Easy Addons for Elementor allows Stored XSS.This issue affects Easy Addons for Elementor: from n/a through 1.3.0. | 2024-10-20 | 6.5 | CVE-2024-49631 | audit@patchstack.com |
| Michael Tran–Table of Contents Plus |
Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through 2408. | 2024-10-20 | 4.3 | CVE-2024-49250 | audit@patchstack.com |
| Microchip–RN4870 |
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked. | 2024-10-16 | 4.3 | CVE-2024-29155 | dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 |
| microsoft — edge_chromium |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2024-10-17 | 5.4 | CVE-2024-43580 | secure@microsoft.com |
| microsoft — edge_chromium |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2024-10-18 | 5.3 | CVE-2024-49023 | secure@microsoft.com |
| Microsoft–Microsoft Edge (Chromium-based) |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2024-10-18 | 4.3 | CVE-2024-43577 | secure@microsoft.com |
| Mighty Plugins–Mighty Builder |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Mighty Plugins Mighty Builder allows Stored XSS.This issue affects Mighty Builder: from n/a through 1.0.2. | 2024-10-20 | 6.5 | CVE-2024-48049 | audit@patchstack.com |
| mikexstudios–Xcomic |
A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.3 is able to address this issue. The patch is named 6ed8e3cc336e29f09c7e791863d0559939da98bf. It is recommended to upgrade the affected component. | 2024-10-17 | 5.6 | CVE-2005-10003 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| MitraStar–GPT-2541GNAC |
A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly. | 2024-10-15 | 4.7 | CVE-2024-9977 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Mitsubishi Electric Corporation–Mitsubishi Electric CNC M800V Series M800VW |
Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop. | 2024-10-17 | 5.9 | CVE-2024-7316 | Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp |
| morceaudebois–Debrandify Remove or Replace WordPress Branding |
The Debrandify · Remove or Replace WordPress Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-18 | 6.4 | CVE-2024-9674 | security@wordfence.com security@wordfence.com security@wordfence.com |
| Moxa–MXsecurity Series |
The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource. | 2024-10-18 | 5.3 | CVE-2024-4739 | psirt@moxa.com |
| n/a–CoinGate Plugin |
A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. The manipulation leads to business logic errors. The attack may be launched remotely. Upgrading to version 1.2.8 is able to address this issue. The patch is identified as 0a3097db0aec7c5d66686c142c6abaa1e126ca16. It is recommended to upgrade the affected component. | 2024-10-17 | 4.3 | CVE-2018-25104 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a–n/a |
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system. | 2024-10-15 | 6.6 | CVE-2023-31493 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the `warp://action/docker/open_subshell` intent that when clicked by the victim results in command execution on the victim’s machine. | 2024-10-14 | 6.6 | CVE-2024-41997 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere v3.4.1 and v4.1.1 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks. | 2024-10-14 | 6.5 | CVE-2024-46528 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. | 2024-10-16 | 6.1 | CVE-2024-46605 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the “Opportunities” module. An attacker can inject malicious JavaScript code into the “Name” field when creating a list. | 2024-10-14 | 6.5 | CVE-2024-48120 | cve@mitre.org |
| n/a–n/a |
A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter. | 2024-10-15 | 6.6 | CVE-2024-48622 | cve@mitre.org |
| n/a–n/a |
In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | 2024-10-15 | 6.5 | CVE-2024-48710 | cve@mitre.org |
| n/a–n/a |
In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | 2024-10-15 | 6.5 | CVE-2024-48712 | cve@mitre.org |
| n/a–n/a |
In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | 2024-10-15 | 6.5 | CVE-2024-48713 | cve@mitre.org |
| n/a–n/a |
In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | 2024-10-15 | 6.5 | CVE-2024-48714 | cve@mitre.org |
| n/a–n/a |
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via “searchinput” POST request parameter. | 2024-10-16 | 6.1 | CVE-2024-48744 | cve@mitre.org |
| n/a–n/a |
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code | 2024-10-16 | 6.1 | CVE-2024-48758 | cve@mitre.org |
| n/a–n/a |
Cross Site Scripting vulnerability in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php component. | 2024-10-14 | 6.1 | CVE-2024-48821 | cve@mitre.org |
| n/a–n/a |
Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. | 2024-10-17 | 5.6 | CVE-2023-39593 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. | 2024-10-17 | 5.7 | CVE-2024-27766 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts. | 2024-10-16 | 5.3 | CVE-2024-44762 | cve@mitre.org |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. | 2024-10-16 | 5.4 | CVE-2024-46606 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML. | 2024-10-14 | 5.4 | CVE-2024-48119 | cve@mitre.org |
| n/a–n/a |
Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php. | 2024-10-15 | 5.5 | CVE-2024-48278 | cve@mitre.org |
| n/a–n/a |
In queueindex.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS). | 2024-10-15 | 5.3 | CVE-2024-48623 | cve@mitre.org |
| n/a–n/a |
In segmentsedit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability. | 2024-10-15 | 5.3 | CVE-2024-48624 | cve@mitre.org |
| n/a–n/a |
An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-14 | 5.3 | CVE-2024-48790 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-14 | 5.9 | CVE-2024-48793 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 2.00.02 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-14 | 5.3 | CVE-2024-48795 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality. | 2024-10-14 | 5.3 | CVE-2024-49214 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Code bypass through Electromagnetic Fault Injection allows an attacker to successfully authenticate and write to the RPMB (Replay Protected Memory Block) area without possessing secret information. | 2024-10-15 | 4.9 | CVE-2024-31955 | cve@mitre.org |
| n/a–n/a |
An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal. | 2024-10-16 | 4.9 | CVE-2024-46212 | cve@mitre.org |
| nayon46–Unlimited Addon For Elementor |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in nayon46 Unlimited Addon For Elementor allows Stored XSS.This issue affects Unlimited Addon For Elementor: from n/a through 2.0.0. | 2024-10-16 | 6.5 | CVE-2024-49267 | audit@patchstack.com |
| netgear — ex3700_firmware |
Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. | 2024-10-14 | 6.8 | CVE-2024-35519 | cve@mitre.org |
| netgear — ex6120_firmware |
Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. | 2024-10-14 | 6.8 | CVE-2024-35518 | cve@mitre.org |
| netgear — r7000_firmware |
Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. | 2024-10-14 | 6.8 | CVE-2024-35520 | cve@mitre.org |
| newtype — webeip |
NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer maintained. It is recommended to upgrade to the new product. | 2024-10-15 | 5.4 | CVE-2024-9969 | twcert@cert.org.tw twcert@cert.org.tw |
| nextscripts–NextScripts: Social Networks Auto-Poster |
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user. | 2024-10-16 | 5 | CVE-2020-36831 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| NicheAddons–Events Addon for Elementor |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Events Addon for Elementor allows Stored XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.0. | 2024-10-17 | 6.5 | CVE-2024-49264 | audit@patchstack.com |
| NicheAddons–Primary Addon for Elementor |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.8. | 2024-10-17 | 6.5 | CVE-2024-49259 | audit@patchstack.com |
| nik00726–Photo Gallery Slideshow & Masonry Tiled Gallery |
The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-10-19 | 4.9 | CVE-2019-25218 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| nik00726–Video Grid |
The Video Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-16 | 6.1 | CVE-2023-7295 | security@wordfence.com security@wordfence.com |
| NinjaTeam–Click to Chat WP Support All-in-One Floating Widget |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NinjaTeam Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.3. | 2024-10-17 | 6.5 | CVE-2024-49281 | audit@patchstack.com |
| ninjateam–Click to Chat WP Support All-in-One Floating Widget |
The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-18 | 6.4 | CVE-2024-10055 | security@wordfence.com security@wordfence.com security@wordfence.com |
| nintechnet–NinjaFirewall (WP Edition) Advanced Security Plugin and Firewall |
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall). | 2024-10-16 | 6.6 | CVE-2021-4451 | security@wordfence.com security@wordfence.com |
| Noor Alam–WordPress Image SEO |
Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n/a through 1.1.4. | 2024-10-20 | 4.3 | CVE-2024-49627 | audit@patchstack.com |
| NVIDIA–NeMo |
NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering. | 2024-10-15 | 6.3 | CVE-2024-0129 | psirt@nvidia.com |
| OISF–suricata |
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This issue has been addressed in 7.0.7. | 2024-10-16 | 5.3 | CVE-2024-45796 | security-advisories@github.com security-advisories@github.com |
| Oliver Schlbe–Admin Management Xtended |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Oliver Schlöbe Admin Management Xtended allows Stored XSS.This issue affects Admin Management Xtended: from n/a through 2.4.6. | 2024-10-17 | 6.5 | CVE-2024-49307 | audit@patchstack.com |
| omnipressteam–Omnipress |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in omnipressteam Omnipress allows Stored XSS.This issue affects Omnipress: from n/a through 1.4.3. | 2024-10-17 | 6.5 | CVE-2024-49278 | audit@patchstack.com |
| opajaap–WP Photo Album Plus |
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wppa-tab’ parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-17 | 6.1 | CVE-2024-9951 | security@wordfence.com security@wordfence.com |
| oracle — fusion_middleware |
Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | 2024-10-15 | 6.5 | CVE-2024-21205 | secalert_us@oracle.com |
| oracle — fusion_middleware |
Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). | 2024-10-15 | 4.4 | CVE-2024-21192 | secalert_us@oracle.com |
| oracle — graalvm |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). | 2024-10-15 | 4.8 | CVE-2024-21235 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 6.5 | CVE-2024-21196 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 6.5 | CVE-2024-21230 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 5.3 | CVE-2024-21238 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.9 | CVE-2024-21193 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.9 | CVE-2024-21194 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.9 | CVE-2024-21197 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.9 | CVE-2024-21198 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.9 | CVE-2024-21199 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.9 | CVE-2024-21200 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.9 | CVE-2024-21201 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.9 | CVE-2024-21203 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.4.0 and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.9 | CVE-2024-21204 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38 and prior, 8.4.1 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.9 | CVE-2024-21207 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Health Monitor). Supported versions that are affected are 8.0.39 and prior and 8.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.4 | CVE-2024-21212 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.2 | CVE-2024-21213 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.9 | CVE-2024-21218 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.9 | CVE-2024-21219 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.9 | CVE-2024-21236 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.9 | CVE-2024-21239 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-10-15 | 4.9 | CVE-2024-21241 | secalert_us@oracle.com |
| oracle — peoplesoft_enterprise_people_tools |
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2024-10-15 | 6.1 | CVE-2024-21202 | secalert_us@oracle.com |
| oracle — vm_virtualbox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H). | 2024-10-15 | 6.1 | CVE-2024-21263 | secalert_us@oracle.com |
| oracle — vm_virtualbox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | 2024-10-15 | 6 | CVE-2024-21273 | secalert_us@oracle.com |
| oracle — vm_virtualbox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L). | 2024-10-15 | 5.3 | CVE-2024-21248 | secalert_us@oracle.com |
| Oracle Corporation–MySQL Connectors |
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). | 2024-10-15 | 6.5 | CVE-2024-21262 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Application Express |
Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. While the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N). | 2024-10-15 | 4.9 | CVE-2024-21261 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Banking Liquidity Management |
Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.7.0.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Liquidity Management accessible data as well as unauthorized read access to a subset of Oracle Banking Liquidity Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L). | 2024-10-15 | 5.3 | CVE-2024-21281 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Database Server |
Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Core accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | 2024-10-15 | 4.3 | CVE-2024-21233 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Enterprise Command Center Framework |
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are ECC:11-13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 2024-10-15 | 4.3 | CVE-2024-21206 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Installed Base |
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | 2024-10-15 | 5.3 | CVE-2024-21258 | secalert_us@oracle.com |
| Oracle Corporation–PeopleSoft Enterprise CC Common Application Objects |
Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | 2024-10-15 | 5.4 | CVE-2024-21264 | secalert_us@oracle.com |
| Oracle Corporation–PeopleSoft Enterprise ELM Enterprise Learning Management |
Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management product of Oracle PeopleSoft (component: Enterprise Learning Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise ELM Enterprise Learning Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise ELM Enterprise Learning Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2024-10-15 | 5.4 | CVE-2024-21286 | secalert_us@oracle.com |
| Oracle Corporation–PeopleSoft Enterprise FIN Expenses |
Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Expenses. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FIN Expenses accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 2024-10-15 | 4.3 | CVE-2024-21249 | secalert_us@oracle.com |
| oretnom23 — online_eyewear_shop |
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=system_info/contact_info of the component Contact Information Page. The manipulation of the argument Address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-10-15 | 4.8 | CVE-2024-9952 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| parcelpro–Parcel Pro |
The Parcel Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘action’ parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-18 | 6.1 | CVE-2024-9383 | security@wordfence.com security@wordfence.com |
| paretodigital–YASR Yet Another Star Rating Plugin for WordPress |
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. | 2024-10-16 | 6.3 | CVE-2022-4974 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Partnerships at Booking.com–Booking.com Banner Creator |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Partnerships at Booking.Com Booking.Com Banner Creator allows Stored XSS.This issue affects Booking.Com Banner Creator: from n/a through 1.4.6. | 2024-10-16 | 6.5 | CVE-2024-49265 | audit@patchstack.com |
| paulirish-1–Infinite-Scroll |
The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_ajax_edit and process_ajax_delete function. This makes it possible for unauthenticated attackers to make changes to plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-10-18 | 5.3 | CVE-2024-10040 | security@wordfence.com security@wordfence.com security@wordfence.com |
| paytium — paytium |
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to create a mollie payment profile. | 2024-10-16 | 6.5 | CVE-2023-7294 | security@wordfence.com security@wordfence.com |
| paytium — paytium |
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to cancel a subscription to the plugin. | 2024-10-16 | 5.4 | CVE-2023-7287 | security@wordfence.com security@wordfence.com |
| paytium — paytium |
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin settings. | 2024-10-16 | 4.3 | CVE-2023-7288 | security@wordfence.com security@wordfence.com |
| paytium — paytium |
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin API keys. | 2024-10-16 | 4.3 | CVE-2023-7289 | security@wordfence.com security@wordfence.com |
| paytium — paytium |
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to check profile statuses. | 2024-10-16 | 4.3 | CVE-2023-7290 | security@wordfence.com security@wordfence.com |
| paytium — paytium |
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to dismiss admin notices. | 2024-10-16 | 4.3 | CVE-2023-7292 | security@wordfence.com security@wordfence.com |
| paytium — paytium |
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to verify the existence of a mollie account. | 2024-10-16 | 4.3 | CVE-2023-7293 | security@wordfence.com security@wordfence.com |
