US-CERT Vulnerability Summary for the Week of March 25, 2024

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

High Vulnerabilities

 

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
acowebs — pdf_invoices_and_packing_slips_for_woocommerce
 
Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce: from n/a through 1.3.7.2024-03-288.2CVE-2024-30230
[email protected]
active_websight — seo_backlink_monitor
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Active Websight SEO Backlink Monitor allows Reflected XSS.This issue affects SEO Backlink Monitor: from n/a through 1.5.0.2024-03-277.1CVE-2024-29907
[email protected]
adtribes.io — product_feed_pro_for_woocommerce
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.2.5.2024-03-277.1CVE-2024-24800
[email protected]
andy_moyle — church_admin
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.2024-03-288.5CVE-2024-30244
[email protected]
ansys — pyansys-geometry
 
PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/product_instance.py, upon calling this method _start_program directly, users could exploit its usage to perform malicious operations on the current machine where the script is ran. This vulnerability is fixed in 0.3.3 and 0.4.12.2024-03-267.4CVE-2024-29189
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apache_software_foundation — apache_fineract
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.2024-03-299.9CVE-2024-23538
[email protected]
[email protected]
apache_software_foundation — apache_fineract
 
Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue.2024-03-298.4CVE-2024-23537
[email protected]
[email protected]
apache_software_foundation — apache_fineract
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.2024-03-298.3CVE-2024-23539
[email protected]
[email protected]
appscreo — easy_social_share_buttons
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Appscreo Easy Social Share Buttons allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through 9.4.2024-03-277.1CVE-2024-30196
[email protected]
archetyped — cornerstone
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Archetyped Cornerstone allows Reflected XSS.This issue affects Cornerstone: from n/a through 0.8.0.2024-03-287.1CVE-2024-28002
[email protected]
archetyped — favicon_rotator
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Archetyped Favicon Rotator allows Reflected XSS.This issue affects Favicon Rotator: from n/a through 1.2.10.2024-03-287.1CVE-2024-28001
[email protected]
artbees — jupiterx_core
 
Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5.2024-03-269CVE-2023-38388
[email protected]
automationdirect — c-more_ea9_hmi_ea9-t6cl
 
There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.2024-03-267.5CVE-2024-25136
[email protected]
bdthemes — element_pack_elementor_addons
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3.2024-03-298.5CVE-2024-30496
[email protected]
benjamin_rojas — wp_editor
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.8.2024-03-277.1CVE-2024-24700
[email protected]
bestwebsoft — limit_attempts_by_bestwebsoft
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BestWebSoft Limit Attempts by BestWebSoft allows Reflected XSS.This issue affects Limit Attempts by BestWebSoft: from n/a through 1.2.9.2024-03-297.1CVE-2024-30439
[email protected]
bizswoop_a_cpf_concepts,_llc_brand — bizprint
 
Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5.2024-03-277.1CVE-2024-29773
[email protected]
booking_activities_team — booking_activities
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Booking Activities Team Booking Activities allows Reflected XSS.This issue affects Booking Activities: from n/a through 1.15.19.2024-03-297.1CVE-2024-30449
[email protected]
bosch — network_synchronizer_enterprise
 
Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device.2024-03-258.8CVE-2024-25002
[email protected]
brainstorm_force — spectra
 
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.2024-03-287.1CVE-2023-36679
[email protected]
brainstorm_force — starter_templates_-_elementor_wordpress_&_beaver_builder_templates
 
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates – Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates – Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.2024-03-287.1CVE-2023-34370
[email protected]
[email protected]
bulletin — wordpress_announcement_&_notification_banner_plugin_-_bulletin

 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Bulletin WordPress Announcement & Notification Banner Plugin – Bulletin.This issue affects WordPress Announcement & Notification Banner Plugin – Bulletin: from n/a through 3.8.5.2024-03-297.6CVE-2024-30478
[email protected]
campcodes-house-rental-management-system

 
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file ajax.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257982 is the identifier assigned to this vulnerability.2024-03-267.3CVE-2024-2916
[email protected]
[email protected]
[email protected]
[email protected]
castos — seriously_simple_podcasting
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Castos Seriously Simple Podcasting allows Reflected XSS.This issue affects Seriously Simple Podcasting: from n/a through 3.0.2.2024-03-287.1CVE-2024-25599
[email protected]
checkemail — check_&_log_email
 
The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement.2024-03-268.1CVE-2024-0866
[email protected]
[email protected]
cilium — cilium
 
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key recovery, replay attacks by a man-in-the-middle attacker. These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. Fixed versions of Cilium use unique keys for each IPsec tunnel established between nodes, resolving all of the above attacks. This vulnerability is fixed in 1.13.13, 1.14.9, and 1.15.3.2024-03-278CVE-2024-28860
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
cisco — cisco_aironet_access_point_software
 
A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets.2024-03-278.6CVE-2024-20271
[email protected]
cisco — cisco_ios_xe_software
 
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one.2024-03-278.6CVE-2024-20259
[email protected]
cisco — cisco_ios_xe_software
 
A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain IPv4 packets. An attacker could exploit this vulnerability by sending certain IPv4 packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition.2024-03-278.6CVE-2024-20314
[email protected]
cisco — cisco_ios_xe_software
 
A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of mDNS client entries. An attacker could exploit this vulnerability by connecting to the wireless network and sending a continuous stream of specific mDNS packets. A successful exploit could allow the attacker to cause the wireless controller to have high CPU utilization, which could lead to access points (APs) losing their connection to the controller and result in a DoS condition.2024-03-277.4CVE-2024-20303
[email protected]
cisco — ios
 
A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic..2024-03-278.6CVE-2024-20308
[email protected]
cisco — ios
 
A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit this vulnerability by sending a crafted LISP packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: This vulnerability could be exploited over either IPv4 or IPv6 transport.2024-03-278.6CVE-2024-20311
[email protected]
cisco — ios
 
A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of process-switched traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.2024-03-277.4CVE-2024-20276
[email protected]
cisco — ios
 
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and have formed an adjacency.2024-03-277.4CVE-2024-20312
[email protected]
code-projects — mobile_shop
 
