Cvenotify

Posts

Date Content Media
2024-12-09 19:07:33
🚨 CVE-2021-47052In the Linux kernel, the following vulnerability has been resolved:crypto: sa2ul - Fix memory leak of rxdThere are two error return paths that are not freeing rxd and causingmemory leaks. Fix these.Addresses-Coverity: ("Resource leak")πŸŽ–@cveNotify
2024-12-09 19:07:28
🚨 CVE-2021-47050In the Linux kernel, the following vulnerability has been resolved:memory: renesas-rpc-if: fix possible NULL pointer dereference of resourceThe platform_get_resource_byname() can return NULL which would beimmediately dereferenced by resource_size(). Instead dereference itafter validating the resource.Addresses-Coverity: Dereference null return valueπŸŽ–@cveNotify
2024-12-09 19:07:27
🚨 CVE-2021-47046In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Fix off by one in hdmi_14_process_transaction()The hdcp_i2c_offsets[] array did not have an entry forHDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by oneread overflow. I added an entry and copied the 0x0 value for the offsetfrom similar code in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c.I also declared several of these arrays as having HDCP_MESSAGE_ID_MAXentries. This doesn't change the code, but it's just a belt andsuspenders approach to try future proof the code.πŸŽ–@cveNotify
2024-12-09 18:38:05
🚨 CVE-2021-47002In the Linux kernel, the following vulnerability has been resolved:SUNRPC: Fix null pointer dereference in svc_rqst_free()When alloc_pages_node() returns null in svc_rqst_alloc(), thenull rq_scratch_page pointer will be dereferenced when callingput_page() in svc_rqst_free(). Fix it by adding a null check.Addresses-Coverity: ("Dereference after null check")πŸŽ–@cveNotify
2024-12-09 18:37:59
🚨 CVE-2023-42853A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.πŸŽ–@cveNotify
2024-12-09 18:37:58
🚨 CVE-2023-28649The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.πŸŽ–@cveNotify
2024-12-09 18:37:57
🚨 CVE-2023-28386Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.πŸŽ–@cveNotify
2024-12-09 18:07:39
🚨 CVE-2023-52359Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module.Impact: Successful exploitation of this vulnerability will affect availability.πŸŽ–@cveNotify
2024-12-09 18:07:32
🚨 CVE-2021-47021In the Linux kernel, the following vulnerability has been resolved:mt76: mt7915: fix memleak when mt7915_unregister_device()mt7915_tx_token_put() should get call before mt76_free_pending_txwi().πŸŽ–@cveNotify
2024-12-09 18:07:31
🚨 CVE-2021-47013In the Linux kernel, the following vulnerability has been resolved:net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_sendIn emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).If some error happens in emac_tx_fill_tpd(), the skb will be freed viadev_kfree_skb(skb) in error branch of emac_tx_fill_tpd().But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len).As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len,thus my patch assigns skb->len to 'len' before the possible free anduse 'len' instead of skb->len later.πŸŽ–@cveNotify
2024-12-09 17:37:44
🚨 CVE-2024-45761Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service.πŸŽ–@cveNotify
2024-12-09 17:37:38
🚨 CVE-2024-45760Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges.πŸŽ–@cveNotify
2024-12-09 17:37:37
🚨 CVE-2024-11183The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).πŸŽ–@cveNotify
2024-12-09 17:37:36
🚨 CVE-2024-51164Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.πŸŽ–@cveNotify
2024-12-09 17:37:33
🚨 CVE-2023-42889The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to bypass certain Privacy preferences.πŸŽ–@cveNotify
2024-12-09 17:37:32
🚨 CVE-2023-42873The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.πŸŽ–@cveNotify
2024-12-09 17:37:31
🚨 CVE-2023-42843An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.πŸŽ–@cveNotify
2024-12-09 17:37:28
🚨 CVE-2023-52369Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity.πŸŽ–@cveNotify
2024-12-09 17:37:27
🚨 CVE-2023-52365Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.πŸŽ–@cveNotify
2024-12-09 17:08:07
🚨 CVE-2023-42954A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests.πŸŽ–@cveNotify
2024-12-09 17:08:06
🚨 CVE-2023-52363Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake.πŸŽ–@cveNotify
2024-12-09 17:08:03
🚨 CVE-2024-20923Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).πŸŽ–@cveNotify
2024-12-09 17:08:02
🚨 CVE-2022-23085A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption.On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.πŸŽ–@cveNotify
2024-12-09 17:08:01
🚨 CVE-2022-23084The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption.On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.πŸŽ–@cveNotify
2024-12-09 16:37:48
🚨 CVE-2024-40582Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.πŸŽ–@cveNotify
2024-12-09 16:37:43
🚨 CVE-2024-55564The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.πŸŽ–@cveNotify
2024-12-09 16:37:42
🚨 CVE-2024-33122Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function.πŸŽ–@cveNotify
2024-12-09 16:37:37
🚨 CVE-2024-23295A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.πŸŽ–@cveNotify
2024-12-09 16:37:36
🚨 CVE-2023-52361The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity.πŸŽ–@cveNotify
2024-12-09 15:08:19
🚨 CVE-2024-23298A logic issue was addressed with improved state management.πŸŽ–@cveNotify
2024-12-09 15:08:18
🚨 CVE-2024-0670Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privilegesπŸŽ–@cveNotify
2024-12-09 15:08:13
🚨 CVE-2024-23291A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.πŸŽ–@cveNotify
2024-12-09 15:08:12
🚨 CVE-2024-23289A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information.πŸŽ–@cveNotify
2024-12-09 15:08:08
🚨 CVE-2024-23286A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution.πŸŽ–@cveNotify
2024-12-09 15:08:07
🚨 CVE-2024-23283A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access user-sensitive data.πŸŽ–@cveNotify
2024-12-09 15:08:03
🚨 CVE-2024-23264A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An application may be able to read restricted memory.πŸŽ–@cveNotify
2024-12-09 15:08:02
🚨 CVE-2024-0011A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.πŸŽ–@cveNotify
2024-12-09 14:37:38
🚨 CVE-2024-53814Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Analytify.This issue affects Analytify: from n/a through 5.4.3.πŸŽ–@cveNotify
2024-12-09 13:38:02
🚨 CVE-2024-40965In the Linux kernel, the following vulnerability has been resolved:i2c: lpi2c: Avoid calling clk_get_rate during transferInstead of repeatedly calling clk_get_rate for each transfer, lockthe clock rate and cache the value.A deadlock has been observed while adding tlv320aic32x4 audio codec tothe system. When this clock provider adds its clock, the clk mutex islocked already, it needs to access i2c, which in return needs the mutexfor clk_get_rate as well.πŸŽ–@cveNotify
2024-12-09 13:38:01
🚨 CVE-2024-26686In the Linux kernel, the following vulnerability has been resolved:fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children statslock_task_sighand() can trigger a hard lockup. If NR_CPUS threads calldo_task_stat() at the same time and the process has NR_THREADS, it willspin with irqs disabled O(NR_CPUS * NR_THREADS) time.Change do_task_stat() to use sig->stats_lock to gather the statisticsoutside of ->siglock protected section, in the likely case this code willrun lockless.πŸŽ–@cveNotify
2024-12-09 11:37:31
🚨 CVE-2023-52920In the Linux kernel, the following vulnerability has been resolved:bpf: support non-r10 register spill/fill to/from stack in precision trackingUse instruction (jump) history to record instructions that performedregister spill/fill to/from stack, regardless if this was done throughread-only r10 register, or any other register after copying r10 into it*and* potentially adjusting offset.To make this work reliably, we push extra per-instruction flags intoinstruction history, encoding stack slot index (spi) and stack framenumber in extra 10 bit flags we take away from prev_idx in instructionhistory. We don't touch idx field for maximum performance, as it'schecked most frequently during backtracking.This change removes basically the last remaining practical limitation ofprecision backtracking logic in BPF verifier. It fixes knowndeficiencies, but also opens up new opportunities to reduce number ofverified states, explored in the subsequent patches.There are only three differences in selftests' BPF object filesaccording to veristat, all in the positive direction (less states).File Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)-------------------------------------- ------------- --------- --------- ------------- ---------- ---------- -------------test_cls_redirect_dynptr.bpf.linked3.o cls_redirect 2987 2864 -123 (-4.12%) 240 231 -9 (-3.75%)xdp_synproxy_kern.bpf.linked3.o syncookie_tc 82848 82661 -187 (-0.23%) 5107 5073 -34 (-0.67%)xdp_synproxy_kern.bpf.linked3.o syncookie_xdp 85116 84964 -152 (-0.18%) 5162 5130 -32 (-0.62%)Note, I avoided renaming jmp_history to more generic insn_hist tominimize number of lines changed and potential merge conflicts betweenbpf and bpf-next trees.Notice also cur_hist_entry pointer reset to NULL at the beginning ofinstruction verification loop. This pointer avoids the problem ofrelying on last jump history entry's insn_idx to determine whether wealready have entry for current instruction or not. It can happen that weadded jump history entry because current instruction is_jmp_point(), butalso we need to add instruction flags for stack access. In this case, wedon't want to entries, so we need to reuse last added entry, if it ispresent.Relying on insn_idx comparison has the same ambiguity problem as the onethat was fixed recently in [0], so we avoid that. [0] https://patchwork.kernel.org/project/netdevbpf/patch/20231110002638.4168352-3-andrii@kernel.org/πŸŽ–@cveNotify
2024-12-09 10:38:03
🚨 CVE-2024-46901Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.Repositories served via other access methods are not affected.πŸŽ–@cveNotify
2024-12-09 09:37:38
🚨 CVE-2024-12307A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the time of publication of the CVE no patch is available.πŸŽ–@cveNotify
2024-12-09 09:37:37
🚨 CVE-2024-12305An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the student_id parameter in the marks viewing endpoint. The vulnerability exists due to insufficient access control checks in MarkController.php. At the time of publication of the CVE no patch is available.πŸŽ–@cveNotify
2024-12-09 06:37:25
🚨 CVE-2024-9651The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).πŸŽ–@cveNotify
2024-12-09 05:37:44
🚨 CVE-2024-12358A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-12-09 05:37:43
🚨 CVE-2023-34246Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.πŸŽ–@cveNotify
2024-12-09 04:37:48
🚨 CVE-2024-53285Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.πŸŽ–@cveNotify
2024-12-09 04:37:47
🚨 CVE-2024-53284Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.πŸŽ–@cveNotify
2024-12-09 04:37:44
🚨 CVE-2024-53283Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.πŸŽ–@cveNotify
2024-12-09 04:37:43
🚨 CVE-2024-53280Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.πŸŽ–@cveNotify
2024-12-09 04:37:42
🚨 CVE-2024-53279Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.πŸŽ–@cveNotify
2024-12-09 03:37:40
🚨 CVE-2024-55582Oxide before 6 has unencrypted Control Plane datastores.πŸŽ–@cveNotify
2024-12-09 03:37:39
🚨 CVE-2024-55578Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files.πŸŽ–@cveNotify
2024-12-09 02:38:02
🚨 CVE-2024-55565nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.πŸŽ–@cveNotify
2024-12-09 02:37:57
🚨 CVE-2024-12354A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-12-09 02:37:56
🚨 CVE-2024-12352A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-12-09 01:37:31
🚨 CVE-2024-12351A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely.πŸŽ–@cveNotify
2024-12-09 01:37:30
🚨 CVE-2024-12348A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. It has been classified as problematic. Affected is the function AttachmentUtils.isUnSafe of the file /commons/attachment/upload of the component Attachment Upload Handler. The manipulation of the argument files[] leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-12-09 00:37:42
🚨 CVE-2024-12347A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewms_war/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-12-09 00:37:41
🚨 CVE-2024-12346A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation of the argument redirect_url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The provided PoC only works in Mozilla Firefox. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-12-08 23:37:24
🚨 CVE-2024-12344A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-12-08 10:37:24
🚨 CVE-2024-12343A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-12-08 07:37:24
🚨 CVE-2024-12342A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. It has been rated as critical. This issue affects some unknown processing of the file /control/WANIPConnection of the component Incomplete SOAP Request Handler. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-12-08 06:37:24
🚨 CVE-2024-12209The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other β€œsafe” file types can be uploaded and included.πŸŽ–@cveNotify
2024-12-07 23:37:25
🚨 CVE-2024-53473WeGIA 3.2.0 before 3998672 does not verify permission to change a password.πŸŽ–@cveNotify
2024-12-07 23:37:24
🚨 CVE-2024-54749Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: this is disputed by the Supplier because the observation only established that a password is present in a firmware image; however, the device cannot be deployed without setting a new password during installation.πŸŽ–@cveNotify
2024-12-07 21:37:24
🚨 CVE-2020-35357A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.πŸŽ–@cveNotify
2024-12-07 15:37:25
🚨 CVE-2024-47107IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.πŸŽ–@cveNotify
2024-12-07 14:37:25
🚨 CVE-2024-41762IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.πŸŽ–@cveNotify
2024-12-07 13:37:25
🚨 CVE-2024-47115IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1Β could allow a local user to execute arbitrary commands on the system due to improper neutralization of input.πŸŽ–@cveNotify
2024-12-07 13:37:24
🚨 CVE-2024-37071IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.πŸŽ–@cveNotify
2024-12-07 12:37:25
🚨 CVE-2024-11457The Feedpress Generator – External RSS Frontend Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-12-07 12:37:24
🚨 CVE-2024-11380The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-12-07 10:37:32
🚨 CVE-2024-12270The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects[0][term]' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.πŸŽ–@cveNotify
2024-12-07 10:37:25
🚨 CVE-2024-11367The Smoove connector for Elementor forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-12-07 10:37:24
🚨 CVE-2024-11010The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other β€œsafe” file types can be uploaded and included.πŸŽ–@cveNotify
2024-12-07 07:37:24
🚨 CVE-2024-53143In the Linux kernel, the following vulnerability has been resolved:fsnotify: Fix ordering of iput() and watched_objects decrementEnsure the superblock is kept alive until we're done with iput().Holding a reference to an inode is not allowed unless we ensure thesuperblock stays alive, which fsnotify does by keeping thewatched_objects count elevated, so iput() must happen before thewatched_objects decrement.This can lead to a UAF of something like sb->s_fs_info in tmpfs, but theUAF is hard to hit because race orderings that oops are more likely, thanksto the CHECK_DATA_CORRUPTION() block in generic_shutdown_super().Also, ensure that fsnotify_put_sb_watched_objects() doesn't callfsnotify_sb_watched_objects() on a superblock that may have already beenfreed, which would cause a UAF read of sb->s_fsnotify_info.πŸŽ–@cveNotify
2024-12-07 06:37:24
🚨 CVE-2024-11183The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).πŸŽ–@cveNotify
2024-12-07 03:37:25
🚨 CVE-2024-23280An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.πŸŽ–@cveNotify
2024-12-07 03:07:48
🚨 CVE-2024-23279A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.πŸŽ–@cveNotify
2024-12-07 03:07:42
🚨 CVE-2024-1823A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254611.πŸŽ–@cveNotify
2024-12-07 03:07:41
🚨 CVE-2024-1818A vulnerability was found in CodeAstro Membership Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /uploads/ of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254606 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2024-12-07 02:37:45
🚨 CVE-2024-12115The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible for unauthenticated attackers to duplicate polls via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-12-07 02:37:39
🚨 CVE-2024-12026The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters.πŸŽ–@cveNotify
2024-12-07 02:37:38
🚨 CVE-2024-11451The Zooom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zooom' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-12-07 02:37:37
🚨 CVE-2024-11436The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.4.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-12-07 02:37:33
🚨 CVE-2024-11329The Comfino Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-12-07 02:37:32
🚨 CVE-2024-23269A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.πŸŽ–@cveNotify
2024-12-06 22:37:43
🚨 CVE-2024-41645Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl.πŸŽ–@cveNotify
2024-12-06 22:37:36
🚨 CVE-2024-38925Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_max` .πŸŽ–@cveNotify
2024-12-06 22:37:35
🚨 CVE-2024-38924Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl laser_model_type` .πŸŽ–@cveNotify
2024-12-06 22:37:31
🚨 CVE-2024-38922Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted message to the component /initialpose.πŸŽ–@cveNotify
2024-12-06 22:37:30
🚨 CVE-2023-47717IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690.πŸŽ–@cveNotify
2024-12-06 22:37:25
🚨 CVE-2023-29931laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php.πŸŽ–@cveNotify
2024-12-06 22:37:24
🚨 CVE-2022-45287An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands.πŸŽ–@cveNotify
2024-12-06 22:07:34
🚨 CVE-2024-46906In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.πŸŽ–@cveNotify
2024-12-06 22:07:33
🚨 CVE-2024-21087Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).πŸŽ–@cveNotify
2024-12-06 21:37:32
🚨 CVE-2023-52542Permission verification vulnerability in the system module.Impact: Successful exploitation of this vulnerability will affect availability.πŸŽ–@cveNotify
2024-12-06 21:37:25
🚨 CVE-2024-26458Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.πŸŽ–@cveNotify
2024-12-06 21:37:24
🚨 CVE-2024-25763openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c.πŸŽ–@cveNotify
2024-12-06 21:07:35
🚨 CVE-2024-21101Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).πŸŽ–@cveNotify
2024-12-06 21:07:34
🚨 CVE-2024-21086Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).πŸŽ–@cveNotify
2024-12-06 21:07:30
🚨 CVE-2024-21081Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).πŸŽ–@cveNotify
2024-12-06 21:07:29
🚨 CVE-2021-47024In the Linux kernel, the following vulnerability has been resolved:vsock/virtio: free queued packets when closing socketAs reported by syzbot [1], there is a memory leak while closing thesocket. We partially solved this issue with commit ac03046ece2b("vsock/virtio: free packets during the socket release"), but weforgot to drain the RX queue when the socket is definitely closed bythe scheduled work.To avoid future issues, let's use the new virtio_transport_remove_sock()to drain the RX queue before removing the socket from the af_vsock listscalling vsock_remove_sock().[1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9πŸŽ–@cveNotify
2024-12-06 20:37:32
🚨 CVE-2024-21003Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).πŸŽ–@cveNotify
2024-12-06 20:37:25
🚨 CVE-2023-24261A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request.πŸŽ–@cveNotify
2024-12-06 20:37:24
🚨 CVE-2023-25435libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.πŸŽ–@cveNotify
2024-12-06 20:07:37
🚨 CVE-2024-1822A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254610 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2024-12-06 20:07:30
🚨 CVE-2023-52373Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing.πŸŽ–@cveNotify
2024-12-06 20:07:29
🚨 CVE-2023-52361The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity.πŸŽ–@cveNotify
2024-12-06 19:37:45
🚨 CVE-2023-52357Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability.πŸŽ–@cveNotify
2024-12-06 19:37:38
🚨 CVE-2022-42792This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location informationπŸŽ–@cveNotify
2024-12-06 19:37:37
🚨 CVE-2023-27243An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.πŸŽ–@cveNotify
2024-12-06 19:07:31
🚨 CVE-2021-47025In the Linux kernel, the following vulnerability has been resolved:iommu/mediatek: Always enable the clk on resumeIn mtk_iommu_runtime_resume always enable the clk, evenif m4u_dom is null. Otherwise the 'suspend' cb mightdisable the clk which is already disabled causing the warning:[ 1.586104] infra_m4u already disabled[ 1.586133] WARNING: CPU: 0 PID: 121 at drivers/clk/clk.c:952 clk_core_disable+0xb0/0xb8[ 1.594391] mtk-iommu 10205000.iommu: bound 18001000.larb (ops mtk_smi_larb_component_ops)[ 1.598108] Modules linked in:[ 1.598114] CPU: 0 PID: 121 Comm: kworker/0:2 Not tainted 5.12.0-rc5 #69[ 1.609246] mtk-iommu 10205000.iommu: bound 14027000.larb (ops mtk_smi_larb_component_ops)[ 1.617487] Hardware name: Google Elm (DT)[ 1.617491] Workqueue: pm pm_runtime_work[ 1.620545] mtk-iommu 10205000.iommu: bound 19001000.larb (ops mtk_smi_larb_component_ops)[ 1.627229] pstate: 60000085 (nZCv daIf -PAN -UAO -TCO BTYPE=--)[ 1.659297] pc : clk_core_disable+0xb0/0xb8[ 1.663475] lr : clk_core_disable+0xb0/0xb8[ 1.667652] sp : ffff800011b9bbe0[ 1.670959] x29: ffff800011b9bbe0 x28: 0000000000000000[ 1.676267] x27: ffff800011448000 x26: ffff8000100cfd98[ 1.681574] x25: ffff800011b9bd48 x24: 0000000000000000[ 1.686882] x23: 0000000000000000 x22: ffff8000106fad90[ 1.692189] x21: 000000000000000a x20: ffff0000c0048500[ 1.697496] x19: ffff0000c0048500 x18: ffffffffffffffff[ 1.702804] x17: 0000000000000000 x16: 0000000000000000[ 1.708112] x15: ffff800011460300 x14: fffffffffffe0000[ 1.713420] x13: ffff8000114602d8 x12: 0720072007200720[ 1.718727] x11: 0720072007200720 x10: 0720072007200720[ 1.724035] x9 : ffff800011b9bbe0 x8 : ffff800011b9bbe0[ 1.729342] x7 : 0000000000000009 x6 : ffff8000114b8328[ 1.734649] x5 : 0000000000000000 x4 : 0000000000000000[ 1.739956] x3 : 00000000ffffffff x2 : ffff800011460298[ 1.745263] x1 : 1af1d7de276f4500 x0 : 0000000000000000[ 1.750572] Call trace:[ 1.753010] clk_core_disable+0xb0/0xb8[ 1.756840] clk_core_disable_lock+0x24/0x40[ 1.761105] clk_disable+0x20/0x30[ 1.764501] mtk_iommu_runtime_suspend+0x88/0xa8[ 1.769114] pm_generic_runtime_suspend+0x2c/0x48[ 1.773815] __rpm_callback+0xe0/0x178[ 1.777559] rpm_callback+0x24/0x88[ 1.781041] rpm_suspend+0xdc/0x470[ 1.784523] rpm_idle+0x12c/0x170[ 1.787831] pm_runtime_work+0xa8/0xc0[ 1.791573] process_one_work+0x1e8/0x360[ 1.795580] worker_thread+0x44/0x478[ 1.799237] kthread+0x150/0x158[ 1.802460] ret_from_fork+0x10/0x30[ 1.806034] ---[ end trace 82402920ef64573b ]---[ 1.810728] ------------[ cut here ]------------In addition, we now don't need to enable the clock from thefunction mtk_iommu_hw_init since it is already enabled by the resume.πŸŽ–@cveNotify
2024-12-06 18:37:33
🚨 CVE-2024-27234In fvp_set_target of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-12-06 18:37:26
🚨 CVE-2023-33591User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php.πŸŽ–@cveNotify
2024-12-06 18:37:25
🚨 CVE-2023-33725Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.πŸŽ–@cveNotify
2024-12-06 17:37:38
🚨 CVE-2018-9388In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege.πŸŽ–@cveNotify
2024-12-06 17:37:32
🚨 CVE-2017-13308In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-12-06 17:37:31
🚨 CVE-2024-21070Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Search Framework). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).πŸŽ–@cveNotify
2024-12-06 17:37:30
🚨 CVE-2024-26199Microsoft Office Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2024-12-06 17:37:26
🚨 CVE-2024-26166Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-12-06 17:37:25
🚨 CVE-2022-25883Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.πŸŽ–@cveNotify
2024-12-06 17:07:33
🚨 CVE-2024-21056Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).πŸŽ–@cveNotify
2024-12-06 17:07:26
🚨 CVE-2024-21050Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).πŸŽ–@cveNotify
2024-12-06 17:07:25
🚨 CVE-2024-26201Microsoft Intune Linux Agent Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2024-12-06 16:38:00
🚨 CVE-2024-54136ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to unserialize function. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200.πŸŽ–@cveNotify
2024-12-06 16:37:53
🚨 CVE-2024-30129The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address.πŸŽ–@cveNotify
2024-12-06 16:37:52
🚨 CVE-2024-10551The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).πŸŽ–@cveNotify
2024-12-06 16:37:48
🚨 CVE-2024-21059Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).πŸŽ–@cveNotify
2024-12-06 16:37:47
🚨 CVE-2020-36779In the Linux kernel, the following vulnerability has been resolved:i2c: stm32f7: fix reference leak when pm_runtime_get_sync failsThe PM reference count is not expected to be incremented onreturn in these stm32f7_i2c_xx serious functions.However, pm_runtime_get_sync will increment the PM referencecount even failed. Forgetting to putting operation will resultin a reference leak here.Replace it with pm_runtime_resume_and_get to keep usagecounter balanced.πŸŽ–@cveNotify
2024-12-06 16:37:43
🚨 CVE-2024-1829A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the argument email/regno/phone/username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254617 was assigned to this vulnerability.πŸŽ–@cveNotify
2024-12-06 16:37:42
🚨 CVE-2024-1828A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. Affected is an unknown function of the file Source/librarian/user/teacher/registration.php. The manipulation of the argument email/idno/phone/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254616.πŸŽ–@cveNotify
2024-12-06 16:07:27
🚨 CVE-2020-36785In the Linux kernel, the following vulnerability has been resolved:media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs()The "s3a_buf" is freed along with all the other items on the"asd->s3a_stats" list. It leads to a double free and a use after free.πŸŽ–@cveNotify
2024-12-06 15:38:02
🚨 CVE-2024-54141phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.πŸŽ–@cveNotify
2024-12-06 15:37:58
🚨 CVE-2024-11738A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.πŸŽ–@cveNotify
2024-12-06 15:37:57
🚨 CVE-2024-44244A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.πŸŽ–@cveNotify
2024-12-06 15:37:52
🚨 CVE-2024-24195robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c.πŸŽ–@cveNotify
2024-12-06 15:37:51
🚨 CVE-2024-23260This issue was addressed by removing additional entitlements. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.πŸŽ–@cveNotify
2024-12-06 15:37:47
🚨 CVE-2024-23257The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory.πŸŽ–@cveNotify
2024-12-06 15:37:46
🚨 CVE-2021-46991In the Linux kernel, the following vulnerability has been resolved:i40e: Fix use-after-free in i40e_client_subtask()Currently the call to i40e_client_del_instance frees the objectpf->cinst, however pf->cinst->lan_info is being accessed afterthe free. Fix this by adding the missing return.Addresses-Coverity: ("Read from pointer after free")πŸŽ–@cveNotify
2024-12-06 15:37:45
🚨 CVE-2021-46987In the Linux kernel, the following vulnerability has been resolved:btrfs: fix deadlock when cloning inline extents and using qgroupsThere are a few exceptional cases where cloning an inline extent needs tocopy the inline extent data into a page of the destination inode.When this happens, we end up starting a transaction while having a dirtypage for the destination inode and while having the range locked in thedestination's inode iotree too. Because when reserving metadata spacefor a transaction we may need to flush existing delalloc in case there isnot enough free space, we have a mechanism in place to prevent a deadlock,which was introduced in commit 3d45f221ce627d ("btrfs: fix deadlock whencloning inline extent and low on free metadata space").However when using qgroups, a transaction also reserves metadata qgroupspace, which can also result in flushing delalloc in case there is notenough available space at the moment. When this happens we deadlock, sinceflushing delalloc requires locking the file range in the inode's iotreeand the range was already locked at the very beginning of the cloneoperation, before attempting to start the transaction.When this issue happens, stack traces like the following are reported: [72747.556262] task:kworker/u81:9 state:D stack: 0 pid: 225 ppid: 2 flags:0x00004000 [72747.556268] Workqueue: writeback wb_workfn (flush-btrfs-1142) [72747.556271] Call Trace: [72747.556273] __schedule+0x296/0x760 [72747.556277] schedule+0x3c/0xa0 [72747.556279] io_schedule+0x12/0x40 [72747.556284] __lock_page+0x13c/0x280 [72747.556287] ? generic_file_readonly_mmap+0x70/0x70 [72747.556325] extent_write_cache_pages+0x22a/0x440 [btrfs] [72747.556331] ? __set_page_dirty_nobuffers+0xe7/0x160 [72747.556358] ? set_extent_buffer_dirty+0x5e/0x80 [btrfs] [72747.556362] ? update_group_capacity+0x25/0x210 [72747.556366] ? cpumask_next_and+0x1a/0x20 [72747.556391] extent_writepages+0x44/0xa0 [btrfs] [72747.556394] do_writepages+0x41/0xd0 [72747.556398] __writeback_single_inode+0x39/0x2a0 [72747.556403] writeback_sb_inodes+0x1ea/0x440 [72747.556407] __writeback_inodes_wb+0x5f/0xc0 [72747.556410] wb_writeback+0x235/0x2b0 [72747.556414] ? get_nr_inodes+0x35/0x50 [72747.556417] wb_workfn+0x354/0x490 [72747.556420] ? newidle_balance+0x2c5/0x3e0 [72747.556424] process_one_work+0x1aa/0x340 [72747.556426] worker_thread+0x30/0x390 [72747.556429] ? create_worker+0x1a0/0x1a0 [72747.556432] kthread+0x116/0x130 [72747.556435] ? kthread_park+0x80/0x80 [72747.556438] ret_from_fork+0x1f/0x30 [72747.566958] Workqueue: btrfs-flush_delalloc btrfs_work_helper [btrfs] [72747.566961] Call Trace: [72747.566964] __schedule+0x296/0x760 [72747.566968] ? finish_wait+0x80/0x80 [72747.566970] schedule+0x3c/0xa0 [72747.566995] wait_extent_bit.constprop.68+0x13b/0x1c0 [btrfs] [72747.566999] ? finish_wait+0x80/0x80 [72747.567024] lock_extent_bits+0x37/0x90 [btrfs] [72747.567047] btrfs_invalidatepage+0x299/0x2c0 [btrfs] [72747.567051] ? find_get_pages_range_tag+0x2cd/0x380 [72747.567076] __extent_writepage+0x203/0x320 [btrfs] [72747.567102] extent_write_cache_pages+0x2bb/0x440 [btrfs] [72747.567106] ? update_load_avg+0x7e/0x5f0 [72747.567109] ? enqueue_entity+0xf4/0x6f0 [72747.567134] extent_writepages+0x44/0xa0 [btrfs] [72747.567137] ? enqueue_task_fair+0x93/0x6f0 [72747.567140] do_writepages+0x41/0xd0 [72747.567144] __filemap_fdatawrite_range+0xc7/0x100 [72747.567167] btrfs_run_delalloc_work+0x17/0x40 [btrfs] [72747.567195] btrfs_work_helper+0xc2/0x300 [btrfs] [72747.567200] process_one_work+0x1aa/0x340 [72747.567202] worker_thread+0x30/0x390 [72747.567205] ? create_worker+0x1a0/0x1a0 [72747.567208] kthread+0x116/0x130 [72747.567211] ? kthread_park+0x80/0x80 [72747.567214] ret_from_fork+0x1f/0x30 [72747.569686] task:fsstress state:D stack: ---truncated---πŸŽ–@cveNotify
2024-12-06 15:08:01
🚨 CVE-2024-20739Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-06 14:38:17
🚨 CVE-2024-4633The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜addExtraMimeType’ function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-12-06 14:38:16
🚨 CVE-2024-11321Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hi e-learning Learning Management System (LMS) allows Reflected XSS.This issue affects Learning Management System (LMS): before 06.12.2024.πŸŽ–@cveNotify
2024-12-06 14:38:15
🚨 CVE-2024-10516The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other β€œsafe” file types can be uploaded and included.πŸŽ–@cveNotify
2024-12-06 14:38:12
🚨 CVE-2024-52533gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.πŸŽ–@cveNotify
2024-12-06 14:38:11
🚨 CVE-2024-39689Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."πŸŽ–@cveNotify
2024-12-06 14:38:10
🚨 CVE-2024-28103Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.πŸŽ–@cveNotify
2024-12-06 14:38:07
🚨 CVE-2024-29857An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.πŸŽ–@cveNotify
2024-12-06 14:38:06
🚨 CVE-2024-26244Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-12-06 14:38:05
🚨 CVE-2024-1671Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)πŸŽ–@cveNotify
2024-12-06 14:38:01
🚨 CVE-2023-29405The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.πŸŽ–@cveNotify
2024-12-06 13:37:33
🚨 CVE-2024-10776Lua apps can be deployed, removed, started, reloaded or stopped without authorization viaAppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and writefiles or load apps that use all features of the product available to a customer.πŸŽ–@cveNotify
2024-12-06 13:37:26
🚨 CVE-2024-10772Since the firmware update is not validated, an attacker can install modified firmware on thedevice. This has a high impact on the availabilty, integrity and confidentiality up to the complete compromise of the device.πŸŽ–@cveNotify
2024-12-06 13:37:25
🚨 CVE-2023-42840The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.πŸŽ–@cveNotify
2024-12-06 12:37:28
🚨 CVE-2024-53908An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)πŸŽ–@cveNotify
2024-12-06 12:37:27
🚨 CVE-2024-53907An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.πŸŽ–@cveNotify
2024-12-06 11:37:41
🚨 CVE-2024-51569Out-of-bounds Read vulnerability in Apache NimBLE.Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory.This issue requires broken or bogus Bluetooth controller and thus severity is considered low.This issue affects Apache NimBLE: through 1.7.0.Users are recommended to upgrade to version 1.8.0, which fixes the issue.πŸŽ–@cveNotify
2024-12-06 11:37:35
🚨 CVE-2024-47250Out-of-bounds Read vulnerability in Apache NimBLE.Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent.This issue requires broken or bogus Bluetooth controller and thus severity is considered low.This issue affects Apache NimBLE: through 1.7.0.Users are recommended to upgrade to version 1.8.0, which fixes the issue.πŸŽ–@cveNotify
2024-12-06 11:37:34
🚨 CVE-2024-9633An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.πŸŽ–@cveNotify
2024-12-06 11:37:33
🚨 CVE-2023-5115An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.πŸŽ–@cveNotify
2024-12-06 11:37:29
🚨 CVE-2023-5625A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.πŸŽ–@cveNotify
2024-12-06 11:37:28
🚨 CVE-2023-34968A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.πŸŽ–@cveNotify
2024-12-06 10:37:33
🚨 CVE-2024-11728The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.πŸŽ–@cveNotify
2024-12-06 10:37:26
🚨 CVE-2024-10909The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. This was partially fixed in version 1.4.8.πŸŽ–@cveNotify
2024-12-06 10:37:25
🚨 CVE-2024-9621A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log.πŸŽ–@cveNotify
2024-12-06 09:37:58
🚨 CVE-2024-11204The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the β€˜url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-12-06 09:37:51
🚨 CVE-2024-10692The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.πŸŽ–@cveNotify
2024-12-06 09:37:50
🚨 CVE-2024-10320The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookielay shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-12-06 07:37:38
🚨 CVE-2022-45439A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability.πŸŽ–@cveNotify
2024-12-06 06:37:32
🚨 CVE-2024-10578The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins that can be leveraged to exploit other vulnerabilities.πŸŽ–@cveNotify
2024-12-06 06:37:25
🚨 CVE-2024-8300Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 and Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.πŸŽ–@cveNotify
2024-12-06 06:37:24
🚨 CVE-2024-8299Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.πŸŽ–@cveNotify
2024-12-06 05:37:24
🚨 CVE-2024-11379The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'do_check' parameter in all versions up to, and including, 51.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations.πŸŽ–@cveNotify
2024-12-06 04:37:44
🚨 CVE-2024-10836The Flixita theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the β€˜id’ parameter in all versions up to, and including, 1.0.82 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-12-06 04:37:43
🚨 CVE-2024-10247The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.πŸŽ–@cveNotify
2024-12-06 03:07:58
🚨 CVE-2024-23234An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to execute arbitrary code with kernel privileges.πŸŽ–@cveNotify
2024-12-06 03:07:57
🚨 CVE-2023-42834A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.πŸŽ–@cveNotify
2024-12-06 02:37:35
🚨 CVE-2024-23250An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access Bluetooth-connected microphones without user permission.πŸŽ–@cveNotify
2024-12-06 02:37:34
🚨 CVE-2024-23245This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Third-party shortcuts may use a legacy action from Automator to send events to apps without user consent.πŸŽ–@cveNotify