| peepso–Community by PeepSo Social Network, Membership, Registration, User Profiles, Premium Mobile App |
The Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments, and profiles when Markdown support is enabled in all versions up to, and including, 6.4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-16 | 5.4 | CVE-2024-9873 | security@wordfence.com security@wordfence.com |
| Pepro Dev. Group–PeproDev Ultimate Invoice |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice allows Stored XSS.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.6. | 2024-10-17 | 6.5 | CVE-2024-49298 | audit@patchstack.com |
| persianscript– Persian WooCommerce SMS |
The ?????? ????? ??????? Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-17 | 6.1 | CVE-2024-9213 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Peter CyClop–WordPress Video |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Peter CyClop WordPress Video allows Stored XSS.This issue affects WordPress Video: from n/a through 1.0. | 2024-10-18 | 6.5 | CVE-2024-49231 | audit@patchstack.com |
| PHPGurukul–Boat Booking System |
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument nopeople leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-19 | 6.3 | CVE-2024-10153 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| PHPGurukul–Boat Booking System |
A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file status.php of the component Check Booking Status Page. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-19 | 6.3 | CVE-2024-10154 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| PHPGurukul–Boat Booking System |
A vulnerability, which was classified as critical, has been found in PHPGurukul Boat Booking System 1.0. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php of the component BW Dates Report Page. The manipulation of the argument fdate/tdate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “fdate” to be affected. But it must be assumed “tdate” is affected as well. | 2024-10-20 | 6.3 | CVE-2024-10160 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| PHPGurukul–Boat Booking System |
A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-20 | 6.3 | CVE-2024-10161 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| PHPGurukul–Boat Booking System |
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-subadmin.php of the component Edit Subdomain Details Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “mobilenumber” to be affected. But it must be assumed that other parameters are affected as well. | 2024-10-20 | 6.3 | CVE-2024-10162 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| PHPGurukul–Boat Booking System |
A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0. Affected is the function session_start. The manipulation leads to session fixiation. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-19 | 4.3 | CVE-2024-10158 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| PINPOINT.WORLD–Pinpoint Booking System |
Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1. | 2024-10-17 | 5.4 | CVE-2024-49304 | audit@patchstack.com |
| plainware–Locatoraid Store Locator |
The Locatoraid Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST keys in all versions up to, and including, 3.9.47 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-16 | 6.1 | CVE-2024-9652 | security@wordfence.com security@wordfence.com security@wordfence.com |
| podpirate–ACF Quick Edit Fields |
The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users capability to access metadata of other users, this includes contributor-level users and above. | 2024-10-16 | 6.5 | CVE-2023-7286 | security@wordfence.com security@wordfence.com security@wordfence.com |
| Portfoliohub–WordPress Portfolio Builder Portfolio Gallery |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7. | 2024-10-17 | 6.5 | CVE-2024-49302 | audit@patchstack.com |
| prasidhda–Woo Manage Fraud Orders |
The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 6.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-16 | 6.1 | CVE-2024-9937 | security@wordfence.com security@wordfence.com security@wordfence.com |
| PressTigers–Simple Testimonials Showcase |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in PressTigers Simple Testimonials Showcase.This issue affects Simple Testimonials Showcase: from n/a through 1.1.6. | 2024-10-17 | 5.9 | CVE-2024-49295 | audit@patchstack.com |
| quantizor — markdown-to-jsx |
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown. | 2024-10-15 | 6.1 | CVE-2024-21535 | report@snyk.io report@snyk.io |
| quomodosoft–ElementsReady Addons for Elementor |
The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-16 | 6.4 | CVE-2024-9444 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Razon Komar Pal–Linked Variation for WooCommerce |
Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Linked Variation for WooCommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through 1.0.5. | 2024-10-17 | 4.3 | CVE-2024-48047 | audit@patchstack.com |
| Red Hat–OpenShift Developer Tools and Services |
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`–userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host. | 2024-10-15 | 6.5 | CVE-2024-9676 | secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| Red Hat–Red Hat Ansible Automation Platform 2 |
A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the “?next=” in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data. | 2024-10-16 | 5.4 | CVE-2024-10033 | secalert@redhat.com secalert@redhat.com |
| Red Hat–Red Hat Ansible Automation Platform 2 |
A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references. | 2024-10-15 | 5.3 | CVE-2024-9979 | secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| Red Hat–Red Hat Quay 3 |
A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement. While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future. | 2024-10-17 | 4.8 | CVE-2024-9683 | secalert@redhat.com secalert@redhat.com |
| RITTAL GmbH & Co. KG–IoT Interface & CMC III Processing Unit |
The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function. | 2024-10-15 | 6.8 | CVE-2024-47944 | 551230f0-3615-47bd-b7cc-93e92e730bbf 551230f0-3615-47bd-b7cc-93e92e730bbf |
| sajjad67–Advanced Category and Custom Taxonomy Image |
The Advanced Category and Custom Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ad_tax_image shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-18 | 6.4 | CVE-2024-9425 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| shaonsina–Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) |
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data. | 2024-10-16 | 4.3 | CVE-2024-9540 | security@wordfence.com security@wordfence.com |
| Sinan Yorulmaz–G Meta Keywords |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Sinan Yorulmaz G Meta Keywords allows Stored XSS.This issue affects G Meta Keywords: from n/a through 1.4. | 2024-10-17 | 6.5 | CVE-2024-49301 | audit@patchstack.com |
| SKT Themes–SKT Blocks Gutenberg based Page Builder |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in SKT Themes SKT Blocks – Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.6. | 2024-10-17 | 6.5 | CVE-2024-48036 | audit@patchstack.com |
| smackcoders–SendGrid for WordPress |
The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘wp_mailplus_clear_logs’ function in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin’s log files. | 2024-10-18 | 4.3 | CVE-2024-9364 | security@wordfence.com security@wordfence.com security@wordfence.com |
| SolarWinds–Kiwi CatTools |
SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes. | 2024-10-17 | 5.1 | CVE-2024-45713 | psirt@solarwinds.com |
| SolarWinds–Serv-U |
Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. | 2024-10-16 | 4.8 | CVE-2024-45714 | psirt@solarwinds.com |
| SourceCodester–Sentiment Based Movie Rating System |
A vulnerability was found in SourceCodester Sentiment Based Movie Rating System 1.0. It has been classified as critical. Affected is an unknown function of the file /msrps/movie_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure mentions a slightly changed product name. | 2024-10-20 | 6.3 | CVE-2024-10163 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| splunk — splunk |
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the “admin” or “power” Splunk roles could run a search as the “nobody” Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data. | 2024-10-14 | 6.5 | CVE-2024-45732 | prodsec@splunk.com prodsec@splunk.com |
| splunk — splunk |
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft a search query with an improperly formatted “INGEST_EVAL” parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd). | 2024-10-14 | 6.5 | CVE-2024-45736 | prodsec@splunk.com prodsec@splunk.com |
| splunk — splunk |
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user. | 2024-10-14 | 5.4 | CVE-2024-45740 | prodsec@splunk.com prodsec@splunk.com |