A vulnerability was found in code-projects Mobile Shop 1.0. It has been classified as critical. Affected is an unknown function of the file Details.php of the component Login Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258000.2024-03-267.3CVE-2024-2927
[email protected]
[email protected]
[email protected]
code-projects — online_book_system
 
A vulnerability classified as critical was found in code-projects Online Book System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument username/password/login_username/login_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258202 is the identifier assigned to this vulnerability.2024-03-277.3CVE-2024-3000
[email protected]
[email protected]
[email protected]
[email protected]
codeigniter4 — codeigniter4
 
CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later.2024-03-297.5CVE-2024-29904
[email protected]
[email protected]
codepeople — calculated_fields_form
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.2024-03-277.1CVE-2024-29759
[email protected]
contact_form_with_captcha — contact_form_with_captcha
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Contact Form With Captcha allows Reflected XSS.This issue affects Contact Form With Captcha: from n/a through 1.6.8.2024-03-267.1CVE-2023-45771
[email protected]
contest_gallery — contest_gallery
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4.2024-03-288.5CVE-2024-30236
[email protected]
contest_gallery — contest_gallery
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.2.2024-03-278.5CVE-2024-30238
[email protected]
contest_gallery — contest_gallery
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Contest Gallery allows Reflected XSS.This issue affects Contest Gallery: from n/a through 21.3.5.2024-03-297.1CVE-2024-30428
[email protected]
conversios — conversios.io
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Conversios Conversios.Io allows Reflected XSS.This issue affects Conversios.Io: from n/a through 6.9.1.2024-03-277.1CVE-2024-29794
[email protected]
creative_solutions — creative_image_slider_-_responsive_slider_plugin
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Creative Solutions Creative Image Slider – Responsive Slider Plugin allows Reflected XSS.This issue affects Creative Image Slider – Responsive Slider Plugin: from n/a through 2.1.3.2024-03-297.1CVE-2024-30447
[email protected]
crm_perks — crm_perks_forms
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4.2024-03-299.3CVE-2024-30498
[email protected]
crm_perks — crm_perks_forms
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4.2024-03-298.5CVE-2024-30499
[email protected]
cubewp — cubewp_-_all-in-one_dynamic_content_framework
 
Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.12.2024-03-299.9CVE-2024-30500
[email protected]
cyberchimps — responsive
 
The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_footer_text_callback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into the site’s footer.2024-03-297.5CVE-2024-2848
[email protected]
[email protected]
datalens-tech — datalens
 
DataLens is a business intelligence and data visualization system. A specifically crafted request allowed the creation of a special chart type with the ability to pass custom javascript code that would later be executed in an unprotected sandbox on subsequent requests to that chart. The problem was fixed in the datalens-ui version `0.1449.0`. Restricting access to the API for creating or modifying charts (`/charts/api/charts/v1/`) would mitigate the issue.2024-03-298.8CVE-2024-29890
[email protected]
decalog — decalog
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in DecaLog.This issue affects DecaLog: from n/a through 3.9.0.2024-03-287.6CVE-2024-30245
[email protected]
dell — insightiq
 
Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.2024-03-278.3CVE-2024-25962
[email protected]
dell — powerscale_onefs
 
Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges.2024-03-287.9CVE-2024-25959
[email protected]
dell — powerscale_onefs
 
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.2024-03-287.3CVE-2024-25960
[email protected]
dell — virtual_appliance_(vapp)_manager
 
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.2024-03-287.2CVE-2024-25946
[email protected]
dell — virtual_appliance_(vapp)_manager
 
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.2024-03-287.2CVE-2024-25955
[email protected]
digamber_pradhan — preview_e-mails_for_woocommerce
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Digamber Pradhan Preview E-mails for WooCommerce allows Reflected XSS.This issue affects Preview E-mails for WooCommerce: from n/a through 2.2.1.2024-03-287.1CVE-2024-27999
[email protected]
echo_plugins — knowledge_base_for_documentation_faqs_with_ai_assistance
 
Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through 11.30.2.2024-03-278.7CVE-2024-24842
[email protected]
eclipse_foundation — threadx
 
In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows.2024-03-267.3CVE-2024-2212
[email protected]
eclipse_foundation — threadx
 
In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/tx_clib_lock.c2024-03-267CVE-2024-2214
[email protected]
eclipse_foundation — threadx
 
In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows.2024-03-267CVE-2024-2452
[email protected]
egehan_security — webpdks
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Egehan Security WebPDKS allows SQL Injection.This issue affects WebPDKS: through 20240329. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-299.8CVE-2023-6191
[email protected]
electron — packager
 
Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory _could_ contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1.2024-03-297.5CVE-2024-29900
[email protected]
[email protected]
elementor.com — elementor_website_builder
 
Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.2024-03-269.9CVE-2023-48777
[email protected]
etoile_web_design — front_end_users
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25.2024-03-267.1CVE-2023-33322
[email protected]
everpress — mailster
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in EverPress Mailster allows Reflected XSS.This issue affects Mailster: from n/a through 4.0.6.2024-03-297.1CVE-2024-30503
[email protected]
expresstech — quiz_and_survey_master
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.2024-03-269.3CVE-2023-28787
[email protected]
faboba — falang_multilanguage
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Faboba Falang multilanguage.This issue affects Falang multilanguage: from n/a through 1.3.47.2024-03-297.6CVE-2024-30495
[email protected]
foliovision:_making_the_web_work_for_you — fv_flowplayer_video_player
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212.2024-03-277.1CVE-2024-22299
[email protected]
forgerock — access_management
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2.2024-03-278.1CVE-2023-0582
[email protected]
[email protected]
fortra — robot_schedule_enterprise_agent
 
Fortra’s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.2024-03-287.3CVE-2024-0259
df4dee71-de3a-4139-9588-11b62fe6c0ff
df4dee71-de3a-4139-9588-11b62fe6c0ff
gitlab — gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.2024-03-288.7CVE-2023-6371
[email protected]
[email protected]
givewp — givewp
 
Deserialization of Untrusted Data vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.4.2.2024-03-288CVE-2024-30229
[email protected]
gsheetconnector — cf7_google_sheets_connector
 
Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5.2024-03-267.5CVE-2023-44989
[email protected]
hercules_design — hercules_core_
 
Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4.2024-03-289.9CVE-2024-30228
[email protected]
hitachi — hitachi_virtual_storage_platform
 
Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H, Hitachi Unified Storage VM, Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, Hitachi Virtual Storage Platform F400, F600, F800, Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, Hitachi Virtual Storage Platform F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H allows local users to gain sensitive information.This issue affects Hitachi Virtual Storage Platform: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform VP9500: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform G1000, G1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform F1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform 5100, 5500,5100H, 5500H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Virtual Storage Platform 5200, 5600,5200H, 5600H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Unified Storage VM: before DKCMAIN Ver. 73-03-75-X0/00, SVP Ver. 73-03-74/00, before DKCMAIN Ver. 73(75)-03-75-X0/00, SVP Ver. 73(75)-03-74/00; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform F400, F600, F800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform F350, F370, F700, F900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-06-81-X0/00, SVP Ver. 93-06-81-X0/00, before DKCMAIN Ver. 93-06-62-X0/00, SVP Ver. 93-06-62-X0/00, before DKCMAIN Ver. 93-06-43-X0/00, SVP Ver. 93-06-43-X0/00.2024-03-259.9CVE-2022-36407
[email protected]
hitachi_energy — mach_scm
 
SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) on the SCM Server remotely. Malicious clients can execute any command by using this RCE vulnerability.2024-03-277.5CVE-2024-0400
[email protected]
hitachi_energy — mach_scm
 
Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker otherwise does not have authorization to do.2024-03-277.5CVE-2024-2097
[email protected]
hitachi_energy — rtu500_series_cmu_firmware
 
A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file.2024-03-278.2CVE-2024-1531
[email protected]
hometory — mang_board_wp
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hometory Mang Board WP allows Reflected XSS.This issue affects Mang Board WP: from n/a through 1.8.0.2024-03-297.1CVE-2024-30431
[email protected]
i_thirteen_web_solution — wp_responsive_tabs_horizontal_vertical_and_accordion_tabs
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17.2024-03-298.5CVE-2024-30497
[email protected]
ibm — common_cryptographic_architecture
 
IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.2024-03-267.5CVE-2023-47150
[email protected]
[email protected]
icegram — email_subscribers_&_newsletters
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11.2024-03-277.1CVE-2024-22300
[email protected]
indianic — widgets_controller
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a through 1.1.2024-03-277.1CVE-2024-25926
[email protected]
infinitum_form — geo_controller
 
Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4.2024-03-289CVE-2024-30227
[email protected]
it_path_solutions — contact_form_to_any_api
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in IT Path Solutions Contact Form to Any API.This issue affects Contact Form to Any API: from n/a through 1.1.8.2024-03-288.5CVE-2024-30242
[email protected]
jetbrains — teamcity

 
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter2024-03-287.4CVE-2024-31136
[email protected]
johnbillion — wp-crontrol
 
WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential for this feature to be vulnerable to RCE if it were specifically targeted via vulnerability chaining that exploited a separate SQLi (or similar) vulnerability. This is exploitable on a site if one of the below preconditions are met, the site is vulnerable to a writeable SQLi vulnerability in any plugin, theme, or WordPress core, the site’s database is compromised at the hosting level, the site is vulnerable to a method of updating arbitrary options in the wp_options table, or the site is vulnerable to a method of triggering an arbitrary action, filter, or function with control of the parameters. As a hardening measure, WP Crontrol version 1.16.2 ships with a new feature that prevents tampering of the code stored in a PHP cron event.2024-03-258.1CVE-2024-28850
[email protected]
[email protected]
jonathankissam — action_network
 
The Action Network plugin for WordPress is vulnerable to SQL Injection via the ‘bulk-action’ parameter in version 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-03-277.2CVE-2024-2954
[email protected]
[email protected]
jordy_meow — ai_engine:_chatgpt_chatbot
 
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.2024-03-289.1CVE-2024-29100
[email protected]
julien_crego — manager_for_icomoon
 
Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0.2024-03-269.1CVE-2023-29386
[email protected]
jumpserver — jumpserver
 
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer’s Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7.2024-03-299.9CVE-2024-29201
[email protected]
jumpserver — jumpserver
 
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer’s Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7.2024-03-299.9CVE-2024-29202
[email protected]
jupyterhub — jupyterhub
 
JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former’s session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API and user’s single-user server. The affected configurations are single-origin JupyterHub deployments and JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. This vulnerability is fixed in 4.1.0.2024-03-278.1CVE-2024-28233
[email protected]
[email protected]
kadence_wp — gutenberg_blocks_by_kadence_blocks
 
Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.19.2024-03-287.7CVE-2024-23500
[email protected]
kainelabs — youzify_-_buddypress_moderation
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in KaineLabs Youzify – Buddypress Moderation.This issue affects Youzify – Buddypress Moderation: from n/a through 1.2.5.2024-03-257.3CVE-2024-2864
[email protected]
katie_seaborn — zotpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Katie Seaborn Zotpress.This issue affects Zotpress: from n/a through 7.3.7.2024-03-298.5CVE-2024-30488
[email protected]
kienso — co-marquage_service-public.fr
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.72.2024-03-277.1CVE-2024-29758
[email protected]
kindspells — astro-shield
 
Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be “allow-listing” malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0.2024-03-287.5CVE-2024-29896
[email protected]
[email protected]
klbtheme — cosmetsy_theme_(core_plugin)
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in KlbTheme Cosmetsy theme (core plugin), KlbTheme Partdo theme (core plugin), KlbTheme Bacola theme (core plugin), KlbTheme Medibazar theme (core plugin), KlbTheme Furnob theme (core plugin), KlbTheme Clotya theme (core plugin) allows Reflected XSS.This issue affects Cosmetsy theme (core plugin): from n/a through 1.3.0; Partdo theme (core plugin): from n/a through 1.0.9; Bacola theme (core plugin): from n/a through 1.3.3; Medibazar theme (core plugin): from n/a through 1.2.3; Furnob theme (core plugin): from n/a through 1.1.7; Clotya theme (core plugin): from n/a through 1.1.5.2024-03-267.1CVE-2023-49839
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
kylephillips — favorites
 