2024-12-06 02:37:30
🚨 CVE-2024-23242A privacy issue was addressed by not logging contents of text fields. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to view Mail data.πŸŽ–@cveNotify
2024-12-06 02:37:29
🚨 CVE-2024-23235A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.πŸŽ–@cveNotify
2024-12-06 02:08:03
🚨 CVE-2024-23249The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.πŸŽ–@cveNotify
2024-12-06 02:08:02
🚨 CVE-2023-45727Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.πŸŽ–@cveNotify
2024-12-06 01:37:27
🚨 CVE-2024-10961The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.πŸŽ–@cveNotify
2024-12-05 23:37:45
🚨 CVE-2024-38920Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggerd via remotely sending a request for change the value of dynamic-parameter`/amcl max_beams` .πŸŽ–@cveNotify
2024-12-05 23:37:44
🚨 CVE-2024-37862Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_planner process.πŸŽ–@cveNotify
2024-12-05 23:37:39
🚨 CVE-2024-30964Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initial_pose_sub thread created by nav2_bt_navigatorπŸŽ–@cveNotify
2024-12-05 23:37:38
🚨 CVE-2024-30962Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl processπŸŽ–@cveNotify
2024-12-05 23:37:34
🚨 CVE-2024-30961Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator.πŸŽ–@cveNotify
2024-12-05 23:37:33
🚨 CVE-2018-9386In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-12-05 23:07:25
🚨 CVE-2024-26162Microsoft ODBC Driver Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-12-05 22:07:39
🚨 CVE-2024-21149Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Work Definition Issues). Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Asset Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Asset Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).πŸŽ–@cveNotify
2024-12-05 22:07:33
🚨 CVE-2024-21143Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Management). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).πŸŽ–@cveNotify
2024-12-05 22:07:32
🚨 CVE-2024-21131Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).πŸŽ–@cveNotify
2024-12-05 22:07:31
🚨 CVE-2024-21005Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).πŸŽ–@cveNotify
2024-12-05 21:37:32
🚨 CVE-2024-22717Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application.πŸŽ–@cveNotify
2024-12-05 21:37:26
🚨 CVE-2024-22085An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable.πŸŽ–@cveNotify
2024-12-05 21:37:25
🚨 CVE-2005-3170The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.πŸŽ–@cveNotify
2024-12-05 20:37:55
🚨 CVE-2024-53442whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component.πŸŽ–@cveNotify
2024-12-05 20:37:52
🚨 CVE-2024-41579DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerabilityπŸŽ–@cveNotify
2024-12-05 20:37:51
🚨 CVE-2024-10933In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.πŸŽ–@cveNotify
2024-12-05 20:37:50
🚨 CVE-2023-48010STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets.πŸŽ–@cveNotify
2024-12-05 20:37:46
🚨 CVE-2024-50947An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request.πŸŽ–@cveNotify
2024-12-05 20:37:45
🚨 CVE-2024-51114An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php fileπŸŽ–@cveNotify
2024-12-05 20:37:43
🚨 CVE-2023-49987A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter.πŸŽ–@cveNotify
2024-12-05 20:37:42
🚨 CVE-2023-52357Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability.πŸŽ–@cveNotify
2024-12-05 20:08:00
🚨 CVE-2024-21324Microsoft Defender for IoT Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2024-12-05 20:07:59
🚨 CVE-2024-21323Microsoft Defender for IoT Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-12-05 20:07:58
🚨 CVE-2024-21322Microsoft Defender for IoT Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-12-05 20:07:54
🚨 CVE-2024-23238An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables.πŸŽ–@cveNotify
2024-12-05 20:07:53
🚨 CVE-2024-23233This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.πŸŽ–@cveNotify
2024-12-05 20:07:52
🚨 CVE-2023-42953A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.πŸŽ–@cveNotify
2024-12-05 20:07:51
🚨 CVE-2023-42952The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. An app with root privileges may be able to access private information.πŸŽ–@cveNotify
2024-12-05 19:37:38
🚨 CVE-2024-12148Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints.πŸŽ–@cveNotify
2024-12-05 19:37:32
🚨 CVE-2018-9393In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-12-05 19:37:31
🚨 CVE-2024-26254Microsoft Virtual Machine Bus (VMBus) Denial of Service VulnerabilityπŸŽ–@cveNotify
2024-12-05 19:37:30
🚨 CVE-2024-26251Microsoft SharePoint Server Spoofing VulnerabilityπŸŽ–@cveNotify
2024-12-05 19:07:51
🚨 CVE-2024-11667A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmwareΒ versions V5.00 through V5.38,Β USG FLEX 50(W) series firmwareΒ versions V5.10 through V5.38, andΒ USG20(W)-VPN series firmwareΒ versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.πŸŽ–@cveNotify
2024-12-05 19:07:50
🚨 CVE-2024-28904Microsoft Brokering File System Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2024-12-05 18:38:24
🚨 CVE-2018-9395In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-12-05 18:38:17
🚨 CVE-2023-23516The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to execute arbitrary code with kernel privileges.πŸŽ–@cveNotify
2024-12-05 18:38:16
🚨 CVE-2022-42860This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file systemπŸŽ–@cveNotify
2024-12-05 18:07:51
🚨 CVE-2024-20792Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-05 17:38:17
🚨 CVE-2024-40744Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.πŸŽ–@cveNotify
2024-12-05 17:38:16
🚨 CVE-2024-9761Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24477.πŸŽ–@cveNotify
2024-12-05 17:38:15
🚨 CVE-2024-9760Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24476.πŸŽ–@cveNotify
2024-12-05 17:38:12
🚨 CVE-2024-23243A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information.πŸŽ–@cveNotify
2024-12-05 17:38:11
🚨 CVE-2023-32390The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.πŸŽ–@cveNotify
2024-12-05 17:38:10
🚨 CVE-2023-32388A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.πŸŽ–@cveNotify
2024-12-05 17:38:06
🚨 CVE-2023-32385A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination.πŸŽ–@cveNotify
2024-12-05 17:38:05
🚨 CVE-2023-32360An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.πŸŽ–@cveNotify
2024-12-05 17:38:04
🚨 CVE-2023-32357An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permission is revoked.πŸŽ–@cveNotify
2024-12-05 17:38:00
🚨 CVE-2023-28202This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app firewall setting may not take effect after exiting the Settings app.πŸŽ–@cveNotify
2024-12-05 16:38:23
🚨 CVE-2024-23226The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution.πŸŽ–@cveNotify
2024-12-05 16:38:22
🚨 CVE-2023-21513Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.πŸŽ–@cveNotify
2024-12-05 16:38:21
🚨 CVE-2023-21187In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246542917πŸŽ–@cveNotify
2024-12-05 16:38:18
🚨 CVE-2023-21176In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222287335πŸŽ–@cveNotify
2024-12-05 16:38:17
🚨 CVE-2021-31635Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function.πŸŽ–@cveNotify
2024-12-05 16:38:16
🚨 CVE-2023-32407A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.πŸŽ–@cveNotify
2024-12-05 16:38:12
🚨 CVE-2023-32404This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.πŸŽ–@cveNotify
2024-12-05 16:38:11
🚨 CVE-2023-32400This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.πŸŽ–@cveNotify
2024-12-05 16:38:10
🚨 CVE-2023-32399The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.πŸŽ–@cveNotify
2024-12-05 16:38:06
🚨 CVE-2023-32395A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.πŸŽ–@cveNotify
2024-12-05 16:38:05
🚨 CVE-2023-32353A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges.πŸŽ–@cveNotify
2024-12-05 15:38:18
🚨 CVE-2024-21113Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).πŸŽ–@cveNotify
2024-12-05 15:38:17
🚨 CVE-2024-21111Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).πŸŽ–@cveNotify
2024-12-05 15:38:16
🚨 CVE-2024-21109Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).πŸŽ–@cveNotify
2024-12-05 15:38:13
🚨 CVE-2024-21106Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).πŸŽ–@cveNotify
2024-12-05 15:38:12
🚨 CVE-2024-21082Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).πŸŽ–@cveNotify
2024-12-05 15:38:11
🚨 CVE-2024-21079Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).πŸŽ–@cveNotify
2024-12-05 15:38:08
🚨 CVE-2024-21078Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).πŸŽ–@cveNotify
2024-12-05 15:38:07
🚨 CVE-2024-20737After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-05 15:38:06
🚨 CVE-2023-28826This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data.πŸŽ–@cveNotify
2024-12-05 15:38:03
🚨 CVE-2021-30205Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames.πŸŽ–@cveNotify
2024-12-05 15:38:02
🚨 CVE-2023-36664Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).πŸŽ–@cveNotify
2024-12-05 15:38:01
🚨 CVE-2023-34672Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases.πŸŽ–@cveNotify
2024-12-05 15:08:10
🚨 CVE-2024-20772Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-05 13:38:05
🚨 CVE-2024-51543Information Disclosure vulnerabilities allow access to application configuration information.Β Affected products:ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02πŸŽ–@cveNotify
2024-12-05 13:37:58
🚨 CVE-2024-51541Local File Inclusion vulnerabilities allow access to sensitive system information.Β Affected products:ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02πŸŽ–@cveNotify
2024-12-05 13:37:57
🚨 CVE-2024-48845Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.Β Affected products:ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02πŸŽ–@cveNotify
2024-12-05 13:37:53
🚨 CVE-2024-48843Denial of Service vulnerabilities where found providing a potiential for device service disruptions.Β Affected products:ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02πŸŽ–@cveNotify
2024-12-05 13:37:52
🚨 CVE-2024-12094This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number.πŸŽ–@cveNotify
2024-12-05 13:37:48
🚨 CVE-2024-11316Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product.Β Affected products:ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02πŸŽ–@cveNotify
2024-12-05 13:37:47
🚨 CVE-2024-6298Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotelyπŸŽ–@cveNotify
2024-12-05 13:37:46
🚨 CVE-2024-6209Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01 allows Attacker to access files unauthorizedπŸŽ–@cveNotify
2024-12-05 11:38:13
🚨 CVE-2024-52269User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing.The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user.For reference see:Β CVE-2024-52276This issue affects DocuSign: through 2024-12-04.πŸŽ–@cveNotify
2024-12-05 11:38:12
🚨 CVE-2024-42455A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process.πŸŽ–@cveNotify
2024-12-05 10:37:58
🚨 CVE-2024-11341The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings_page() function. This makes it possible for unauthenticated attackers to update the plugin's settings and redirect all site visitors via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-12-05 10:37:52
🚨 CVE-2024-11324The Accounting for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-12-05 10:37:51
🚨 CVE-2024-10777The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.πŸŽ–@cveNotify
2024-12-05 10:37:50
🚨 CVE-2022-41137Apache HiveΒ Metastore (HMS) usesΒ SerializationUtilities#deserializeObjectWithTypeInformationΒ method when filtering and fetching partitions that is unsafe andΒ can leadΒ to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data.In real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establishΒ a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments.πŸŽ–@cveNotify
2024-12-05 09:37:34
🚨 CVE-2024-10937The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status.πŸŽ–@cveNotify
2024-12-05 08:37:45
🚨 CVE-2024-7488Improper Input Validation vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.This issue affects Online Ordering System: 8.2.1.Β NOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1.πŸŽ–@cveNotify
2024-12-05 06:37:56
🚨 CVE-2024-11429The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included.πŸŽ–@cveNotify
2024-12-05 04:37:24
🚨 CVE-2024-10881The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-12-05 02:08:33
🚨 CVE-2024-51378getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.πŸŽ–@cveNotify
2024-12-04 23:37:44
🚨 CVE-2024-12182A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-12-04 23:07:51
🚨 CVE-2024-20791Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-04 22:37:32
🚨 CVE-2024-53916In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.πŸŽ–@cveNotify
2024-12-04 22:37:26
🚨 CVE-2024-1704A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been declared as critical. This vulnerability affects the function save/delete of the file /adminapi/system/crud. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-12-04 22:37:25
🚨 CVE-2023-42835A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to access user data.πŸŽ–@cveNotify
2024-12-04 22:07:34
🚨 CVE-2024-20757Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-04 22:07:29
🚨 CVE-2024-20752Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-04 22:07:28
🚨 CVE-2024-20745Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-04 21:38:00
🚨 CVE-2024-23249The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.πŸŽ–@cveNotify
2024-12-04 21:37:54
🚨 CVE-2024-26469Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges via the url parameter in the postProcess() method.πŸŽ–@cveNotify
2024-12-04 21:37:53
🚨 CVE-2024-1674Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)πŸŽ–@cveNotify
2024-12-04 21:37:52
🚨 CVE-2023-50923In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The "Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK." paper says "Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic."πŸŽ–@cveNotify
2024-12-04 21:07:48
🚨 CVE-2024-11743A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_user of the component POST Request Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-12-04 21:07:47
🚨 CVE-2024-11678A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-12-04 20:37:26
🚨 CVE-2024-11675A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Details Page. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-12-04 20:37:25
🚨 CVE-2024-11673A vulnerability, which was classified as problematic, has been found in 1000 Projects Bookstore Management System 1.0. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-12-04 19:37:26
🚨 CVE-2024-11664A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 22b0b443acca740fc83b5544165c1f53eff3f529. It is recommended to apply a patch to fix this issue.πŸŽ–@cveNotify
2024-12-04 19:37:25
🚨 CVE-2024-8360Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability.The specific flaw exists within the REFLASH_DDU_ExtractFile function. A crafted software update file can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23421.πŸŽ–@cveNotify
2024-12-04 19:08:12
🚨 CVE-2024-11661A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file profile.php of the component Profile Image Handler. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The researcher submit confuses the vulnerability class of this issue.πŸŽ–@cveNotify
2024-12-04 18:08:28
🚨 CVE-2024-11660A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.πŸŽ–@cveNotify
2024-12-04 18:08:27
🚨 CVE-2024-22457Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.πŸŽ–@cveNotify
2024-12-04 17:07:58
🚨 CVE-2024-8848PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25268.πŸŽ–@cveNotify
2024-12-04 17:07:52
🚨 CVE-2024-8847PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25198.πŸŽ–@cveNotify
2024-12-04 17:07:51
🚨 CVE-2024-8844PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24550.πŸŽ–@cveNotify
2024-12-04 17:07:50
🚨 CVE-2024-8843PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24495.πŸŽ–@cveNotify
2024-12-04 17:07:46
🚨 CVE-2024-30275Adobe Aero Desktop versions 23.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-04 17:07:45
🚨 CVE-2024-0638Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.πŸŽ–@cveNotify
2024-12-04 16:38:24
🚨 CVE-2024-21075Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim Line LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).πŸŽ–@cveNotify
2024-12-04 16:38:18
🚨 CVE-2024-21073Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).πŸŽ–@cveNotify
2024-12-04 16:38:17
🚨 CVE-2023-32622Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege.πŸŽ–@cveNotify
2024-12-04 16:38:16
🚨 CVE-2023-21208In setCountryCodeInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262245254πŸŽ–@cveNotify
2024-12-04 16:08:22
🚨 CVE-2024-22336IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.πŸŽ–@cveNotify
2024-12-04 16:08:21
🚨 CVE-2024-22335IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975.πŸŽ–@cveNotify
2024-12-04 15:38:20
🚨 CVE-2024-20795Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-04 15:38:19
🚨 CVE-2024-27324PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22270.πŸŽ–@cveNotify
2024-12-04 15:38:18
🚨 CVE-2023-7236The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information.πŸŽ–@cveNotify
2024-12-04 15:38:15
🚨 CVE-2024-20764Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-04 15:38:14
🚨 CVE-2024-20762Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-04 15:38:13
🚨 CVE-2019-11881A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.πŸŽ–@cveNotify
2024-12-04 14:38:37
🚨 CVE-2024-12138A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-12-04 14:38:36
🚨 CVE-2024-30273Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-04 13:38:22
🚨 CVE-2023-40735Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cavo – Connecting for a Safer World BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-08-21.πŸŽ–@cveNotify
2024-12-04 11:37:40
🚨 CVE-2024-52276** INITIAL LIMITED RELEASE **User Interface (UI) Misrepresentation of Critical Information vulnerability in [WITHHELD] allows Content Spoofing.This issue affects [WITHHELD]: through 2024-12-04.πŸŽ–@cveNotify
2024-12-04 11:37:39
🚨 CVE-2024-52275Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50.πŸŽ–@cveNotify
2024-12-04 11:37:35
🚨 CVE-2024-52273Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50πŸŽ–@cveNotify
2024-12-04 11:37:34
🚨 CVE-2024-41156Profile files from TRO600 series radios are extracted in plain-textand encrypted file formats. Profile files provide potential attackersvaluable configuration information about the Tropos network. Profilescan only be exported by authenticated users with higher privilege of write access.πŸŽ–@cveNotify
2024-12-04 09:39:03
🚨 CVE-2024-5020Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-12-04 09:39:02
🚨 CVE-2024-10787The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created by Elementor that they should not have access to.πŸŽ–@cveNotify
2024-12-04 09:39:01
🚨 CVE-2024-10567The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates.πŸŽ–@cveNotify
2024-12-04 08:38:28
🚨 CVE-2024-50311A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users.πŸŽ–@cveNotify
2024-12-04 08:38:21
🚨 CVE-2023-40660A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.πŸŽ–@cveNotify
2024-12-04 08:38:20
🚨 CVE-2023-41175A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.πŸŽ–@cveNotify
2024-12-04 07:37:41
🚨 CVE-2024-11398Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.πŸŽ–@cveNotify
2024-12-04 07:37:40
🚨 CVE-2023-52943Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.πŸŽ–@cveNotify
2024-12-04 06:37:45
🚨 CVE-2024-54664An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context, a different vulnerability than CVE-2024-52945.πŸŽ–@cveNotify
2024-12-04 05:37:30
🚨 CVE-2024-54661readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file.πŸŽ–@cveNotify
2024-12-04 03:37:45
🚨 CVE-2024-11747The Responsive Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'somryv' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-12-04 03:37:38
🚨 CVE-2024-10663The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit a deactivation reason.πŸŽ–@cveNotify
2024-12-04 03:37:37
🚨 CVE-2024-10587The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.4.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.πŸŽ–@cveNotify
2024-12-04 02:37:44
🚨 CVE-2024-42451A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.πŸŽ–@cveNotify
2024-12-04 02:37:37
🚨 CVE-2024-53916In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the "Work in Progress" status as of 2024-11-24.πŸŽ–@cveNotify
2024-12-04 02:37:36
🚨 CVE-2024-11079A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.πŸŽ–@cveNotify
2024-12-04 02:07:42
🚨 CVE-2024-11680ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.πŸŽ–@cveNotify
2024-12-04 02:07:41
🚨 CVE-2023-45727Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.πŸŽ–@cveNotify
2024-12-03 23:38:00
🚨 CVE-2024-46624An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to /api/users.πŸŽ–@cveNotify
2024-12-03 21:37:58
🚨 CVE-2024-52547An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.πŸŽ–@cveNotify
2024-12-03 21:37:52
🚨 CVE-2024-52546An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 37810). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.πŸŽ–@cveNotify
2024-12-03 21:37:51
🚨 CVE-2024-53564A serious vulnerability was discovered in FreePBX 17.0.19.17. FreePBX does not verify the type of uploaded files and does not restrict user access paths, allowing attackers to remotely control the FreePBX server by uploading malicious files with malicious content and accessing the default directory where the files are uploaded. This will result in particularly serious consequences.πŸŽ–@cveNotify
2024-12-03 21:37:50
🚨 CVE-2024-36610A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code. NOTE: the Supplier has concluded that this is a false report.πŸŽ–@cveNotify
2024-12-03 21:37:46
🚨 CVE-2024-7511Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PSD files embedded in SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-23000.πŸŽ–@cveNotify
2024-12-03 21:37:45
🚨 CVE-2024-11168The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.πŸŽ–@cveNotify
2024-12-03 21:07:31
🚨 CVE-2024-53060In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: prevent NULL pointer dereference if ATIF is not supportedacpi_evaluate_object() may return AE_NOT_FOUND (failure), whichwould result in dereferencing buffer.pointer (obj) while being NULL.Although this case may be unrealistic for the current code, it isstill better to protect against possible bugs.Bail out also when status is AE_NOT_FOUND.This fixes 1 FORWARD_NULL issue reported by CoverityReport: CID 1600951: Null pointer dereferences (FORWARD_NULL)(cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1)πŸŽ–@cveNotify
2024-12-03 21:07:26
🚨 CVE-2023-42945A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may gain unauthorized access to Bluetooth.πŸŽ–@cveNotify
2024-12-03 21:07:25
🚨 CVE-2024-22337IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977.πŸŽ–@cveNotify
2024-12-03 20:38:08
🚨 CVE-2024-11968A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. The attack can be launched remotely.πŸŽ–@cveNotify
2024-12-03 20:38:02
🚨 CVE-2024-11967A vulnerability was found in PHPGurukul Complaint Management system 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/reset-password.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-12-03 20:38:01
🚨 CVE-2023-49559An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.πŸŽ–@cveNotify
2024-12-03 20:38:00
🚨 CVE-2024-33409SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter.πŸŽ–@cveNotify
2024-12-03 20:37:56
🚨 CVE-2023-42946This issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to leak sensitive user information.πŸŽ–@cveNotify
2024-12-03 20:37:55
🚨 CVE-2020-11063In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2.πŸŽ–@cveNotify
2024-12-03 20:07:25
🚨 CVE-2024-11971A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Affected by this vulnerability is an unknown functionality of the file /commons/attachment/upload of the component Avatar Handler. The manipulation of the argument files leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-12-03 19:37:45
🚨 CVE-2023-52727Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in parseAlignBits.πŸŽ–@cveNotify
2024-12-03 19:37:38
🚨 CVE-2024-21032Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).πŸŽ–@cveNotify
2024-12-03 19:37:37
🚨 CVE-2023-2005Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 .This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.πŸŽ–@cveNotify
2024-12-03 19:07:32
🚨 CVE-2023-31348A DLL hijacking vulnerability in AMD ?Prof could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.πŸŽ–@cveNotify
2024-12-03 18:08:09
🚨 CVE-2024-38859XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.πŸŽ–@cveNotify
2024-12-03 18:08:08
🚨 CVE-2024-28829Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges.πŸŽ–@cveNotify
2024-12-03 17:38:33
🚨 CVE-2024-50648yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.πŸŽ–@cveNotify
2024-12-03 17:38:32
🚨 CVE-2024-9902A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.πŸŽ–@cveNotify
2024-12-03 17:38:27
🚨 CVE-2023-31307Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.πŸŽ–@cveNotify
2024-12-03 17:38:26
🚨 CVE-2024-21052Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).πŸŽ–@cveNotify
2024-12-03 17:38:21
🚨 CVE-2024-20995Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).πŸŽ–@cveNotify
2024-12-03 17:38:20
🚨 CVE-2023-42878A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.πŸŽ–@cveNotify
2024-12-03 17:38:16
🚨 CVE-2023-42859The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system.πŸŽ–@cveNotify
2024-12-03 17:38:15
🚨 CVE-2023-42858The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.πŸŽ–@cveNotify
2024-12-03 17:07:49
🚨 CVE-2024-27323PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is not required to exploit this vulnerability.The specific flaw exists within the update functionality. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22224.πŸŽ–@cveNotify
2024-12-03 16:09:14
🚨 CVE-2024-11797Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24662.πŸŽ–@cveNotify
2024-12-03 16:09:07
🚨 CVE-2024-11794Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24504.πŸŽ–@cveNotify
2024-12-03 16:09:06
🚨 CVE-2024-11666Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated usersΒ  suitably positioned on the network between an EV charger controller and eCharge infrastructure can execute arbitrary commands with elevated privileges on affected devices.This issue affects cph2_echarge_firmware: through 2.0.4.πŸŽ–@cveNotify
2024-12-03 15:38:16
🚨 CVE-2018-9429In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.πŸŽ–@cveNotify
2024-12-03 15:38:10
🚨 CVE-2018-9426In Β RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java,Β an incorrect implementation could cause weak RSA key pairs being generated.Β This could lead to crypto vulnerability with no additional executionΒ privileges needed. User interaction is not needed for exploitation.Β Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard.πŸŽ–@cveNotify
2024-12-03 15:38:09
🚨 CVE-2024-53484Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key.πŸŽ–@cveNotify
2024-12-03 15:38:08
🚨 CVE-2024-52724ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php.πŸŽ–@cveNotify
2024-12-03 15:38:04
🚨 CVE-2024-54159stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp/rtthrottle symlink attack.πŸŽ–@cveNotify
2024-12-03 15:38:03
🚨 CVE-2024-11744A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.πŸŽ–@cveNotify
2024-12-03 10:38:22
🚨 CVE-2024-45106Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if: * ozone.s3g.secret.http.enabled is set to true. The default value of this configuration is false. * The user configured in ozone.s3g.kerberos.principal is also configured in ozone.s3.administrators or ozone.administrators.Users are recommended to upgrade to Apache Ozone version 1.4.1 which disables the affected endpoint.πŸŽ–@cveNotify
2024-12-03 10:38:21
🚨 CVE-2024-11325The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-12-03 09:38:30
🚨 CVE-2024-11844The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete terms for the "boards" taxonomy.πŸŽ–@cveNotify
2024-12-03 07:37:30
🚨 CVE-2024-9058The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-12-03 06:37:53
🚨 CVE-2024-49413Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.πŸŽ–@cveNotify
2024-12-03 06:37:47
🚨 CVE-2024-49412Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch.πŸŽ–@cveNotify
2024-12-03 06:37:46
🚨 CVE-2024-10893The WP Booking Calendar WordPress plugin before 10.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).πŸŽ–@cveNotify
2024-12-03 06:37:45
🚨 CVE-2024-10484The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-12-03 03:38:09
🚨 CVE-2024-9694The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-12-03 03:38:08
🚨 CVE-2024-20125In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained System privileges. User interaction is not needed for exploitation. Patch ID: ALPS09046782; Issue ID: MSV-1728.πŸŽ–@cveNotify
2024-12-03 02:38:12
🚨 CVE-2024-9200A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.πŸŽ–@cveNotify
2024-12-03 02:38:11
🚨 CVE-2021-20784HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product.πŸŽ–@cveNotify
2024-12-03 01:37:49
🚨 CVE-2018-9441In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of boundsΒ read due to an incorrect bounds check. This could lead to local informationΒ disclosure with no additional execution privileges needed. User interactionΒ is needed for exploitation.πŸŽ–@cveNotify
2024-12-02 23:37:42
🚨 CVE-2024-53937An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions. Device setup does not require this password to be changed during setup in order to utilize the device. (However, the TELNET password is dictated by the current GUI password.)πŸŽ–@cveNotify
2024-12-02 23:07:54
🚨 CVE-2024-49523Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.πŸŽ–@cveNotify
2024-12-02 23:07:53
🚨 CVE-2024-45153Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.πŸŽ–@cveNotify
2024-12-02 22:37:39
🚨 CVE-2023-44347Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-02 22:37:33
🚨 CVE-2023-44346Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-02 22:37:32
🚨 CVE-2023-44343Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-02 22:37:31
🚨 CVE-2023-44342Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-02 22:08:05
🚨 CVE-2024-26034Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.πŸŽ–@cveNotify
2024-12-02 22:07:58
🚨 CVE-2024-26030Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.πŸŽ–@cveNotify
2024-12-02 22:07:57
🚨 CVE-2024-26028Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.πŸŽ–@cveNotify
2024-12-02 21:37:49
🚨 CVE-2024-34099Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-02 21:37:42
🚨 CVE-2024-34095Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-02 21:37:41
🚨 CVE-2024-34094Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-02 21:37:37
🚨 CVE-2024-30311Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-02 21:37:36
🚨 CVE-2024-30301Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-02 21:08:00
🚨 CVE-2024-30290Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-02 21:07:53
🚨 CVE-2024-30287Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-02 21:07:52
🚨 CVE-2024-30283Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-02 20:37:44
🚨 CVE-2024-53364A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php. This vulnerability affects the viewid parameter, where improper input sanitization allows attackers to inject malicious SQL queries.πŸŽ–@cveNotify
2024-12-02 20:37:37
🚨 CVE-2024-30307Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-02 20:37:36
🚨 CVE-2023-44341Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-02 20:07:54
🚨 CVE-2024-1675Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)πŸŽ–@cveNotify
2024-12-02 20:07:53
🚨 CVE-2024-1674Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)πŸŽ–@cveNotify
2024-12-02 19:37:41
🚨 CVE-2024-5890ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website.ServiceNow released updatesΒ to customers that addressed this vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance(s) as soon as possible.πŸŽ–@cveNotify
2024-12-02 19:37:40
🚨 CVE-2024-53484Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key.πŸŽ–@cveNotify
2024-12-02 19:37:36
🚨 CVE-2024-53861pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `"acb"` being accepted for `"_abc_"`. This is a bug introduced in version 2.10.0: checking the "iss" claim changed from `isinstance(issuer, list)` to `isinstance(issuer, Sequence)`. Since str is a Sequnce, but not a list, `in` is also used for string comparison. This results in `if "abc" not in "__abcd__":` being checked instead of `if "abc" != "__abc__":`. Signature checks are still present so real world impact is likely limited to denial of service scenarios. This issue has been patched in version 2.10.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2024-12-02 19:37:35
🚨 CVE-2022-4395The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.πŸŽ–@cveNotify
2024-12-02 18:38:13
🚨 CVE-2024-47078Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone (i.e., via bluetooth). Prior to version 2.5.1, multiple weaknesses in the MQTT implementation allow for authentication and authorization bypasses resulting in unauthorized control of MQTT-connected nodes. Version 2.5.1 contains a patch.πŸŽ–@cveNotify
2024-12-02 18:38:12
🚨 CVE-2024-22272VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own organization's scope.πŸŽ–@cveNotify
2024-12-02 18:38:11
🚨 CVE-2024-34923In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, and SVIP1020 Appliance firmware 01.06.00.03 before 01.07.00.00, there is reflected cross-site scripting (XSS).πŸŽ–@cveNotify
2024-12-02 18:07:50
🚨 CVE-2024-30282Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-12-02 17:37:42
🚨 CVE-2023-36366An issue in the log_create_delta component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause Denial of Service (DoS) via crafted SQL statements.πŸŽ–@cveNotify
2024-12-02 17:37:35
🚨 CVE-2023-36363An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.πŸŽ–@cveNotify
2024-12-02 17:37:34
🚨 CVE-2023-36362An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.πŸŽ–@cveNotify
2024-11-25 16:37:48
🚨 CVE-2024-35401TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.πŸŽ–@cveNotify
2024-11-25 16:37:41
🚨 CVE-2024-27906Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerabilityπŸŽ–@cveNotify
2024-11-25 16:37:40
🚨 CVE-2023-28461Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."πŸŽ–@cveNotify
2024-11-25 15:39:07
🚨 CVE-2024-11671Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching.πŸŽ–@cveNotify
2024-11-25 15:39:06
🚨 CVE-2024-11670Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions.πŸŽ–@cveNotify
2024-11-25 15:39:03
🚨 CVE-2024-50066In the Linux kernel, the following vulnerability has been resolved:mm/mremap: fix move_normal_pmd/retract_page_tables raceIn mremap(), move_page_tables() looks at the type of the PMD entry and thespecified address range to figure out by which method the next chunk ofpage table entries should be moved.At that point, the mmap_lock is held in write mode, but no rmap locks areheld yet. For PMD entries that point to page tables and are fully coveredby the source address range, move_pgt_entry(NORMAL_PMD, ...) is called,which first takes rmap locks, then does move_normal_pmd(). move_normal_pmd() takes the necessary page table locks at source anddestination, then moves an entire page table from the source to thedestination.The problem is: The rmap locks, which protect against concurrent pagetable removal by retract_page_tables() in the THP code, are only takenafter the PMD entry has been read and it has been decided how to move it. So we can race as follows (with two processes that have mappings of thesame tmpfs file that is stored on a tmpfs mount with huge=advise); notethat process A accesses page tables through the MM while process B does itthrough the file rmap:process A process B========= =========mremap mremap_to move_vma move_page_tables get_old_pmd alloc_new_pmd *** PREEMPT *** madvise(MADV_COLLAPSE) do_madvise madvise_walk_vmas madvise_vma_behavior madvise_collapse hpage_collapse_scan_file collapse_file retract_page_tables i_mmap_lock_read(mapping) pmdp_collapse_flush i_mmap_unlock_read(mapping) move_pgt_entry(NORMAL_PMD, ...) take_rmap_locks move_normal_pmd drop_rmap_locksWhen this happens, move_normal_pmd() can end up creating bogus PMD entriesin the line `pmd_populate(mm, new_pmd, pmd_pgtable(pmd))`. The effectdepends on arch-specific and machine-specific details; on x86, you can endup with physical page 0 mapped as a page table, which is likelyexploitable for user->kernel privilege escalation.Fix the race by letting process B recheck that the PMD still points to apage table after the rmap locks have been taken. Otherwise, we bail andlet the caller fall back to the PTE-level copying path, which will thenbail immediately at the pmd_none() check.Bug reachability: Reaching this bug requires that you can createshmem/file THP mappings - anonymous THP uses different code that doesn'tzap stuff under rmap locks. File THP is gated on an experimental configflag (CONFIG_READ_ONLY_THP_FOR_FS), so on normal distro kernels you needshmem THP to hit this bug. As far as I know, getting shmem THP normallyrequires that you can mount your own tmpfs with the right mount flags,which would require creating your own user+mount namespace; though I don'tknow if some distros maybe enable shmem THP by default or something likethat.Bug impact: This issue can likely be used for user->kernel privilegeescalation when it is reachable.πŸŽ–@cveNotify