| splunk — splunk |
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the “admin” or “power” Splunk roles could create a malicious payload through a custom configuration file that the “api.uri” parameter from the “/manager/search/apps/local” endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user. | 2024-10-14 | 5.4 | CVE-2024-45741 | prodsec@splunk.com prodsec@splunk.com |
| splunk — splunk |
In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the “admin” or “power” Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard. | 2024-10-14 | 4.3 | CVE-2024-45734 | prodsec@splunk.com prodsec@splunk.com |
| splunk — splunk |
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the “admin” or “power” Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App. | 2024-10-14 | 4.3 | CVE-2024-45735 | prodsec@splunk.com prodsec@splunk.com |
| splunk — splunk |
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level. | 2024-10-14 | 4.9 | CVE-2024-45738 | prodsec@splunk.com prodsec@splunk.com |
| splunk — splunk |
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level. | 2024-10-14 | 4.9 | CVE-2024-45739 | prodsec@splunk.com prodsec@splunk.com |
| strategy11team–Formidable Forms Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder |
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form. | 2024-10-16 | 5.3 | CVE-2017-20194 | security@wordfence.com security@wordfence.com |
| Streamline.lv–CartBounty Save and recover abandoned carts for WooCommerce |
Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty – Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a through 8.2. | 2024-10-20 | 6.5 | CVE-2024-47634 | audit@patchstack.com |
| streamweasels–StreamWeasels Twitch Integration |
The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-19 | 6.4 | CVE-2024-9897 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| sukiwp–Suki Sites Import |
The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-18 | 6.4 | CVE-2024-8916 | security@wordfence.com security@wordfence.com |
| Sumit Surai–Featured Posts with Multiple Custom Groups (FPMCG) |
Cross-Site Request Forgery (CSRF) vulnerability in Sumit Surai Featured Posts with Multiple Custom Groups (FPMCG) allows Cross Site Request Forgery.This issue affects Featured Posts with Multiple Custom Groups (FPMCG): from n/a through 4.0. | 2024-10-17 | 6.5 | CVE-2024-48031 | audit@patchstack.com |
| Supsystic–Contact Form by Supsystic |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Supsystic Contact Form by Supsystic allows Stored XSS.This issue affects Contact Form by Supsystic: from n/a through 1.7.28. | 2024-10-17 | 5.9 | CVE-2024-48046 | audit@patchstack.com |
| SUSE–rancher |
A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. | 2024-10-16 | 6.6 | CVE-2023-32196 | meissner@suse.de meissner@suse.de |
| SUSE–rancher |
A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled. When reconciling, the Kube API secret values are written in plaintext on the AppliedSpec. Cluster owners, Cluster members, and Project members (for projects within the cluster), all have RBAC permissions to view the cluster object from the apiserver. | 2024-10-16 | 6.5 | CVE-2024-22032 | meissner@suse.de meissner@suse.de |
| SUSE–SUSE Linux Enterprise Desktop 15 SP5 |
Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim | 2024-10-16 | 5.5 | CVE-2024-22034 | meissner@suse.de |
| SUSE–SUSE Manager Server Module 4.3 |
Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys | 2024-10-16 | 5.9 | CVE-2023-32189 | meissner@suse.de |
| SUSE–SUSE Package Hub 15 SP5 |
The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps | 2024-10-16 | 6.3 | CVE-2024-22033 | meissner@suse.de |
| Swebdeveloper–wpPricing Builder |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Swebdeveloper wpPricing Builder allows Stored XSS.This issue affects wpPricing Builder: from n/a through 1.5.0. | 2024-10-18 | 6.5 | CVE-2024-49225 | audit@patchstack.com |
| SysBasics–Shortcode For Elementor Templates |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in SysBasics Shortcode For Elementor Templates allows Stored XSS.This issue affects Shortcode For Elementor Templates: from n/a through 1.0.0. | 2024-10-17 | 6.5 | CVE-2024-48022 | audit@patchstack.com |
| Tady Walsh–Tito |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Tady Walsh Tito allows DOM-Based XSS.This issue affects Tito: from n/a through 2.3. | 2024-10-18 | 6.5 | CVE-2024-49241 | audit@patchstack.com |
| Takashi Matsuyama–My Favorites |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Takashi Matsuyama My Favorites allows Stored XSS.This issue affects My Favorites: from n/a through 1.4.1. | 2024-10-17 | 6.5 | CVE-2024-49263 | audit@patchstack.com |
| teamplus technology–team+ |
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them. | 2024-10-14 | 4.9 | CVE-2024-9923 | twcert@cert.org.tw twcert@cert.org.tw |
| Tecno–4G Portable WiFi TR118 |
A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-20 | 4.7 | CVE-2024-10195 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Teplitsa of social technologies–Leyka |
: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.6. | 2024-10-16 | 5.3 | CVE-2024-49252 | audit@patchstack.com |
| thecatkin–ReDi Restaurant Reservation |
The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 24.0902. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-17 | 6.1 | CVE-2024-9240 | security@wordfence.com security@wordfence.com security@wordfence.com |
| thehowarde–Parallax Image |
The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-17 | 6.4 | CVE-2024-9898 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| themeid–Elemenda |
The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-18 | 6.4 | CVE-2024-9373 | security@wordfence.com security@wordfence.com |
| themeinwp–Social Share With Floating Bar |
The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-18 | 6.1 | CVE-2024-8790 | security@wordfence.com security@wordfence.com |
| Themesflat–Themesflat Addons For Elementor |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.0. | 2024-10-17 | 6.5 | CVE-2024-49310 | audit@patchstack.com |
| themeworm–Plexx Elementor Extension |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in themeworm Plexx Elementor Extension allows Stored XSS.This issue affects Plexx Elementor Extension: from n/a through 1.3.4. | 2024-10-18 | 6.5 | CVE-2024-49234 | audit@patchstack.com |
| Thimo Grauerholz–WP-Spreadplugin |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Thimo Grauerholz WP-Spreadplugin allows Stored XSS.This issue affects WP-Spreadplugin: from n/a through 4.8.9. | 2024-10-16 | 5.9 | CVE-2024-49266 | audit@patchstack.com |
| tiandi–Flat UI Button |
The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-18 | 6.4 | CVE-2024-10014 | security@wordfence.com security@wordfence.com |
| TipTopPress–Hyperlink Group Block |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in TipTopPress Hyperlink Group Block allows Stored XSS.This issue affects Hyperlink Group Block: from n/a through 1.17.5. | 2024-10-17 | 6.5 | CVE-2024-49279 | audit@patchstack.com |
| tkama–Kama SpamBlock |
The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST values in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-16 | 6.1 | CVE-2024-9647 | security@wordfence.com security@wordfence.com security@wordfence.com |
| Tophive–Ultimate AI |
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated value check in the ‘ultimate_ai_change_pass’ function. This makes it possible for unauthenticated attackers to reset the password of the first user, whose account is not yet activated or the first user who activated their account, who are subscribers. | 2024-10-16 | 5.6 | CVE-2024-9104 | security@wordfence.com security@wordfence.com |
| tychesoftwares–Arconix Shortcodes |
The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘button’ shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-18 | 6.4 | CVE-2024-9703 | security@wordfence.com security@wordfence.com |
| vercel–next.js |
Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned. | 2024-10-14 | 5.9 | CVE-2024-47831 | security-advisories@github.com security-advisories@github.com |
| VillaTheme–Email Template Customizer for WooCommerce |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through 1.2.5. | 2024-10-17 | 5.9 | CVE-2024-49288 | audit@patchstack.com |
| vladolaru–Fonto Custom Web Fonts Manager |
The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-17 | 6.4 | CVE-2024-8920 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| WAVLINK–WN530H4 |
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-20 | 4.7 | CVE-2024-10193 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Weblizar–Lightbox slider Responsive Lightbox Gallery |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Weblizar Lightbox slider – Responsive Lightbox Gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n/a through 1.10.0. | 2024-10-17 | 6.5 | CVE-2024-49280 | audit@patchstack.com |