The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘user_favorites’ shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘no_favorites’. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-307.2CVE-2024-2948
[email protected]
[email protected]
lg_electronics — lg_led_assistant
 
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.2024-03-259.1CVE-2024-2862
[email protected]
mad_fish_digital — bulk_noindex_&_nofollow_toolkit
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.01.2024-03-277.1CVE-2024-29791
[email protected]
mainwp — mainwp_file_uploader_extension
 
Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1.2024-03-2610CVE-2023-23656
[email protected]
mainwp — mainwp_links_manager_extension
 
Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1.2024-03-288.1CVE-2023-23649
[email protected]
max_foundry — media_library_folders
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.7.2024-03-298.5CVE-2024-30486
[email protected]
mergen_software — quality_management_system
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mergen Software Quality Management System allows SQL Injection.This issue affects Quality Management System: through 25032024.2024-03-259.8CVE-2024-2865
[email protected]
metagauss — profilegrid_
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.2024-03-299.3CVE-2024-30490
[email protected]
metagauss — profilegrid_
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1.2024-03-288.5CVE-2024-30241
[email protected]
metagauss — profilegrid_
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.2024-03-298.5CVE-2024-30491
[email protected]
mndpsingh287 — theme_editor
 
Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.This issue affects Theme Editor: from n/a through 2.7.1.2024-03-267.2CVE-2023-6091
[email protected]
n/a — cockpit
 
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.2024-03-287.3CVE-2024-2947
[email protected]
[email protected]
[email protected]
[email protected]
n/a — oss_aliyun
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ?? OSS Aliyun.This issue affects OSS Aliyun: from n/a through 1.4.10.2024-03-297.6CVE-2024-30494
[email protected]
n/a — pcp
 
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the ‘Metrics settings’ page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.2024-03-288.8CVE-2024-3019
[email protected]
[email protected]
n/a — web3-utils
 
Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object’s prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions.2024-03-257.5CVE-2024-21505
[email protected]
[email protected]
n/a — xz
 
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.2024-03-2910CVE-2024-3094
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
n_squared — simply_schedule_appointments
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20.2024-03-277.1CVE-2024-22311
[email protected]
netweblogic — meta_tag_manager
 
The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-03-288.8CVE-2024-1770
[email protected]
[email protected]
nextcloud — nextcloudpiNextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be used by anyone with access to NextCloudPi web-panel, no authentication is required. It is recommended that the NextCloudPi is upgraded to 1.53.1.2024-03-2910CVE-2024-30247
[email protected]
nvidia — gpu_display_driver,_vgpu_driver_cloud_gaming_driver
 
NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering.2024-03-277.1CVE-2024-0074
[email protected]
nvidia — gpu_display_driver_vgpu_driver,_cloud_gaming_driver
 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.2024-03-277.8CVE-2024-0071
[email protected]
nvidia — gpu_display_driver_vgpu_driver_cloud_gaming_driver
 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer when the driver is performing an operation at a privilege level that is higher than the minimum level required. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.2024-03-277.8CVE-2024-0073
[email protected]
nvidia — vgpu_driver_cloud_gaming_driver
 
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.2024-03-277.8CVE-2024-0077
[email protected]
oliver_seidel_bastian_germann — cformsii
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5.2024-03-277.1CVE-2024-22149
[email protected]
onthegosystems — types
 
Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17.2024-03-267.2CVE-2023-27440
[email protected]
openeuler — a-tune-collector
 
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_collector/plugin/monitor/process/sched.Py. This issue affects A-Tune-Collector: from 1.1.0-3 through 1.3.0.2024-03-258.1CVE-2024-24897
[email protected]
[email protected]
[email protected]
[email protected]
openeuler — aops-zeus
 
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py. This issue affects aops-zeus: from 1.2.0 through 1.4.0.2024-03-257.2CVE-2024-24899
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
openeuler — gala-gopher
 
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C. This issue affects gala-gopher: through 1.0.2.2024-03-257.8CVE-2024-24890
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
openeuler — isulad
 
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C. This issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.2024-03-257CVE-2021-33632
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
openeuler — migration-tools
 
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files https://gitee.Com/openeuler/migration-tools/blob/master/index.Py. This issue affects migration-tools: from 1.0.0 through 1.0.1.2024-03-258.1CVE-2024-24892
[email protected]
[email protected]
opentext — secure_content_manager
 
By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations.2024-03-258.5CVE-2024-1973
[email protected]
opentextâ- — zenworks_configuration_management_(zcm)
 
Incorrect Authorization vulnerability in OpenTextâ„¢ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and 23.4.2024-03-277.4CVE-2023-6400
[email protected]
ossrs — srs
 
SRS is a simple, high-efficiency, real-time video server. SRS’s `/api/v1/vhosts/vid-<id>?callback=<payload>` endpoint didn’t filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121.2024-03-287.2CVE-2024-29882
[email protected]
[email protected]
perfectwpthemes — glaze_blog_lite
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through <= 1.1.4; Fascinate: from n/a through 1.0.8; Cream Blog: from n/a through 2.1.3; Cream Magazine: from n/a through 2.1.4.2024-03-267.1CVE-2023-28687
[email protected]
[email protected]
[email protected]
[email protected]
photo_gallery_team — photo_gallery_by_ays
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Photo Gallery Team Photo Gallery by Ays allows Reflected XSS.This issue affects Photo Gallery by Ays: from n/a through 5.5.2.2024-03-277.1CVE-2024-29919
[email protected]
phpgurukul — emergency_ambulance_hiring_portal
 
A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258678 is the identifier assigned to this vulnerability.2024-03-307.3CVE-2024-3085
[email protected]
[email protected]
[email protected]
[email protected]
phpgurukul — emergency_ambulance_hiring_portal
 
A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258680.2024-03-307.3CVE-2024-3087
[email protected]
[email protected]
[email protected]
[email protected]
phpgurukul — emergency_ambulance_hiring_portal
 