2024-11-25 15:39:02
🚨 CVE-2023-51626D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Username Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the Authorization header by the RTSP server, which listens on TCP port 554. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21320.πŸŽ–@cveNotify
2024-11-25 15:39:01
🚨 CVE-2023-51625D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the implementation of the ONVIF API, which listens on TCP port 80. When parsing the sch:TZ XML element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21319.πŸŽ–@cveNotify
2024-11-25 14:38:37
🚨 CVE-2024-52392Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.25.πŸŽ–@cveNotify
2024-11-25 14:38:36
🚨 CVE-2023-5989An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies' LioXERP allows an authenticated user to execute Stored XSS.This issue affects LioXERP: before v.146.πŸŽ–@cveNotify
2024-11-25 14:07:44
🚨 CVE-2024-53074In the Linux kernel, the following vulnerability has been resolved:wifi: iwlwifi: mvm: don't leak a link on AP removalRelease the link mapping resource in AP removal. This impacted devicesthat do not support the MLD API (9260 and down).On those devices, we couldn't start the AP again after the AP has beenalready started and stopped.πŸŽ–@cveNotify
2024-11-25 14:07:43
🚨 CVE-2024-0022In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-11-25 09:39:19
🚨 CVE-2024-11664A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 22b0b443acca740fc83b5544165c1f53eff3f529. It is recommended to apply a patch to fix this issue.πŸŽ–@cveNotify
2024-11-25 09:39:12
🚨 CVE-2021-23282Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. Thevulnerability exists due to insufficient validation of input from certain resources by the IPM software.The attacker would need access to the local Subnet and an administrator interaction to compromisethe systemπŸŽ–@cveNotify
2024-11-25 09:39:11
🚨 CVE-2024-0564A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page.πŸŽ–@cveNotify
2024-11-25 06:38:16
🚨 CVE-2024-7056The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).πŸŽ–@cveNotify
2024-11-25 06:38:10
🚨 CVE-2024-6393The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)πŸŽ–@cveNotify
2024-11-25 06:38:09
🚨 CVE-2024-10710The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).πŸŽ–@cveNotify
2024-11-25 06:38:08
🚨 CVE-2024-10709The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2024-11-25 00:40:00
🚨 CVE-2024-53916In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the "Work in Progress" status as of 2024-11-24.πŸŽ–@cveNotify
2024-11-25 00:39:59
🚨 CVE-2024-10041A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.πŸŽ–@cveNotify
2024-11-24 23:38:08
🚨 CVE-2024-11665Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in hardy-barth cph2_echarge_firmware allows OS Command Injection.This issue affects cph2_echarge_firmware: through 2.0.4.πŸŽ–@cveNotify
2024-11-24 23:38:07
🚨 CVE-2024-9902A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.πŸŽ–@cveNotify
2024-11-24 21:37:32
🚨 CVE-2024-53914An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.πŸŽ–@cveNotify
2024-11-24 21:37:25
🚨 CVE-2024-53910An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.πŸŽ–@cveNotify
2024-11-24 21:37:24
🚨 CVE-2024-53909An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.πŸŽ–@cveNotify
2024-11-24 20:37:31
🚨 CVE-2024-9676A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.πŸŽ–@cveNotify
2024-11-24 19:37:46
🚨 CVE-2024-7923An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access.πŸŽ–@cveNotify
2024-11-24 17:38:17
🚨 CVE-2024-2698A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request.In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.πŸŽ–@cveNotify
2024-11-24 16:37:35
🚨 CVE-2023-3758A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.πŸŽ–@cveNotify
2024-11-24 15:37:56
🚨 CVE-2024-0012An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 .The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommendedΒ  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software.Cloud NGFW and Prisma Access are not impacted by this vulnerability.πŸŽ–@cveNotify
2024-11-24 15:37:55
🚨 CVE-2024-11068The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.πŸŽ–@cveNotify
2024-11-24 15:37:51
🚨 CVE-2024-11066The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page.πŸŽ–@cveNotify
2024-11-24 15:37:50
🚨 CVE-2021-22763A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.πŸŽ–@cveNotify
2024-11-24 14:37:42
🚨 CVE-2024-1753A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.πŸŽ–@cveNotify
2024-11-24 12:38:06
🚨 CVE-2023-41175A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.πŸŽ–@cveNotify
2024-11-24 02:38:47
🚨 CVE-2024-11233In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error inΒ convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.πŸŽ–@cveNotify
2024-11-23 21:37:42
🚨 CVE-2024-39710Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.7 allows a remote authenticated attacker with admin privileges to achieve remote code execution.πŸŽ–@cveNotify
2024-11-23 21:37:35
🚨 CVE-2024-38649An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.πŸŽ–@cveNotify
2024-11-23 21:37:34
🚨 CVE-2024-52533gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.πŸŽ–@cveNotify
2024-11-23 14:37:39
🚨 CVE-2024-35160IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2Β and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6Β could allow an authenticated user to obtain sensitive information due to insufficient session expiration.πŸŽ–@cveNotify
2024-11-23 14:37:38
🚨 CVE-2024-11632A vulnerability was found in code-projects Simple Car Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file /book_car.php. The manipulation of the argument fname/id_no/gender/email/phone/location leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "fname" to be affected. Further analysis indicates that other arguments might be affected as well.πŸŽ–@cveNotify
2024-11-23 13:38:19
🚨 CVE-2023-7299A vulnerability was found in DataGear up to 4.60. It has been declared as critical. This vulnerability affects unknown code of the file /dataSet/resolveSql. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. Upgrading to version 4.7.0 is able to address this issue. It is recommended to upgrade the affected component.πŸŽ–@cveNotify
2024-11-23 12:37:59
🚨 CVE-2024-11231The 우컀머슀 λ„€μ΄λ²„νŽ˜μ΄ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mnp_purchase shortcode in all versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-11-23 12:37:58
🚨 CVE-2024-11034The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via fire_contact_form AJAX action in all versions up to, and including, 1.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.πŸŽ–@cveNotify
2024-11-23 08:37:49
🚨 CVE-2024-9942The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJ_gmgt_user_avatar_image_upload() function in all versions up to, and including, 67.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.πŸŽ–@cveNotify
2024-11-23 08:37:44
🚨 CVE-2024-9660The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and including, 91.5.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.πŸŽ–@cveNotify
2024-11-23 08:37:43
🚨 CVE-2024-10803The MP3 Sticky Player plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. Please note the vendor released the patched version as the same version as the affected version.πŸŽ–@cveNotify
2024-11-23 07:37:57
🚨 CVE-2024-11330The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-11-23 05:39:49
🚨 CVE-2024-11387The Easy Liveblogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elb_liveblog' shortcode in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-11-23 05:39:44
🚨 CVE-2024-11332The HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hipaatizer' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-11-23 05:39:43
🚨 CVE-2024-10606The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpte_onboard_save_function_callback() function in all versions up to, and including, 6.2.1. This makes it possible for authenticated attackers, with contributor-level access and above, to modify several settings that could have an impact such as lost revenue and page updates.πŸŽ–@cveNotify
2024-11-23 04:37:49
🚨 CVE-2024-10961The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.πŸŽ–@cveNotify
2024-11-23 04:37:43
🚨 CVE-2024-10886The Tribute Testimonials – WordPress Testimonial Grid/Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tribute_testimonials_slider' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-11-23 04:37:42
🚨 CVE-2024-10868The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.9 via the Advanced Tabs widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.πŸŽ–@cveNotify
2024-11-23 04:37:41
🚨 CVE-2024-10813The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1 via the var_dump_table parameter. This makes it possible for unauthenticated attackers var data.πŸŽ–@cveNotify
2024-11-23 04:37:37
🚨 CVE-2024-10216The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add or remove a Carbon Fields custom sidebar if the Carbon Fields (carbon-fields) plugin is installed.πŸŽ–@cveNotify
2024-11-23 04:37:36
🚨 CVE-2023-40660A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.πŸŽ–@cveNotify
2024-11-23 01:07:39
🚨 CVE-2024-51208File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter.πŸŽ–@cveNotify
2024-11-23 01:07:34
🚨 CVE-2024-6698The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the update_user_meta function. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta which can be leveraged to update their capabilities to gain administrator access.πŸŽ–@cveNotify
2024-11-23 01:07:33
🚨 CVE-2024-5924Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of shared folders. When syncing files from a shared folder belonging to an untrusted account, the Dropbox desktop application does not apply the Mark-of-the-Web to the local files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23991.πŸŽ–@cveNotify
2024-11-22 22:39:52
🚨 CVE-2024-6819IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23219.πŸŽ–@cveNotify
2024-11-22 22:39:45
🚨 CVE-2024-11394Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012.πŸŽ–@cveNotify
2024-11-22 22:39:44
🚨 CVE-2024-11392Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322.πŸŽ–@cveNotify
2024-11-22 22:39:40
🚨 CVE-2018-9419In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-11-22 22:39:39
🚨 CVE-2024-53076In the Linux kernel, the following vulnerability has been resolved:iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table()If per_time_scales[i] or per_time_gains[i] kcalloc fails in the for loopof iio_gts_build_avail_scale_table(), the err_free_out will fail to callkfree() each time when i is reduced to 0, so all the per_time_scales[0]and per_time_gains[0] will not be freed, which will cause memory leaks.Fix it by checking if i >= 0.πŸŽ–@cveNotify
2024-11-22 22:39:34
🚨 CVE-2024-53043In the Linux kernel, the following vulnerability has been resolved:mctp i2c: handle NULL header addressdaddr can be NULL if there is no neighbour table entry present,in that case the tx packet should be dropped.saddr will usually be set by MCTP core, but check for NULL in case apacket is transmitted by a different protocol.πŸŽ–@cveNotify
2024-11-22 22:39:33
🚨 CVE-2024-25991In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-11-22 21:09:13
🚨 CVE-2024-11588A vulnerability was found in AVL-DiTEST-DiagDev libdoip 1.0.0. It has been rated as problematic. This issue affects the function DoIPConnection::reactOnReceivedTcpMessage of the file DoIPConnection.cpp. The manipulation leads to null pointer dereference.πŸŽ–@cveNotify
2024-11-22 21:09:12
🚨 CVE-2024-50158In the Linux kernel, the following vulnerability has been resolved:RDMA/bnxt_re: Fix out of bound checkDriver exports pacing stats only on GenP5 and P7 adapters. But whileparsing the pacing stats, driver has a check for "rdev->dbr_pacing". Thiscaused a trace when KASAN is enabled.BUG: KASAN: slab-out-of-bounds in bnxt_re_get_hw_stats+0x2b6a/0x2e00 [bnxt_re]Write of size 8 at addr ffff8885942a6340 by task modprobe/4809πŸŽ–@cveNotify
2024-11-22 20:37:47
🚨 CVE-2024-30861netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configguide/ipsec_guide_1.php.πŸŽ–@cveNotify
2024-11-22 20:08:08
🚨 CVE-2024-20537A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions.This vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to conduct administrative functions beyond their intended access level. To exploit this vulnerability, an attacker would need Read-Only Administrator credentials.πŸŽ–@cveNotify
2024-11-22 20:08:07
🚨 CVE-2024-1309Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.πŸŽ–@cveNotify
2024-11-22 19:37:33
🚨 CVE-2024-40750Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation.πŸŽ–@cveNotify
2024-11-22 19:37:27
🚨 CVE-2024-32923there is a possible cellular denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-11-22 19:37:26
🚨 CVE-2024-23240The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.πŸŽ–@cveNotify
2024-11-22 19:37:25
🚨 CVE-2023-52368Input verification vulnerability in the account module.Successful exploitation of this vulnerability may cause features to perform abnormally.πŸŽ–@cveNotify
2024-11-22 17:37:53
🚨 CVE-2024-50042In the Linux kernel, the following vulnerability has been resolved:ice: Fix increasing MSI-X on VFIncreasing MSI-X value on a VF leads to invalid memory operations. Thisis caused by not reallocating some arrays.Reproducer: modprobe ice echo 0 > /sys/bus/pci/devices/$PF_PCI/sriov_drivers_autoprobe echo 1 > /sys/bus/pci/devices/$PF_PCI/sriov_numvfs echo 17 > /sys/bus/pci/devices/$VF0_PCI/sriov_vf_msix_countDefault MSI-X is 16, so 17 and above triggers this issue.KASAN reports: BUG: KASAN: slab-out-of-bounds in ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice] Read of size 8 at addr ffff8888b937d180 by task bash/28433 (...) Call Trace: (...) ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice] kasan_report+0xed/0x120 ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice] ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice] ice_vsi_cfg_def+0x3360/0x4770 [ice] ? mutex_unlock+0x83/0xd0 ? __pfx_ice_vsi_cfg_def+0x10/0x10 [ice] ? __pfx_ice_remove_vsi_lkup_fltr+0x10/0x10 [ice] ice_vsi_cfg+0x7f/0x3b0 [ice] ice_vf_reconfig_vsi+0x114/0x210 [ice] ice_sriov_set_msix_vec_count+0x3d0/0x960 [ice] sriov_vf_msix_count_store+0x21c/0x300 (...) Allocated by task 28201: (...) ice_vsi_cfg_def+0x1c8e/0x4770 [ice] ice_vsi_cfg+0x7f/0x3b0 [ice] ice_vsi_setup+0x179/0xa30 [ice] ice_sriov_configure+0xcaa/0x1520 [ice] sriov_numvfs_store+0x212/0x390 (...)To fix it, use ice_vsi_rebuild() instead of ice_vf_reconfig_vsi(). Thiscauses the required arrays to be reallocated taking the new queue countinto account (ice_vsi_realloc_stat_arrays()). Set req_txq and req_rxqbefore ice_vsi_rebuild(), so that realloc uses the newly set queuecount.Additionally, ice_vsi_rebuild() does not remove VSI filters(ice_fltr_remove_all()), so ice_vf_init_host_cfg() is no longernecessary.πŸŽ–@cveNotify
2024-11-22 17:37:52
🚨 CVE-2023-36258An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.πŸŽ–@cveNotify
2024-11-22 16:39:29
🚨 CVE-2024-37664Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router.πŸŽ–@cveNotify
2024-11-22 16:39:22
🚨 CVE-2024-32394An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 and RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request.πŸŽ–@cveNotify
2024-11-22 16:39:21
🚨 CVE-2024-23293This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.πŸŽ–@cveNotify
2024-11-22 10:38:34
🚨 CVE-2017-9711Certain unprivileged processes are able to perform IOCTL calls.πŸŽ–@cveNotify
2024-11-22 06:38:18
🚨 CVE-2024-9422The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.πŸŽ–@cveNotify
2024-11-22 06:38:17
🚨 CVE-2024-11601The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the save_options() function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please note this is limited to option values that can be saved as arrays.πŸŽ–@cveNotify
2024-11-22 06:38:16
🚨 CVE-2024-11381The Control horas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ch_registro' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-11-22 06:38:12
🚨 CVE-2024-11225The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.9.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-11-22 06:38:11
🚨 CVE-2024-10034The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gallery link text parameter in all versions up to, and including, 3.2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-11-22 02:40:12
🚨 CVE-2024-47142AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier contain an issue with insufficiently protected credentials, which may allow a network-adjacent authenticated attacker to perform unintended operations.πŸŽ–@cveNotify
2024-11-22 02:40:11
🚨 CVE-2024-31408OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request.πŸŽ–@cveNotify
2024-11-22 02:08:35
🚨 CVE-2024-21287Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).πŸŽ–@cveNotify
2024-11-22 02:08:34
🚨 CVE-2024-38812TheΒ vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.Β A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.πŸŽ–@cveNotify
2024-11-21 20:40:20
🚨 CVE-2024-25977The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's account being taken over.πŸŽ–@cveNotify
2024-11-21 20:40:13
🚨 CVE-2023-46839PCI devices can make use of a functionality called phantom functions,that when enabled allows the device to generate requests using the IDsof functions that are otherwise unpopulated. This allows a device toextend the number of outstanding requests.Such phantom functions need an IOMMU context setup, but failure tosetup the context is not fatal when the device is assigned. Notfailing device assignment when such failure happens can lead to theprimary device being assigned to a guest, while some of the phantomfunctions are assigned to a different domain.πŸŽ–@cveNotify
2024-11-21 20:40:12
🚨 CVE-2023-52377Vulnerability of input data not being verified in the cellular data module.Successful exploitation of this vulnerability may cause out-of-bounds access.πŸŽ–@cveNotify
2024-11-21 10:10:02
None
2024-11-20 21:07:25
🚨 CVE-2024-46812In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration[Why]Coverity reports Memory - illegal accesses.[How]Skip inactive planes.πŸŽ–@cveNotify
2024-11-20 21:07:24
🚨 CVE-2024-46794In the Linux kernel, the following vulnerability has been resolved:x86/tdx: Fix data leak in mmio_read()The mmio_read() function makes a TDVMCALL to retrieve MMIO data for anaddress from the VMM.Sean noticed that mmio_read() unintentionally exposes the value of aninitialized variable (val) on the stack to the VMM.This variable is only needed as an output value. It did not need to bepassed to the VMM in the first place.Do not send the original value of *val to the VMM.[ dhansen: clarify what 'val' is used for. ]πŸŽ–@cveNotify
2024-11-20 20:37:32
🚨 CVE-2018-9409In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-11-20 20:37:26
🚨 CVE-2018-9371In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that allows arbitrary peripheral memory mapping with insufficient blacklisting/whitelisting. This could lead to local elevation of privilege, given physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.πŸŽ–@cveNotify
2024-11-20 20:37:25
🚨 CVE-2024-33014Transient DOS while parsing ESP IE from beacon/probe response frame.πŸŽ–@cveNotify
2024-11-20 20:07:31
🚨 CVE-2024-33025Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.πŸŽ–@cveNotify
2024-11-20 20:07:26
🚨 CVE-2024-33018Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.πŸŽ–@cveNotify
2024-11-20 20:07:25
🚨 CVE-2023-27742IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.πŸŽ–@cveNotify
2024-11-20 19:37:39
🚨 CVE-2018-9471In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-11-20 19:37:32
🚨 CVE-2018-9470In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.πŸŽ–@cveNotify
2024-11-20 19:37:31
🚨 CVE-2024-52714Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime.πŸŽ–@cveNotify
2024-11-20 19:37:30
🚨 CVE-2024-33023Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.πŸŽ–@cveNotify
2024-11-20 19:37:26
🚨 CVE-2024-33021Memory corruption while processing IOCTL call to set metainfo.πŸŽ–@cveNotify
2024-11-20 19:37:25
🚨 CVE-2024-24051Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode file.πŸŽ–@cveNotify
2024-11-20 19:07:24
🚨 CVE-2024-4705The Testimonials Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonials shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-11-20 18:07:26
🚨 CVE-2024-46817In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6[Why]Coverity reports OVERRUN warning. Should abort amdgpu_dminitialize.[How]Return failure to amdgpu_dm_init.πŸŽ–@cveNotify
2024-11-20 18:07:25
🚨 CVE-2024-46777In the Linux kernel, the following vulnerability has been resolved:udf: Avoid excessive partition lengthsAvoid mounting filesystems where the partition would overflow the32-bits used for block number. Also refuse to mount filesystems wherethe partition length is so large we cannot safely index bits in ablock bitmap.πŸŽ–@cveNotify
2024-11-20 18:07:24
🚨 CVE-2024-46776In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Run DC_LOG_DC after checking link->link_enc[WHAT]The DC_LOG_DC should be run after link->link_enc is checked, not before.This fixes 1 REVERSE_INULL issue reported by Coverity.πŸŽ–@cveNotify
2024-11-20 17:07:48
🚨 CVE-2024-20530A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.πŸŽ–@cveNotify
2024-11-20 17:07:47
🚨 CVE-2024-7193A vulnerability has been found in Mp3tag up to 3.26d and classified as problematic. This vulnerability affects unknown code in the library tak_deco_lib.dll of the component DLL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.26e is able to address this issue. It is recommended to upgrade the affected component. VDB-272614 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product.πŸŽ–@cveNotify
2024-11-20 16:38:05
🚨 CVE-2023-32203Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.πŸŽ–@cveNotify
2024-11-20 16:38:04
🚨 CVE-2023-32539Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process.πŸŽ–@cveNotify
2024-11-20 15:37:25
🚨 CVE-2022-48646In the Linux kernel, the following vulnerability has been resolved:sfc/siena: fix null pointer dereference in efx_hard_start_xmitLike in previous patch for sfc, prevent potential (but unlikely) NULLpointer dereference.πŸŽ–@cveNotify
2024-11-20 15:08:28
🚨 CVE-2024-50352LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.πŸŽ–@cveNotify
2024-11-20 15:08:21
🚨 CVE-2024-49764LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This vulnerability results in the execution of malicious code when the "Capture Debug Information" page is visited, redirecting the user and sending non-httponly cookies to an attacker-controlled domain. This vulnerability is fixed in 24.10.0.πŸŽ–@cveNotify
2024-11-20 15:08:20
🚨 CVE-2024-49754LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This vulnerability can result in the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.πŸŽ–@cveNotify
2024-11-20 15:08:16
🚨 CVE-2024-9356The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpo_user_email' and 'yotpo_user_name' parameters in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-11-20 15:08:15
🚨 CVE-2024-10924The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).πŸŽ–@cveNotify
2024-11-20 15:08:14
🚨 CVE-2024-33028Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.πŸŽ–@cveNotify
2024-11-20 15:08:10
🚨 CVE-2023-33184Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.πŸŽ–@cveNotify
2024-11-20 15:08:09
🚨 CVE-2020-8156A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.πŸŽ–@cveNotify
2024-11-20 14:07:45
🚨 CVE-2024-46823In the Linux kernel, the following vulnerability has been resolved:kunit/overflow: Fix UB in overflow_allocation_testThe 'device_name' array doesn't exist out of the'overflow_allocation_test' function scope. However, it is being used asa driver name when calling 'kunit_driver_create' from'kunit_device_register'. It produces the kernel panic with KASANenabled.Since this variable is used in one place only, remove it and pass thedevice name into kunit_device_register directly as an ascii string.πŸŽ–@cveNotify
2024-11-20 14:07:44
🚨 CVE-2024-33034Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.πŸŽ–@cveNotify
2024-11-20 13:07:29
🚨 CVE-2020-11727A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter.πŸŽ–@cveNotify
2024-11-20 13:07:28
🚨 CVE-2018-11525The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.πŸŽ–@cveNotify
2024-11-20 12:37:32
🚨 CVE-2024-52439Deserialization of Untrusted Data vulnerability in Mark O’Donnell Team Rosters allows Object Injection.This issue affects Team Rosters: from n/a through 4.6.πŸŽ–@cveNotify
2024-11-20 12:37:26
🚨 CVE-2024-52438Missing Authentication for Critical Function vulnerability in deco.Agency de:branding allows Privilege Escalation.This issue affects de:branding: from n/a through 1.0.2.πŸŽ–@cveNotify
2024-11-20 12:37:25
🚨 CVE-2024-11404Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3.πŸŽ–@cveNotify
2024-11-20 12:37:24
🚨 CVE-2024-10520The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes in version 2.6.14. This makes it possible for unauthenticated attackers to create milestones, create task lists, create tasks, or delete tasks in any project. NOTE: Version 2.6.14 implemented a partial fix for this vulnerability.πŸŽ–@cveNotify
2024-11-20 11:37:32
🚨 CVE-2024-48899A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.πŸŽ–@cveNotify
2024-11-20 11:37:26
🚨 CVE-2024-45691A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values.πŸŽ–@cveNotify
2024-11-20 11:37:25
🚨 CVE-2024-10872The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template-post-custom-field` block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-11-20 11:37:24
🚨 CVE-2024-10382There exists a code execution vulnerability in the Car App Android Jetpack Library. In the CarAppService desrialization logic is used that allows for arbitrary java classes to be constructed. In combination with other gadgets, this can lead to arbitrary code execution. An attacker needs to have an app on a victims Android device that uses the CarAppService Class and the victim would need to install a malicious app alongside it. We recommend upgrading the library past versionΒ 1.7.0-beta02πŸŽ–@cveNotify
2024-11-20 10:37:32
🚨 CVE-2024-11179The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'status_type' parameter in all versions up to, and including, 4.15.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.πŸŽ–@cveNotify
2024-11-20 10:37:31
🚨 CVE-2024-10665The Yaad Sarig Payment Gateway For WC plugin for WordPress is vulnerable to unauthorized modification & access of data due to a missing capability check on the yaadpay_view_log_callback() and yaadpay_delete_log_callback() functions in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and delete logs.πŸŽ–@cveNotify
2024-11-20 09:37:25
🚨 CVE-2024-10127Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration.πŸŽ–@cveNotify
2024-11-20 09:37:24
🚨 CVE-2024-10126Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.πŸŽ–@cveNotify
2024-11-20 08:37:28
🚨 CVE-2024-52033Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi.πŸŽ–@cveNotify
2024-11-20 08:37:27
🚨 CVE-2024-11319Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.πŸŽ–@cveNotify
2024-11-20 07:37:32
🚨 CVE-2024-8726The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-11-20 07:37:25
🚨 CVE-2024-10855The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the filename parameter of the sirv_upload_file_by_chunks() function and lack of in all versions up to, and including, 7.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.πŸŽ–@cveNotify
2024-11-20 07:37:24
🚨 CVE-2024-10365The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tp_carousel_anything.php, modules/widgets/tp_page_scroll.php, and other widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.πŸŽ–@cveNotify
2024-11-20 06:37:25
🚨 CVE-2024-52614Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for Android versions prior to 3.8.5. If this vulnerability is exploited, a local attacker may obtain the login ID and password for the affected product.πŸŽ–@cveNotify
2024-11-20 06:37:24
🚨 CVE-2024-10515In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoorπŸŽ–@cveNotify
2024-11-20 05:37:24
🚨 CVE-2024-11278The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-11-20 01:37:24
🚨 CVE-2024-8403Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 and later and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication of the products by sending specially crafted SLMP packets.πŸŽ–@cveNotify
2024-11-20 00:37:25
🚨 CVE-2024-44306A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app may be able to execute arbitrary code with kernel privileges.πŸŽ–@cveNotify
2024-11-20 00:37:24
🚨 CVE-2018-9467In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-11-19 23:37:25
🚨 CVE-2018-9440In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.πŸŽ–@cveNotify
2024-11-19 23:37:24
🚨 CVE-2023-52728Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString.πŸŽ–@cveNotify
2024-11-19 22:37:25
🚨 CVE-2023-52374Permission control vulnerability in the package management module.Successful exploitation of this vulnerability may affect service confidentiality.πŸŽ–@cveNotify
2024-11-19 22:37:24
🚨 CVE-2024-25941The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail.Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked.πŸŽ–@cveNotify
2024-11-19 22:07:26
🚨 CVE-2024-39726IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.πŸŽ–@cveNotify
2024-11-19 22:07:25
🚨 CVE-2024-11247A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The manipulation of the argument brand leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.πŸŽ–@cveNotify
2024-11-19 21:37:32
🚨 CVE-2024-46613WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_free_split, string_free_split_command, and string_free_split_tags.πŸŽ–@cveNotify
2024-11-19 21:37:26
🚨 CVE-2024-27532wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types.πŸŽ–@cveNotify
2024-11-19 21:37:25
🚨 CVE-2024-21058Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Unified Audit accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).πŸŽ–@cveNotify
2024-11-19 21:37:24
🚨 CVE-2024-25170An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.πŸŽ–@cveNotify
2024-11-19 21:07:33
🚨 CVE-2024-43452Windows Registry Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2024-11-19 21:07:26
🚨 CVE-2024-43449Windows USB Video Class System Driver Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2024-11-19 21:07:25
🚨 CVE-2024-38264Microsoft Virtual Hard Disk (VHDX) Denial of Service VulnerabilityπŸŽ–@cveNotify
2024-11-19 21:07:24
🚨 CVE-1999-0965Race condition in xterm allows local users to modify arbitrary files via the logging option.πŸŽ–@cveNotify
2024-11-19 20:07:26
🚨 CVE-2024-41167Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2024-11-19 20:07:25
🚨 CVE-2024-43498.NET and Visual Studio Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-11-19 19:37:32
🚨 CVE-2024-11209A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-11-19 19:37:25
🚨 CVE-2023-45922glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.πŸŽ–@cveNotify
2024-11-19 19:37:24
🚨 CVE-2024-20038In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID: ALPS08495932.πŸŽ–@cveNotify
2024-11-19 19:07:38
🚨 CVE-2024-11238A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-11-19 19:07:37
🚨 CVE-2024-11237A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-19 19:07:33
🚨 CVE-2024-1097A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report, potentially leading to the theft of user accounts and cookies.πŸŽ–@cveNotify
2024-11-19 19:07:32
🚨 CVE-2024-48993SQL Server Native Client Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-11-19 18:37:28
🚨 CVE-2023-29381An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.πŸŽ–@cveNotify
2024-11-19 18:07:32
🚨 CVE-2024-42383Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.πŸŽ–@cveNotify
2024-11-19 18:07:26
🚨 CVE-2024-52291Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5.πŸŽ–@cveNotify
2024-11-19 18:07:25
🚨 CVE-2024-10828The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).πŸŽ–@cveNotify
2024-11-19 18:07:24
🚨 CVE-2024-10820The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.πŸŽ–@cveNotify
2024-11-19 17:37:27
🚨 CVE-2016-10146Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.πŸŽ–@cveNotify
2024-11-19 17:07:34
🚨 CVE-2024-8979The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including usernames and passwords of any user, including Administrators, as long as that user opens the email notification for a password change request and images are not blocked by the email client.πŸŽ–@cveNotify
2024-11-19 17:07:33
🚨 CVE-2024-8961The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜nomore_items_text’ parameter in all versions up to, and including, 6.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-11-19 17:07:32
🚨 CVE-2024-11150The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).πŸŽ–@cveNotify
2024-11-19 16:37:53
🚨 CVE-2024-52944An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.πŸŽ–@cveNotify
2024-11-19 16:37:52
🚨 CVE-2024-52867guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability.πŸŽ–@cveNotify
2024-11-19 16:37:51
🚨 CVE-2017-13314In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-11-19 16:37:50
🚨 CVE-2017-13313In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.πŸŽ–@cveNotify
2024-11-19 16:37:47
🚨 CVE-2024-10397A malicious server can crash the OpenAFS cache manager and other clientutilities, and possibly execute arbitrary code.πŸŽ–@cveNotify
2024-11-19 16:37:46
🚨 CVE-2024-10394A local user can bypass the OpenAFS PAG (Process Authentication Group)throttling mechanism in Unix clients, allowing the user to create a PAG usingan existing id number, effectively joining the PAG and letting the user stealthe credentials in that PAG.πŸŽ–@cveNotify
2024-11-19 16:37:45
🚨 CVE-2024-21541All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.πŸŽ–@cveNotify
2024-11-19 16:37:42
🚨 CVE-2024-50210In the Linux kernel, the following vulnerability has been resolved:posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()If get_clock_desc() succeeds, it calls fget() for the clockid's fd,and get the clk->rwsem read lock, so the error path should releasethe lock to make the lock balance and fput the clockid's fd to makethe refcount balance and release the fd related resource.However the below commit left the error path locked behind resulting inunbalanced locking. Check timespec64_valid_strict() beforeget_clock_desc() to fix it, because the "ts" is not changedafter that.[pabeni@redhat.com: fixed commit message typo]πŸŽ–@cveNotify
2024-11-19 16:37:41
🚨 CVE-2024-50207In the Linux kernel, the following vulnerability has been resolved:ring-buffer: Fix reader locking when changing the sub buffer orderThe function ring_buffer_subbuf_order_set() updates eachring_buffer_per_cpu and installs new sub buffers that match the requestedpage order. This operation may be invoked concurrently with readers thatrely on some of the modified data, such as the head bit (RB_PAGE_HEAD), orthe ring_buffer_per_cpu.pages and reader_page pointers. However, noexclusive access is acquired by ring_buffer_subbuf_order_set(). Modifyingthe mentioned data while a reader also operates on them can then result inincorrect memory access and various crashes.Fix the problem by taking the reader_lock when updating a specificring_buffer_per_cpu in ring_buffer_subbuf_order_set().πŸŽ–@cveNotify
2024-11-19 16:37:40
🚨 CVE-2024-50203In the Linux kernel, the following vulnerability has been resolved:bpf, arm64: Fix address emission with tag-based KASAN enabledWhen BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_imagestruct on the stack is passed during the size calculation pass andan address on the heap is passed during code generation. This maycause a heap buffer overflow if the heap address is tagged becauseemit_a64_mov_i64() will emit longer code than it did during the sizecalculation pass. The same problem could occur without tag-basedKASAN if one of the 16-bit words of the stack address happened tobe all-ones during the size calculation pass. Fix the problem byassuming the worst case (4 instructions) when calculating the sizeof the bpf_tramp_image address emission.πŸŽ–@cveNotify
2024-11-19 16:07:39
🚨 CVE-2024-10877The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-11-19 16:07:33
🚨 CVE-2024-52268Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product.πŸŽ–@cveNotify
2024-11-19 16:07:32
🚨 CVE-2024-1367A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.πŸŽ–@cveNotify
2024-11-19 16:07:31
🚨 CVE-2016-7514The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.πŸŽ–@cveNotify
2024-11-19 15:37:33
🚨 CVE-2022-1226A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the import Data set feature via a spreadsheet file upload. The affected endpoints include import-vlan-preview.php, import-subnets-preview.php, import-vrf-preview.php, import-ipaddr-preview.php, import-devtype-preview.php, import-devices-preview.php, and import-l2dom-preview.php. The vulnerability can be exploited by uploading a specially crafted spreadsheet file containing malicious JavaScript payloads, which are then executed in the context of the victim's browser. This can lead to defacement of websites, execution of malicious JavaScript code, stealing of user cookies, and unauthorized access to user accounts.πŸŽ–@cveNotify
2024-11-19 15:37:26