| wepic–Country Flags for Elementor |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in wepic Country Flags for Elementor allows Stored XSS.This issue affects Country Flags for Elementor: from n/a through 1.0.1. | 2024-10-17 | 6.5 | CVE-2024-49262 | audit@patchstack.com |
| WhileTrue–Most And Least Read Posts Widget |
Cross-Site Request Forgery (CSRF) vulnerability in WhileTrue Most And Least Read Posts Widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.18. | 2024-10-20 | 4.3 | CVE-2024-49628 | audit@patchstack.com |
| WisdmLabs–Edwiser Bridge |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WisdmLabs Edwiser Bridge allows Stored XSS.This issue affects Edwiser Bridge: from n/a through 3.0.7. | 2024-10-17 | 6.5 | CVE-2024-49311 | audit@patchstack.com |
| WisdmLabs–Edwiser Bridge |
Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.7. | 2024-10-17 | 4.9 | CVE-2024-49312 | audit@patchstack.com |
| withastro–astro |
The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting (XSS) in websites enables Astro’s client-side routing and has *stored* attacker-controlled scriptless HTML elements (i.e., `iframe` tags with unsanitized `name` attributes) on the destination pages. This vulnerability can result in cross-site scripting (XSS) attacks on websites that built with Astro that enable the client-side routing with `ViewTransitions` and store the user-inserted scriptless HTML tags without properly sanitizing the `name` attributes on the page. Version 4.16.1 contains a patch for this issue. | 2024-10-14 | 5.9 | CVE-2024-47885 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| woocommerce — woocommerce |
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions. | 2024-10-15 | 6.1 | CVE-2024-9944 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| WooCommerce–Product Vendors |
The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the ‘vendor_description’ parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-16 | 4.7 | CVE-2017-20193 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| WooCommerce–WooCommerce Smart Coupons |
The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to send themselves gift certificates of any value, which could be redeemed for products sold on the victim’s storefront. | 2024-10-16 | 5.3 | CVE-2020-36841 | security@wordfence.com security@wordfence.com |
| WordPress Foundation–WordPress |
WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page. | 2024-10-16 | 4.9 | CVE-2022-4973 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| WP-buy–WP Content Copy Protection & No Right Click |
Cross-Site Request Forgery (CSRF) vulnerability in WP-buy WP Content Copy Protection & No Right Click allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through 3.5.9. | 2024-10-20 | 4.3 | CVE-2024-49306 | audit@patchstack.com |
| wp-slimstat — slimstat_analytics |
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-15 | 6.1 | CVE-2024-9548 | security@wordfence.com security@wordfence.com security@wordfence.com |
| wpdevteam–Essential Addons for Elementor Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders |
The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform many unauthorized actions such as changing settings and installing arbitrary plugins. | 2024-10-16 | 6.3 | CVE-2021-4446 | security@wordfence.com security@wordfence.com |
| wpdiscover–Photo Gallery Builder |
Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions. | 2024-10-20 | 4.3 | CVE-2024-49325 | audit@patchstack.com |
| wpextended–The Ultimate WordPress Toolkit WP Extended |
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpext-export’ parameter in all versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-17 | 6.1 | CVE-2024-9347 | security@wordfence.com security@wordfence.com security@wordfence.com |
| wpindeed–Indeed Membership Pro |
The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 – 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subscriber, to perform a variety of actions such as modifying settings and viewing sensitive data. | 2024-10-16 | 6.3 | CVE-2020-36833 | security@wordfence.com security@wordfence.com |
| wpmudev–Forminator Forms Contact Form, Payment Form & Custom Form Builder |
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the quiz ‘create_module’ function. This makes it possible for unauthenticated attackers to create draft quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-10-17 | 4.3 | CVE-2024-9351 | security@wordfence.com security@wordfence.com security@wordfence.com |
| wpmudev–Forminator Forms Contact Form, Payment Form & Custom Form Builder |
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the custom form ‘create_module’ function. This makes it possible for unauthenticated attackers to create draft forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-10-17 | 4.3 | CVE-2024-9352 | security@wordfence.com security@wordfence.com security@wordfence.com |
| wproyal–Royal Elementor Addons and Templates |
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected posts. | 2024-10-17 | 4.3 | CVE-2024-7417 | security@wordfence.com security@wordfence.com security@wordfence.com |
| wpvividplugins–Migration, Backup, Staging WPvivid |
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site’s database due to missing capability checks on the wp_ajax_wpvivid_add_remote AJAX action that allows low-level authenticated attackers to send back-ups to a remote location of their choice for review. This affects versions up to, and including 0.9.35. | 2024-10-16 | 4.9 | CVE-2020-36835 | security@wordfence.com security@wordfence.com security@wordfence.com |
| WPWeb–Social Auto Poster |
Cross-Site Request Forgery (CSRF) vulnerability in WPWeb Social Auto Poster allows Cross Site Request Forgery.This issue affects Social Auto Poster: from n/a through 5.3.15. | 2024-10-20 | 4.3 | CVE-2024-49272 | audit@patchstack.com |
| wpzest–Easy Menu Manager | WPZest |
The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-18 | 6.4 | CVE-2024-9366 | security@wordfence.com security@wordfence.com |
| wpzita–Zita Elementor Site Library |
The Zita Elementor Site Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-16 | 6.4 | CVE-2024-8921 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| xplodedthemes — wpide |
The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution results. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-10-15 | 5.3 | CVE-2024-9546 | security@wordfence.com security@wordfence.com |
| zaytech — smart_online_order_for_clover |
The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-15 | 5.4 | CVE-2024-9895 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| zluck–Multiline files upload for contact form 7 |
The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugin_form_submission() function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate the plugin and send a custom reason from the site. | 2024-10-16 | 4.3 | CVE-2024-9891 | security@wordfence.com security@wordfence.com security@wordfence.com |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| Admidio–admidio |
Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue. | 2024-10-16 | 3.5 | CVE-2024-47836 | security-advisories@github.com |
| authzed — spicedb |
SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources2` and have caveats in the evaluation path for their requests can return a permissionship of `CONDITIONAL` with context marked as missing, even then the context was supplied. LookupResources2 is the new default in SpiceDB 1.37.0 and has been opt-in since SpiceDB 1.35.0. The bug is patched as part of SpiceDB 1.37.1. As a workaround, disable LookupResources2 via the `–enable-experimental-lookup-resources` flag by setting it to `false`. | 2024-10-14 | 2.4 | CVE-2024-48909 | security-advisories@github.com security-advisories@github.com |
| code-projects–Blood Bank System |
A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /viewrequest.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-19 | 3.5 | CVE-2024-10142 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Eclipse Foundation–Jetty |
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. | 2024-10-14 | 3.1 | CVE-2024-6762 | emo@eclipse.org emo@eclipse.org emo@eclipse.org emo@eclipse.org emo@eclipse.org emo@eclipse.org |
| Eclipse Foundation–Jetty |
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks. | 2024-10-14 | 3.7 | CVE-2024-6763 | emo@eclipse.org emo@eclipse.org emo@eclipse.org |
| elabftw–elabftw |
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to 5.1.5 allows an attacker to inject arbitrary HTML tags in the pages: “experiments.php” (show mode), “database.php” (show mode) or “search.php”. It works by providing HTML code in the extended search string, which will then be displayed back to the user in the error message. This means that injected HTML will appear in a red “alert/danger” box, and be part of an error message. Due to some other security measures, it is not possible to execute arbitrary javascript from this attack. As such, this attack is deemed low impact. Users should upgrade to at least version 5.1.5 to receive a patch. No known workarounds are available. | 2024-10-14 | 3.5 | CVE-2024-47826 | security-advisories@github.com security-advisories@github.com |