A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. This affects an unknown part of the file /admin/forgot-password.php of the component Forgot Password Page. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258681 was assigned to this vulnerability.2024-03-307.3CVE-2024-3088
[email protected]
[email protected]
[email protected]
[email protected]
pi-hole — pi-hole
 
The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.If the URL that is in the list of “Adslists” begins with “file*” it is understood that it is updating from a local file, on the other hand if it does not begin with “file*” depending on the state of the response it does one thing or another. The problem resides in the update through local files. When updating from a file which contains non-domain lines, 5 of the non-domain lines are printed on the screen, so if you provide it with any file on the server which contains non-domain lines it will print them on the screen. This vulnerability is fixed by 5.18.2024-03-277.6CVE-2024-28247
[email protected]
[email protected]
pi-hole — pi-hole
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Supsystic Slider by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.10.2024-03-287.6CVE-2024-30237
[email protected]
pickplugins — post_grid
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PickPlugins Post Grid allows Reflected XSS.This issue affects Post Grid: from n/a through 2.2.74.2024-03-297.1CVE-2024-30441
[email protected]
pluggabl_llc — booster_for_woocommerce
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through 7.1.7.2024-03-277.1CVE-2024-29760
[email protected]
podlove — podlove_podcast_publisher
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9.2024-03-277.1CVE-2024-29915
[email protected]
posimyth — the_plus_blocks_for_block_editor_|_gutenberg
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg allows Reflected XSS.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through 3.2.5.2024-03-297.1CVE-2024-30435
[email protected]
pretty_links — shortlinks_by_pretty_links
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pretty Links: from n/a through 3.6.2.2024-03-277.1CVE-2024-29770
[email protected]
princeahmed — integrate_google_drive_-_browse_upload_download_embed,_play_share_gallery_and_manage_your_google_drive_files_into_your_wordpress_site
 
The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers to modify plugin settings as well as allowing full read/write/delete access to the Google Drive associated with the plugin.2024-03-3010CVE-2024-2086
[email protected]
[email protected]
propertyhive — propertyhive
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PropertyHive allows Reflected XSS.This issue affects PropertyHive: from n/a through 2.0.8.2024-03-277.1CVE-2024-29923
[email protected]
realmag777 — bear
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 BEAR allows Reflected XSS.This issue affects BEAR: from n/a through 1.1.4.2.2024-03-287.1CVE-2024-30200
[email protected]
realmag777 — husky_-_products_filter_professional_for_woocommerce
 
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.5.2 via the ‘type’ parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.2024-03-297.2CVE-2024-3061
[email protected]
[email protected]
realmag777 — wordpress_meta_data_and_taxonomies_filter_(mdtf)
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Reflected XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.2024-03-277.1CVE-2024-29763
[email protected]
repute_infosystems — armember
 
Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.2024-03-289CVE-2024-30223
[email protected]
repute_infosystems — armember
 
Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.2024-03-288.5CVE-2024-30222
[email protected]
reservation_diary — redi_restaurant_reservation
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.2024-03-277.1CVE-2024-29806
[email protected]
rockwell_automation — arena_simulation
 
An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.2024-03-267.8CVE-2024-21912
[email protected]
rockwell_automation — arena_simulation
 
A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.2024-03-267.8CVE-2024-21913
[email protected]
rockwell_automation — arena_simulation
 
A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.2024-03-267.8CVE-2024-21918
[email protected]
rockwell_automation — arena_simulation
 
An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.2024-03-267.8CVE-2024-21919
[email protected]
rockwell_automation — arena_simulation
 
A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.2024-03-267.8CVE-2024-2929
[email protected]
rockwell_automation_ — powerflex-_527
 
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover it.2024-03-257.5CVE-2024-2425
[email protected]
rockwell_automation_ — powerflex-_527
 
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it.2024-03-257.5CVE-2024-2426
[email protected]
rockwell_automation_ — powerflex-_527
 
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover.2024-03-257.5CVE-2024-2427
[email protected]
ruijie — rg-eg350
 
A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itbox_pi/networksafe.php?a=set of the component HTTP POST Request Handler. The manipulation of the argument bandwidth leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2909
[email protected]
[email protected]
[email protected]
[email protected]
salon_booking_system — salon_booking_system
 
Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5.2024-03-2910CVE-2024-30510
[email protected]
semenov — new_royalslider
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Semenov New RoyalSlider allows Reflected XSS.This issue affects New RoyalSlider: from n/a through 3.4.2.2024-03-277.1CVE-2024-30195
[email protected]
serverpod — serverpod
 
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic and highjack the connection to the server for this vulnerability to be used. Upgrading to version `1.2.6` resolves this issue.2024-03-277.4CVE-2024-29887
[email protected]
[email protected]
shopup — shipping_with_venipak_for_woocommerce
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ShopUp Shipping with Venipak for WooCommerce allows Reflected XSS.This issue affects Shipping with Venipak for WooCommerce: from n/a through 1.19.5.2024-03-277.1CVE-2024-29805
[email protected]
sonaar_music — mp3_audio_player_for_music_radio_&_podcast_by_sonaar
 
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1.2024-03-297.6CVE-2024-30487
[email protected]
sourcecodester — music_gallery_site
 
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=save_music. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258001 was assigned to this vulnerability.2024-03-277.3CVE-2024-2930
[email protected]
[email protected]
[email protected]
[email protected]
spiffy_plugins — spiffy_calendar
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.7.2024-03-297.1CVE-2024-30427
[email protected]
splunk — splunk_enterprise
 
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub in the Splunk Dashboard Studio app lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.2024-03-278.1CVE-2024-29946
[email protected]
[email protected]
splunk — splunk_enterprise
 
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level.2024-03-277.2CVE-2024-29945
[email protected]
[email protected]
squirrly — seo_plugin_by_squirrly_seo
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.16.2024-03-277.1CVE-2024-29790
[email protected]
stylemix — masterstudy_lms_wordpress_plugin_-_for_online_courses_and_education
 