🚨 CVE-2022-31670Harbor fails to validate the user permissions when updating tag retention policies.Β By sending a request to update a tag retention policy with an id that belongs to a projectΒ that the currently authenticated user doesn’t have access to, the attacker could modifytag retention policies configured in other projects.πŸŽ–@cveNotify
2024-11-19 15:37:25
🚨 CVE-2022-31668Harbor fails to validate the user permissions when updating p2p preheat policies.Β By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.πŸŽ–@cveNotify
2024-11-19 15:37:24
🚨 CVE-2022-31667Harbor fails to validate the user permissions when updating a robot account thatΒ belongs to a project that the authenticated user doesn’t have access to.Β By sending a request that attempts to update a robot account, and specifying a robotΒ account id and robot account name that belongs to a different project that the userΒ doesn’t have access to, it was possible to revoke the robot account permissions.πŸŽ–@cveNotify
2024-11-19 14:07:46
🚨 CVE-2024-23715In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-11-19 14:07:45
🚨 CVE-2022-2525Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.πŸŽ–@cveNotify
2024-11-19 14:07:44
🚨 CVE-2022-30765Calibre-Web before 0.6.18 allows user table SQL Injection.πŸŽ–@cveNotify
2024-11-19 14:07:40
🚨 CVE-2022-0939Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.πŸŽ–@cveNotify
2024-11-19 14:07:39
🚨 CVE-2022-0767Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.πŸŽ–@cveNotify
2024-11-19 14:07:35
🚨 CVE-2022-0766Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.πŸŽ–@cveNotify
2024-11-19 14:07:34
🚨 CVE-2022-0352Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.πŸŽ–@cveNotify
2024-11-19 14:07:33
🚨 CVE-2021-4164calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)πŸŽ–@cveNotify
2024-11-19 14:07:30
🚨 CVE-2021-4171calibre-web is vulnerable to Business Logic ErrorsπŸŽ–@cveNotify
2024-11-19 14:07:29
🚨 CVE-2021-25964In β€œCalibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in β€œMetadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.πŸŽ–@cveNotify
2024-11-19 14:07:28
🚨 CVE-2020-12627Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.πŸŽ–@cveNotify
2024-11-19 12:37:24
🚨 CVE-2024-11194The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array.πŸŽ–@cveNotify
2024-11-19 11:37:49
🚨 CVE-2024-11195The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-11-19 11:37:48
🚨 CVE-2024-11036The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_earnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.πŸŽ–@cveNotify
2024-11-19 09:37:57
🚨 CVE-2024-31141Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients.Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations which include the ability to read from disk or environment variables.In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments, including SaaS products.This issue affects Apache Kafka Clients: from 2.3.0 through 3.5.2, 3.6.2, 3.7.0.Users with affected applications are recommended to upgrade kafka-clients to version >=3.8.0, and set the JVM system property "org.apache.kafka.automatic.config.providers=none".Users of Kafka Connect with one of the listed ConfigProvider implementations specified in their worker config are also recommended to add appropriate "allowlist.pattern" and "allowed.paths" to restrict their operation to appropriate bounds.For users of Kafka Clients or Kafka Connect in environments that trust users with disk and environment variable access, it is not recommended to set the system property.For users of the Kafka Broker, Kafka MirrorMaker 2.0, Kafka Streams, and Kafka command-line tools, it is not recommended to set the system property.πŸŽ–@cveNotify
2024-11-19 08:37:25
🚨 CVE-2024-10388The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_firstname' and 'gdpr_lastname' parameters in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-11-19 08:37:24
🚨 CVE-2024-10268The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-11-19 06:37:25
🚨 CVE-2024-8403Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 and later and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication of the products by sending specially crafted SLMP packets.πŸŽ–@cveNotify
2024-11-19 06:37:24
🚨 CVE-2024-10103In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoorπŸŽ–@cveNotify
2024-11-19 05:37:24
🚨 CVE-2024-21539Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability.πŸŽ–@cveNotify
2024-11-19 04:07:25
🚨 CVE-2024-43598LightGBM Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-11-19 04:07:24
🚨 CVE-2024-43530Windows Update Stack Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2024-11-19 03:37:24
🚨 CVE-2024-43624Windows Hyper-V Shared Virtual Disk Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2024-11-19 03:07:24
🚨 CVE-2024-43626Windows Telephony Service Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2024-11-19 02:38:00
🚨 CVE-2024-50264In the Linux kernel, the following vulnerability has been resolved:vsock/virtio: Initialization of the dangling pointer occurring in vsk->transDuring loopback communication, a dangling pointer can be created invsk->trans, potentially leading to a Use-After-Free condition. Thisissue is resolved by initializing vsk->trans to NULL.πŸŽ–@cveNotify
2024-11-19 02:37:59
🚨 CVE-2024-50159In the Linux kernel, the following vulnerability has been resolved:firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()Clang static checker(scan-build) throws below warning: | drivers/firmware/arm_scmi/driver.c:line 2915, column 2 | Attempt to free released memory.When devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup()will run twice which causes double free of 'dbg->name'.Remove the redundant scmi_debugfs_common_cleanup() to fix this problem.πŸŽ–@cveNotify
2024-11-19 02:37:58
🚨 CVE-2024-50152In the Linux kernel, the following vulnerability has been resolved:smb: client: fix possible double free in smb2_set_ea()Clang static checker(scan-build) warning:fs/smb/client/smb2ops.c:1304:2: Attempt to free released memory. 1304 | kfree(ea); | ^~~~~~~~~There is a double free in such case:'ea is initialized to NULL' -> 'first successful memory allocation forea' -> 'something failed, goto sea_exit' -> 'first memory release for ea'-> 'goto replay_again' -> 'second goto sea_exit before allocate memoryfor ea' -> 'second memory release for ea resulted in double free'.Re-initialie 'ea' to NULL near to the replay_again label, it can fix thisdouble free problem.πŸŽ–@cveNotify
2024-11-19 02:07:25
🚨 CVE-2024-9474A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.Cloud NGFW and Prisma Access are not impacted by this vulnerability.πŸŽ–@cveNotify
2024-11-19 02:07:24
🚨 CVE-2024-1212Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.πŸŽ–@cveNotify
2024-11-18 23:37:32
🚨 CVE-2024-52339Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mage Cast Mage Front End Forms allows Stored XSS.This issue affects Mage Front End Forms: from n/a through 1.1.4.πŸŽ–@cveNotify
2024-11-18 23:37:26
🚨 CVE-2024-51940Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sohelwpexpert WP Responsive Video allows DOM-Based XSS.This issue affects WP Responsive Video: from n/a through 1.0.πŸŽ–@cveNotify
2024-11-18 23:37:25
🚨 CVE-2024-33231Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component.πŸŽ–@cveNotify
2024-11-18 23:37:24
🚨 CVE-2022-21712twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.πŸŽ–@cveNotify
2024-11-18 22:37:43
🚨 CVE-2024-43640Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2024-11-18 22:37:37
🚨 CVE-2024-43639Windows KDC Proxy Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-11-18 22:37:36
🚨 CVE-2024-43636Win32k Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2024-11-18 22:37:35
🚨 CVE-2024-43635Windows Telephony Service Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-11-18 22:37:31
🚨 CVE-2024-43634Windows USB Video Class System Driver Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2024-11-18 22:37:30
🚨 CVE-2024-43629Windows DWM Core Library Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2024-11-18 22:37:26
🚨 CVE-2024-33373An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack.πŸŽ–@cveNotify
2024-11-18 22:37:25
🚨 CVE-2024-23672Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.πŸŽ–@cveNotify
2024-11-18 22:07:25
🚨 CVE-2024-3501In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. These tokens, intended for sensitive operations such as password resets or account verification, are exposed to unauthorized actors, potentially allowing them to perform actions on behalf of the user. This issue was addressed in version 1.2.6, where the exposure of single-use tokens in user-facing queries was mitigated.πŸŽ–@cveNotify
2024-11-18 22:07:24
🚨 CVE-2024-49050Visual Studio Code Python Extension Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-11-18 21:37:32
🚨 CVE-2024-50144In the Linux kernel, the following vulnerability has been resolved:drm/xe: fix unbalanced rpm put() with fence_fini()Currently we can call fence_fini() twice if something goes wrong whensending the GuC CT for the tlb request, since we signal the fence andreturn an error, leading to the caller also calling fini() on the errorpath in the case of stack version of the flow, which leads to an extrarpm put() which might later cause device to enter suspend when itshouldn't. It looks like we can just drop the fini() call since thefence signaller side will already call this for us.There are known mysterious splats with device going to sleep even withan rpm ref, and this could be one candidate.v2 (Matt B): - Prefer warning if we detect double fini()(cherry picked from commit cfcbc0520d5055825f0647ab922b655688605183)πŸŽ–@cveNotify
2024-11-18 21:37:26
🚨 CVE-2024-31802DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR code.πŸŽ–@cveNotify
2024-11-18 21:37:25
🚨 CVE-2024-23220The issue was addressed with improved handling of caches. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4. An app may be able to fingerprint the user.πŸŽ–@cveNotify
2024-11-18 21:37:24
🚨 CVE-2024-26492An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass parameters.πŸŽ–@cveNotify
2024-11-18 21:07:25
🚨 CVE-2024-43627Windows Telephony Service Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-11-18 21:07:24
🚨 CVE-2024-24762`python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.πŸŽ–@cveNotify
2024-11-18 20:37:39
🚨 CVE-2024-50970A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.πŸŽ–@cveNotify
2024-11-18 20:37:32
🚨 CVE-2024-49028Microsoft Excel Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-11-18 20:37:31
🚨 CVE-2023-52717Permission verification vulnerability in the lock screen module.Impact: Successful exploitation of this vulnerability will affect availability.πŸŽ–@cveNotify
2024-11-18 20:07:31
🚨 CVE-2024-50209In the Linux kernel, the following vulnerability has been resolved:RDMA/bnxt_re: Add a check for memory allocation__alloc_pbl() can return error when memory allocation fails.Driver is not checking the status on one of the instances.πŸŽ–@cveNotify
2024-11-18 19:37:29
🚨 CVE-2024-30802An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component.πŸŽ–@cveNotify
2024-11-18 19:37:28
🚨 CVE-2024-22083An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks.πŸŽ–@cveNotify
2024-11-18 19:07:46
🚨 CVE-2024-11101A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-18 19:07:45
🚨 CVE-2024-11100A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-18 19:07:41
🚨 CVE-2024-11020Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.πŸŽ–@cveNotify
2024-11-18 19:07:40
🚨 CVE-2024-11017Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server.πŸŽ–@cveNotify
2024-11-18 19:07:35
🚨 CVE-2024-10993A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-18 19:07:34
🚨 CVE-2024-10990A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-18 18:37:38
🚨 CVE-2024-50329Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security UpdateΒ allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.πŸŽ–@cveNotify
2024-11-18 18:37:32
🚨 CVE-2024-50328SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security UpdateΒ allows a remote authenticated attacker with admin privileges to achieve remote code execution.πŸŽ–@cveNotify
2024-11-18 18:37:31
🚨 CVE-2024-50326SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security UpdateΒ allows a remote authenticated attacker with admin privileges to achieve remote code execution.πŸŽ–@cveNotify
2024-11-18 18:37:30
🚨 CVE-2024-44761An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests.πŸŽ–@cveNotify
2024-11-18 18:07:27
🚨 CVE-2024-8049In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.πŸŽ–@cveNotify
2024-11-18 18:07:26
🚨 CVE-2024-49514Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-11-18 17:08:08
🚨 CVE-2024-51593Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Glopium Studio ???? ????? UAH allows Stored XSS.This issue affects ???? ????? UAH: from n/a through 2.0.πŸŽ–@cveNotify
2024-11-18 17:08:01
🚨 CVE-2024-51668Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mark Tilly MyCurator Content Curation allows Stored XSS.This issue affects MyCurator Content Curation: from n/a through 3.78.πŸŽ–@cveNotify
2024-11-18 17:08:00
🚨 CVE-2024-51663Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bricksable Bricksable for Bricks Builder allows Stored XSS.This issue affects Bricksable for Bricks Builder: from n/a through 1.6.59.πŸŽ–@cveNotify
2024-11-18 15:37:33
🚨 CVE-2024-35418wac commit 385e1 was discovered to contain a heap overflow via the setup_call function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.πŸŽ–@cveNotify
2024-11-18 15:37:26
🚨 CVE-2024-35410wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.πŸŽ–@cveNotify
2024-11-18 15:37:25
🚨 CVE-2024-27528wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution.πŸŽ–@cveNotify
2024-11-18 15:37:24
🚨 CVE-2024-5115707FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html.πŸŽ–@cveNotify
2024-11-18 15:07:32
🚨 CVE-2024-10529The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete GTP assistants.πŸŽ–@cveNotify
2024-11-18 15:07:26
🚨 CVE-2024-50321An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.πŸŽ–@cveNotify
2024-11-18 15:07:25
🚨 CVE-2024-50318A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.πŸŽ–@cveNotify
2024-11-18 15:07:24
🚨 CVE-2024-50317A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.πŸŽ–@cveNotify
2024-11-18 14:37:32
🚨 CVE-2024-11318An IDOR (Insecure Direct Object Reference) vulnerability has been discovered in AbsysNet, affecting version 2.3.1. This vulnerability could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifier on the "/cgi-bin/ocap/" endpoint.πŸŽ–@cveNotify
2024-11-18 14:37:26
🚨 CVE-2024-11303The pathname of the root directory to a Restricted Directory ('Path Traversal') vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601: through 1.2.πŸŽ–@cveNotify
2024-11-18 14:37:25
🚨 CVE-2024-50809The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commandsπŸŽ–@cveNotify
2024-11-18 14:37:24
🚨 CVE-2024-44765An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality.πŸŽ–@cveNotify
2024-11-18 13:37:45
🚨 CVE-2024-52318Incorrect object recycling and reuse vulnerability in Apache Tomcat.This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96.Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.πŸŽ–@cveNotify
2024-11-18 13:37:44
🚨 CVE-2024-3370Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egebilgi Software Website Template allows SQL Injection.This issue affects Website Template: before 29.04.2024.πŸŽ–@cveNotify
2024-11-04 06:37:25
🚨 CVE-2024-51425An issue in the WaterToken smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact. NOTE: this is disputed by third parties because the impact is limited to function calls.πŸŽ–@cveNotify
2024-11-04 06:37:24
🚨 CVE-2024-51424An issue in the PepeGxng smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact via the Owned.setOwner function. NOTE: this is disputed by third parties because the impact is limited to function calls.πŸŽ–@cveNotify
2024-11-04 05:37:24
🚨 CVE-2024-10760A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dodelete.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-04 04:37:36
🚨 CVE-2024-10758A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument user_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.πŸŽ–@cveNotify
2024-11-04 03:37:35
🚨 CVE-2024-10756A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/html_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-04 03:37:34
🚨 CVE-2024-10754A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dymanic_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-04 02:37:44
🚨 CVE-2024-20111In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065033; Issue ID: MSV-1754.πŸŽ–@cveNotify
2024-11-04 02:37:38
🚨 CVE-2024-20110In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065887; Issue ID: MSV-1762.πŸŽ–@cveNotify
2024-11-04 02:37:37
🚨 CVE-2024-20107In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09124360; Issue ID: MSV-1823.πŸŽ–@cveNotify
2024-11-04 02:37:36
🚨 CVE-2024-20106In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08960505; Issue ID: MSV-1590.πŸŽ–@cveNotify
2024-11-04 02:37:32
🚨 CVE-2024-10753A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_two_headers.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-03 20:37:24
🚨 CVE-2024-10740A vulnerability, which was classified as critical, was found in code-projects E-Health Care System up to 1.0. This affects an unknown part of the file /Admin/consulting_detail.php. The manipulation of the argument consulting_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-03 19:37:24
🚨 CVE-2024-1163The attacker may exploit a path traversal vulnerability leading to information disclosure.πŸŽ–@cveNotify
2024-11-03 18:37:24
🚨 CVE-2024-10739A vulnerability, which was classified as critical, has been found in code-projects E-Health Care System 1.0. Affected by this issue is some unknown functionality of the file /Admin/adminlogin.php. The manipulation of the argument email/admin_pswd as part of String leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "email" to be affected. But it must be assumed that parameter "admin_pswd" is affected as well.πŸŽ–@cveNotify
2024-11-03 17:37:32
🚨 CVE-2024-4888BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes the specified file without proper authorization or validation. This vulnerability is present in the code where `os.remove(file.filename)` is used to delete a file, allowing any user to delete critical files on the server such as SSH keys, SQLite databases, or configuration files.πŸŽ–@cveNotify
2024-11-03 17:37:26
🚨 CVE-2024-3408man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, even when `enable_custom_filters` is not enabled. This vulnerability allows attackers to bypass authentication mechanisms and execute remote code on the server.πŸŽ–@cveNotify
2024-11-03 17:37:25
🚨 CVE-2024-5127In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of roles and permissions, enabling unauthorized users to join a project and potentially exploit roles and permissions not intended for their use. The vulnerability specifically affects the Team feature, where the backend fails to validate whether a user has paid for a plan before allowing them to send invite links with any role assigned. This could lead to unauthorized access and manipulation of project settings or data.πŸŽ–@cveNotify
2024-11-03 17:37:24
🚨 CVE-2024-3033An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specific namespaces, without requiring any authorization or permissions. The issue affects all versions up to and including the latest version, with a fix introduced in version 1.0.0. Exploitation of this vulnerability can lead to complete data loss of document embeddings across all workspaces, rendering workspace chats and embeddable chat widgets non-functional. Additionally, attackers can list all namespaces, potentially exposing private workspace names.πŸŽ–@cveNotify
2024-11-03 15:37:25
🚨 CVE-2024-10737A vulnerability classified as critical has been found in Codezips Free Exam Hall Seating Management System 1.0. Affected is an unknown function of the file /teacher.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-03 15:37:24
🚨 CVE-2024-10736A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-03 14:37:24
🚨 CVE-2024-10735A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /editNominee.php. The manipulation of the argument nominee_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-03 13:37:24
🚨 CVE-2024-10734A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /editPayment.php. The manipulation of the argument recipt_no leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-03 12:37:24
🚨 CVE-2024-10733A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-03 11:37:24
🚨 CVE-2024-10732A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /module/word_model/view/index.php. The manipulation of the argument query_str leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-03 10:37:24
🚨 CVE-2024-10731A vulnerability, which was classified as critical, was found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/appcenter/check_seal.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-03 09:37:24
🚨 CVE-2024-10730A vulnerability, which was classified as critical, has been found in Tongda OA up to 11.6. This issue affects some unknown processing of the file /pda/appcenter/web_show.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-03 06:32:21
The Open Doors Olympiad is your gateway to a captivating realm of knowledge and academic excellence!Seize this remarkable opportunity to participate in the online tour of the Olympiad and secure a free education at one of Russia's most prestigious universities. You will be able to choose a programm and study Russian language for a year before entering. This is your chance to become a true specialist, equipped with skills and expertise to thrive in your field.Registrations for Open Doors are now open β€” visit the website to learn more! Unlock your potential and become a part of this extraordinary academic adventure! Images
2024-11-02 19:37:24
🚨 CVE-2024-7081A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file expcatadd.php. The manipulation of the argument id/title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-02 18:37:25
🚨 CVE-2024-10702A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-02 18:37:24
🚨 CVE-2024-10701A vulnerability was found in PHPGurukul Car Rental Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-02 16:37:24
🚨 CVE-2024-10700A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdate/todate/people leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "name" to be affected. But it must be assumed that a variety of other parameters is affected too.πŸŽ–@cveNotify
2024-11-02 15:37:24
🚨 CVE-2024-10699A vulnerability was found in code-projects Wazifa System 1.0. It has been classified as critical. This affects an unknown part of the file /controllers/logincontrol.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-02 14:37:24
🚨 CVE-2024-10698A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-02 12:37:24
🚨 CVE-2024-10697A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument The leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-02 08:37:24
🚨 CVE-2024-9896The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-11-02 06:37:24
🚨 CVE-2024-51774qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.πŸŽ–@cveNotify
2024-11-02 02:37:25
🚨 CVE-2024-8739The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-11-02 02:37:24
🚨 CVE-2024-10310The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'image_title' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-11-01 22:37:24
🚨 CVE-2024-9191The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vulnerability was discovered via routine penetration testing.Note: A precondition of this vulnerability is that the user must be using the Okta Device Access passwordless feature. Okta Device Access users not using passwordless are not affected, and customers only using Okta Verify on platforms other than Windows, or only using FastPass are not affected.πŸŽ–@cveNotify
2024-11-01 21:37:32
🚨 CVE-2024-44159A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences.πŸŽ–@cveNotify
2024-11-01 21:37:26
🚨 CVE-2024-37879Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo".πŸŽ–@cveNotify
2024-11-01 21:37:25
🚨 CVE-2024-23269A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.πŸŽ–@cveNotify
2024-11-01 21:37:24
🚨 CVE-2024-25559URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.πŸŽ–@cveNotify
2024-11-01 21:07:30
🚨 CVE-2024-10561A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file birdsupdate.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-01 21:07:29
🚨 CVE-2024-10559A vulnerability was found in SourceCodester Airport Booking Management System 1.0 and classified as critical. Affected by this issue is the function details of the component Passport Number Handler. The manipulation leads to buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-01 21:07:26
🚨 CVE-2024-10556A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file birdsadd.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-01 21:07:25
🚨 CVE-2024-6673A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into installing ComfyUI. If the victim's device does not have sufficient capacity, this can result in a crash.πŸŽ–@cveNotify
2024-11-01 21:07:24
🚨 CVE-2024-47121The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is recommended to use local QR encryption key sharing for additional security on this and previous versions.πŸŽ–@cveNotify
2024-11-01 20:37:44
🚨 CVE-2024-49972In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Deallocate DML memory if allocation fails[Why]When DC state create DML memory allocation fails, memory is notdeallocated subsequently, resulting in uninitialized structurethat is not NULL.[How]Deallocate memory if DML memory allocation fails.πŸŽ–@cveNotify
2024-11-01 20:37:43
🚨 CVE-2024-26330An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, user credentials remain in memory while the process is still open, and can be obtained by dumping the process memory and parsing it.πŸŽ–@cveNotify
2024-11-01 20:37:42
🚨 CVE-2024-28061An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to the data stored in the embedded database file.πŸŽ–@cveNotify
2024-11-01 20:37:38
🚨 CVE-2024-3231The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.πŸŽ–@cveNotify
2024-11-01 20:37:37
🚨 CVE-2024-34090An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously escape content appropriately. 6.14 P3 (6.14.0.3) is also a fixed release.πŸŽ–@cveNotify
2024-11-01 20:37:32
🚨 CVE-2024-27706Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary code via upload of crafted SVG file to issues.πŸŽ–@cveNotify
2024-11-01 20:07:25
🚨 CVE-2024-20482A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker must have a valid account on the device that is configured with a custom read-only role. This vulnerability is due to insufficient validation of role permissions in part of the web-based management interface. An attacker could exploit this vulnerability by performing a write operation on the affected part of the web-based management interface. A successful exploit could allow the attacker to modify certain parts of the configuration.πŸŽ–@cveNotify
2024-11-01 20:07:24
🚨 CVE-2024-49971In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Increase array size of dummy_boolean[WHY]dml2_core_shared_mode_support and dml_core_mode_support access the thirdelement of dummy_boolean, i.e. hw_debug5 = &s->dummy_boolean[2], whendummy_boolean has size of 2. Any assignment to hw_debug5 causes anOVERRUN.[HOW]Increase dummy_boolean's array size to 3.This fixes 2 OVERRUN issues reported by Coverity.πŸŽ–@cveNotify
2024-11-01 19:37:44
🚨 CVE-2024-49400Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That would have potentially allowed unauthorized commands to be executed.πŸŽ–@cveNotify
2024-11-01 19:37:43
🚨 CVE-2024-35970In the Linux kernel, the following vulnerability has been resolved:af_unix: Clear stale u->oob_skb.syzkaller started to report deadlock of unix_gc_lock after commit4090fa373f0e ("af_unix: Replace garbage collection algorithm."), butit just uncovers the bug that has been there since commit 314001f0bf92("af_unix: Add OOB support").The repro basically does the following. from socket import * from array import array c1, c2 = socketpair(AF_UNIX, SOCK_STREAM) c1.sendmsg([b'a'], [(SOL_SOCKET, SCM_RIGHTS, array("i", [c2.fileno()]))], MSG_OOB) c2.recv(1) # blocked as no normal data in recv queue c2.close() # done async and unblock recv() c1.close() # done async and trigger GCA socket sends its file descriptor to itself as OOB data and tries toreceive normal data, but finally recv() fails due to async close().The problem here is wrong handling of OOB skb in manage_oob(). Whenrecvmsg() is called without MSG_OOB, manage_oob() is called to checkif the peeked skb is OOB skb. In such a case, manage_oob() pops itout of the receive queue but does not clear unix_sock(sk)->oob_skb.This is wrong in terms of uAPI.Let's say we send "hello" with MSG_OOB, and "world" without MSG_OOB.The 'o' is handled as OOB data. When recv() is called twice withoutMSG_OOB, the OOB data should be lost. >>> from socket import * >>> c1, c2 = socketpair(AF_UNIX, SOCK_STREAM, 0) >>> c1.send(b'hello', MSG_OOB) # 'o' is OOB data 5 >>> c1.send(b'world') 5 >>> c2.recv(5) # OOB data is not received b'hell' >>> c2.recv(5) # OOB date is skipped b'world' >>> c2.recv(5, MSG_OOB) # This should return an error b'o'In the same situation, TCP actually returns -EINVAL for the lastrecv().Also, if we do not clear unix_sk(sk)->oob_skb, unix_poll() always setEPOLLPRI even though the data has passed through by previous recv().To avoid these issues, we must clear unix_sk(sk)->oob_skb when dequeuingit from recv queue.The reason why the old GC did not trigger the deadlock is because theold GC relied on the receive queue to detect the loop.When it is triggered, the socket with OOB data is marked as GC candidatebecause file refcount == inflight count (1). However, after traversingall inflight sockets, the socket still has a positive inflight count (1),thus the socket is excluded from candidates. Then, the old GC lose thechance to garbage-collect the socket.With the old GC, the repro continues to create true garbage that willnever be freed nor detected by kmemleak as it's linked to the globalinflight list. That's why we couldn't even notice the issue.πŸŽ–@cveNotify
2024-11-01 19:37:38
🚨 CVE-2024-34528WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation.πŸŽ–@cveNotify
2024-11-01 19:37:37
🚨 CVE-2023-52551Vulnerability of data verification errors in the kernel module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.πŸŽ–@cveNotify
2024-11-01 19:37:32
🚨 CVE-2024-25080WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer.πŸŽ–@cveNotify
2024-11-01 19:37:31
🚨 CVE-2024-1290The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts.πŸŽ–@cveNotify
2024-11-01 19:37:26
🚨 CVE-2024-28823Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 allows XSS via a crafted S3 bucket name to index.html.πŸŽ–@cveNotify
2024-11-01 18:07:25
🚨 CVE-2024-10093A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-11-01 17:07:25
🚨 CVE-2024-10446A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-01 17:07:24
🚨 CVE-2024-49974In the Linux kernel, the following vulnerability has been resolved:NFSD: Limit the number of concurrent async COPY operationsNothing appears to limit the number of concurrent async COPYoperations that clients can start. In addition, AFAICT each asyncCOPY can copy an unlimited number of 4MB chunks, so can run for along time. Thus IMO async COPY can become a DoS vector.Add a restriction mechanism that bounds the number of concurrentbackground COPY operations. Start simple and try to be fair -- thispatch implements a per-namespace limit.An async COPY request that occurs while this limit is exceeded getsNFS4ERR_DELAY. The requesting client can choose to send the requestagain after a delay or fall back to a traditional read/write stylecopy.If there is need to make the mechanism more sophisticated, we canvisit that in future patches.πŸŽ–@cveNotify
2024-11-01 16:37:25
🚨 CVE-2022-38176An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as CVE-2021-31859.πŸŽ–@cveNotify
2024-11-01 16:07:25
🚨 CVE-2024-50006In the Linux kernel, the following vulnerability has been resolved:ext4: fix i_data_sem unlock order in ext4_ind_migrate()Fuzzing reports a possible deadlock in jbd2_log_wait_commit.This issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to requiresynchronous updates because the file descriptor is opened with O_SYNC.This can lead to the jbd2_journal_stop() function callingjbd2_might_wait_for_commit(), potentially causing a deadlock if theEXT4_IOC_MIGRATE call races with a write(2) system call.This problem only arises when CONFIG_PROVE_LOCKING is enabled. In thiscase, the jbd2_might_wait_for_commit macro locks jbd2_handle in thejbd2_journal_stop function while i_data_sem is locked. This triggerslockdep because the jbd2_journal_start function might also lock the samejbd2_handle simultaneously.Found by Linux Verification Center (linuxtesting.org) with syzkaller.Rule: addπŸŽ–@cveNotify
2024-11-01 15:37:25
🚨 CVE-2023-52380Vulnerability of improper access control in the email module.Successful exploitation of this vulnerability may affect service confidentiality.πŸŽ–@cveNotify
2024-11-01 15:07:31
🚨 CVE-2024-4005The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)πŸŽ–@cveNotify
2024-11-01 15:07:30
🚨 CVE-2023-52177Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3.πŸŽ–@cveNotify
2024-11-01 15:07:27
🚨 CVE-2024-33564Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.πŸŽ–@cveNotify
2024-11-01 15:07:26
🚨 CVE-2024-33561Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.πŸŽ–@cveNotify
2024-11-01 15:07:25
🚨 CVE-2024-33547Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10.πŸŽ–@cveNotify
2024-11-01 14:37:40
🚨 CVE-2024-8691A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker.πŸŽ–@cveNotify
2024-11-01 14:37:36
🚨 CVE-2024-37476Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1.πŸŽ–@cveNotify
2024-11-01 14:37:35
🚨 CVE-2024-33543Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06.πŸŽ–@cveNotify
2024-11-01 14:37:31
🚨 CVE-2024-31273Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.3.πŸŽ–@cveNotify
2024-11-01 14:37:30
🚨 CVE-2024-5342The Simple Image Popup Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sips_popup' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-11-01 14:37:29
🚨 CVE-2021-47498In the Linux kernel, the following vulnerability has been resolved:dm rq: don't queue request to blk-mq during DM suspendDM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue.But blk-mq's unquiesce may come from outside events, such as elevatorswitch, updating nr_requests or others, and request may come duringsuspend, so simply ask for blk-mq to requeue it.Fixes one kernel panic issue when running updating nr_requests anddm-mpath suspend/resume stress test.πŸŽ–@cveNotify
2024-11-01 14:07:32
🚨 CVE-2024-10282A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-01 14:07:26
🚨 CVE-2024-10281A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-01 14:07:25
🚨 CVE-2024-5770The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permissions and above, to update the plugin settings.πŸŽ–@cveNotify
2024-11-01 14:07:24
🚨 CVE-2024-0444GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873.πŸŽ–@cveNotify
2024-11-01 13:37:25
🚨 CVE-2024-35750Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.πŸŽ–@cveNotify
2024-11-01 13:37:24
🚨 CVE-2024-5654The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site configuration settings, including WP_DEBUG, WP_DEBUG_LOG, SCRIPT_DEBUG, and SAVEQUERIES.πŸŽ–@cveNotify
2024-11-01 13:07:37
🚨 CVE-2019-25219Asio C++ Library before 1.13.0 lacks a fallback error code in the case of SSL_ERROR_SYSCALL with no associated error information from the SSL library being used.πŸŽ–@cveNotify
2024-11-01 13:07:32
🚨 CVE-2024-7985The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: The FileOrganizer Pro plugin must be installed and active to allow Subscriber+ users to upload files.πŸŽ–@cveNotify
2024-11-01 13:07:31
🚨 CVE-2024-50334Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT requests on the /api;/config endpoint while setting the Content-Type: application/hocon header allow unauthenticated attackers to file reading via HOCON file inclusion. This allows attackers to retrieve sensitive information such as configuration files from the server, which can be leveraged for further exploitation. The vulnerability has been fixed in Scoold 1.64.0. A workaround would be to disable the Scoold API with scoold.api_enabled = false.πŸŽ–@cveNotify
2024-11-01 13:07:26
🚨 CVE-2024-48921Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this allows users with privileges to non-kyverno namespaces to create exceptions. This vulnerability is fixed in 1.13.0.πŸŽ–@cveNotify
2024-11-01 13:07:25
🚨 CVE-2024-20493A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to deny further VPN user authentications for several minutes, resulting in a temporary denial of service (DoS) condition. This vulnerability is due to ineffective handling of memory resources during the authentication process. An attacker could exploit this vulnerability by sending crafted packets, which could cause resource exhaustion of the authentication process. A successful exploit could allow the attacker to deny authentication for Remote Access SSL VPN users for several minutes, resulting in a temporary DoS condition.πŸŽ–@cveNotify
2024-11-01 12:37:25
🚨 CVE-2024-10654A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-01 11:37:24