| jsbroks–COCO Annotator |
A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRET_KEY leads to predictable from observable state. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | 2024-10-19 | 3.7 | CVE-2024-10141 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| oracle — graalvm |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | 2024-10-15 | 3.7 | CVE-2024-21217 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L). | 2024-10-15 | 3.1 | CVE-2024-21231 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data as well as unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). | 2024-10-15 | 3.8 | CVE-2024-21247 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N). | 2024-10-15 | 2 | CVE-2024-21209 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). | 2024-10-15 | 2.2 | CVE-2024-21232 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). | 2024-10-15 | 2.2 | CVE-2024-21237 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N). | 2024-10-15 | 2.2 | CVE-2024-21243 | secalert_us@oracle.com |
| oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N). | 2024-10-15 | 2.2 | CVE-2024-21244 | secalert_us@oracle.com |
| oracle — vm_virtualbox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). | 2024-10-15 | 2.3 | CVE-2024-21253 | secalert_us@oracle.com |
| Oracle Corporation–GraalVM |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 2024-10-15 | 3.7 | CVE-2024-21211 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Database Server |
Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via HTTP to compromise XML Database. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XML Database. CVSS 3.1 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). | 2024-10-15 | 3.5 | CVE-2024-21242 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Database Server |
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). | 2024-10-15 | 3.1 | CVE-2024-21251 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Hyperion BI+ |
Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.18.0.000. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Hyperion BI+ executes to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hyperion BI+ accessible data. CVSS 3.1 Base Score 3.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N). | 2024-10-15 | 3 | CVE-2024-21257 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Java SE |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | 2024-10-15 | 3.7 | CVE-2024-21208 | secalert_us@oracle.com |
| Oracle Corporation–Oracle Java SE |
Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 2024-10-15 | 3.7 | CVE-2024-21210 | secalert_us@oracle.com |
| PHPGurukul–Boat Booking System |
A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument phone_number leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-19 | 3.5 | CVE-2024-10155 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| PHPGurukul–Boat Booking System |
A vulnerability, which was classified as problematic, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/book-details.php of the component Booking Details Page. The manipulation of the argument Official Remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-20 | 3.5 | CVE-2024-10191 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| PHPGurukul–IFSC Code Finder Project |
A vulnerability has been found in PHPGurukul IFSC Code Finder Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file search.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-20 | 3.5 | CVE-2024-10192 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| splunk — splunk |
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the “admin” or “power” Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF). | 2024-10-14 | 3.5 | CVE-2024-45737 | prodsec@splunk.com prodsec@splunk.com |
| Topdata–Inner Rep Plus WebServer |
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-18 | 2.7 | CVE-2024-10122 | cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Topdata–Inner Rep Plus WebServer |
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-18 | 2.7 | CVE-2024-10128 | cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| VMware–Spring |
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected. | 2024-10-18 | 3.1 | CVE-2024-38820 | security@vmware.com |
| vue–vue |
Improper regular expression in Vue’s parseHTML function leads to a potential regular expression denial of service vulnerability. | 2024-10-15 | 3.7 | CVE-2024-9506 | 36c7be3b-2937-45df-85ea-ca7133ea542c |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| Apache Software Foundation–Apache Roller |
Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller’s CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4. Roller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue. Roller 6.1.4 release announcement: https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw | 2024-10-14 | not yet calculated | CVE-2024-46911 | security@apache.org |
| AstroxNetwork–agent_dart |
Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in `lib/agent/certificate.dart` does not occur properly. During the delegation verification in the `_checkDelegation` function, the canister_ranges aren’t verified. The impact of not checking the canister_ranges is that a subnet can sign canister responses in behalf of another subnet. The certificate’s timestamp, i.e /time path, is also not verified, meaning that the certificate effectively has no expiration time. Version 1.0.0-dev.29 implements appropriate certificate verification. | 2024-10-15 | not yet calculated | CVE-2024-48915 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| binary-husky–binary-husky/gpt_academic |
A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration values. | 2024-10-17 | not yet calculated | CVE-2024-10100 | security@huntr.dev |
| binary-husky–binary-husky/gpt_academic |
A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payload in the victim’s browser when the file is accessed. This can result in the theft of session cookies or other sensitive information. | 2024-10-17 | not yet calculated | CVE-2024-10101 | security@huntr.dev |
| BItdefender–Total Security |
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites. | 2024-10-18 | not yet calculated | CVE-2023-6056 | cve-requests@bitdefender.com |
| Bitdefender–Total Security |
A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site’s certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate. | 2024-10-18 | not yet calculated | CVE-2023-49567 | cve-requests@bitdefender.com |
| Bitdefender–Total Security |
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn’t authorized to issue certificates. This occurs when the “Basic Constraints” extension in the certificate indicates that it is meant to be an “End Entity”. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website. | 2024-10-18 | not yet calculated | CVE-2023-49570 | cve-requests@bitdefender.com |
| Bitdefender–Total Security |
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the “Server Authentication” specification in the Extended Key Usage extension, the product does not verify the certificate’s compliance with the site, deeming such certificates as valid. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website. | 2024-10-18 | not yet calculated | CVE-2023-6055 | cve-requests@bitdefender.com |
| Bitdefender–Total Security |
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate. | 2024-10-18 | not yet calculated | CVE-2023-6057 | cve-requests@bitdefender.com |
| Bitdefender–Total Security |
A vulnerability has been identified in Bitdefender Safepay’s handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications. | 2024-10-18 | not yet calculated | CVE-2023-6058 | cve-requests@bitdefender.com |
| Checkmk GmbH–Checkmk |
Insertion of Sensitive Information into Log File in Checkmk GmbH’s Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators. | 2024-10-14 | not yet calculated | CVE-2024-38862 | security@checkmk.com |
| Checkmk GmbH–Checkmk |
Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH’s Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks. | 2024-10-14 | not yet calculated | CVE-2024-38863 | security@checkmk.com |
| comfyanonymous–comfyanonymous/comfyui |
A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the `/api/upload/image` endpoint. The payload is executed when the file is viewed through the `/view` API endpoint, leading to potential execution of arbitrary JavaScript code. | 2024-10-17 | not yet calculated | CVE-2024-10099 | security@huntr.dev |
| Docker–Docker Desktop |
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. | 2024-10-16 | not yet calculated | CVE-2024-9348 | security@docker.com |
| element-hq–element-desktop |
Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets. | 2024-10-15 | not yet calculated | CVE-2024-47771 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| element-hq–element-web |