The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the ‘wp_ajax_nopriv_stm_lms_register’ AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled.2024-03-299.8CVE-2024-2409
[email protected]
[email protected]
[email protected]
stylemix — masterstudy_lms_wordpress_plugin_-_for_online_courses_and_education
 
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the ‘modal’ parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.2024-03-299.8CVE-2024-2411
[email protected]
[email protected]
[email protected]
survey_maker_team — survey_maker
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Survey Maker team Survey Maker allows Reflected XSS.This issue affects Survey Maker: from n/a through 4.0.6.2024-03-277.1CVE-2024-29918
[email protected]
synology — surveillance_station
 
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.2024-03-289.9CVE-2024-29241
[email protected]
synology — surveillance_station
 
Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.2024-03-287.7CVE-2024-29228
[email protected]
synology — surveillance_station
 
Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.2024-03-287.7CVE-2024-29229
[email protected]
sysaid — sysaid
 
SysAid before version 23.2.14 b18 – CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user’s NTLMv2 hash2024-03-287.2CVE-2024-27775
[email protected]
teamviewer — remote_client
 
Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink.2024-03-267.1CVE-2024-1933
[email protected]
tenda — ac10_firmware
 
A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257780. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-249.8CVE-2024-2856
[email protected]
[email protected]
[email protected]
[email protected]
tenda — ac10u_firmware
 
A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-249.8CVE-2024-2853
[email protected]
[email protected]
[email protected]
tenda — ac15_firmware
 
A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-249.8CVE-2024-2850
[email protected]
[email protected]
[email protected]
tenda — ac15_firmware
 
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-249.8CVE-2024-2851
[email protected]
[email protected]
[email protected]
tenda — ac15_firmware
 
A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-249.8CVE-2024-2852
[email protected]
[email protected]
[email protected]
tenda — ac15_firmware
 
A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-249.8CVE-2024-2855
[email protected]
[email protected]
[email protected]
tenda — ac18_firmware
 
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-249.8CVE-2024-2854
[email protected]
[email protected]
[email protected]
tenda — ac7
 
A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2891
[email protected]
[email protected]
[email protected]
[email protected]
tenda — ac7
 
A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257935. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2892
[email protected]
[email protected]
[email protected]
[email protected]
tenda — ac7
 
A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257936. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2893
[email protected]
[email protected]
[email protected]
[email protected]
tenda — ac7
 
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. This affects the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257937 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2894
[email protected]
[email protected]
[email protected]
[email protected]
tenda — ac7
 
A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. This vulnerability affects the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2895
[email protected]
[email protected]
[email protected]
[email protected]
tenda — ac7
 
A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. This issue affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257939. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2896
[email protected]
[email protected]
[email protected]
[email protected]
tenda — ac7
 
A vulnerability classified as critical was found in Tenda AC7 15.03.06.44. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257941 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2898
[email protected]
[email protected]
[email protected]
[email protected]
tenda — ac7
 
A vulnerability, which was classified as critical, has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257942 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2899
[email protected]
[email protected]
[email protected]
[email protected]
tenda — ac7
 
A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. This affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257943. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2900
[email protected]
[email protected]
[email protected]
[email protected]
tenda — ac7
 
A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257944. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2901
[email protected]
[email protected]
[email protected]
[email protected]
tenda — ac7
 
A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257945 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2902
[email protected]
[email protected]
[email protected]
[email protected]
tenda — ac7
 
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257946 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2903
[email protected]
[email protected]
[email protected]
[email protected]
tenda — f1203
 
A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2976
[email protected]
[email protected]
[email protected]
[email protected]
tenda — f1203
 
A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as critical. Affected by this issue is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2977
[email protected]
[email protected]
[email protected]
[email protected]
tenda — f1203
 
A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2978
[email protected]
[email protected]
[email protected]
[email protected]
tenda — f1203
 
A vulnerability classified as critical was found in Tenda F1203 2.0.1.6. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2979
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1202
 
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2980
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1202
 
A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2981
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1202
 
A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this issue is the function formSetClientState of the file /goform/SetClientState. The manipulation of the argument deviceId/limitSpeed/limitSpeedUp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258152. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2983
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1202
 
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been classified as critical. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2984
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1202
 
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2985
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1202
 
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2986
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1202
 
A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2987
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1202
 
A vulnerability classified as critical was found in Tenda FH1203 2.0.1.6. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument entrys leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2988
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1202
 
A vulnerability, which was classified as critical, has been found in Tenda FH1203 2.0.1.6. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2989
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1203
 
A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. This affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258159. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2990
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1203
 
A vulnerability was found in Tenda FH1203 2.0.1.6 and classified as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2992
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1203
 
A vulnerability was found in Tenda FH1203 2.0.1.6. It has been classified as critical. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2993
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1203
 
A vulnerability was found in Tenda FH1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258163. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2994
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1205
 
A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7(775). This vulnerability affects the function fromSetRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument entrys leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258292. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-3006
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1205
 
A vulnerability, which was classified as critical, has been found in Tenda FH1205 2.0.0.7(775). This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258293 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-3007
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1205
 
A vulnerability, which was classified as critical, was found in Tenda FH1205 2.0.0.7(775). Affected is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258294 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-3008
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1205
 
A vulnerability was found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this issue is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-288.8CVE-2024-3010
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1205
 
A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258297 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-288.8CVE-2024-3011
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1205
 
A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been declared as critical. This vulnerability affects the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258298 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-288.8CVE-2024-3012
[email protected]
[email protected]
[email protected]
[email protected]
teosoft_software — teobase
 
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-279.8CVE-2023-6153
[email protected]
teosoft_software — teobase
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in TeoSOFT Software TeoBASE allows SQL Injection.This issue affects TeoBASE: through 27032024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-279.8CVE-2023-6173
[email protected]
terry_lin — wp_githuber_md
 
Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2.2024-03-269.1CVE-2023-47846
[email protected]
themefusion — avada
 
Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.2024-03-268.5CVE-2023-39307
[email protected]
themefusion — avada
 
Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.2024-03-287.7CVE-2023-39313
[email protected]
themefusion — fusion_builder
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.2024-03-288.5CVE-2023-39309
[email protected]
themefusion — fusion_builder
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through 3.11.1.2024-03-277.1CVE-2023-39306
[email protected]
themefusion — fusion_builder
 