🚨 CVE-2024-10367The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.πŸŽ–@cveNotify
2024-11-01 10:37:25
🚨 CVE-2024-10652IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks.πŸŽ–@cveNotify
2024-11-01 10:37:24
🚨 CVE-2024-10232The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atomchat shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-11-01 09:37:25
🚨 CVE-2023-6943Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.πŸŽ–@cveNotify
2024-11-01 09:37:24
🚨 CVE-2023-6942Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally.πŸŽ–@cveNotify
2024-11-01 06:37:25
🚨 CVE-2024-0106NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.πŸŽ–@cveNotify
2024-11-01 06:37:24
🚨 CVE-2024-0105NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.πŸŽ–@cveNotify
2024-11-01 05:37:25
🚨 CVE-2024-21510Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.πŸŽ–@cveNotify
2024-11-01 05:37:24
🚨 CVE-2024-10620A vulnerability was found in knightliao Disconf 2.6.36. It has been classified as critical. This affects an unknown part of the file /api/config/list of the component Configuration Center. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-01 04:37:33
🚨 CVE-2024-10617A vulnerability classified as critical was found in Tongda OA up to 11.10. This vulnerability affects unknown code of the file /pda/workflow/check_seal.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-01 04:37:32
🚨 CVE-2024-10616A vulnerability classified as critical has been found in Tongda OA up to 11.9. This affects an unknown part of the file /pda/workflow/webSignSubmit.php. The manipulation of the argument saleId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-01 03:37:44
🚨 CVE-2024-10615A vulnerability was found in Tongda OA 2017 up to 11.10. It has been rated as critical. Affected by this issue is some unknown functionality of the file /general/approve_center/query/list/input_form/delete_data_attach.php. The manipulation of the argument RUN_ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-01 03:37:43
🚨 CVE-2024-10612A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function removeHookInvalidCourse of the file /com/esafenet/servlet/system/HookInvalidCourseService.java. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-11-01 02:38:02
🚨 CVE-2024-10611A vulnerability was found in ESAFENET CDG 5 and classified as critical. This issue affects the function delProtocol of the file /com/esafenet/servlet/system/PrintScreenListService.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-11-01 02:38:01
🚨 CVE-2024-8553A vulnerability was found in Foreman's loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman's database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.πŸŽ–@cveNotify
2024-11-01 01:37:25
🚨 CVE-2024-10608A vulnerability was found in code-projects Courier Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-01 01:37:24
🚨 CVE-2024-10607A vulnerability was found in code-projects Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /track-result.php. The manipulation of the argument Consignment leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-11-01 00:37:34
🚨 CVE-2024-10602A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file /general/approve_center/list/input_form/data_picker_link.php. The manipulation of the argument dataSrc leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-31 23:37:25
🚨 CVE-2024-10601A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /general/address/private/address/query/delete.php. The manipulation of the argument where_repeat leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-31 23:37:24
🚨 CVE-2023-2062Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP.πŸŽ–@cveNotify
2024-10-31 22:37:25
🚨 CVE-2024-10599A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-31 22:37:24
🚨 CVE-2024-10598A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-31 20:37:25
🚨 CVE-2024-24093SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via Personal Information Update information.πŸŽ–@cveNotify
2024-10-31 20:37:24
🚨 CVE-2023-49100Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however.πŸŽ–@cveNotify
2024-10-31 20:07:32
🚨 CVE-2014-9809ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.πŸŽ–@cveNotify
2024-10-31 20:07:26
🚨 CVE-2014-9808ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.πŸŽ–@cveNotify
2024-10-31 20:07:25
🚨 CVE-2014-9805ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.πŸŽ–@cveNotify
2024-10-31 20:07:24
🚨 CVE-2014-9804vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object."πŸŽ–@cveNotify
2024-10-31 19:37:32
🚨 CVE-2024-20415A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.πŸŽ–@cveNotify
2024-10-31 19:37:31
🚨 CVE-2024-20273A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.πŸŽ–@cveNotify
2024-10-31 19:37:26
🚨 CVE-2024-21099Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visualization). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).πŸŽ–@cveNotify
2024-10-31 19:37:25
🚨 CVE-2024-27279Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files.πŸŽ–@cveNotify
2024-10-31 19:07:26
🚨 CVE-2024-49643Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Irfan Whitelist allows Reflected XSS.This issue affects Whitelist: from n/a through 3.5.πŸŽ–@cveNotify
2024-10-31 19:07:25
🚨 CVE-2024-5638The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the β€˜id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-31 18:37:30
🚨 CVE-2024-28515Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx allows a remote attacker to execute arbitrary code via the lab3 of csapp,lab3/buflab-update.pl component.πŸŽ–@cveNotify
2024-10-31 18:37:26
🚨 CVE-2024-27974Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References].πŸŽ–@cveNotify
2024-10-31 18:37:25
🚨 CVE-2023-45918ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c. NOTE: Multiple third parties have disputed this indicating upstream does not regard it as a security issue.πŸŽ–@cveNotify
2024-10-31 18:07:33
🚨 CVE-2024-49645Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ilias Gomatos Affiliate Platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through 1.4.8.πŸŽ–@cveNotify
2024-10-31 17:37:32
🚨 CVE-2024-9675A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.πŸŽ–@cveNotify
2024-10-31 17:37:25
🚨 CVE-2024-23280An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.πŸŽ–@cveNotify
2024-10-31 17:37:24
🚨 CVE-2023-40105In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-10-31 17:07:32
🚨 CVE-2024-9505The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-31 17:07:26
🚨 CVE-2024-10226The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-31 17:07:25
🚨 CVE-2022-30358OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required.πŸŽ–@cveNotify
2024-10-31 17:07:24
🚨 CVE-2022-30357OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.πŸŽ–@cveNotify
2024-10-31 16:37:55
🚨 CVE-2021-47432In the Linux kernel, the following vulnerability has been resolved:lib/generic-radix-tree.c: Don't overflow in peek()When we started spreading new inode numbers throughout most of the 64bit inode space, that triggered some corner case bugs, in particularsome integer overflows related to the radix tree code. Oops.πŸŽ–@cveNotify
2024-10-31 16:37:54
🚨 CVE-2024-26977In the Linux kernel, the following vulnerability has been resolved:pci_iounmap(): Fix MMIO mapping leakThe #ifdef ARCH_HAS_GENERIC_IOPORT_MAP accidentally also guards iounmap(),which means MMIO mappings are leaked.Move the guard so we call iounmap() for MMIO mappings.πŸŽ–@cveNotify
2024-10-31 16:37:50
🚨 CVE-2024-26889In the Linux kernel, the following vulnerability has been resolved:Bluetooth: hci_core: Fix possible buffer overflowstruct hci_dev_info has a fixed size name[8] field so in the event thathdev->name is bigger than that strcpy would attempt to write past itssize, so this fixes this problem by switching to use strscpy.πŸŽ–@cveNotify
2024-10-31 16:37:49
🚨 CVE-2024-21060Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).πŸŽ–@cveNotify
2024-10-31 16:37:48
🚨 CVE-2024-1310The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products)πŸŽ–@cveNotify
2024-10-31 16:37:44
🚨 CVE-2024-23079JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.πŸŽ–@cveNotify
2024-10-31 16:37:43
🚨 CVE-2024-2369The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπŸŽ–@cveNotify
2024-10-31 16:07:44
🚨 CVE-2024-7774A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input.πŸŽ–@cveNotify
2024-10-31 16:07:43
🚨 CVE-2024-49641Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tidaweb Tida URL Screenshot allows Reflected XSS.This issue affects Tida URL Screenshot: from n/a through 1.0.πŸŽ–@cveNotify
2024-10-31 16:07:40
🚨 CVE-2024-49640Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AmaderCode Lab ACL Floating Cart for WooCommerce allows Reflected XSS.This issue affects ACL Floating Cart for WooCommerce: from n/a through 0.9.πŸŽ–@cveNotify
2024-10-31 16:07:39
🚨 CVE-2024-49639Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Edward Stoever Monitor.Chat allows Reflected XSS.This issue affects Monitor.Chat: from n/a through 1.1.1.πŸŽ–@cveNotify
2024-10-31 16:07:38
🚨 CVE-2024-48229funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.πŸŽ–@cveNotify
2024-10-31 16:07:33
🚨 CVE-2024-48226Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.πŸŽ–@cveNotify
2024-10-31 16:07:32
🚨 CVE-2024-48218Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.πŸŽ–@cveNotify
2024-10-31 15:37:34
🚨 CVE-2024-26467A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL.πŸŽ–@cveNotify
2024-10-31 15:37:33
🚨 CVE-2023-38405On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash.πŸŽ–@cveNotify
2024-10-31 14:37:47
🚨 CVE-2024-20347A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as deleting users from the device.πŸŽ–@cveNotify
2024-10-31 14:37:40
🚨 CVE-2021-47089In the Linux kernel, the following vulnerability has been resolved:kfence: fix memory leak when cat kfence objectsHulk robot reported a kmemleak problem: unreferenced object 0xffff93d1d8cc02e8 (size 248): comm "cat", pid 23327, jiffies 4624670141 (age 495992.217s) hex dump (first 32 bytes): 00 40 85 19 d4 93 ff ff 00 10 00 00 00 00 00 00 .@.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: seq_open+0x2a/0x80 full_proxy_open+0x167/0x1e0 do_dentry_open+0x1e1/0x3a0 path_openat+0x961/0xa20 do_filp_open+0xae/0x120 do_sys_openat2+0x216/0x2f0 do_sys_open+0x57/0x80 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 unreferenced object 0xffff93d419854000 (size 4096): comm "cat", pid 23327, jiffies 4624670141 (age 495992.217s) hex dump (first 32 bytes): 6b 66 65 6e 63 65 2d 23 32 35 30 3a 20 30 78 30 kfence-#250: 0x0 30 30 30 30 30 30 30 37 35 34 62 64 61 31 32 2d 0000000754bda12- backtrace: seq_read_iter+0x313/0x440 seq_read+0x14b/0x1a0 full_proxy_read+0x56/0x80 vfs_read+0xa5/0x1b0 ksys_read+0xa0/0xf0 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9I find that we can easily reproduce this problem with the followingcommands: cat /sys/kernel/debug/kfence/objects echo scan > /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleakThe leaked memory is allocated in the stack below: do_syscall_64 do_sys_open do_dentry_open full_proxy_open seq_open ---> alloc seq_file vfs_read full_proxy_read seq_read seq_read_iter traverse ---> alloc seq_bufAnd it should have been released in the following process: do_syscall_64 syscall_exit_to_user_mode exit_to_user_mode_prepare task_work_run ____fput __fput full_proxy_release ---> free hereHowever, the release function corresponding to file_operations is notimplemented in kfence. As a result, a memory leak occurs. Therefore,the solution to this problem is to implement the corresponding releasefunction.πŸŽ–@cveNotify
2024-10-31 14:37:39
🚨 CVE-2023-40112In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or other print-related information, with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-10-31 14:07:46
🚨 CVE-2021-47603In the Linux kernel, the following vulnerability has been resolved:audit: improve robustness of the audit queue handlingIf the audit daemon were ever to get stuck in a stopped state thekernel's kauditd_thread() could get blocked attempting to send auditrecords to the userspace audit daemon. With the kernel threadblocked it is possible that the audit queue could grow unbounded ascertain audit record generating events must be exempt from the queuelimits else the system enter a deadlock state.This patch resolves this problem by lowering the kernel thread'ssocket sending timeout from MAX_SCHEDULE_TIMEOUT to HZ/10 and tweaksthe kauditd_send_queue() function to better manage the various auditqueues when connection problems occur between the kernel and theaudit daemon. With this patch, the backlog may temporarily growbeyond the defined limits when the audit daemon is stopped and thesystem is under heavy audit pressure, but kauditd_thread() willcontinue to make progress and drain the queues as it would for otherconnection problems. For example, with the audit daemon put into astopped state and the system configured to audit every syscall itwas still possible to shutdown the system without a kernel panic,deadlock, etc.; granted, the system was slow to shutdown but that isto be expected given the extreme pressure of recording every syscall.The timeout value of HZ/10 was chosen primarily throughexperimentation and this developer's "gut feeling". There is likelyno one perfect value, but as this scenario is limited in scope (rootprivileges would be needed to send SIGSTOP to the audit daemon), itis likely not worth exposing this as a tunable at present. This canalways be done at a later date if it proves necessary.πŸŽ–@cveNotify
2024-10-31 14:07:45
🚨 CVE-2021-47602In the Linux kernel, the following vulnerability has been resolved:mac80211: track only QoS data frames for admission controlFor admission control, obviously all of that only works forQoS data frames, otherwise we cannot even access the QoSfield in the header.Syzbot reported (see below) an uninitialized value here dueto a status of a non-QoS nullfunc packet, which isn't evenlong enough to contain the QoS header.Fix this to only do anything for QoS data packets.πŸŽ–@cveNotify
2024-10-31 13:37:25
🚨 CVE-2024-21120Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).πŸŽ–@cveNotify
2024-10-31 13:37:24
🚨 CVE-2024-22371Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.πŸŽ–@cveNotify
2024-10-31 13:07:25
🚨 CVE-2024-50479Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mansur Ahamed Woocommerce Quote Calculator allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through 1.1.πŸŽ–@cveNotify
2024-10-31 13:07:24
🚨 CVE-2023-31470SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the _dns_encode_domain function in the dns.c file, via a crafted DNS request.πŸŽ–@cveNotify
2024-10-31 12:37:24
🚨 CVE-2021-45046It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.πŸŽ–@cveNotify
2024-10-31 10:37:40
🚨 CVE-2024-43933Cross-Site Request Forgery (CSRF) vulnerability in WPMobile.App allows Stored XSS.This issue affects WPMobile.App: from n/a through 11.48.πŸŽ–@cveNotify
2024-10-31 10:37:33
🚨 CVE-2024-43383Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator.This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016.An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access.Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.πŸŽ–@cveNotify
2024-10-31 10:37:32
🚨 CVE-2024-8376In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.πŸŽ–@cveNotify
2024-10-31 07:37:25
🚨 CVE-2024-9434The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the on__translate_options_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts and update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-31 07:37:24
🚨 CVE-2024-9165The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.πŸŽ–@cveNotify
2024-10-31 06:37:24
🚨 CVE-2024-10392The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.πŸŽ–@cveNotify
2024-10-31 05:37:25
🚨 CVE-2024-9341A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.πŸŽ–@cveNotify
2024-10-31 05:37:24
🚨 CVE-2024-3727A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.πŸŽ–@cveNotify
2024-10-31 04:37:27
🚨 CVE-2023-37607Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter.πŸŽ–@cveNotify
2024-10-31 04:37:26
🚨 CVE-2023-37608An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password.πŸŽ–@cveNotify
2024-10-31 03:37:25
🚨 CVE-2024-9708The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.πŸŽ–@cveNotify
2024-10-31 03:37:24
🚨 CVE-2023-37608An issue in Automatic Systems SOC FL9600 FirstLine v.lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password.πŸŽ–@cveNotify
2024-10-31 02:37:28
🚨 CVE-2024-10544The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.1.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files.πŸŽ–@cveNotify
2024-10-31 02:07:47
🚨 CVE-2024-50472Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Drapeau Amilia Store allows Stored XSS.This issue affects Amilia Store: from n/a through 2.9.8.πŸŽ–@cveNotify
2024-10-31 01:37:40
🚨 CVE-2024-48307JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.πŸŽ–@cveNotify
2024-10-31 01:37:39
🚨 CVE-2024-50471Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Checklist Trip Plan allows Stored XSS.This issue affects Trip Plan: from n/a through 1.0.10.πŸŽ–@cveNotify
2024-10-31 01:37:38
🚨 CVE-2024-50470Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themes4WP Themes4WP YouTube External Subtitles allows Stored XSS.This issue affects Themes4WP YouTube External Subtitles: from n/a through 1.0.πŸŽ–@cveNotify
2024-10-31 01:37:34
🚨 CVE-2024-10447A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack can be launched remotely.πŸŽ–@cveNotify
2024-10-31 01:37:33
🚨 CVE-2024-20526A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for the SSH server of an affected device. This vulnerability is due to a logic error when an SSH session is established. An attacker could exploit this vulnerability by sending crafted SSH messages to an affected device. A successful exploit could allow the attacker to exhaust available SSH resources on the affected device so that new SSH connections to the device are denied, resulting in a DoS condition. Existing SSH connections to the device would continue to function normally. The device must be rebooted manually to recover. However, user traffic would not be impacted and could be managed using a remote application such as Cisco Adaptive Security Device Manager (ASDM).πŸŽ–@cveNotify
2024-10-31 01:07:53
🚨 CVE-2024-50613libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.πŸŽ–@cveNotify
2024-10-31 00:37:32
🚨 CVE-2024-50489Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through 1.0.45.πŸŽ–@cveNotify
2024-10-31 00:37:25
🚨 CVE-2024-10440The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.πŸŽ–@cveNotify
2024-10-31 00:37:24
🚨 CVE-2024-48427A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page=services/manage_service&idπŸŽ–@cveNotify
2024-10-31 00:08:04
🚨 CVE-2024-10374The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-31 00:08:03
🚨 CVE-2024-47035In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-10-30 23:37:25
🚨 CVE-2024-9675A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.πŸŽ–@cveNotify
2024-10-30 23:37:24
🚨 CVE-2024-9355A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.Β  It is also possible to force a derived key to be all zeros instead of an unpredictable value.Β  This may have follow-on implications for the Go TLS stack.πŸŽ–@cveNotify
2024-10-30 22:07:25
🚨 CVE-2021-47615In the Linux kernel, the following vulnerability has been resolved:RDMA/mlx5: Fix releasing unallocated memory in dereg MR flowFor the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even thoughit is a user MR. This causes function mlx5_free_priv_descs() to think thatit is a kernel MR, leading to wrongly accessing mr->descs that will getwrong values in the union which leads to attempt to release resources thatwere not allocated in the first place.For example: DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes] WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0 RIP: 0010:check_unmap+0x54f/0x8b0 Call Trace: debug_dma_unmap_page+0x57/0x60 mlx5_free_priv_descs+0x57/0x70 [mlx5_ib] mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib] ib_dereg_mr_user+0x60/0x140 [ib_core] uverbs_destroy_uobject+0x59/0x210 [ib_uverbs] uobj_destroy+0x3f/0x80 [ib_uverbs] ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs] ? uverbs_finalize_object+0x50/0x50 [ib_uverbs] ? lock_acquire+0xc4/0x2e0 ? lock_acquired+0x12/0x380 ? lock_acquire+0xc4/0x2e0 ? lock_acquire+0xc4/0x2e0 ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs] ? lock_release+0x28a/0x400 ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs] ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs] __x64_sys_ioctl+0x7f/0xb0 do_syscall_64+0x38/0x90Fix it by reorganizing the dereg flow and mlx5_ib_mr structure: - Move the ib_umem field into the user MRs structure in the union as it's applicable only there. - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only in case there isn't udata, which indicates that this isn't a user MR.πŸŽ–@cveNotify
2024-10-30 22:07:24
🚨 CVE-2021-47613In the Linux kernel, the following vulnerability has been resolved:i2c: virtio: fix completion handlingThe driver currently assumes that the notify callback is only receivedwhen the device is done with all the queued buffers.However, this is not true, since the notify callback could be calledwithout any of the queued buffers being completed (for example, withvirtio-pci and shared interrupts) or with only some of the buffers beingcompleted (since the driver makes them available to the device inmultiple separate virtqueue_add_sgs() calls).This can lead to incorrect data on the I2C bus or memory corruption inthe guest if the device operates on buffers which are have been freed bythe driver. (The WARN_ON in the driver is also triggered.) BUG kmalloc-128 (Tainted: G W ): Poison overwritten First byte 0x0 instead of 0x6b Allocated in i2cdev_ioctl_rdwr+0x9d/0x1de age=243 cpu=0 pid=28 memdup_user+0x2e/0xbd i2cdev_ioctl_rdwr+0x9d/0x1de i2cdev_ioctl+0x247/0x2ed vfs_ioctl+0x21/0x30 sys_ioctl+0xb18/0xb41 Freed in i2cdev_ioctl_rdwr+0x1bb/0x1de age=68 cpu=0 pid=28 kfree+0x1bd/0x1cc i2cdev_ioctl_rdwr+0x1bb/0x1de i2cdev_ioctl+0x247/0x2ed vfs_ioctl+0x21/0x30 sys_ioctl+0xb18/0xb41Fix this by calling virtio_get_buf() from the notify handler like othervirtio drivers and by actually waiting for all the buffers to becompleted.πŸŽ–@cveNotify
2024-10-30 21:37:25
🚨 CVE-2024-22025A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL.The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL.An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration.πŸŽ–@cveNotify
2024-10-30 21:37:24
🚨 CVE-2024-23850In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.πŸŽ–@cveNotify
2024-10-30 21:07:32
🚨 CVE-2021-4452The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Specifically affects users with older browsers that lack proper URL encoding support.πŸŽ–@cveNotify
2024-10-30 21:07:26
🚨 CVE-2020-36842The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. This affects versions up to, and including 0.9.35.πŸŽ–@cveNotify
2024-10-30 21:07:25
🚨 CVE-2017-20193The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-30 21:07:24
🚨 CVE-2024-47171Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. Version 1.0.330 fixes this vulnerability.πŸŽ–@cveNotify
2024-10-30 20:37:30
🚨 CVE-2024-26581In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_set_rbtree: skip end interval element from gcrbtree lazy gc on insert might collect an end interval element that hasbeen just added in this transactions, skip end interval elements thatare not yet active.πŸŽ–@cveNotify
2024-10-30 20:37:26
🚨 CVE-2024-25728ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users.πŸŽ–@cveNotify
2024-10-30 20:37:25
🚨 CVE-2023-31824An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function.πŸŽ–@cveNotify
2024-10-30 19:37:25
🚨 CVE-2024-23248The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.πŸŽ–@cveNotify
2024-10-30 19:37:24
🚨 CVE-2023-38198acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023.πŸŽ–@cveNotify
2024-10-30 19:07:37
🚨 CVE-2024-50311A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users.πŸŽ–@cveNotify
2024-10-30 19:07:30
🚨 CVE-2024-10033A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.πŸŽ–@cveNotify
2024-10-30 19:07:29
🚨 CVE-2024-0568CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tamperingof device configuration over NFC communication.πŸŽ–@cveNotify
2024-10-30 18:37:38
🚨 CVE-2024-47063Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.πŸŽ–@cveNotify
2024-10-30 18:37:31
🚨 CVE-2024-27853This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. A maliciously crafted ZIP archive may bypass Gatekeeper checks.πŸŽ–@cveNotify
2024-10-30 18:37:30
🚨 CVE-2024-30112HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.πŸŽ–@cveNotify
2024-10-30 18:37:26
🚨 CVE-2024-30807An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_UnknownAtom::~AP4_UnknownAtom at Ap4Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.πŸŽ–@cveNotify
2024-10-30 18:37:25
🚨 CVE-2024-21722The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.πŸŽ–@cveNotify
2024-10-30 18:37:24
🚨 CVE-2023-38379The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.πŸŽ–@cveNotify
2024-10-30 18:07:25
🚨 CVE-2021-4450The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.πŸŽ–@cveNotify
2024-10-30 18:07:24
🚨 CVE-2021-4449The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.πŸŽ–@cveNotify
2024-10-30 17:37:24
🚨 CVE-2024-31064Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field.πŸŽ–@cveNotify
2024-10-30 17:07:40
🚨 CVE-2024-10369A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /addcustcom.php. The manipulation of the argument refno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-30 17:07:39
🚨 CVE-2022-4971The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-30 16:37:36
🚨 CVE-2022-38176An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as CVE-2021-31859.πŸŽ–@cveNotify
2024-10-30 16:08:02
🚨 CVE-2022-23861Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users accessing the SafeQ web interface.πŸŽ–@cveNotify
2024-10-30 16:08:01
🚨 CVE-2022-4973WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page.πŸŽ–@cveNotify
2024-10-30 15:37:40
🚨 CVE-2024-22455Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks.πŸŽ–@cveNotify
2024-10-30 15:37:39
🚨 CVE-2023-38409An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).πŸŽ–@cveNotify
2024-10-30 15:08:21
🚨 CVE-2024-48963The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.πŸŽ–@cveNotify
2024-10-30 15:08:20
🚨 CVE-2024-10290A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-30 15:08:17
🚨 CVE-2024-8980The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently protect against Cross-Site Request Forgery (CSRF) attacks, which allows remote attackers to execute arbitrary Groovy script via a crafted URL or a XSS vulnerability.πŸŽ–@cveNotify
2024-10-30 15:08:16
🚨 CVE-2024-26273Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the _com_liferay_commerce_catalog_web_internal_portlet_CommerceCatalogsPortlet_redirect parameter.πŸŽ–@cveNotify
2024-10-30 15:08:15
🚨 CVE-2024-26271Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the _com_liferay_my_account_web_portlet_MyAccountPortlet_backURL parameter.πŸŽ–@cveNotify
2024-10-30 14:37:31
🚨 CVE-2024-25802SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Unlike in CVE-2024-25801, the attack payload is the file content.πŸŽ–@cveNotify
2024-10-30 14:37:30
🚨 CVE-2022-45169An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.πŸŽ–@cveNotify
2024-10-30 14:37:26
🚨 CVE-2022-48623The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service.πŸŽ–@cveNotify
2024-10-30 14:37:25
🚨 CVE-2022-25514stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.πŸŽ–@cveNotify
2024-10-30 14:08:14
🚨 CVE-2024-10293A vulnerability was found in ZZCMS 2023. It has been classified as critical. Affected is the function Ebak_SetGotoPak of the file 3/Ebbak5.1/upload/class/functions.php. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-30 14:08:08
🚨 CVE-2024-10292A vulnerability was found in ZZCMS 2023 and classified as critical. This issue affects some unknown processing of the file 3/Ebak5.1/upload/ChangeTable.php. The manipulation of the argument savefilename leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-30 14:08:07
🚨 CVE-2024-7824Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.πŸŽ–@cveNotify
2024-10-30 14:08:06
🚨 CVE-2022-4968netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.πŸŽ–@cveNotify
2024-10-30 13:37:25
🚨 CVE-2024-51304In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function.πŸŽ–@cveNotify
2024-10-30 13:37:24
🚨 CVE-2024-10291A vulnerability has been found in ZZCMS 2023 and classified as critical. This vulnerability affects the function Ebak_DoExecSQL/Ebak_DotranExecutSQL of the file 3/Ebak5.1/upload/phome.php. The manipulation of the argument phome leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-30 13:07:26
🚨 CVE-2024-10348A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only shows the field "Last Name" to be affected. Other fields might be affected as well.πŸŽ–@cveNotify
2024-10-30 12:37:48
🚨 CVE-2024-10525In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.πŸŽ–@cveNotify
2024-10-30 11:37:25
🚨 CVE-2024-9388The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.πŸŽ–@cveNotify
2024-10-30 11:37:24
🚨 CVE-2024-6508An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.πŸŽ–@cveNotify
2024-10-30 09:37:32
🚨 CVE-2024-9676A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.πŸŽ–@cveNotify
2024-10-30 08:37:32
🚨 CVE-2024-50508Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through 1.0.0.πŸŽ–@cveNotify
2024-10-30 08:37:25
🚨 CVE-2024-50503Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck OΓ±ate User Toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through 1.2.3.πŸŽ–@cveNotify
2024-10-30 08:37:24
🚨 CVE-2024-35593An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF file.πŸŽ–@cveNotify
2024-10-30 07:37:25
🚨 CVE-2024-10108The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-30 07:37:24
🚨 CVE-2024-9675A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.πŸŽ–@cveNotify
2024-10-30 06:37:25
🚨 CVE-2024-8871The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-30 06:37:24
🚨 CVE-2024-10399The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain usernames and emails of site users.πŸŽ–@cveNotify
2024-10-30 03:37:32
🚨 CVE-2024-8627The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-30 03:37:25
🚨 CVE-2023-5816The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only access WordPress related files. This makes it possible for authenticated attackers, with administrator-level access, to read files outside of the WordPress instance.πŸŽ–@cveNotify
2024-10-30 03:37:24
🚨 CVE-2024-10033A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.πŸŽ–@cveNotify
2024-10-30 02:37:24
🚨 CVE-2024-10505A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Initially two separate issues were created by the researcher for the different function calls. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-10-30 01:37:25
🚨 CVE-2024-10501A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function findById of the file /com/esafenet/servlet/document/ExamCDGDocService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-10-30 01:37:24
🚨 CVE-2024-10500A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/policy/HookWhiteListService.java. The manipulation of the argument policyId leads to sql injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-10-30 00:37:25
🚨 CVE-2024-51378getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.πŸŽ–@cveNotify
2024-10-29 23:37:32
🚨 CVE-2024-51378getresetstatus in dns/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.πŸŽ–@cveNotify
2024-10-29 23:37:25
🚨 CVE-2024-44244A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.πŸŽ–@cveNotify
2024-10-29 23:37:24
🚨 CVE-2024-44229An information leakage was addressed with additional validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. Private browsing may leak some browsing history.πŸŽ–@cveNotify
2024-10-29 22:37:32
🚨 CVE-2024-48138A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template.πŸŽ–@cveNotify
2024-10-29 22:37:25
🚨 CVE-2024-10487Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)πŸŽ–@cveNotify
2024-10-29 22:37:24
🚨 CVE-2024-10228The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23πŸŽ–@cveNotify
2024-10-29 21:37:32
🚨 CVE-2024-25614There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller.πŸŽ–@cveNotify
2024-10-29 21:37:26
🚨 CVE-2024-20030In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541741.πŸŽ–@cveNotify
2024-10-29 21:37:25
🚨 CVE-2022-20264In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-10-29 21:37:24
🚨 CVE-2022-23397The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no clear steps of reproduction."πŸŽ–@cveNotify
2024-10-29 21:07:32
🚨 CVE-2024-10409A vulnerability was found in code-projects Blood Bank Management 1.0 and classified as critical. This issue affects some unknown processing of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-29 21:07:26
🚨 CVE-2024-10407A vulnerability, which was classified as critical, was found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/edit_customer.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-29 21:07:25
🚨 CVE-2024-48120X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.πŸŽ–@cveNotify
2024-10-29 21:07:24
🚨 CVE-2024-47170Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue.πŸŽ–@cveNotify
2024-10-29 20:37:29
🚨 CVE-2023-46753An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.πŸŽ–@cveNotify
2024-10-29 20:37:26
🚨 CVE-2023-37440A vulnerability in the web-based management interfaceΒ of EdgeConnect SD-WAN Orchestrator could allow anΒ unauthenticated remote attacker to conduct a server-sideΒ request forgery (SSRF) attack. A successful exploit allowsΒ an attacker to enumerate information about the internalΒ  Β  structure of the EdgeConnect SD-WAN Orchestrator host leadingΒ to potential disclosure of sensitive information.πŸŽ–@cveNotify
2024-10-29 20:37:25
🚨 CVE-2023-32261A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/πŸŽ–@cveNotify
2024-10-29 20:37:24
🚨 CVE-2023-23348HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.πŸŽ–@cveNotify
2024-10-29 20:07:30
🚨 CVE-2024-4887The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, resulting in code execution. Please note that this requires an attacker to create a non-existent directory or target an instance where file_exists won't return false with a non-existent directory in the path, in order to successfully exploit.πŸŽ–@cveNotify
2024-10-29 20:07:26
🚨 CVE-2024-1988The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-29 20:07:25
🚨 CVE-2023-6876The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the active theme, including to an invalid value which can take down the site.πŸŽ–@cveNotify
2024-10-29 19:37:33
🚨 CVE-2023-34056vCenter Server contains a partial information disclosure vulnerability.Β A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.πŸŽ–@cveNotify
2024-10-29 19:07:33
🚨 CVE-2024-3987The WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-29 19:07:32
🚨 CVE-2024-24198smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c.πŸŽ–@cveNotify
2024-10-29 18:37:45
🚨 CVE-2024-48224Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.πŸŽ–@cveNotify
2024-10-29 18:37:40
🚨 CVE-2024-48218Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.πŸŽ–@cveNotify
2024-10-29 18:37:39
🚨 CVE-2024-37846MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.πŸŽ–@cveNotify
2024-10-29 18:37:35
🚨 CVE-2024-10276A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-29 18:37:34
🚨 CVE-2024-25676An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading.πŸŽ–@cveNotify
2024-10-29 18:37:29
🚨 CVE-2023-35680In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-10-29 18:37:28
🚨 CVE-2023-3329SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.πŸŽ–@cveNotify
2024-10-29 18:07:40
🚨 CVE-2024-49978In the Linux kernel, the following vulnerability has been resolved:gso: fix udp gso fraglist segmentation after pull from frag_listDetect gso fraglist skbs with corrupted geometry (see below) andpass these to skb_segment instead of skb_segment_list, as the firstcan segment them correctly.Valid SKB_GSO_FRAGLIST skbs- consist of two or more segments- the head_skb holds the protocol headers plus first gso_size- one or more frag_list skbs hold exactly one segment- all but the last must be gso_sizeOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) canmodify these skbs, breaking these invariants.In extreme cases they pull all data into skb linear. For UDP, thiscauses a NULL ptr deref in __udpv4_gso_segment_list_csum atudp_hdr(seg->next)->dest.Detect invalid geometry due to pull, by checking head_skb size.Don't just drop, as this may blackhole a destination. Convert to beable to pass to regular skb_segment.πŸŽ–@cveNotify
2024-10-29 18:07:34
🚨 CVE-2024-42508This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.πŸŽ–@cveNotify
2024-10-29 18:07:33
🚨 CVE-2024-5612The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-29 18:07:32
🚨 CVE-2024-4902The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the β€˜course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.πŸŽ–@cveNotify
2024-10-29 17:37:37
🚨 CVE-2024-50577In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settingsπŸŽ–@cveNotify
2024-10-29 17:37:31
🚨 CVE-2024-50576In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifestπŸŽ–@cveNotify
2024-10-29 17:37:30
🚨 CVE-2024-50573In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized servicesπŸŽ–@cveNotify
2024-10-29 17:37:29