Element is a Matrix web client built using the Matrix React SDK .Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Note that despite superficial similarity to CVE-2024-47771, this is an entirely separate vulnerability, caused by a separate piece of code included only in Element Web. Element Web and Element Desktop share most but not all, of their code and this vulnerability exists in the part of the code base which is not shared between the projects. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets. | 2024-10-15 | not yet calculated | CVE-2024-47779 | security-advisories@github.com security-advisories@github.com |
| Elvaco–M-Bus Metering Gateway CMe3100 |
The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information. | 2024-10-17 | not yet calculated | CVE-2024-49396 | ics-cert@hq.dhs.gov |
| Elvaco–M-Bus Metering Gateway CMe3100 |
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts. | 2024-10-17 | not yet calculated | CVE-2024-49397 | ics-cert@hq.dhs.gov |
| Elvaco–M-Bus Metering Gateway CMe3100 |
The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code. | 2024-10-17 | not yet calculated | CVE-2024-49398 | ics-cert@hq.dhs.gov |
| Elvaco–M-Bus Metering Gateway CMe3100 |
The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. | 2024-10-17 | not yet calculated | CVE-2024-49399 | ics-cert@hq.dhs.gov |
| encode–starlette |
Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fields and cause Starlette to both slow down significantly due to excessive memory allocations and copy operations, and also consume more and more memory until the server starts swapping and grinds to a halt, or the OS terminates the server process with an OOM error. Uploading multiple such requests in parallel may be enough to render a service practically unusable, even if reasonable request size limits are enforced by a reverse proxy in front of Starlette. This Denial of service (DoS) vulnerability affects all applications built with Starlette (or FastAPI) accepting form requests. Verison 0.40.0 fixes this issue. | 2024-10-15 | not yet calculated | CVE-2024-47874 | security-advisories@github.com security-advisories@github.com |
| Hewlett Packard Enterprise (HPE)–HPE OneView |
This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users. | 2024-10-18 | not yet calculated | CVE-2024-42508 | security-alert@hpe.com |
| Hikvision–HikCentral Master Lite |
There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file. | 2024-10-18 | not yet calculated | CVE-2024-47485 | hsrc@hikvision.com |
| Hikvision–HikCentral Master Lite |
There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could inject scripts into certain pages by building malicious data. | 2024-10-18 | not yet calculated | CVE-2024-47486 | hsrc@hikvision.com |
| Hikvision–HikCentral Professional |
There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries. | 2024-10-18 | not yet calculated | CVE-2024-47487 | hsrc@hikvision.com |
| infiniflow–infiniflow/ragflow |
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input `req[‘llm_factory’]` and `req[‘llm_name’]` to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to potentially execute arbitrary code due to the lack of comprehensive input validation or sanitization. An attacker could provide a malicious value for ‘llm_factory’ that, when used as an index to these model dictionaries, results in the execution of arbitrary code. | 2024-10-19 | not yet calculated | CVE-2024-10131 | security@huntr.dev |
| Ivanti–Connect Secure |
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution. | 2024-10-18 | not yet calculated | CVE-2024-37404 | support@hackerone.com |
| Ivanti–DSM |
Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. | 2024-10-18 | not yet calculated | CVE-2024-29213 | support@hackerone.com |
| Ivanti–DSM |
Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. | 2024-10-18 | not yet calculated | CVE-2024-29821 | support@hackerone.com |
| Kajitori Co.,Ltd–Exment |
Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table. | 2024-10-18 | not yet calculated | CVE-2024-46897 | vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
| Kajitori Co.,Ltd–Exment |
Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser of the user. | 2024-10-18 | not yet calculated | CVE-2024-47793 | vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
| Lakeside Software–SysTrack LsiAgent Installer |
Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access. | 2024-10-18 | not yet calculated | CVE-2023-6080 | mandiant-cve@google.com mandiant-cve@google.com mandiant-cve@google.com |
| LCDS – Leo Consultoria e Desenvolvimento de Sistemas Ltda ME–LAquis SCADA |
In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. This could allow an attacker to steal cookies, redirect users, or perform unauthorized actions. | 2024-10-17 | not yet calculated | CVE-2024-9414 | ics-cert@hq.dhs.gov |
| matrix-org–matrix-js-sdk |
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061) and is commonly used to share historical message keys with newly invited users, granting them access to past messages in the room. However, it unconditionally sends these “shared” keys to all of the invited user’s devices, regardless of whether the user’s cryptographic identity is verified or whether the user’s devices are signed by that identity. This allows the attacker to potentially inject its own devices to receive sensitive historical keys without proper security checks. Note that this only affects clients running the SDK with the legacy crypto stack. Clients using the new Rust cryptography stack (i.e. those that call `MatrixClient.initRustCrypto()` instead of `MatrixClient.initCrypto()`) are unaffected by this vulnerability, because `MatrixClient.sendSharedHistoryKeys()` raises an exception in such environments. The vulnerability was fixed in matrix-js-sdk 34.8.0 by removing the vulnerable functionality. As a workaround, remove use of affected functionality from clients. | 2024-10-15 | not yet calculated | CVE-2024-47080 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| matrix-org–matrix-react-sdk |
matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that room, via injection of a malicious device controlled by the homeserver. This is possible because matrix-react-sdk before 3.102.0 shared historical message keys on invite. Version 3.102.0 fixes this issue by disabling sharing message keys on invite by removing calls to the vulnerable functionality. No known workarounds are available. | 2024-10-15 | not yet calculated | CVE-2024-47824 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| MessagePack-CSharp–MessagePack-CSharp |
### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialized. This is similar to [a prior advisory](https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf), which provided an inadequate fix for the hash collision part of the vulnerability. ### Patches The following steps are required to mitigate this risk. 1. Upgrade to a version of the library where a fix is available. 1. Review the steps in [this previous advisory](https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf) to ensure you have your application configured for untrusted data. ### Workarounds If upgrading MessagePack to a patched version is not an option for you, you may apply a manual workaround as follows: 1. Declare a class that derives from `MessagePackSecurity`. 2. Override the `GetHashCollisionResistantEqualityComparer<T>` method to provide a collision-resistant hash function of your own and avoid calling `base.GetHashCollisionResistantEqualityComparer<T>()`. 3. Configure a `MessagePackSerializerOptions` with an instance of your derived type by calling `WithSecurity` on an existing options object. 4. Use your custom options object for all deserialization operations. This may be by setting the `MessagePackSerializer.DefaultOptions` static property, if you call methods that rely on this default property, and/or by passing in the options object explicitly to any `Deserialize` method. ### References – Learn more about best security practices when reading untrusted data with [MessagePack 1.x](https://github.com/MessagePack-CSharp/MessagePack-CSharp/tree/v1.x#security) or [MessagePack 2.x](https://github.com/MessagePack-CSharp/MessagePack-CSharp#security). – The .NET team’s [discussion on hash collision vulnerabilities of their `HashCode` struct](https://github.com/GrabYourPitchforks/runtime/blob/threat_models/docs/design/security/System.HashCode.md). ### For more information If you have any questions or comments about this advisory: * [Start a public discussion](https://github.com/MessagePack-CSharp/MessagePack-CSharp/discussions) * [Email us privately](mailto:andrewarnott@live.com) | 2024-10-17 | not yet calculated | CVE-2024-48924 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| Meta–Tacquito |
Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That would have potentially allowed unauthorized commands to be executed. | 2024-10-17 | not yet calculated | CVE-2024-49400 | cve-assign@fb.com |
| Mozilla–Firefox |