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.2024-03-277.1CVE-2023-39311
[email protected]
thorsten — phpmyfaq
 
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the “Add News” functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP’s `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6.2024-03-258.8CVE-2024-27299
[email protected]
[email protected]
[email protected]
thorsten — phpmyfaq
 
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6.2024-03-258.8CVE-2024-28107
[email protected]
[email protected]
thorsten — phpmyfaq
 
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.2024-03-257.2CVE-2024-28105
[email protected]
[email protected]
tomas — wordpress_tooltips
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5.2024-03-288.5CVE-2024-30243
[email protected]
tp-link — tp-link_ex20v_ax1800_tp-link_archer_c5v_ac1200_tp-link_td-w9970_tp-link_td-w9970v3_tp-link_vx220-g2u_tp-link_vn020-g2u_
 
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3, TP-Link VX220-G2u, TP-Link VN020-G2u allows authenticated OS Command Injection.This issue affects TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3 : through 20240328. Also  the vulnerability continues in the TP-Link VX220-G2u and TP-Link VN020-G2u models due to the products not being produced and supported.2024-03-289.8CVE-2023-6437
[email protected]
trustindex.io — widgets_for_google_reviews
 
Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2.2024-03-268CVE-2023-48275
[email protected]
trustindex.io — wp_testimonials
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3.2024-03-287.6CVE-2024-25924
[email protected]
tumult_inc. — tumult_hype_animations
 
Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.2024-03-289.1CVE-2024-2890
[email protected]
typps — calendarista
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Typps Calendarista.This issue affects Calendarista: from n/a through 15.5.7.2024-03-288.5CVE-2024-30240
[email protected]
unlimited_elements — unlimited_elements_for_elementor_(free_widgets_addons,_templates)
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.93.2024-03-277.1CVE-2024-29792
[email protected]
venalean — tuleap
 
Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which information is deleted. Information from theDate, File, Float, Int, List, OpenList, Text, and Permissions on artifact (this one can lead to the disclosure of restricted information) fields can be impacted. This vulnerability is fixed in Tuleap Community Edition version 15.7.99.6 and Tuleap Enterprise Edition 15.7-2, 15.6-5, 15.5-6, 15.4-8, 15.3-6, 15.2-5, 15.1-9, 15.0-9, and 14.12-6.2024-03-297.6CVE-2024-30246
[email protected]
[email protected]
[email protected]
[email protected]
verapdf — verapdf-library
 
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.2024-03-288.1CVE-2024-28109
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
vsourz_digital — all_in_one_redirection
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vsourz Digital All In One Redirection allows Stored XSS.This issue affects All In One Redirection: from n/a through 2.2.0.2024-03-297.1CVE-2024-30506
[email protected]
w3_eden_inc. — premium_packages
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in W3 Eden, Inc. Premium Packages allows Reflected XSS.This issue affects Premium Packages: from n/a through 5.8.2.2024-03-277.1CVE-2024-29924
[email protected]
wapppress_team — wapppress
 
Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.2024-03-2710CVE-2023-49815
[email protected]
webdzier — button
 
The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.28 via deserialization of untrusted input in the button_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-03-298.8CVE-2024-1872
[email protected]
[email protected]
webtoffee — product_import_export_for_woocommerce
 
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1.2024-03-269.1CVE-2024-30231
[email protected]
webtoffee — woocommerce_pdf_invoices,_packing_slips,_delivery_notes_and_shipping_labels
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.4.0.2024-03-277.1CVE-2024-22288
[email protected]
wedevs — wp_erp_|_complete_hr_solution_with_recruitment_&_job_listings_|_woocommerce_crm_&_accounting
 
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the ’email’ parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-03-298.8CVE-2024-0608
[email protected]
[email protected]
wedevs — wp_erp_|_complete_hr_solution_with_recruitment_&_job_listings_|_woocommerce_crm_&_accounting
 
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ parameter in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-297.2CVE-2024-0609
[email protected]
[email protected]
wedevs — wp_erp_|_complete_hr_solution_with_recruitment_&_job_listings_|_woocommerce_crm_&_accounting
 
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied status and customer_id parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with accounting manager or admin privileges and higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-03-297.2CVE-2024-0913
[email protected]
[email protected]
wedevs — wp_erp_|_complete_hr_solution_with_recruitment_&_job_listings_|_woocommerce_crm_&_accounting
 
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin or accounting manager privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-03-297.2CVE-2024-0956
[email protected]
[email protected]
wen_solutions — wp_child_theme_generator
 
Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9.2024-03-269.1CVE-2023-47873
[email protected]
wholesale_team — wholesalex
 
Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2.2024-03-2810CVE-2024-30224
[email protected]
wireshark_foundation — wireshark
 
NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file2024-03-267.8CVE-2023-6175
[email protected]
[email protected]
wireshark_foundation — wireshark
 
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file2024-03-267.8CVE-2024-2955
[email protected]
[email protected]
wixtoolset — issues

 
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it’s loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.2024-03-247.3CVE-2024-29187
[email protected]
[email protected]
[email protected]
wixtoolset — issues
 
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX’s `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderEx` deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified directory and adding each subdirectory to the list of directories Windows Installer should delete. If the setup author instructed `RemoveFolderEx` to delete a per-user folder from a per-machine installer, an attacker could create a directory junction in that per-user folder pointing to a per-machine, protected directory. Windows Installer, when executing the per-machine installer after approval by an administrator, would delete the target of the directory junction. This vulnerability is fixed in 3.14.1 and 4.0.5.2024-03-247.9CVE-2024-29188
[email protected]
[email protected]
[email protected]
wobbie.nl — doneren_met_mollie
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Wobbie.Nl Doneren met Mollie allows Reflected XSS.This issue affects Doneren met Mollie: from n/a through 2.10.2.2024-03-277.1CVE-2024-29767
[email protected]
wolfssl — wolfssl
 
Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.2024-03-257.5CVE-2024-0901
[email protected]
[email protected]
wolfssl_inc. — wolfssh
 