🚨 CVE-2024-41618Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transaction_delete_group` function. The vulnerability is due to improper sanitization of user input in the `TrDeleteArr` parameter, which is directly incorporated into an SQL query.πŸŽ–@cveNotify
2024-10-29 17:37:26
🚨 CVE-2024-41617Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. The `redirect_if_not_loggedin` function in `functions_security.php` fails to terminate script execution after redirecting unauthenticated users. This flaw allows an unauthenticated attacker to upload arbitrary files, potentially leading to Remote Code Execution.πŸŽ–@cveNotify
2024-10-29 17:37:25
🚨 CVE-2024-2402The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)πŸŽ–@cveNotify
2024-10-29 17:37:24
🚨 CVE-2023-7047Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources.πŸŽ–@cveNotify
2024-10-29 17:07:25
🚨 CVE-2024-10014The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-29 17:07:24
🚨 CVE-2024-49288Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through 1.2.5.πŸŽ–@cveNotify
2024-10-29 16:38:10
🚨 CVE-2023-25945Protection mechanism failure in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2024-10-29 16:38:03
🚨 CVE-2023-24591Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2024-10-29 16:38:02
🚨 CVE-2022-4917Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low)πŸŽ–@cveNotify
2024-10-29 16:38:01
🚨 CVE-2023-31998A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices.πŸŽ–@cveNotify
2024-10-29 16:37:57
🚨 CVE-2022-36802The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request.πŸŽ–@cveNotify
2024-10-29 16:37:56
🚨 CVE-2022-26135A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.πŸŽ–@cveNotify
2024-10-29 16:07:33
🚨 CVE-2023-32651Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.πŸŽ–@cveNotify
2024-10-29 16:07:26
🚨 CVE-2023-32642Insufficient adherence to expected conventions for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.πŸŽ–@cveNotify
2024-10-29 16:07:25
🚨 CVE-2023-26586Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.πŸŽ–@cveNotify
2024-10-29 16:07:24
🚨 CVE-2023-25951Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2024-10-29 15:38:08
🚨 CVE-2024-34950D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module.πŸŽ–@cveNotify
2024-10-29 15:07:27
🚨 CVE-2024-8916The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.πŸŽ–@cveNotify
2024-10-29 15:07:26
🚨 CVE-2024-10049The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the β€˜page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-29 15:07:25
🚨 CVE-2023-37822The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user's primary network. The only requirement of the attack is proximity to the dedicated wireless network.πŸŽ–@cveNotify
2024-10-29 14:07:33
🚨 CVE-2023-52123Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.πŸŽ–@cveNotify
2024-10-29 14:07:32
🚨 CVE-2020-8549Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.πŸŽ–@cveNotify
2024-10-29 13:37:33
🚨 CVE-2024-10425A vulnerability was found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /student/project_selection/move_up_project.php of the component Project Selection Page. The manipulation of the argument up leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-29 13:37:32
🚨 CVE-2024-0726A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251549 was assigned to this vulnerability.πŸŽ–@cveNotify
2024-10-29 12:37:32
🚨 CVE-2024-49650Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in xarbo BuddyPress Greeting Message allows Reflected XSS.This issue affects BuddyPress Greeting Message: from n/a through 1.0.3.πŸŽ–@cveNotify
2024-10-29 12:37:26
🚨 CVE-2024-49648Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in rafasashi SVG Captcha allows Reflected XSS.This issue affects SVG Captcha: from n/a through 1.0.11.πŸŽ–@cveNotify
2024-10-29 12:37:25
🚨 CVE-2024-10181The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-29 12:37:24
🚨 CVE-2017-20195A vulnerability was found in LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec. It has been rated as critical. This issue affects some unknown processing of the file request.php. The manipulation of the argument phone leads to sql injection. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 264813c546dba03989ac0fc365f2022bf65e3be2. It is recommended to apply a patch to fix this issue.πŸŽ–@cveNotify
2024-10-29 11:37:32
🚨 CVE-2024-49670Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sam Glover Client Power Tools Portal allows Reflected XSS.This issue affects Client Power Tools Portal: from n/a through 1.8.6.πŸŽ–@cveNotify
2024-10-29 11:37:26
🚨 CVE-2024-10360The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.πŸŽ–@cveNotify
2024-10-29 11:37:25
🚨 CVE-2024-10185The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-youtube-embed shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-29 11:37:24
🚨 CVE-2024-10184The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-29 10:37:34
🚨 CVE-2024-9376The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.πŸŽ–@cveNotify
2024-10-29 10:37:33
🚨 CVE-2024-10227The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-29 09:37:25
🚨 CVE-2024-22066There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.πŸŽ–@cveNotify
2024-10-29 09:37:24
🚨 CVE-2024-10048The Post Status Notifier Lite and Premium plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the β€˜page’ parameter in all versions up to, and including, 1.11.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-29 08:37:24
🚨 CVE-2024-37672Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity parameter.πŸŽ–@cveNotify
2024-10-29 06:37:25
🚨 CVE-2024-10008The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes it possible for authenticated attackers, with student-level access and above, to modify the roles of arbitrary users. As a result, attackers can escalate their privileges to the Administrator and demote existing administrators to students.πŸŽ–@cveNotify
2024-10-29 06:37:24
🚨 CVE-2024-10000The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with student-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-29 01:37:53
🚨 CVE-2024-10477A vulnerability classified as problematic was found in LinZhaoguan pb-cms up to 2.0.1. This vulnerability affects unknown code of the file /admin#permissions of the component Permission Management Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-29 01:07:37
🚨 CVE-2024-10418A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /file/infoAdd.php. The manipulation of the argument bg leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-29 00:38:12
🚨 CVE-2024-10421A vulnerability classified as critical was found in SourceCodester Attendance and Payroll System 1.0. This vulnerability affects unknown code of the file /admin/overtime_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-29 00:38:11
🚨 CVE-2024-10419A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bloodrequest.php. The manipulation of the argument msg leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-28 23:37:25
🚨 CVE-2024-51508Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.πŸŽ–@cveNotify
2024-10-28 23:37:24
🚨 CVE-2024-51506Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.πŸŽ–@cveNotify
2024-10-28 22:37:32
🚨 CVE-2024-44240The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.πŸŽ–@cveNotify
2024-10-28 22:37:25
🚨 CVE-2024-44145This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen.πŸŽ–@cveNotify
2024-10-28 22:37:24
🚨 CVE-2024-30106HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data.πŸŽ–@cveNotify
2024-10-28 20:37:32
🚨 CVE-2022-23091A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.πŸŽ–@cveNotify
2024-10-28 20:37:26
🚨 CVE-2023-47455Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.πŸŽ–@cveNotify
2024-10-28 20:37:25
🚨 CVE-2023-26130Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.**Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).πŸŽ–@cveNotify
2024-10-28 20:37:24
🚨 CVE-2022-26580PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to the device in order to exploit this vulnerability.πŸŽ–@cveNotify
2024-10-28 19:37:43
🚨 CVE-2023-50811An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the β€œcomputer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.πŸŽ–@cveNotify
2024-10-28 19:37:37
🚨 CVE-2024-28394An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module.πŸŽ–@cveNotify
2024-10-28 19:37:36
🚨 CVE-2022-23093ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has toΒ reconstruct the IP header, the ICMP header and if present a "quotedΒ packet," which represents the packet that generated an ICMP error. TheΒ quoted packet again has an IP header and an ICMP header.The pr_pack() copies received IP and ICMP headers into stack buffersΒ for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes.The memory safety bugs described above can be triggered by a remoteΒ host, causing the ping program to crash.The ping process runs in a capability mode sandbox on all affectedΒ versions of FreeBSD and is thus very constrained in how it can interactΒ with the rest of the system at the point where the bug can occur.πŸŽ–@cveNotify
2024-10-28 19:37:35
🚨 CVE-2023-35836An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.πŸŽ–@cveNotify
2024-10-28 19:37:32
🚨 CVE-2023-47456Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.πŸŽ–@cveNotify
2024-10-28 19:37:31
🚨 CVE-2023-46992TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.πŸŽ–@cveNotify
2024-10-28 19:37:30
🚨 CVE-2023-30909A remote authentication bypass issue exists in someOneView APIs.πŸŽ–@cveNotify
2024-10-28 19:37:26
🚨 CVE-2023-3253An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.πŸŽ–@cveNotify
2024-10-28 19:37:25
🚨 CVE-2022-3437A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.πŸŽ–@cveNotify
2024-10-28 18:37:32
🚨 CVE-2024-50440Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.2.πŸŽ–@cveNotify
2024-10-28 18:37:26
🚨 CVE-2024-50439Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Astra Widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through 1.2.14.πŸŽ–@cveNotify
2024-10-28 18:37:25
🚨 CVE-2024-5640The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-28 18:37:24
🚨 CVE-2023-31462An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges.πŸŽ–@cveNotify
2024-10-28 18:07:32
🚨 CVE-2024-47019In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-10-28 18:07:25
🚨 CVE-2023-34315Incorrect default permissions in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2024-10-28 18:07:24
🚨 CVE-2023-31271Improper access control in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2024-10-28 17:37:25
🚨 CVE-2023-48022Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environmentπŸŽ–@cveNotify
2024-10-28 17:07:45
🚨 CVE-2024-49988In the Linux kernel, the following vulnerability has been resolved:ksmbd: add refcnt to ksmbd_conn structWhen sending an oplock break request, opinfo->conn is used,But freed ->conn can be used on multichannel.This patch add a reference count to the ksmbd_conn structso that it can be freed when it is no longer used.πŸŽ–@cveNotify
2024-10-28 16:37:43
🚨 CVE-2024-42028A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.πŸŽ–@cveNotify
2024-10-28 16:37:36
🚨 CVE-2024-48191dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17πŸŽ–@cveNotify
2024-10-28 16:37:35
🚨 CVE-2024-49985In the Linux kernel, the following vulnerability has been resolved:i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resumeIn case there is any sort of clock controller attached to this I2C buscontroller, for example Versaclock or even an AIC32x4 I2C codec, thenan I2C transfer triggered from the clock controller clk_ops .preparecallback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex.This is because the clock controller first grabs the prepare_lock mutexand then performs the prepare operation, including its I2C access. TheI2C access resumes this I2C bus controller via .runtime_resume callback,which calls clk_prepare_enable(), which attempts to grab the prepare_lockmutex again and deadlocks.Since the clock are already prepared since probe() and unprepared inremove(), use simple clk_enable()/clk_disable() calls to enable anddisable the clock on runtime suspend and resume, to avoid hitting theprepare_lock mutex.πŸŽ–@cveNotify
2024-10-28 16:37:31
🚨 CVE-2024-49957In the Linux kernel, the following vulnerability has been resolved:ocfs2: fix null-ptr-deref when journal load failed.During the mounting process, if journal_reset() fails because of too shortjournal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequently, ocfs2_journal_shutdown() callsjbd2_journal_flush()->jbd2_cleanup_journal_tail()->__jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail()->lock_buffer(journal->j_sb_buffer), resulting in a null-pointerdereference error.To resolve this issue, we should check the JBD2_LOADED flag to ensure thejournal was properly loaded. Additionally, use journal instead ofosb->journal directly to simplify the code.πŸŽ–@cveNotify
2024-10-28 16:37:30
🚨 CVE-2023-49231An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token.πŸŽ–@cveNotify
2024-10-28 16:37:26
🚨 CVE-2024-30630Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the time parameter from saveParentControlInfo function.πŸŽ–@cveNotify
2024-10-28 16:37:25
🚨 CVE-2024-30596Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function.πŸŽ–@cveNotify
2024-10-28 16:37:24
🚨 CVE-2023-40290An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows.πŸŽ–@cveNotify
2024-10-28 16:08:20
🚨 CVE-2024-10335A vulnerability was found in SourceCodester Garbage Collection Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "username" to be affected. But it must be assumed that the parameter "password" is affected as well.πŸŽ–@cveNotify
2024-10-28 16:08:19
🚨 CVE-2024-10123A vulnerability was found in Tenda AC8 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function compare_parentcontrol_time of the file /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This is not the same issue like CVE-2023-33671. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-10-28 15:38:07
🚨 CVE-2024-46998baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue.πŸŽ–@cveNotify
2024-10-28 15:38:03
🚨 CVE-2024-46994baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue.πŸŽ–@cveNotify
2024-10-28 15:38:02
🚨 CVE-2023-34034Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.πŸŽ–@cveNotify
2024-10-28 14:38:01
🚨 CVE-2024-22949JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.πŸŽ–@cveNotify
2024-10-28 14:37:54
🚨 CVE-2024-31815In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.shπŸŽ–@cveNotify
2024-10-28 14:37:53
🚨 CVE-2024-31002Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component.πŸŽ–@cveNotify
2024-10-28 14:08:23
🚨 CVE-2024-49378smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user’s tab. As of time of publication, no known patches exist.πŸŽ–@cveNotify
2024-10-28 14:08:16
🚨 CVE-2024-10380A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/ajax_product.php. The manipulation of the argument drop_services leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-28 14:08:15
🚨 CVE-2024-47021In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-10-28 14:08:11
🚨 CVE-2024-44101there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-10-28 14:08:10
🚨 CVE-2024-44100Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.πŸŽ–@cveNotify
2024-10-28 14:08:09
🚨 CVE-2024-44099There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-10-28 13:37:42
🚨 CVE-2024-50463URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.πŸŽ–@cveNotify
2024-10-28 13:37:36
🚨 CVE-2024-10447A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack can be launched remotely.πŸŽ–@cveNotify
2024-10-28 13:37:35
🚨 CVE-2024-47821pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved in versions prior to 0.5.0b3.dev87. A file can be downloaded to such a folder by changing the download folder to a folder in `/scripts` path and using the `/flashgot` API to download the file. This vulnerability allows an attacker with access to change the settings on a pyload server to execute arbitrary code and completely compromise the system. Version 0.5.0b3.dev87 fixes this issue.πŸŽ–@cveNotify
2024-10-28 13:37:34
🚨 CVE-2024-47023there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-10-28 12:37:39
🚨 CVE-2024-50498Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0.πŸŽ–@cveNotify
2024-10-28 12:37:38
🚨 CVE-2024-50492Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson ScottCart allows Code Injection.This issue affects ScottCart: from n/a through 1.1.πŸŽ–@cveNotify
2024-10-28 12:37:34
🚨 CVE-2024-50487Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API allows Authentication Bypass.This issue affects MaanStore API: from n/a through 1.0.1.πŸŽ–@cveNotify
2024-10-28 12:37:33
🚨 CVE-2024-50450Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.πŸŽ–@cveNotify
2024-10-28 12:37:29
🚨 CVE-2024-50442Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through 1.3.980.πŸŽ–@cveNotify
2024-10-28 12:37:28
🚨 CVE-2024-48074An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function.πŸŽ–@cveNotify
2024-10-28 12:37:27
🚨 CVE-2024-10446A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-28 12:07:35
🚨 CVE-2023-2869The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms.πŸŽ–@cveNotify
2024-10-28 12:07:34
🚨 CVE-2017-2222Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.πŸŽ–@cveNotify
2024-10-28 12:07:33
🚨 CVE-2013-5919Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.πŸŽ–@cveNotify
2024-10-28 07:37:26
🚨 CVE-2024-38821Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.For this to impact an application, all of the following must be true: * It must be a WebFlux application * It must be using Spring's static resources support * It must have a non-permitAll authorization rule applied to the static resources supportπŸŽ–@cveNotify
2024-10-28 07:37:25
🚨 CVE-2023-5962A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.πŸŽ–@cveNotify
2024-10-28 07:37:24
🚨 CVE-2023-39982A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.πŸŽ–@cveNotify
2024-10-28 06:37:32
🚨 CVE-2023-34215TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices.πŸŽ–@cveNotify
2024-10-28 06:37:25
🚨 CVE-2023-33238TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.πŸŽ–@cveNotify
2024-10-28 06:37:24
🚨 CVE-2023-33237TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors.πŸŽ–@cveNotify
2024-10-28 05:37:24
🚨 CVE-2024-50307Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed on the device that runs Chatwork Desktop Application (Windows).πŸŽ–@cveNotify
2024-10-28 04:37:24
🚨 CVE-2024-48936SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration.πŸŽ–@cveNotify
2024-10-28 03:37:25
🚨 CVE-2024-10439The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user.πŸŽ–@cveNotify
2024-10-28 03:37:24
🚨 CVE-2024-10438The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.πŸŽ–@cveNotify
2024-10-28 02:37:38
🚨 CVE-2023-46359An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.πŸŽ–@cveNotify
2024-10-28 02:37:32
🚨 CVE-2023-20833In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017764.πŸŽ–@cveNotify
2024-10-28 02:37:31
🚨 CVE-2023-20812In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944987; Issue ID: ALPS07944987.πŸŽ–@cveNotify
2024-10-14 06:37:26
🚨 CVE-2024-0794Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF file.πŸŽ–@cveNotify
2024-10-14 06:37:25
🚨 CVE-2023-48387TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution.πŸŽ–@cveNotify
2024-10-14 04:37:32
🚨 CVE-2023-38027SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.πŸŽ–@cveNotify
2024-10-14 04:37:26
🚨 CVE-2023-37291Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data.This issue affects Vitals ESP: from 3.0.8 through 6.2.0.πŸŽ–@cveNotify
2024-10-14 04:37:25
🚨 CVE-2023-28704Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service.πŸŽ–@cveNotify
2024-10-14 04:37:24
🚨 CVE-2023-28703ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service.πŸŽ–@cveNotify
2024-10-14 03:37:25
🚨 CVE-2024-9921The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents.πŸŽ–@cveNotify
2024-10-14 03:37:24
🚨 CVE-2024-45506HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.πŸŽ–@cveNotify
2024-10-13 21:37:24
🚨 CVE-2024-7099netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include `get_knowledge_base_name`, `from_status_to_status`, `delete_files`, and `get_file_by_status`. An attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially stealing information from the database. The issue is fixed in version 1.4.2.πŸŽ–@cveNotify
2024-10-13 20:37:25
🚨 CVE-2024-9917A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-10-13 20:37:24
🚨 CVE-2024-8070CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes testcredentials in the firmware binaryπŸŽ–@cveNotify
2024-10-13 19:37:25
🚨 CVE-2024-9916A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-10-13 19:37:24
🚨 CVE-2024-9915A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-13 18:37:25
🚨 CVE-2024-9914A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formSetWizardSelectMode of the file /goform/formSetWizardSelectMode. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-13 18:37:24
🚨 CVE-2024-9913A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-13 17:37:24
🚨 CVE-2024-9912A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-13 16:37:24
🚨 CVE-2024-9911A vulnerability was found in D-Link DIR-619L B1 2.06. It has been classified as critical. This affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-13 15:37:24
🚨 CVE-2024-9910A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-13 14:37:24
🚨 CVE-2024-9909A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formSetMuti of the file /goform/formSetMuti. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-13 13:37:24
🚨 CVE-2024-6959A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime.πŸŽ–@cveNotify
2024-10-13 12:37:24
🚨 CVE-2024-9908A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument curTime leads to buffer overflow. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-13 05:37:24
🚨 CVE-2024-9907A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function sendEmail of the file /qilecms/user/controller/Forget.php of the component Verification Code Handler. The manipulation leads to weak password recovery. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-10-13 04:37:24
🚨 CVE-2024-9906A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument Code leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-13 03:37:24
🚨 CVE-2024-9905A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-13 02:37:24
🚨 CVE-2024-9904A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.πŸŽ–@cveNotify
2024-10-12 23:37:24
🚨 CVE-2024-9903A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.πŸŽ–@cveNotify
2024-10-12 14:37:24
🚨 CVE-2024-49193Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing, because Cc fields are extracted from incoming e-mail messages and used to grant additional authorization for ticket viewing, the mechanism for detecting spoofed e-mail messages is insufficient, and the support e-mail addresses associated with individual tickets are predictable.πŸŽ–@cveNotify
2024-10-12 13:37:24
🚨 CVE-2024-9894A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-12 10:37:25
🚨 CVE-2024-8902The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.πŸŽ–@cveNotify
2024-10-12 10:37:24
🚨 CVE-2024-8757The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the linked_user_id parameter in all versions up to, and including, 3.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.πŸŽ–@cveNotify
2024-10-12 09:37:25
🚨 CVE-2024-8915The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.πŸŽ–@cveNotify
2024-10-12 09:37:24
🚨 CVE-2024-8760The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration such as admin nonces with limited impact. These nonces could be used to perform CSRF attacks within a limited time window. The presence of other plugins may make additional nonces available, which may pose a risk in plugins that don't perform capability checks to protect AJAX actions or other actions reachable by lower-privileged users.πŸŽ–@cveNotify
2024-10-12 07:37:25
🚨 CVE-2024-9756The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload limited file types.πŸŽ–@cveNotify
2024-10-12 07:37:24
🚨 CVE-2024-9047The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier.πŸŽ–@cveNotify
2024-10-12 06:37:32
🚨 CVE-2024-9778The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepress_admin_page' function. This makes it possible for unauthenticated attackers to update plugin settings, including redirection URLs, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-12 06:37:25
🚨 CVE-2024-9187The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete read more buttons.πŸŽ–@cveNotify
2024-10-12 06:37:24
🚨 CVE-2024-7489The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.πŸŽ–@cveNotify
2024-10-12 03:37:25
🚨 CVE-2024-9821The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stm_wpcfto_get_settings' AJAX action in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to view the Telegram Bot Token, a secret token used to control the bot, which can then be used to log in as any existing user on the site, such as an administrator, if they know the username, due to the Login with Telegram feature.πŸŽ–@cveNotify
2024-10-12 03:37:24
🚨 CVE-2024-9592The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the 'wpppgc_plugin_options' function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-11 22:37:38
🚨 CVE-2024-45149Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.πŸŽ–@cveNotify
2024-10-11 22:37:32
🚨 CVE-2024-45148Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction.πŸŽ–@cveNotify
2024-10-11 22:37:31
🚨 CVE-2024-45133Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.πŸŽ–@cveNotify
2024-10-11 22:37:30
🚨 CVE-2024-45132Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction.πŸŽ–@cveNotify
2024-10-11 22:37:26
🚨 CVE-2024-45130Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.πŸŽ–@cveNotify
2024-10-11 22:37:25
🚨 CVE-2023-40158Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.πŸŽ–@cveNotify
2024-10-11 22:07:25
🚨 CVE-2024-25110The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2024-10-11 22:07:24
🚨 CVE-2021-4437A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The manipulation leads to inefficient regular expression complexity. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as f689404d830cbc1edd6a1018d3334ff5f44dc6a6. It is recommended to upgrade the affected component. VDB-253406 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2024-10-11 20:37:24
🚨 CVE-2024-47975Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service.πŸŽ–@cveNotify
2024-10-11 19:37:32
🚨 CVE-2024-48020Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Revmakx Backup and Staging by WP Time Capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.21.πŸŽ–@cveNotify
2024-10-11 19:37:26
🚨 CVE-2024-47353URL Redirection to Untrusted Site ('Open Redirect') vulnerability in QuomodoSoft ElementsReady Addons for Elementor.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2.πŸŽ–@cveNotify
2024-10-11 19:37:25
🚨 CVE-2024-25122sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, but authorized, victim, who has received a disguised / crafted link, to successfully execute malicious code, which could potentially steal cookies, session data, or local storage data from the app the sidekiq-unique-jobs web UI is mounted in. 1. `/changelogs`, 2. `/locks` or 3. `/expiring_locks`. This issue has been addressed in versions 7.1.33 and 8.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2024-10-11 19:37:24
🚨 CVE-2024-25108Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2024-10-11 19:07:24
🚨 CVE-2024-48941The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted.πŸŽ–@cveNotify
2024-10-11 18:37:25
🚨 CVE-2024-46532SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component.πŸŽ–@cveNotify
2024-10-11 18:37:24
🚨 CVE-2024-44157A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination.πŸŽ–@cveNotify
2024-10-11 17:37:32
🚨 CVE-2024-44731Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections.πŸŽ–@cveNotify
2024-10-11 17:37:25
🚨 CVE-2024-44413A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.πŸŽ–@cveNotify
2024-10-11 17:37:24
🚨 CVE-2024-44400A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.πŸŽ–@cveNotify
2024-10-11 17:07:25
🚨 CVE-2022-26878drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).πŸŽ–@cveNotify
2024-10-11 17:07:24
🚨 CVE-2017-1000082systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.πŸŽ–@cveNotify
2024-10-11 16:37:25
🚨 CVE-2023-6228An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.πŸŽ–@cveNotify
2024-10-11 15:07:25
🚨 CVE-2024-34122Acrobat for Edge versions 126.0.2592.68 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-10-11 15:07:24
🚨 CVE-2024-3099A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same name, potentially causing an authenticated user to become a victim by using the poisoned model. The issue stems from inadequate validation of model names, allowing for the creation of models with URL-encoded names that are treated as distinct from their URL-decoded counterparts.πŸŽ–@cveNotify
2024-10-11 14:37:31
🚨 CVE-2024-8531CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that couldcompromise the Data Center Expert software when an upgrade bundle is manipulated toinclude arbitrary bash scripts that are executed as root.πŸŽ–@cveNotify
2024-10-11 14:37:30
🚨 CVE-2024-6657A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. A hard reset is required to recover the peripheral device.πŸŽ–@cveNotify
2024-10-11 14:37:26
🚨 CVE-2024-25929Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5.πŸŽ–@cveNotify
2024-10-11 14:37:25
🚨 CVE-2024-2032A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsistencies and potential authentication problems. Specifically, concurrent processes may overwrite or corrupt user data, complicating user identification and posing security risks. This issue is particularly concerning for APIs that rely on usernames as input parameters, such as PUT /api/v1/users/test_race, where it could lead to further complications.πŸŽ–@cveNotify
2024-10-11 14:37:24
🚨 CVE-2023-39363Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.πŸŽ–@cveNotify
2024-10-11 14:07:25
🚨 CVE-2023-34003Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51.πŸŽ–@cveNotify
2024-10-11 14:07:24
🚨 CVE-2023-31080Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.πŸŽ–@cveNotify
2024-10-11 13:37:26
🚨 CVE-2024-45932Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.πŸŽ–@cveNotify
2024-10-11 13:37:25
🚨 CVE-2024-0520A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposition` header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0.πŸŽ–@cveNotify
2024-10-11 13:37:24
🚨 CVE-2024-5505NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22724.πŸŽ–@cveNotify
2024-10-11 13:07:24
🚨 CVE-2024-46446Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover.πŸŽ–@cveNotify
2024-10-11 03:37:24
🚨 CVE-2024-9822The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.πŸŽ–@cveNotify
2024-10-10 23:37:32
🚨 CVE-2024-47872Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripting (XSS)** on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view these files, the scripts will execute in their browser, allowing attackers to perform unauthorized actions or steal sensitive information from their sessions. This impacts any Gradio server that allows file uploads, particularly those using components that process or display user-uploaded files. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can restrict the types of files that can be uploaded to the Gradio server by limiting uploads to non-executable file types such as images or text. Additionally, developers can implement server-side validation to sanitize uploaded files, ensuring that HTML, JavaScript, and SVG files are properly handled or rejected before being stored or displayed to users.πŸŽ–@cveNotify
2024-10-10 23:37:25
🚨 CVE-2024-47868Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input constraints. This issue could lead to sensitive files being exposed to unauthorized users, especially when combined with other vulnerabilities, such as issue TOB-GRADIO-15. The components most at risk are those that return or handle file data. Vulnerable Components: 1. **String to FileData:** DownloadButton, Audio, ImageEditor, Video, Model3D, File, UploadButton. 2. **Complex data to FileData:** Chatbot, MultimodalTextbox. 3. **Direct file read in preprocess:** Code. 4. **Dictionary converted to FileData:** ParamViewer, Dataset. Exploit Scenarios: 1. A developer creates a Dropdown list that passes values to a DownloadButton. An attacker bypasses the allowed inputs, sends an arbitrary file path (like `/etc/passwd`), and downloads sensitive files. 2. An attacker crafts a malicious payload in a ParamViewer component, leaking sensitive files from a server through the arbitrary file leak. This issue has been resolved in `gradio>5.0`. Upgrading to the latest version will mitigate this vulnerability. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2024-10-10 23:37:24
🚨 CVE-2024-47867Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file's checksum or signature. Any users utilizing the Gradio server's sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling. There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn't been tampered with.πŸŽ–@cveNotify
2024-10-10 22:37:32
🚨 CVE-2024-47168Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user can still access the monitoring dashboard by directly requesting the /monitoring endpoint. This means that sensitive application analytics may still be exposed, particularly in environments where monitoring is expected to be disabled. Users who set enable_monitoring=False to prevent unauthorized access to monitoring data are impacted. Users are advised to upgrade to gradio>=4.44 to address this issue. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2024-10-10 22:37:26
🚨 CVE-2024-47167Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to_cache` function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally, the content from these URLs is stored locally, making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally, implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the `/queue/join` endpoint can help mitigate the risk of SSRF attacks.πŸŽ–@cveNotify
2024-10-10 22:37:25
🚨 CVE-2024-47164Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the **bypass of directory traversal checks** within the `is_in_or_equal` function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that manipulate file paths using `..` (parent directory) sequences. Attackers could potentially access restricted files if they are able to exploit this flaw, although the difficulty is high. This primarily impacts users relying on Gradio’s blocklist or directory access validation, particularly when handling file uploads. Users are advised to upgrade to `gradio>=5.0` to address this issue. As a workaround, users can manually sanitize and normalize file paths in their Gradio deployment before passing them to the `is_in_or_equal` function. Ensuring that all file paths are properly resolved and absolute can help mitigate the bypass vulnerabilities caused by the improper handling of `..` sequences or malformed paths.πŸŽ–@cveNotify
2024-10-10 22:37:24
🚨 CVE-2024-47084Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to **CORS origin validation**, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio server. Potentially, attackers can upload files, steal authentication tokens, and access user data if the victim visits a malicious website while logged into Gradio. This impacts users who have deployed Gradio locally and use basic authentication. Users are advised to upgrade to `gradio>4.44` to address this issue. As a workaround, users can manually enforce stricter CORS origin validation by modifying the `CustomCORSMiddleware` class in their local Gradio server code. Specifically, they can bypass the condition that skips CORS validation for requests containing cookies to prevent potential exploitation.πŸŽ–@cveNotify
2024-10-10 22:07:25
🚨 CVE-2024-45116Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction.πŸŽ–@cveNotify
2024-10-10 22:07:24
🚨 CVE-2024-45115Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction.πŸŽ–@cveNotify
2024-10-10 21:37:38
🚨 CVE-2023-25779Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2024-10-10 21:37:32
🚨 CVE-2023-25777Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2024-10-10 21:37:31
🚨 CVE-2023-24542Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2024-10-10 21:37:30
🚨 CVE-2023-24481Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2024-10-10 21:37:26
🚨 CVE-2023-24463Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.πŸŽ–@cveNotify
2024-10-10 21:37:25
🚨 CVE-2023-5136An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.πŸŽ–@cveNotify
2024-10-10 21:07:32
🚨 CVE-2024-47651This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple β€œuserid” parameters in the API request body leading to unauthorized access of sensitive information belonging to other users.πŸŽ–@cveNotify
2024-10-10 21:07:26
🚨 CVE-2024-8804The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-10 21:07:25
🚨 CVE-2024-9384The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-10 21:07:24
🚨 CVE-2024-9375The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-10 20:37:32
🚨 CVE-2024-9349The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-10 20:37:26
🚨 CVE-2024-42812In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.πŸŽ–@cveNotify
2024-10-10 20:37:25