When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3. | 2024-10-14 | not yet calculated | CVE-2024-9936 | security@mozilla.org security@mozilla.org |
| n/a–n/a |
The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem. | 2024-10-15 | not yet calculated | CVE-2024-44337 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution. | 2024-10-18 | not yet calculated | CVE-2024-45944 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component. | 2024-10-15 | not yet calculated | CVE-2024-48783 | cve@mitre.org |
| n/a–n/a |
The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve’s base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid. | 2024-10-15 | not yet calculated | CVE-2024-48948 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields before 6.3.6.3 (plugins for WordPress), using the Field Group editor to edit one of the plugin’s fields can result in execution of a stored XSS payload. NOTE: if you wish to use the WP Engine alternative update mechanism for the free version of ACF, then you can follow the process shown at the advancedcustomfields.com blog URL within the References section below. | 2024-10-17 | not yet calculated | CVE-2024-49593 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| Nokia–SR OS (7250 IXR, 7450 ESS, 7750 SR, 7950 IXR, VSR), 7705 SAR OS, 7210 SAS OS |
Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content. | 2024-10-17 | not yet calculated | CVE-2023-6728 | b48c3b8f-639e-4c16-8725-497bc411dad0 |
| OpenSSL–OpenSSL |
Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we’re aware of, either only “named curves” are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can’t represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an “exotic” curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with “exotic” explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. | 2024-10-16 | not yet calculated | CVE-2024-9143 | openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org |
| OpenText–Application Lifecycle Management (ALM),Quality Center |
Untrusted Search Path vulnerability in OpenTextâ„¢ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation. This issue affects Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1. | 2024-10-16 | not yet calculated | CVE-2023-32266 | security@opentext.com |
| OpenText–OpenText Application Automation Tools |
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | 2024-10-16 | not yet calculated | CVE-2024-4184 | security@opentext.com |
| OpenText–OpenText Application Automation Tools |
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | 2024-10-16 | not yet calculated | CVE-2024-4189 | security@opentext.com |
| OpenText–OpenText Application Automation Tools |
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks – ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Application Automation Tools: 24.1.0 and below. | 2024-10-16 | not yet calculated | CVE-2024-4211 | security@opentext.com |
| OpenText–OpenText Application Automation Tools |
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | 2024-10-16 | not yet calculated | CVE-2024-4690 | security@opentext.com |
| OpenText–OpenText Application Automation Tools |
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks – Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names. This issue affects OpenText Application Automation Tools: 24.1.0 and below. | 2024-10-16 | not yet calculated | CVE-2024-4692 | security@opentext.com |
| rails–rails |
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to version 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may use Ruby 3.2 as a workaround. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected. | 2024-10-16 | not yet calculated | CVE-2024-41128 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| rails–rails |
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller’s HTTP Token authentication. For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may choose to use Ruby 3.2 as a workaround.Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected. | 2024-10-16 | not yet calculated | CVE-2024-47887 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| rails–rails |
Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Carefully crafted text can cause the `plain_text_for_blockquote_node` helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. As a workaround, users can avoid calling `plain_text_for_blockquote_node` or upgrade to Ruby 3.2. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected. | 2024-10-16 | not yet calculated | CVE-2024-47888 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| rails–rails |
Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. As a workaround, users can avoid calling the `block_format` helper or upgrade to Ruby 3.2. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected. | 2024-10-16 | not yet calculated | CVE-2024-47889 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| RDSaiPlatforms–RDSlight |
RDS Light is a simplified version of the Reflective Dialogue System (RDS), a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation within the RDS AI framework, specifically within the user input handling code in the main module (`main.py`). This leaves the framework open to injection attacks and potential memory tampering. Any user or external actor providing input to the system could exploit this vulnerability to inject malicious commands, corrupt stored data, or affect API calls. This is particularly critical for users employing RDS AI in production environments where it interacts with sensitive systems, performs dynamic memory caching, or retrieves user-specific data for analysis. Impacted areas include developers using the RDS AI system as a backend for AI-driven applications and systems running RDS AI that may be exposed to untrusted environments or receive unverified user inputs. The vulnerability has been patched in version 1.1.0 of the RDS AI framework. All user inputs are now sanitized and validated against a set of rules designed to mitigate malicious content. Users should upgrade to version 1.1.0 or higher and ensure all dependencies are updated to their latest versions. For users unable to upgrade to the patched version, a workaround can be implemented. The user implementing the workaround should implement custom validation checks for user inputs to filter out unsafe characters and patterns (e.g., SQL injection attempts, script injections) and limit or remove features that allow user input until the system can be patched. | 2024-10-16 | not yet calculated | CVE-2024-48918 | security-advisories@github.com security-advisories@github.com |
| RITTAL GmbH & Co. KG–IoT Interface & CMC III Processing Unit |
The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the firmware and is freely available for download. This allows crafting malicious “signed” .patch files in order to compromise the device and execute arbitrary code. | 2024-10-15 | not yet calculated | CVE-2024-47943 | 551230f0-3615-47bd-b7cc-93e92e730bbf 551230f0-3615-47bd-b7cc-93e92e730bbf |
| sakaiproject–sakai |
Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability. | 2024-10-15 | not yet calculated | CVE-2024-47876 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| Schweizerische Steuerkonferenz–Library taxstatement.jar |
When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE (XML External Entity) attack. Further information on this can be found on the website of the Open Worldwide Application Security Project (OWASP). An attacker could theoretically leverage this by delivering a manipulated PDF file to the target, and depending on the environment, various actions can be executed. These actions include: * Reading files from the operating system * Crashing the thread handling the parsing or causing it to enter an infinite loop * Executing HTTP requests * Loading additional DTDs or XML files * Under certain conditions, executing OS commands | 2024-10-14 | not yet calculated | CVE-2024-8602 | vulnerability@ncsc.ch |
| SUSE–neuvector |
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. | 2024-10-16 | not yet calculated | CVE-2023-32188 | meissner@suse.de meissner@suse.de |
| torinriley–ACON |
ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potential vulnerability has been identified in the input validation process, which could lead to arbitrary code execution if exploited. This issue could allow an attacker to submit malicious input data, bypassing input validation, resulting in remote code execution in certain machine learning applications using the ACON library. All users utilizing ACON’s input-handling functions are potentially at risk. Specifically, machine learning models or applications that ingest user-generated data without proper sanitization are the most vulnerable. Users running ACON on production servers are at heightened risk, as the vulnerability could be exploited remotely. As of time of publication, it is unclear whether a fix is available. | 2024-10-18 | not yet calculated | CVE-2024-49361 | security-advisories@github.com |