🚨 CVE-2024-4890A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'user_id' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability by injecting malicious SQL commands through the 'user_id' parameter, leading to potential unauthorized access to sensitive information such as API keys, user information, and tokens stored in the database. The affected version is 1.27.14.πŸŽ–@cveNotify
2024-10-10 20:37:24
🚨 CVE-2023-39020stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument.πŸŽ–@cveNotify
2024-10-10 20:07:25
🚨 CVE-2022-4244A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.πŸŽ–@cveNotify
2024-10-10 20:07:24
🚨 CVE-2017-1000487Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.πŸŽ–@cveNotify
2024-10-10 19:07:25
🚨 CVE-2024-46300itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.πŸŽ–@cveNotify
2024-10-10 19:07:24
🚨 CVE-2024-7801Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.πŸŽ–@cveNotify
2024-10-10 18:37:32
🚨 CVE-2024-47412Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-10-10 18:37:26
🚨 CVE-2024-47411Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-10-10 18:37:25
🚨 CVE-2024-20097In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1630.πŸŽ–@cveNotify
2024-10-10 18:37:24
🚨 CVE-2024-20096In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900; Issue ID: MSV-1635.πŸŽ–@cveNotify
2024-10-10 18:07:27
🚨 CVE-2024-44954In the Linux kernel, the following vulnerability has been resolved:ALSA: line6: Fix racy access to midibufThere can be concurrent accesses to line6 midibuf from both the URBcompletion callback and the rawmidi API access. This could be a causeof KMSAN warning triggered by syzkaller below (so put as reported-byhere).This patch protects the midibuf call of the former code path with aspinlock for avoiding the possible races.πŸŽ–@cveNotify
2024-10-10 17:37:24
🚨 CVE-2024-41817ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.πŸŽ–@cveNotify
2024-10-10 17:07:26
🚨 CVE-2024-35687Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6.3.πŸŽ–@cveNotify
2024-10-10 17:07:25
🚨 CVE-2021-25092The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attackπŸŽ–@cveNotify
2024-10-10 17:07:24
🚨 CVE-2021-25091The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site ScriptingπŸŽ–@cveNotify
2024-10-10 16:37:42
🚨 CVE-2023-49262The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.πŸŽ–@cveNotify
2024-10-10 16:37:41
🚨 CVE-2023-49259The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.πŸŽ–@cveNotify
2024-10-10 16:37:40
🚨 CVE-2023-49257An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.πŸŽ–@cveNotify
2024-10-10 16:37:37
🚨 CVE-2023-49256It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.πŸŽ–@cveNotify
2024-10-10 16:37:36
🚨 CVE-2023-4612Improper Authentication vulnerability in Apereo CAS inΒ jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.πŸŽ–@cveNotify
2024-10-10 16:37:35
🚨 CVE-2023-4540Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. Such a request causes the program to enter an infinite loop. This issue affects lua-http: all versions before commit ddab283.πŸŽ–@cveNotify
2024-10-10 16:37:31
🚨 CVE-2023-20830In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156.πŸŽ–@cveNotify
2024-10-10 16:37:30
🚨 CVE-2023-20827In ims service, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937105; Issue ID: ALPS07937105.πŸŽ–@cveNotify
2024-10-10 16:07:26
🚨 CVE-2024-22126The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodesΒ the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.πŸŽ–@cveNotify
2024-10-10 16:07:24
🚨 CVE-2023-49339Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint.πŸŽ–@cveNotify
2024-10-10 15:37:48
🚨 CVE-2022-38714IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060.πŸŽ–@cveNotify
2024-10-10 15:37:41
🚨 CVE-2023-39389Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.πŸŽ–@cveNotify
2024-10-10 15:37:40
🚨 CVE-2023-39381Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart.πŸŽ–@cveNotify
2024-10-10 15:37:36
🚨 CVE-2023-39380Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.πŸŽ–@cveNotify
2024-10-10 15:37:35
🚨 CVE-2023-1532Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2024-10-10 15:37:34
🚨 CVE-2023-1531Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2024-10-10 15:07:44
🚨 CVE-2024-25360A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip.πŸŽ–@cveNotify
2024-10-10 14:07:41
🚨 CVE-2024-38259Microsoft Management Console Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-10-10 14:07:40
🚨 CVE-2024-1439Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.πŸŽ–@cveNotify
2024-10-10 14:07:39
🚨 CVE-2024-24884Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector.This issue affects Contact Form 7 Connector: from n/a through 1.2.2.πŸŽ–@cveNotify
2024-10-10 14:07:38
🚨 CVE-2024-21490This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:**This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).πŸŽ–@cveNotify
2024-10-10 13:37:31
🚨 CVE-2024-35202Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance.πŸŽ–@cveNotify
2024-10-10 13:37:30
🚨 CVE-2024-9549A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-10 13:37:29
🚨 CVE-2024-46590Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.πŸŽ–@cveNotify
2024-10-10 13:37:26
🚨 CVE-2024-27861The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory.πŸŽ–@cveNotify
2024-10-10 13:37:25
🚨 CVE-2024-24875Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library.This issue affects Link Library: from n/a through 7.5.13.πŸŽ–@cveNotify
2024-10-10 13:37:24
🚨 CVE-2023-46615Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Coming Soon.This issue affects KD Coming Soon: from n/a through 1.7.πŸŽ–@cveNotify
2024-10-10 13:07:34
🚨 CVE-2024-25705There is a cross site scripting vulnerability in the Esri Portal for ArcGIS Experience Builder 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are low.πŸŽ–@cveNotify
2024-10-10 13:07:33
🚨 CVE-2023-51370Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4.πŸŽ–@cveNotify
2024-10-10 12:37:29
🚨 CVE-2024-26876In the Linux kernel, the following vulnerability has been resolved:drm/bridge: adv7511: fix crash on irq during probeMoved IRQ registration down to end of adv7511_probe().If an IRQ already is pending during adv7511_probe(before adv7511_cec_init) then cec_received_msg_tscould crash using uninitialized data: Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5 Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP Call trace: cec_received_msg_ts+0x48/0x990 [cec] adv7511_cec_irq_process+0x1cc/0x308 [adv7511] adv7511_irq_process+0xd8/0x120 [adv7511] adv7511_irq_handler+0x1c/0x30 [adv7511] irq_thread_fn+0x30/0xa0 irq_thread+0x14c/0x238 kthread+0x190/0x1a8πŸŽ–@cveNotify
2024-10-10 12:37:28
🚨 CVE-2024-26596In the Linux kernel, the following vulnerability has been resolved:net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice eventsAfter the blamed commit, we started doing this dereference for everyNETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system.static inline struct dsa_port *dsa_user_to_port(const struct net_device *dev){ struct dsa_user_priv *p = netdev_priv(dev); return p->dp;}Which is obviously bogus, because not all net_devices have a netdev_priv()of type struct dsa_user_priv. But struct dsa_user_priv is fairly small,and p->dp means dereferencing 8 bytes starting with offset 16. Mostdrivers allocate that much private memory anyway, making our access notfault, and we discard the bogus data quickly afterwards, so this wasn'tcaught.But the dummy interface is somewhat special in that it callsalloc_netdev() with a priv size of 0. So every netdev_priv() dereferenceis invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER eventwith a VLAN as its new upper:$ ip link add dummy1 type dummy$ ip link add link dummy1 name dummy1.100 type vlan id 100[ 43.309174] ==================================================================[ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8[ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374[ 43.330058][ 43.342436] Call trace:[ 43.366542] dsa_user_prechangeupper+0x30/0xe8[ 43.371024] dsa_user_netdevice_event+0xb38/0xee8[ 43.375768] notifier_call_chain+0xa4/0x210[ 43.379985] raw_notifier_call_chain+0x24/0x38[ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8[ 43.389120] netdev_upper_dev_link+0x70/0xa8[ 43.393424] register_vlan_dev+0x1bc/0x310[ 43.397554] vlan_newlink+0x210/0x248[ 43.401247] rtnl_newlink+0x9fc/0xe30[ 43.404942] rtnetlink_rcv_msg+0x378/0x580Avoid the kernel oops by dereferencing after the type check, as customary.πŸŽ–@cveNotify
2024-10-10 12:07:24
🚨 CVE-2024-29176Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable application's underlying operating system with privileges of the vulnerable application.πŸŽ–@cveNotify
2024-10-10 11:37:25
🚨 CVE-2024-9201The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the β€˜id_order’ parameter of the β€˜/modules/seur/ajax/saveCodFee.php’ endpoint.πŸŽ–@cveNotify
2024-10-10 11:37:24
🚨 CVE-2024-48902In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via APIπŸŽ–@cveNotify
2024-10-10 11:07:24
🚨 CVE-2024-4639OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.πŸŽ–@cveNotify
2024-10-10 10:37:32
🚨 CVE-2024-45119Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs and have a low impact on both confidentiality and integrity. Exploitation of this issue does not require user interaction and scope is changed.πŸŽ–@cveNotify
2024-10-10 10:37:26
🚨 CVE-2024-45118Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction.πŸŽ–@cveNotify
2024-10-10 10:37:25
🚨 CVE-2024-45115Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction.πŸŽ–@cveNotify
2024-10-10 10:37:24
🚨 CVE-2024-38348CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter.πŸŽ–@cveNotify
2024-10-10 09:37:32
🚨 CVE-2024-22068Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.πŸŽ–@cveNotify
2024-10-10 08:37:32
🚨 CVE-2024-9802The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running.πŸŽ–@cveNotify
2024-10-10 08:37:29
🚨 CVE-2024-9798The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.πŸŽ–@cveNotify
2024-10-10 08:37:28
🚨 CVE-2024-6747Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive dataπŸŽ–@cveNotify
2024-10-10 08:37:27
🚨 CVE-2024-38817VMware NSX contains a command injection vulnerability.Β A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.πŸŽ–@cveNotify
2024-10-10 07:37:25
🚨 CVE-2024-9780ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture fileπŸŽ–@cveNotify
2024-10-10 07:37:24
🚨 CVE-2024-3656A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.πŸŽ–@cveNotify
2024-10-10 06:37:24
🚨 CVE-2024-9156The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.πŸŽ–@cveNotify
2024-10-10 03:37:26
🚨 CVE-2024-9520The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, to add, modify, or delete user meta and plugin options.πŸŽ–@cveNotify
2024-10-10 03:37:25
🚨 CVE-2024-9022The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the β€˜orderby’ parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.πŸŽ–@cveNotify
2024-10-10 03:37:24
🚨 CVE-2024-8477The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init() function. This makes it possible for unauthenticated attackers to log out of a Brevo connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-10 02:37:32
🚨 CVE-2024-8729The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-10 02:37:25
🚨 CVE-2024-48957execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.πŸŽ–@cveNotify
2024-10-10 02:37:24
🚨 CVE-2024-28125FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation.πŸŽ–@cveNotify
2024-10-10 01:37:26
🚨 CVE-2024-48949The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.πŸŽ–@cveNotify
2024-10-10 01:07:25
🚨 CVE-2024-23113A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.πŸŽ–@cveNotify
2024-10-10 00:37:25
🚨 CVE-2024-48941The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted.πŸŽ–@cveNotify
2024-10-10 00:37:24
🚨 CVE-2024-47823Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type (e.g., `image/png`) and a β€œ.php” file extension. If the following criteria are met, the attacker can carry out an RCE attack: 1. Filename is composed of the original file name using `$file->getClientOriginalName()`. 2. Files stored directly on your server in a public storage disk. 3. Webserver is configured to execute β€œ.php” files. This issue has been addressed in release versions `2.12.7` and `3.5.2`. All users are advised to upgrade. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2024-10-09 23:37:32
🚨 CVE-2024-48933A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters.πŸŽ–@cveNotify
2024-10-09 23:37:25
🚨 CVE-2024-9464An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.πŸŽ–@cveNotify
2024-10-09 23:37:24
🚨 CVE-2024-9463An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.πŸŽ–@cveNotify
2024-10-09 22:37:24
🚨 CVE-2023-37154check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior.πŸŽ–@cveNotify
2024-10-09 21:37:32
🚨 CVE-2024-45160Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret).πŸŽ–@cveNotify
2024-10-09 21:37:25
🚨 CVE-2023-39292A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations.πŸŽ–@cveNotify
2024-10-09 21:37:24
🚨 CVE-2023-1529Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)πŸŽ–@cveNotify
2024-10-09 20:37:32
🚨 CVE-2023-39397Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability.πŸŽ–@cveNotify
2024-10-09 20:37:26
🚨 CVE-2023-39395Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability.πŸŽ–@cveNotify
2024-10-09 20:37:25
🚨 CVE-2023-1528Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2024-10-09 20:37:24
🚨 CVE-2021-41307Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.πŸŽ–@cveNotify
2024-10-09 19:37:37
🚨 CVE-2024-47832ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-... to sha-7f92a06. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2024-10-09 19:37:31
🚨 CVE-2024-47828ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. This vulnerability can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user. When the user submits the request, their playlist will be deleted. Any User with active sessions who are tricked into submitting a malicious request are impacted, as their playlists or other objects could be deleted without their consent.πŸŽ–@cveNotify
2024-10-09 19:37:30
🚨 CVE-2024-47812ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This issue has been patched in commit `d054b95` and all users are advised to apply this commit to their branch. Users unable to upgrade may either Prevent access to Special:RequestImportQueue on all wikis, except for the global wiki; and If an interface administrator (or equivalent) level protection is available (which is not provided by default) on the global wiki, protect the affected messages up to that level. This causes the XSS to be virtually useless as users with those rights can already edit Javascript pages. Or Prevent access to Special:RequestImportQueue altogether.πŸŽ–@cveNotify
2024-10-09 19:37:29
🚨 CVE-2024-3656A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.πŸŽ–@cveNotify
2024-10-09 19:37:26
🚨 CVE-2024-46316DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message.πŸŽ–@cveNotify
2024-10-09 19:37:25
🚨 CVE-2023-21134In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-10-09 19:37:24
🚨 CVE-2021-41306Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.πŸŽ–@cveNotify
2024-10-09 19:07:24
🚨 CVE-2024-37624Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component.πŸŽ–@cveNotify
2024-10-09 18:37:32
🚨 CVE-2024-47763Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtime crash is a deterministic process abort when Wasmtime is compiled with Rust 1.81 and later. WebAssembly tail calls are a proposal which relatively recently reached stage 4 in the standardization process. Wasmtime first enabled support for tail calls by default in Wasmtime 21.0.0, although that release contained a bug where it was only on-by-default for some configurations. In Wasmtime 22.0.0 tail calls were enabled by default for all configurations. The specific crash happens when an exported function in a WebAssembly module (or component) performs a `return_call` (or `return_call_indirect` or `return_call_ref`) to an imported host function which captures a stack trace (for example, the host function raises a trap). In this situation, the stack-walking code previously assumed there was always at least one WebAssembly frame on the stack but with tail calls that is no longer true. With the tail-call proposal it's possible to have an entry trampoline appear as if it directly called the exit trampoline. This situation triggers an internal assert in the stack-walking code which raises a Rust `panic!()`. When Wasmtime is compiled with Rust versions 1.80 and prior this means that an `extern "C"` function in Rust is raising a `panic!()`. This is technically undefined behavior and typically manifests as a process abort when the unwinder fails to unwind Cranelift-generated frames. When Wasmtime is compiled with Rust versions 1.81 and later this panic becomes a deterministic process abort. Overall the impact of this issue is that this is a denial-of-service vector where a malicious WebAssembly module or component can cause the host to crash. There is no other impact at this time other than availability of a service as the result of the crash is always a crash and no more. This issue was discovered by routine fuzzing performed by the Wasmtime project via Google's OSS-Fuzz infrastructure. We have no evidence that it has ever been exploited by an attacker in the wild. All versions of Wasmtime which have tail calls enabled by default have been patched: * 21.0.x - patched in 21.0.2 * 22.0.x - patched in 22.0.1 * 23.0.x - patched in 23.0.3 * 24.0.x - patched in 24.0.1 * 25.0.x - patched in 25.0.2. Wasmtime versions from 12.0.x (the first release with experimental tail call support) to 20.0.x (the last release with tail-calls off-by-default) have support for tail calls but the support is disabled by default. These versions are not affected in their default configurations, but users who explicitly enabled tail call support will need to either disable tail call support or upgrade to a patched version of Wasmtime. The main workaround for this issue is to disable tail support for tail calls in Wasmtime, for example with `Config::wasm_tail_call(false)`. Users are otherwise encouraged to upgrade to patched versions.πŸŽ–@cveNotify
2024-10-09 18:37:25
🚨 CVE-2023-31065Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.Β An old session can be used by an attacker even after the user has been deleted or the password has been changed.Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 , https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.πŸŽ–@cveNotify
2024-10-09 18:37:24
🚨 CVE-2023-31454Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.Β The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947πŸŽ–@cveNotify
2024-10-09 17:07:30
🚨 CVE-2024-42415An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.πŸŽ–@cveNotify
2024-10-09 17:07:29
🚨 CVE-2024-36474An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.πŸŽ–@cveNotify
2024-10-09 17:07:26
🚨 CVE-2024-20470A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials.This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.πŸŽ–@cveNotify
2024-10-09 17:07:25
🚨 CVE-2024-5179The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other β€œsafe” file types can be uploaded and included.πŸŽ–@cveNotify
2024-10-09 17:07:24
🚨 CVE-2024-35649Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.3.πŸŽ–@cveNotify
2024-10-09 16:37:38
🚨 CVE-2024-252853DSecure 2.0 allows form action hijacking via threeDsMethod.jsp?threeDSMethodData= or the threeDSMethodNotificationURL parameter. The destination web site for a form submission can be modified.πŸŽ–@cveNotify
2024-10-09 16:37:37
🚨 CVE-2024-43573Windows MSHTML Platform Spoofing VulnerabilityπŸŽ–@cveNotify
2024-10-09 16:37:36
🚨 CVE-2024-43572Microsoft Management Console Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-10-09 16:37:32
🚨 CVE-2024-9021In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoorπŸŽ–@cveNotify
2024-10-09 16:37:31
🚨 CVE-2024-5482A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary URLs, including those that target internal resources such as 'localhost' or '127.0.0.1'. This flaw enables attackers to make unauthorized requests to internal or external systems, potentially leading to access to sensitive data, service disruption, network integrity compromise, business logic manipulation, and abuse of third-party resources. The issue is critical and requires immediate attention to maintain the application's security and integrity.πŸŽ–@cveNotify
2024-10-09 16:37:30
🚨 CVE-2023-6501The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attackπŸŽ–@cveNotify
2024-10-09 16:37:26
🚨 CVE-2023-48831A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion.πŸŽ–@cveNotify
2024-10-09 16:37:25
🚨 CVE-2023-21272In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-10-09 16:07:41
🚨 CVE-2024-46836In the Linux kernel, the following vulnerability has been resolved:usb: gadget: aspeed_udc: validate endpoint index for ast udcWe should verify the bound of the array to assure that hostmay not manipulate the index to point past endpoint array.Found by static analysis.πŸŽ–@cveNotify
2024-10-09 16:07:37
🚨 CVE-2024-46832In the Linux kernel, the following vulnerability has been resolved:MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installedThis avoids warning:[ 0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283Caused by get_c0_compare_int on secondary CPU.We also skipped saving IRQ number to struct clock_event_device *cd asit's never used by clockevent core, as per comments it's only meantfor "non CPU local devices".πŸŽ–@cveNotify
2024-10-09 16:07:36
🚨 CVE-2023-6591The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedπŸŽ–@cveNotify
2024-10-09 15:37:43
🚨 CVE-2024-45394Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVP_BytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the user's encryption key. Users on version 8.0.0 and above are automatically migrated away from the weak encoding on first login. Users should destroy encrypted backups made with versions prior to 8.0.0.πŸŽ–@cveNotify
2024-10-09 15:37:42
🚨 CVE-2024-37156The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3.πŸŽ–@cveNotify
2024-10-09 15:37:38
🚨 CVE-2024-24697Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.πŸŽ–@cveNotify
2024-10-09 15:37:37
🚨 CVE-2024-0566The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.πŸŽ–@cveNotify
2024-10-09 15:37:36
🚨 CVE-2023-7233The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)πŸŽ–@cveNotify
2024-10-09 15:37:31
🚨 CVE-2023-49355decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation.πŸŽ–@cveNotify
2024-10-09 15:37:30
🚨 CVE-2023-48398In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.πŸŽ–@cveNotify
2024-10-09 15:07:36
🚨 CVE-2024-45001In the Linux kernel, the following vulnerability has been resolved:net: mana: Fix RX buf alloc_size alignment and atomic op panicThe MANA driver's RX buffer alloc_size is passed into napi_build_skb() tocreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignmentis affected by the alloc_size passed into napi_build_skb(). The size needsto be aligned properly for better performance and atomic operations.Otherwise, on ARM64 CPU, for certain MTU settings like 4000, atomicoperations may panic on the skb_shinfo(skb)->dataref due to alignment fault.To fix this bug, add proper alignment to the alloc_size calculation.Sample panic info:[ 253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce[ 253.300900] Mem abort info:[ 253.301760] ESR = 0x0000000096000021[ 253.302825] EC = 0x25: DABT (current EL), IL = 32 bits[ 253.304268] SET = 0, FnV = 0[ 253.305172] EA = 0, S1PTW = 0[ 253.306103] FSC = 0x21: alignment faultCall trace: __skb_clone+0xfc/0x198 skb_clone+0x78/0xe0 raw6_local_deliver+0xfc/0x228 ip6_protocol_deliver_rcu+0x80/0x500 ip6_input_finish+0x48/0x80 ip6_input+0x48/0xc0 ip6_sublist_rcv_finish+0x50/0x78 ip6_sublist_rcv+0x1cc/0x2b8 ipv6_list_rcv+0x100/0x150 __netif_receive_skb_list_core+0x180/0x220 netif_receive_skb_list_internal+0x198/0x2a8 __napi_poll+0x138/0x250 net_rx_action+0x148/0x330 handle_softirqs+0x12c/0x3a0πŸŽ–@cveNotify
2024-10-09 15:07:35
🚨 CVE-2023-6082The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).πŸŽ–@cveNotify
2024-10-09 15:07:31
🚨 CVE-2023-6081The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).πŸŽ–@cveNotify
2024-10-09 15:07:30
🚨 CVE-2021-1647Microsoft Defender Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-10-09 15:07:29
🚨 CVE-2016-3427Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.πŸŽ–@cveNotify
2024-10-09 14:07:46
🚨 CVE-2024-44949In the Linux kernel, the following vulnerability has been resolved:parisc: fix a possible DMA corruptionARCH_DMA_MINALIGN was defined as 16 - this is too small - it may bepossible that two unrelated 16-byte allocations share a cache line. Ifone of these allocations is written using DMA and the other is writtenusing cached write, the value that was written with DMA may becorrupted.This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -that's the largest possible cache line size.As different parisc microarchitectures have different cache line size, wedefine arch_slab_minalign(), cache_line_size() anddma_get_cache_alignment() so that the kernel may tune slab cacheparameters dynamically, based on the detected cache line size.πŸŽ–@cveNotify
2024-10-09 14:07:45
🚨 CVE-2022-31696VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.πŸŽ–@cveNotify
2024-10-09 14:07:44
🚨 CVE-2022-22590A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution.πŸŽ–@cveNotify
2024-10-09 13:37:29
🚨 CVE-2024-45720On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed.All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue.Subversion is not affected on UNIX-like platforms.πŸŽ–@cveNotify
2024-10-09 13:37:26
🚨 CVE-2024-1160The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-09 13:37:25
🚨 CVE-2024-0248The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9.πŸŽ–@cveNotify
2024-10-09 13:37:24
🚨 CVE-2023-6294The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.πŸŽ–@cveNotify
2024-10-09 13:07:44
🚨 CVE-2024-9568A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formAdvNetwork of the file /goform/formAdvNetwork. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-09 12:37:31
🚨 CVE-2024-28168Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.This issue affects Apache XML Graphics FOP: 2.9.Users are recommended to upgrade to version 2.10, which fixes the issue.πŸŽ–@cveNotify
2024-10-09 12:07:25
🚨 CVE-2022-0845Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.πŸŽ–@cveNotify
2024-10-09 12:07:24
🚨 CVE-2021-4118pytorch-lightning is vulnerable to Deserialization of Untrusted DataπŸŽ–@cveNotify
2024-10-09 11:37:38
🚨 CVE-2024-9553A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-09 11:37:32
🚨 CVE-2024-9552A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been rated as critical. Affected by this issue is the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipulation of the argument webpage leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-09 11:37:31
🚨 CVE-2024-9549A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-09 11:37:30
🚨 CVE-2024-9535A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-09 11:37:26
🚨 CVE-2024-9533A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-09 11:37:25
🚨 CVE-2024-9514A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-09 10:37:32
🚨 CVE-2024-47414Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-10-09 10:37:25
🚨 CVE-2024-47410Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-10-09 10:37:24
🚨 CVE-2024-45145Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2024-10-09 08:37:24
🚨 CVE-2024-9451The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' and 'width' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-09 07:37:32
🚨 CVE-2024-39586Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure.πŸŽ–@cveNotify
2024-10-09 07:37:26
🚨 CVE-2024-39440In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed.πŸŽ–@cveNotify
2024-10-09 07:37:25
🚨 CVE-2024-39437In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.πŸŽ–@cveNotify
2024-10-09 07:37:24
🚨 CVE-2024-39436In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.πŸŽ–@cveNotify
2024-10-09 06:37:32
🚨 CVE-2023-46586cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.πŸŽ–@cveNotify
2024-10-09 06:37:26
🚨 CVE-2023-45872An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service (application crash) if it is not actually an SVG document.πŸŽ–@cveNotify
2024-10-09 06:37:25
🚨 CVE-2023-37154check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior.πŸŽ–@cveNotify
2024-10-09 06:37:24
🚨 CVE-2023-36325i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it may be dropped, or may result in a Wrong Destination response). An attack would take days to complete.πŸŽ–@cveNotify
2024-10-09 05:37:25
🚨 CVE-2024-42934OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution.πŸŽ–@cveNotify
2024-10-09 05:37:24
🚨 CVE-2024-32608HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.πŸŽ–@cveNotify
2024-10-09 02:37:25
🚨 CVE-2024-21413Microsoft Outlook Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-10-09 02:37:24
🚨 CVE-2024-21338Windows Kernel Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2024-10-09 01:07:42
🚨 CVE-2024-43047Memory corruption while maintaining memory maps of HLOS memory.πŸŽ–@cveNotify
2024-10-08 23:37:25
🚨 CVE-2024-9603Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2024-10-08 23:37:24
🚨 CVE-2024-9602Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2024-10-08 22:07:26
🚨 CVE-2024-8802The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-08 22:07:25
🚨 CVE-2024-20381A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.Β This vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system.πŸŽ–@cveNotify
2024-10-08 22:07:24
🚨 CVE-2024-1881AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not including 5.1.0. The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to bypass the intended restrictions by crafting commands that are executed despite not being on the allowlist or by including malicious commands not present in the denylist. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary shell commands.πŸŽ–@cveNotify
2024-10-08 21:37:26
🚨 CVE-2024-20513A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device.This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate.πŸŽ–@cveNotify
2024-10-08 21:37:25
🚨 CVE-2023-45192IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758.πŸŽ–@cveNotify
2024-10-08 21:37:24
🚨 CVE-2023-34468The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.The resolution validates the Database URL and rejects H2 JDBC locations.You are recommended to upgrade to version 1.22.0 or later which fixes this issue.πŸŽ–@cveNotify
2024-10-08 21:07:26
🚨 CVE-2024-30481Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0.πŸŽ–@cveNotify
2024-10-08 21:07:25
🚨 CVE-2024-30466Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.4.πŸŽ–@cveNotify
2024-10-08 20:37:32
🚨 CVE-2023-49140Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.πŸŽ–@cveNotify
2024-10-08 20:37:26
🚨 CVE-2023-49695OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product.πŸŽ–@cveNotify
2024-10-08 20:37:25
🚨 CVE-2023-1820Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)πŸŽ–@cveNotify
2024-10-08 20:37:24
🚨 CVE-2023-1815Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)πŸŽ–@cveNotify
2024-10-08 20:07:33
🚨 CVE-2023-2030An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.πŸŽ–@cveNotify
2024-10-08 20:07:26
🚨 CVE-2023-4647An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances.πŸŽ–@cveNotify
2024-10-08 20:07:25
🚨 CVE-2023-2485An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of.πŸŽ–@cveNotify
2024-10-08 20:07:24
🚨 CVE-2023-1825An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export.πŸŽ–@cveNotify
2024-10-08 19:37:32
🚨 CVE-2023-0121A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts.πŸŽ–@cveNotify
2024-10-08 19:37:26
🚨 CVE-2023-0921A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.πŸŽ–@cveNotify
2024-10-08 19:37:25
🚨 CVE-2023-1810Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2024-10-08 19:37:24
🚨 CVE-2023-1534Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2024-10-08 19:07:33
🚨 CVE-2024-8800The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.21.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-08 19:07:26
🚨 CVE-2023-6736An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file.πŸŽ–@cveNotify
2024-10-08 19:07:25
🚨 CVE-2023-5825An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service.πŸŽ–@cveNotify
2024-10-08 18:37:38
🚨 CVE-2024-37869File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variableπŸŽ–@cveNotify
2024-10-08 18:37:32
🚨 CVE-2024-37868File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable.πŸŽ–@cveNotify
2024-10-08 18:37:31
🚨 CVE-2024-20499Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.πŸŽ–@cveNotify
2024-10-08 18:37:30
🚨 CVE-2024-20498Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.πŸŽ–@cveNotify
2024-10-08 18:37:26
🚨 CVE-2024-46843In the Linux kernel, the following vulnerability has been resolved:scsi: ufs: core: Remove SCSI host only if addedIf host tries to remove ufshcd driver from a UFS device it would cause akernel panic if ufshcd_async_scan fails during ufshcd_probe_hba beforeadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI hosthas been defered after MCQ configuration introduced by commit 0cab4023ec7b("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").To guarantee that SCSI host is removed only if it has been added, set thescsi_host_added flag to true after adding a SCSI host and check whether itis set or not before removing it.πŸŽ–@cveNotify
2024-10-08 18:37:25
🚨 CVE-2024-46840In the Linux kernel, the following vulnerability has been resolved:btrfs: clean up our handling of refs == 0 in snapshot deleteIn reada we BUG_ON(refs == 0), which could be unkind since we aren'tholding a lock on the extent leaf and thus could get a transientincorrect answer. In walk_down_proc we also BUG_ON(refs == 0), whichcould happen if we have extent tree corruption. Change that to return-EUCLEAN. In do_walk_down() we catch this case and handle it correctly,however we return -EIO, which -EUCLEAN is a more appropriate error code.Finally in walk_up_proc we have the same BUG_ON(refs == 0), so convertthat to proper error handling. Also adjust the error message so we canactually do something with the information.πŸŽ–@cveNotify
2024-10-08 18:07:25
🚨 CVE-2024-20499Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.πŸŽ–@cveNotify
2024-10-08 18:07:24
🚨 CVE-2024-9172The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.πŸŽ–@cveNotify
2024-10-08 17:37:40
🚨 CVE-2021-1648Microsoft splwow64 Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2024-10-08 17:37:33
🚨 CVE-2021-1644HEVC Video Extensions Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-10-08 17:37:32
🚨 CVE-2021-1643HEVC Video Extensions Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-10-08 17:37:28
🚨 CVE-2021-1641Microsoft SharePoint Server Spoofing VulnerabilityπŸŽ–@cveNotify
2024-10-08 17:37:27
🚨 CVE-2021-1636Microsoft SQL Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2024-10-08 17:07:25
🚨 CVE-2024-24887Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4.πŸŽ–@cveNotify
2024-10-08 17:07:24
🚨 CVE-2024-23512Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.πŸŽ–@cveNotify
2024-10-08 16:37:43
🚨 CVE-2024-9306The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. In addition, site administrators have the option to grant lower-level users with access to manage the plugin's settings which may extend this vulnerability to those users.πŸŽ–@cveNotify
2024-10-08 16:37:42
🚨 CVE-2024-20515A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. An attacker with Read-Only Administrator privileges could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to view device credentials that are normally not visible to Read-Only Administrators.πŸŽ–@cveNotify
2024-10-08 16:37:37
🚨 CVE-2022-49039Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands via unspecified vectors.πŸŽ–@cveNotify
2024-10-08 16:37:36
🚨 CVE-2024-20434A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessible through the console or CLI, and it would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic that is traversing the device through the data plane is not affected. A reload of the device is required to restore control plane services.πŸŽ–@cveNotify
2024-10-08 16:37:31
🚨 CVE-2024-24797Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3.πŸŽ–@cveNotify
2024-10-08 16:37:30
🚨 CVE-2024-21312.NET Framework Denial of Service VulnerabilityπŸŽ–@cveNotify
2024-10-08 16:37:26
🚨 CVE-2024-20697Windows Libarchive Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-10-08 16:07:35
🚨 CVE-2024-42417Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.πŸŽ–@cveNotify
2024-10-08 16:07:28
🚨 CVE-2024-20491A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information.This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text.Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information.πŸŽ–@cveNotify
2024-10-08 16:07:27
🚨 CVE-2022-49041Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors.πŸŽ–@cveNotify
2024-10-08 16:07:26
🚨 CVE-2022-49040Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors.πŸŽ–@cveNotify
2024-10-08 15:37:56
🚨 CVE-2024-20444A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device.Β This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition.πŸŽ–@cveNotify
2024-10-08 15:37:55
🚨 CVE-2024-9218The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.14. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-08 15:37:54
🚨 CVE-2023-42183lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.πŸŽ–@cveNotify
2024-10-08 15:37:49
🚨 CVE-2023-50564An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.πŸŽ–@cveNotify
2024-10-08 15:37:48
🚨 CVE-2023-40630Unauthenticated LFI/SSRF in JCDashboards component for Joomla.πŸŽ–@cveNotify
2024-10-08 15:37:47
🚨 CVE-2023-40921SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters.πŸŽ–@cveNotify
2024-10-08 15:37:44
🚨 CVE-2023-50766A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.πŸŽ–@cveNotify
2024-10-08 15:37:43
🚨 CVE-2023-36674An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.πŸŽ–@cveNotify
2024-10-08 15:37:42
🚨 CVE-2023-39445Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console.πŸŽ–@cveNotify
2024-10-08 15:07:50
🚨 CVE-2024-41163A directory traversal vulnerability exists in the archive download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of arbitrary files. An attacker can make an unauthenticated HTTP request to exploit this vulnerability.πŸŽ–@cveNotify
2024-10-08 15:07:49
🚨 CVE-2024-9344The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-08 14:38:02
🚨 CVE-2024-45874A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe.πŸŽ–@cveNotify
2024-10-08 14:37:56
🚨 CVE-2024-45873A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe.πŸŽ–@cveNotify
2024-10-08 14:37:55
🚨 CVE-2024-47618Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the β€œMedia” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ (other users including admins) browsers. This issue is fixed in 2.6.5.πŸŽ–@cveNotify
2024-10-08 14:37:54
🚨 CVE-2024-47617Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website's content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21.πŸŽ–@cveNotify
2024-10-08 14:37:51
🚨 CVE-2024-8352The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.πŸŽ–@cveNotify
2024-10-08 14:37:50
🚨 CVE-2024-20432A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device.Β This vulnerability is due to improper user authorization and insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted commands to an affected REST API endpoint or through the web UI. A successful exploit could allow the attacker to execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network-admin privileges.Β Note: This vulnerability does not affect Cisco NDFC when it is configured for storage area network (SAN) controller deployment.πŸŽ–@cveNotify
2024-10-08 14:37:49
🚨 CVE-2024-20365A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root.This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exploit could allow the attacker to elevate privileges to root.πŸŽ–@cveNotify
2024-10-08 14:08:03
🚨 CVE-2015-9299The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS.πŸŽ–@cveNotify
2024-10-08 14:07:57
🚨 CVE-2015-9298The events-manager plugin before 5.6 for WordPress has code injection.πŸŽ–@cveNotify
2024-10-08 14:07:56
🚨 CVE-2018-0576Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.πŸŽ–@cveNotify
2024-10-08 14:07:55
🚨 CVE-2018-9020The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature.πŸŽ–@cveNotify
2024-10-08 13:37:24
🚨 CVE-2023-40313A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.πŸŽ–@cveNotify
2024-10-08 12:37:33
🚨 CVE-2024-8431The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve private post titles.πŸŽ–@cveNotify
2024-10-08 11:37:25
🚨 CVE-2024-9005CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to beremotely executed on the server when unsafely deserialized data is posted to the web server.πŸŽ–@cveNotify
2024-10-08 11:37:24
🚨 CVE-2024-8488The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.πŸŽ–@cveNotify
2024-10-08 10:37:34
🚨 CVE-2024-8629The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-08 10:37:33
🚨 CVE-2024-8422CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denialof service and loss of confidentiality & integrity when application user opens a malicious ZelioSoft 2 project file.πŸŽ–@cveNotify
2024-10-08 10:37:32
🚨 CVE-2024-3506A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions.πŸŽ–@cveNotify
2024-10-08 10:37:29
🚨 CVE-2024-45277The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.πŸŽ–@cveNotify
2024-10-08 10:37:28
🚨 CVE-2023-26319Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.πŸŽ–@cveNotify
2024-10-08 10:37:27
🚨 CVE-2023-26317Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing.πŸŽ–@cveNotify
2024-10-08 08:37:43
🚨 CVE-2024-8964The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.πŸŽ–@cveNotify
2024-10-08 08:37:42
🚨 CVE-2024-47095Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the expiredSupportMessage parameter of handleloginform.do.πŸŽ–@cveNotify
2024-10-08 07:37:37
🚨 CVE-2024-34672Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users.πŸŽ–@cveNotify
2024-10-08 07:37:31
🚨 CVE-2024-34671Use of implicit intent for sensitive communication in translation혻in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.πŸŽ–@cveNotify
2024-10-08 07:37:30
🚨 CVE-2024-34668Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.πŸŽ–@cveNotify
2024-10-08 07:37:29
🚨 CVE-2024-34667Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.πŸŽ–@cveNotify
2024-10-08 07:37:26
🚨 CVE-2024-34665Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.πŸŽ–@cveNotify
2024-10-08 07:37:25
🚨 CVE-2024-34663Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory.πŸŽ–@cveNotify
2024-10-08 07:37:24
🚨 CVE-2024-34662Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors.πŸŽ–@cveNotify
2024-10-08 06:37:25
🚨 CVE-2024-9021In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoorπŸŽ–@cveNotify
2024-10-08 06:37:24
🚨 CVE-2024-8983Custom Twitter Feeds WordPress plugin before 2.2.3 is not filtering some of its settings allowing high privilege users to inject scripts.πŸŽ–@cveNotify
2024-10-08 05:37:25
🚨 CVE-2024-21533All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.πŸŽ–@cveNotify
2024-10-08 05:37:24
🚨 CVE-2024-21532All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API.πŸŽ–@cveNotify
2024-10-08 04:37:32
🚨 CVE-2024-45277The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.πŸŽ–@cveNotify
2024-10-08 04:37:26
🚨 CVE-2024-43697in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input.πŸŽ–@cveNotify
2024-10-08 04:37:25
🚨 CVE-2024-39806in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.πŸŽ–@cveNotify
2024-10-08 04:37:24
🚨 CVE-2024-37179SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application.πŸŽ–@cveNotify
2024-10-07 22:37:25
🚨 CVE-2024-45873A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe.πŸŽ–@cveNotify
2024-10-07 22:37:24
🚨 CVE-2024-47967Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.πŸŽ–@cveNotify
2024-10-07 21:37:32
🚨 CVE-2024-43362Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.πŸŽ–@cveNotify
2024-10-07 21:37:25
🚨 CVE-2024-8758The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).πŸŽ–@cveNotify
2024-10-07 21:37:24
🚨 CVE-2024-7885A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.πŸŽ–@cveNotify
2024-10-07 20:37:32
🚨 CVE-2024-5742A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.πŸŽ–@cveNotify
2024-10-07 20:37:25
🚨 CVE-2023-32200There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query.This issue affects Apache Jena: from 3.7.0 through 4.8.0.πŸŽ–@cveNotify
2024-10-07 20:37:24
🚨 CVE-2023-33008Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon.A malicious attacker can craft up some JSON input that uses large numbers (numbers such asΒ 1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. This issue affects Apache Johnzon: through 1.2.20.πŸŽ–@cveNotify
2024-10-07 20:07:32
🚨 CVE-2024-46409A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page.πŸŽ–@cveNotify
2024-10-07 20:07:26
🚨 CVE-2024-46658Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability.πŸŽ–@cveNotify
2024-10-07 20:07:25
🚨 CVE-2024-43694In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device.πŸŽ–@cveNotify
2024-10-07 20:07:24
🚨 CVE-2024-43108The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message.πŸŽ–@cveNotify
2024-10-07 19:37:32
🚨 CVE-2023-2133Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2024-10-07 19:37:26
🚨 CVE-2023-1818Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)πŸŽ–@cveNotify
2024-10-07 19:37:25
🚨 CVE-2021-43957Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.πŸŽ–@cveNotify
2024-10-07 19:37:24
🚨 CVE-2021-43944This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.πŸŽ–@cveNotify
2024-10-07 19:07:32
🚨 CVE-2024-9265The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echo_check_post_header_sent() function. This makes it possible for unauthenticated attackers to register as an administrator.πŸŽ–@cveNotify
2024-10-07 19:07:26
🚨 CVE-2024-9241The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-07 19:07:25
🚨 CVE-2024-45838The goTenna Pro ATAK Plugin does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities.πŸŽ–@cveNotify
2024-10-07 19:07:24
🚨 CVE-2024-41931The goTenna Pro ATAK Plugin broadcast key name is always sent unencrypted and could reveal the location of operation.πŸŽ–@cveNotify
2024-10-07 18:37:37
🚨 CVE-2024-9289The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callback() function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated attackers to log in as any user, including administrators, granted they have access to the administrator's email.πŸŽ–@cveNotify
2024-10-07 18:37:31
🚨 CVE-2024-7675A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.πŸŽ–@cveNotify
2024-10-07 18:37:30
🚨 CVE-2024-7672A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.πŸŽ–@cveNotify
2024-10-07 18:37:29
🚨 CVE-2024-7671A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.πŸŽ–@cveNotify
2024-10-07 18:37:26
🚨 CVE-2024-30515Missing Authorization vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.6.4.πŸŽ–@cveNotify
2024-10-07 18:37:25
🚨 CVE-2023-45207An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitising the JavaScript code present in a PDF document.)πŸŽ–@cveNotify
2024-10-07 18:37:24
🚨 CVE-2023-45206An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malicious code will mitigate this issue.)πŸŽ–@cveNotify
2024-10-07 18:07:36
🚨 CVE-2024-7687The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.πŸŽ–@cveNotify
2024-10-07 18:07:30
🚨 CVE-2024-6910The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.πŸŽ–@cveNotify
2024-10-07 18:07:29
🚨 CVE-2024-7786The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.πŸŽ–@cveNotify
2024-10-07 18:07:28
🚨 CVE-2023-52447In the Linux kernel, the following vulnerability has been resolved:bpf: Defer the free of inner map when necessaryWhen updating or deleting an inner map in map array or map htab, the mapmay still be accessed by non-sleepable program or sleepable program.However bpf_map_fd_put_ptr() decreases the ref-counter of the inner mapdirectly through bpf_map_put(), if the ref-counter is the last one(which is true for most cases), the inner map will be freed byops->map_free() in a kworker. But for now, most .map_free() callbacksdon't use synchronize_rcu() or its variants to wait for the elapse of aRCU grace period, so after the invocation of ops->map_free completes,the bpf program which is accessing the inner map may incuruse-after-free problem.Fix the free of inner map by invoking bpf_map_free_deferred() after bothone RCU grace period and one tasks trace RCU grace period if the innermap has been removed from the outer map before. The deferment isaccomplished by using call_rcu() or call_rcu_tasks_trace() whenreleasing the last ref-counter of bpf map. The newly-added rcu_headfield in bpf_map shares the same storage space with work field toreduce the size of bpf_map.πŸŽ–@cveNotify
2024-10-07 17:37:32
🚨 CVE-2024-7892The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attackπŸŽ–@cveNotify
2024-10-07 17:37:26
🚨 CVE-2024-8668The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip and countdown functionality in all versions up to, and including, 2.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-07 17:37:25
🚨 CVE-2024-20343A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device.This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system.πŸŽ–@cveNotify
2024-10-07 17:07:25
🚨 CVE-2024-45803Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting (XSS) vulnerability has been identified in the `/wireui/button` endpoint, specifically through the `label` query parameter. Malicious actors could exploit this vulnerability by injecting JavaScript into the `label` parameter, leading to the execution of arbitrary code in the victim's browser. The `/wireui/button` endpoint dynamically renders button labels based on user-provided input via the `label` query parameter. Due to insufficient sanitization or escaping of this input, an attacker can inject malicious JavaScript. By crafting such a request, an attacker can inject arbitrary code that will be executed by the browser when the endpoint is accessed. If exploited, this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the affected website. This could lead to: **Session Hijacking**: Stealing session cookies, tokens, or other sensitive information. **User Impersonation**: Performing unauthorized actions on behalf of authenticated users. **Phishing**: Redirecting users to malicious websites. **Content Manipulation**: Altering the appearance or behavior of the affected page to mislead users or execute further attacks. The severity of this vulnerability depends on the context of where the affected component is used, but in all cases, it poses a significant risk to user security. This issue has been addressed in release versions 1.19.3 and 2.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2024-10-07 17:07:24
🚨 CVE-2024-7918The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).πŸŽ–@cveNotify
2024-10-07 16:37:43
🚨 CVE-2024-46278Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.πŸŽ–@cveNotify
2024-10-07 16:37:37
🚨 CVE-2024-46041IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay.πŸŽ–@cveNotify
2024-10-07 16:37:36
🚨 CVE-2024-28710Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.πŸŽ–@cveNotify
2024-10-07 16:37:35
🚨 CVE-2024-28709Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.πŸŽ–@cveNotify
2024-10-07 16:37:32
🚨 CVE-2024-47850CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)πŸŽ–@cveNotify
2024-10-07 16:37:31
🚨 CVE-2024-9291A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the argument upfile leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The GitHub repository of the project did not receive an update for more than two years.πŸŽ–@cveNotify
2024-10-07 16:37:30
🚨 CVE-2024-47124The goTenna pro series does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities.πŸŽ–@cveNotify
2024-10-07 16:37:26
🚨 CVE-2024-47121The goTenna Pro series uses a weak password for the QR broadcast message. If the QR broadcast message is captured over RF it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast.πŸŽ–@cveNotify
2024-10-07 16:37:25
🚨 CVE-2024-30485Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0.πŸŽ–@cveNotify
2024-10-07 16:37:24
🚨 CVE-2022-26320The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.πŸŽ–@cveNotify
2024-10-07 16:07:41
🚨 CVE-2024-9329In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.πŸŽ–@cveNotify
2024-10-07 16:07:37
🚨 CVE-2024-8283The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).πŸŽ–@cveNotify
2024-10-07 16:07:36
🚨 CVE-2024-9325A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.πŸŽ–@cveNotify
2024-10-07 16:07:35
🚨 CVE-2024-9324A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component RelatΓ³rio de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.πŸŽ–@cveNotify
2024-10-07 16:07:31
🚨 CVE-2024-8712The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-10-07 16:07:30
🚨 CVE-2024-6722The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)πŸŽ–@cveNotify
2024-10-07 16:07:26
🚨 CVE-2024-6020The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting.πŸŽ–@cveNotify
2024-10-07 16:07:25
🚨 CVE-2024-6927The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)πŸŽ–@cveNotify
2024-10-07 16:07:24
🚨 CVE-2024-5417The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπŸŽ–@cveNotify
2024-10-07 15:37:38
🚨 CVE-2024-9568A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formAdvNetwork of the file /goform/formAdvNetwork. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-07 15:37:37
🚨 CVE-2024-45933OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint.πŸŽ–@cveNotify
2024-10-07 15:07:35
🚨 CVE-2024-25412A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.πŸŽ–@cveNotify
2024-10-07 15:07:34
🚨 CVE-2024-44911NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_aos.c).πŸŽ–@cveNotify
2024-10-07 14:37:35
🚨 CVE-2024-9567A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. This issue affects the function formAdvFirewall of the file /goform/formAdvFirewall. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-07 14:37:34
🚨 CVE-2024-46802In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: added NULL check at start of dc_validate_stream[Why]prevent invalid memory access[How]check if dc and stream are NULLπŸŽ–@cveNotify
2024-10-07 14:37:33
🚨 CVE-2024-7714The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback'πŸŽ–@cveNotify
2024-10-07 14:37:30
🚨 CVE-2024-47126The goTenna Pro series does not use SecureRandom when generating its cryptographic keys. The random function in use is not suitable for cryptographic use.πŸŽ–@cveNotify
2024-10-07 14:37:29
🚨 CVE-2019-0344Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.πŸŽ–@cveNotify
2024-10-07 14:37:28
🚨 CVE-2017-10271Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).πŸŽ–@cveNotify
2024-10-07 14:07:54
🚨 CVE-2024-21420Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2024-10-07 14:07:53
🚨 CVE-2020-15415On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.πŸŽ–@cveNotify
2024-10-07 13:38:04
🚨 CVE-2024-23378Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.πŸŽ–@cveNotify
2024-10-07 13:37:57
🚨 CVE-2024-23375Memory corruption during the network scan request.πŸŽ–@cveNotify
2024-10-07 13:37:56
🚨 CVE-2024-23370Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.πŸŽ–@cveNotify
2024-10-07 13:37:55
🚨 CVE-2024-23369Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.πŸŽ–@cveNotify
2024-10-07 13:37:51
🚨 CVE-2024-47186Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Filament v3.2.115 fixes this issue.πŸŽ–@cveNotify
2024-10-07 13:37:50
🚨 CVE-2023-6072A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.πŸŽ–@cveNotify
2024-10-07 13:07:27
🚨 CVE-2024-8325The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the β€˜blockspare_render_social_sharing_block’ function in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2024-10-07 12:37:40
🚨 CVE-2024-27312Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability.πŸŽ–@cveNotify
2024-10-07 12:37:39
🚨 CVE-2023-6203The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted requestπŸŽ–@cveNotify
2024-10-07 12:37:38
🚨 CVE-2019-15109The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter.πŸŽ–@cveNotify
2024-10-07 06:37:24
🚨 CVE-2024-47335Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Form Bit Form – Contact Form Plugin allows SQL Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.11.πŸŽ–@cveNotify
2024-10-07 04:37:24
🚨 CVE-2024-20094In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535.πŸŽ–@cveNotify
2024-10-07 03:37:32
🚨 CVE-2024-20095In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636.πŸŽ–@cveNotify
2024-10-07 03:37:25
🚨 CVE-2024-20092In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1700.πŸŽ–@cveNotify
2024-10-07 03:37:24
🚨 CVE-2024-20090In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1703.πŸŽ–@cveNotify
2024-10-07 01:37:24
🚨 CVE-2024-9564A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-07 00:37:47
🚨 CVE-2024-9563A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-06 23:37:25
🚨 CVE-2024-9562A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-06 23:37:24
🚨 CVE-2024-9561A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-06 22:37:24
🚨 CVE-2024-9560A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-06 21:37:24
🚨 CVE-2024-47854An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user.πŸŽ–@cveNotify
2024-10-06 19:37:24
🚨 CVE-2024-9559A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-06 18:37:24
🚨 CVE-2024-9558A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formSetWanPPTP of the file /goform/formSetWanPPTP. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-06 17:37:24
🚨 CVE-2024-9557A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formSetWanPPPoE of the file /goform/formSetWanPPPoE. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-10-06 16:37:24
🚨 CVE-2024-9556A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-09-16 02:37:24
🚨 CVE-2024-46958In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.πŸŽ–@cveNotify
2024-09-16 01:37:34
🚨 CVE-2024-8880A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main&inc=core_auth&route=forgot&op=forgot of the component Template Handler. The manipulation of the argument username/email/captcha leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The project maintainer was informed early about the issue. Investigation shows that playSMS up to 1.4.3 contained a fix but later versions re-introduced the flaw. As long as the latest version of the playsms/tpl package is used, the software is not affected. Version >=1.4.4 shall fix this issue for sure.πŸŽ–@cveNotify
2024-09-15 23:37:25
🚨 CVE-2024-46943An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information.πŸŽ–@cveNotify
2024-09-15 23:37:24
🚨 CVE-2024-46942In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment.πŸŽ–@cveNotify
2024-09-15 22:37:25
🚨 CVE-2024-8875A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-09-15 22:37:24
🚨 CVE-2024-46938An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.πŸŽ–@cveNotify
2024-09-15 20:37:26
🚨 CVE-2024-46918app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.πŸŽ–@cveNotify
2024-09-15 20:37:25
🚨 CVE-2024-33881An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter.πŸŽ–@cveNotify
2024-09-15 20:37:24
🚨 CVE-2012-6664Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands.πŸŽ–@cveNotify
2024-09-15 19:37:25
🚨 CVE-2024-33868An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection.πŸŽ–@cveNotify
2024-09-15 19:37:24
🚨 CVE-2024-30922SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering.πŸŽ–@cveNotify
2024-09-15 18:37:25
🚨 CVE-2024-45003In the Linux kernel, the following vulnerability has been resolved:vfs: Don't evict inode under the inode lru traversing contextThe inode reclaiming process(See function prune_icache_sb) collects allreclaimable inodes and mark them with I_FREEING flag at first, at thattime, other processes will be stuck if they try getting these inodes(See function find_inode_fast), then the reclaiming process destroy theinodes by function dispose_list(). Some filesystems(eg. ext4 withea_inode feature, ubifs with xattr) may do inode lookup in the inodeevicting callback function, if the inode lookup is operated under theinode lru traversing context, deadlock problems may happen.Case 1: In function ext4_evict_inode(), the ea inode lookup could happen if ea_inode feature is enabled, the lookup process will be stuck under the evicting context like this: 1. File A has inode i_reg and an ea inode i_ea 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea 3. Then, following three processes running like this: PA PB echo 2 > /proc/sys/vm/drop_caches shrink_slab prune_dcache_sb // i_reg is added into lru, lru->i_ea->i_reg prune_icache_sb list_lru_walk_one inode_lru_isolate i_ea->i_state |= I_FREEING // set inode state inode_lru_isolate __iget(i_reg) spin_unlock(&i_reg->i_lock) spin_unlock(lru_lock) rm file A i_reg->nlink = 0 iput(i_reg) // i_reg->nlink is 0, do evict ext4_evict_inode ext4_xattr_delete_inode ext4_xattr_inode_dec_ref_all ext4_xattr_inode_iget ext4_iget(i_ea->i_ino) iget_locked find_inode_fast __wait_on_freeing_inode(i_ea) ----β†’ AA deadlock dispose_list // cannot be executed by prune_icache_sb wake_up_bit(&i_ea->i_state)Case 2: In deleted inode writing function ubifs_jnl_write_inode(), file deleting process holds BASEHD's wbuf->io_mutex while getting the xattr inode, which could race with inode reclaiming process(The reclaiming process could try locking BASEHD's wbuf->io_mutex in inode evicting function), then an ABBA deadlock problem would happen as following: 1. File A has inode ia and a xattr(with inode ixa), regular file B has inode ib and a xattr. 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa 3. Then, following three processes running like this: PA PB PC echo 2 > /proc/sys/vm/drop_caches shrink_slab prune_dcache_sb // ib and ia are added into lru, lru->ixa->ib->ia prune_icache_sb list_lru_walk_one inode_lru_isolate ixa->i_state |= I_FREEING // set inode state inode_lru_isolate __iget(ib) spin_unlock(&ib->i_lock) spin_unlock(lru_lock) rm file B ib->nlink = 0 rm file A iput(ia) ubifs_evict_inode(ia) ubifs_jnl_delete_inode(ia) ubifs_jnl_write_inode(ia) make_reservation(BASEHD) // Lock wbuf->io_mutex ubifs_iget(ixa->i_ino) iget_locked find_inode_fast __wait_on_freeing_inode(ixa) | iput(ib) // ib->nlink is 0, do evict | ubifs_evict_inode | ubifs_jnl_delete_inode(ib) ↓ ubifs_jnl_write_inode ABBA deadlock ←-----make_reservation(BASEHD) dispose_list // cannot be executed by prune_icache_sb wake_up_bit(&ixa->i_state)Fix the possible deadlock by using new inode state flag I_LRU_ISOLATINGto pin the inode in memory while inode_lru_isolate(---truncated---πŸŽ–@cveNotify
2024-09-15 18:37:24
🚨 CVE-2024-44995In the Linux kernel, the following vulnerability has been resolved:net: hns3: fix a deadlock problem when config TC during resettingWhen config TC during the reset process, may cause a deadlock, the flow isas below: pf reset start β”‚ β–Ό ......setup tc β”‚ β”‚ β–Ό β–Ό DOWN: napi_disable()napi_disable()(skip) β”‚ β”‚ β”‚ β–Ό β–Ό ...... ...... β”‚ β”‚ β–Ό β”‚napi_enable() β”‚ β–Ό UINIT: netif_napi_del() β”‚ β–Ό ...... β”‚ β–Ό INIT: netif_napi_add() β”‚ β–Ό ...... global reset start β”‚ β”‚ β–Ό β–Ό UP: napi_enable()(skip) ...... β”‚ β”‚ β–Ό β–Ό ...... napi_disable()In reset process, the driver will DOWN the port and then UINIT, in thiscase, the setup tc process will UP the port before UINIT, so cause theproblem. Adds a DOWN process in UINIT to fix it.πŸŽ–@cveNotify
2024-09-15 11:37:25
🚨 CVE-2024-8869A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-09-15 11:37:24
🚨 CVE-2024-28799IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local user during back-end commands which may result in the unexpected disclosure of this information under certain conditions. IBM X-Force ID: 287173.πŸŽ–@cveNotify
2024-09-15 09:37:30
🚨 CVE-2024-44059Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MediaRon LLC Custom Query Blocks allows Stored XSS.This issue affects Custom Query Blocks: from n/a through 5.3.1.πŸŽ–@cveNotify
2024-09-15 09:37:26
🚨 CVE-2024-44057Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Nirvana allows Stored XSS.This issue affects Nirvana: from n/a through 1.6.3.πŸŽ–@cveNotify
2024-09-15 09:37:25
🚨 CVE-2024-44054Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8.πŸŽ–@cveNotify
2024-09-15 09:37:24
🚨 CVE-2024-44053Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through 1.8.πŸŽ–@cveNotify
2024-09-15 08:37:31
🚨 CVE-2024-45459Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through 1.13.50.πŸŽ–@cveNotify
2024-09-15 08:37:30
🚨 CVE-2024-45457Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.πŸŽ–@cveNotify
2024-09-15 08:37:26
🚨 CVE-2024-45455Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13.πŸŽ–@cveNotify
2024-09-15 08:37:25
🚨 CVE-2024-44062Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5.πŸŽ–@cveNotify
2024-09-15 08:37:24
🚨 CVE-2024-44060Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1.πŸŽ–@cveNotify
2024-09-15 03:37:24
🚨 CVE-2024-8867A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.πŸŽ–@cveNotify
2024-09-15 02:37:24
🚨 CVE-2024-8866A vulnerability was found in AutoCMS 5.4. It has been classified as problematic. This affects an unknown part of the file /admin/robot.php. The manipulation of the argument sidebar leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.πŸŽ–@cveNotify
2024-09-15 01:37:24
🚨 CVE-2024-8864A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipulation leads to code injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-09-14 23:37:24
🚨 CVE-2024-8863A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-09-14 20:37:24
🚨 CVE-2024-8862A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.πŸŽ–@cveNotify
2024-09-14 16:37:25
🚨 CVE-2024-46687In the Linux kernel, the following vulnerability has been resolved:btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()[BUG]There is an internal report that KASAN is reporting use-after-free, withthe following backtrace: BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs] Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45 CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 Workqueue: btrfs-endio btrfs_end_bio_work [btrfs] Call Trace: dump_stack_lvl+0x61/0x80 print_address_description.constprop.0+0x5e/0x2f0 print_report+0x118/0x216 kasan_report+0x11d/0x1f0 btrfs_check_read_bio+0xa68/0xb70 [btrfs] process_one_work+0xce0/0x12a0 worker_thread+0x717/0x1250 kthread+0x2e3/0x3c0 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x11/0x20 Allocated by task 20917: kasan_save_stack+0x37/0x60 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x7d/0x80 kmem_cache_alloc_noprof+0x16e/0x3e0 mempool_alloc_noprof+0x12e/0x310 bio_alloc_bioset+0x3f0/0x7a0 btrfs_bio_alloc+0x2e/0x50 [btrfs] submit_extent_page+0x4d1/0xdb0 [btrfs] btrfs_do_readpage+0x8b4/0x12a0 [btrfs] btrfs_readahead+0x29a/0x430 [btrfs] read_pages+0x1a7/0xc60 page_cache_ra_unbounded+0x2ad/0x560 filemap_get_pages+0x629/0xa20 filemap_read+0x335/0xbf0 vfs_read+0x790/0xcb0 ksys_read+0xfd/0x1d0 do_syscall_64+0x6d/0x140 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Freed by task 20917: kasan_save_stack+0x37/0x60 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x50 __kasan_slab_free+0x4b/0x60 kmem_cache_free+0x214/0x5d0 bio_free+0xed/0x180 end_bbio_data_read+0x1cc/0x580 [btrfs] btrfs_submit_chunk+0x98d/0x1880 [btrfs] btrfs_submit_bio+0x33/0x70 [btrfs] submit_one_bio+0xd4/0x130 [btrfs] submit_extent_page+0x3ea/0xdb0 [btrfs] btrfs_do_readpage+0x8b4/0x12a0 [btrfs] btrfs_readahead+0x29a/0x430 [btrfs] read_pages+0x1a7/0xc60 page_cache_ra_unbounded+0x2ad/0x560 filemap_get_pages+0x629/0xa20 filemap_read+0x335/0xbf0 vfs_read+0x790/0xcb0 ksys_read+0xfd/0x1d0 do_syscall_64+0x6d/0x140 entry_SYSCALL_64_after_hwframe+0x4b/0x53[CAUSE]Although I cannot reproduce the error, the report itself is good enoughto pin down the cause.The call trace is the regular endio workqueue context, but thefree-by-task trace is showing that during btrfs_submit_chunk() wealready hit a critical error, and is calling btrfs_bio_end_io() to errorout. And the original endio function called bio_put() to free the wholebio.This means a double freeing thus causing use-after-free, e.g.:1. Enter btrfs_submit_bio() with a read bio The read bio length is 128K, crossing two 64K stripes.2. The first run of btrfs_submit_chunk()2.1 Call btrfs_map_block(), which returns 64K2.2 Call btrfs_split_bio() Now there are two bios, one referring to the first 64K, the other referring to the second 64K.2.3 The first half is submitted.3. The second run of btrfs_submit_chunk()3.1 Call btrfs_map_block(), which by somehow failed Now we call btrfs_bio_end_io() to handle the error3.2 btrfs_bio_end_io() calls the original endio function Which is end_bbio_data_read(), and it calls bio_put() for the original bio. Now the original bio is freed.4. The submitted first 64K bio finished Now we call into btrfs_check_read_bio() and tries to advance the bio iter. But since the original bio (thus its iter) is already freed, we trigger the above use-after free. And even if the memory is not poisoned/corrupted, we will later call the original endio function, causing a double freeing.[FIX]Instead of calling btrfs_bio_end_io(), call btrfs_orig_bbio_end_io(),which has the extra check on split bios and do the pr---truncated---πŸŽ–@cveNotify
2024-09-14 16:37:24
🚨 CVE-2024-46686In the Linux kernel, the following vulnerability has been resolved:smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()This happens when called from SMB2_read() while using rdmaand reaching the rdma_readwrite_threshold.πŸŽ–@cveNotify
2024-09-14 16:07:26
🚨 CVE-2024-46685In the Linux kernel, the following vulnerability has been resolved:pinctrl: single: fix potential NULL dereference in pcs_get_function()pinmux_generic_get_function() can return NULL and the pointer 'function'was dereferenced without checking against NULL. Add checking of pointer'function' in pcs_get_function().Found by code review.πŸŽ–@cveNotify
2024-09-14 16:07:25
🚨 CVE-2024-8754An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is configured.πŸŽ–@cveNotify
2024-09-14 16:07:24
🚨 CVE-2024-8640An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server.πŸŽ–@cveNotify
2024-09-14 15:37:26
🚨 CVE-2024-8635A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URLπŸŽ–@cveNotify
2024-09-14 15:37:25
🚨 CVE-2024-6446An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application.πŸŽ–@cveNotify
2024-09-14 15:37:24
🚨 CVE-2024-6389An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions.πŸŽ–@cveNotify
2024-09-14 15:07:25
🚨 CVE-2024-4612An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.πŸŽ–@cveNotify
2024-09-14 15:07:24
🚨 CVE-2024-2743An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.πŸŽ–@cveNotify
2024-09-14 13:37:24
🚨 CVE-2024-6482The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwp_update_password_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to any other role, including Administrator. The vulnerability was partially patched in version 1.7.40. The login with phone number pro plugin was required to exploit the vulnerability in versions 1.7.40 - 1.7.49.πŸŽ–@cveNotify
2024-09-14 12:07:39
🚨 CVE-2024-39925An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a copy of the organization key. Additionally, the application fails to adequately protect some encrypted data stored on the server. Consequently, an authenticated user could gain unauthorized access to encrypted data of any organization, even if the user is not a member of the targeted organization. However, the user would need to know the corresponding organizationId. Hence, if a user (whose access to an organization has been revoked) already possesses the organization key, that user could use the key to decrypt the leaked data.πŸŽ–@cveNotify
2024-09-14 12:07:33
🚨 CVE-2024-39924An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait period.πŸŽ–@cveNotify
2024-09-14 12:07:32
🚨 CVE-2024-6582A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known.πŸŽ–@cveNotify
2024-09-14 12:07:31
🚨 CVE-2024-6087An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invite user' functionality to obtain valid JWT tokens. These tokens can be used to compromise target users upon registration for their own arbitrary organizations. The attacker can invite a target email, obtain a one-time use token, retract the invite, and later use the token to reset the password of the target user, leading to full account takeover.πŸŽ–@cveNotify
2024-09-14 12:07:28
🚨 CVE-2024-45368The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This behavior deviates from standard security practices where a single, specific response or encoding pattern is expected for successful authentication.πŸŽ–@cveNotify
2024-09-14 12:07:27
🚨 CVE-2024-31416The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result in excessive memory consumption or integer overflow.πŸŽ–@cveNotify
2024-09-14 12:07:26
🚨 CVE-2024-31414The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors.πŸŽ–@cveNotify
2024-09-14 09:37:25
🚨 CVE-2023-3410The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder (admin-only by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This becomes more of an issue when Bricks Builder access is granted to lower-privileged users.πŸŽ–@cveNotify
2024-09-14 06:37:24
🚨 CVE-2024-8797The WP Booking System – Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.19.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-09-14 04:37:32
🚨 CVE-2024-8724The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2024-09-14 04:37:25
🚨 CVE-2024-8039Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks.πŸŽ–@cveNotify
2024-09-14 04:37:24
🚨 CVE-2024-2236A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.πŸŽ–@cveNotify
2024-09-14 03:37:25
🚨 CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.πŸŽ–@cveNotify
2024-09-14 03:37:24
🚨 CVE-2023-5156A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.πŸŽ–@cveNotify
2024-09-14 01:07:24
🚨 CVE-2024-8190An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.πŸŽ–@cveNotify
2024-09-14 00:37:52
🚨 CVE-2023-5869A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.πŸŽ–@cveNotify
2024-09-14 00:37:45
🚨 CVE-2023-6606An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.πŸŽ–@cveNotify
2024-09-14 00:37:44
🚨 CVE-2023-6121An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).πŸŽ–@cveNotify
2024-09-13 22:37:25
🚨 CVE-2024-3049A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.πŸŽ–@cveNotify
2024-09-13 22:37:24
🚨 CVE-2024-4418A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.πŸŽ–@cveNotify
2024-09-13 21:07:32
🚨 CVE-2024-27125A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.We have already fixed the vulnerability in the following version:Helpdesk 3.3.1 and laterπŸŽ–@cveNotify
2024-09-13 21:07:25
🚨 CVE-2024-39638Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.This issue affects Registrations for the Events Calendar: from n/a through 2.12.2.πŸŽ–@cveNotify