A vulnerability was found in wolfSSH’s server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.2024-03-259.1CVE-2024-2873
[email protected]
[email protected]
[email protected]
wp_codeus — advanced_sermons
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Codeus Advanced Sermons allows Reflected XSS.This issue affects Advanced Sermons: from n/a through 3.1.2024-03-277.1CVE-2024-29928
[email protected]
wp_go_maps_(formerly_wp_google_maps) — wp_google_maps
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Go Maps (formerly WP Google Maps) WP Google Maps allows Reflected XSS.This issue affects WP Google Maps: from n/a through 9.0.29.2024-03-277.1CVE-2024-29931
[email protected]
wp_lab — wp-lister_lite_for_amazon
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Lab WP-Lister Lite for Amazon allows Reflected XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.8.2024-03-277.1CVE-2024-30199
[email protected]
wp_sunshine — sunshine_photo_cart
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.1.1.2024-03-277.1CVE-2024-30194
[email protected]
wp_travel_engine — wp_travel_engine
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.2024-03-299.3CVE-2024-30502
[email protected]
wp_travel_engine — wp_travel_engine
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.2024-03-297.6CVE-2024-30504
[email protected]
wpchill — download_monitor
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4.2024-03-297.6CVE-2024-30501
[email protected]
wpdevelop_/_oplugins — booking_calendar
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3.2024-03-267.6CVE-2023-23991
[email protected]
wpdeveloper — betterdocs
 
Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3.2024-03-289CVE-2024-30226
[email protected]
wpdevteam — essential_addons_for_elementor_-_best_elementor_templates,_widgets_kits_&_woocommerce_builders
 
The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the ‘error_resetpassword’ attribute of the “Login | Register Form” widget (disabled by default). This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-03-308.8CVE-2024-3018
[email protected]
[email protected]
wpdirectorykit — wp_directory_kit
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WpDirectoryKit WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.2.9.2024-03-277.1CVE-2024-29774
[email protected]
wpengine,_inc. — wp_migrate
 
Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10.2024-03-2810CVE-2024-30225
[email protected]
wpeverest — user_registration
 
Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1.2024-03-267.4CVE-2023-27459
[email protected]
wpjobboard — jobeleon_theme
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPJobBoard Jobeleon Theme allows Reflected XSS.This issue affects Jobeleon Theme: from n/a through 1.9.1.2024-03-297.1CVE-2022-47153
[email protected]
wpmu_dev — forminator
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPMU DEV Forminator allows Reflected XSS.This issue affects Forminator: from n/a through 1.29.0.2024-03-277.1CVE-2024-29777
[email protected]
xpeedstudio — elementskit_elementor_addons
 
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the render_raw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.2024-03-308.8CVE-2024-2047
[email protected]
[email protected]
[email protected]
xylus_themes — wordpress_importer
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.This issue affects WordPress Importer: from n/a through 1.0.4.2024-03-277.1CVE-2024-30201
[email protected]
zachary_segal — catablog
 
Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.2024-03-269.1CVE-2023-47842
[email protected]
zitadel — zitadel
 
ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim’s account in certain scenarios. A possible victim would need to directly open the supposed image in the browser, where a session in ZITADEL needs to be active for this exploit to work. The exploit could only be reproduced if the victim was using Firefox. Chrome, Safari as well as Edge did not execute the code. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17.2024-03-278.7CVE-2024-29891
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
zoho_campaigns — zoho_campaigns
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.6.2024-03-288.5CVE-2024-30239
[email protected]
zscaler — client_connector
 
An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later.2024-03-267.3CVE-2023-41969
[email protected]
zscaler — client_connector
 
In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later.2024-03-267.3CVE-2023-41972
[email protected]
zscaler — client_connector
 
ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later.2024-03-267.3CVE-2023-41973
[email protected]
zscaler — client_connector
 
The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later.2024-03-267CVE-2024-23482
[email protected]

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
10web — photogallery

 
The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No authentication is required to exploit this issue. Note that other parameters within a AJAX call, such as image_id, must be valid for this vulnerability to be successfully exploited.2024-03-266.1CVE-2024-29832
[email protected]
[email protected]
10web — photogallery
 
The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.2024-03-265.4CVE-2024-29808
[email protected]
[email protected]
10web — photogallery
 
The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.2024-03-265.4CVE-2024-29809
[email protected]
[email protected]
10web — photogallery
 
The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.2024-03-265.4CVE-2024-29810
[email protected]
[email protected]
10web — photogallery
 
The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users.2024-03-265.4CVE-2024-29833
[email protected]
[email protected]
accessally — popupally
 
Missing Authorization vulnerability in AccessAlly PopupAlly.This issue affects PopupAlly: from n/a through 2.1.0.2024-03-264.3CVE-2024-23520
[email protected]
algoritim — e-commerce_software
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Algoritim E-commerce Software allows Reflected XSS.This issue affects E-commerce Software: before 3.9.2.2024-03-296.1CVE-2023-6047
[email protected]
alireza_sedghi — aparat_for_wordpress

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alireza Sedghi Aparat for WordPress allows Stored XSS.This issue affects Aparat for WordPress: from n/a through 2.2.0.2024-03-276.5CVE-2024-29765
[email protected]
all_in_one_wp_security_&_firewall_team — all_in_one_wp_security_&_firewall
 
Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through 5.2.6.2024-03-294.3CVE-2024-30468
[email protected]
alordiel — dropdown_multisite_selector

 
A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-276.3CVE-2024-2991
[email protected]
[email protected]
[email protected]
[email protected]
alordiel — dropdown_multisite_selector

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through 0.9.2.2024-03-276.5CVE-2024-29910
[email protected]
aminur_islam — wp_change_email_sender
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aminur Islam WP Change Email Sender allows Stored XSS.This issue affects WP Change Email Sender: from n/a before 1.3.0.2024-03-275.9CVE-2024-29815
[email protected]
ampache — ampache
 
Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use `rule` as a variable are not secure. For example, when querying a song, when querying a podcast, we need to use `$rule` variable. This vulnerability is fixed in 6.3.12024-03-276.1CVE-2024-28852
[email protected]
[email protected]
andy_moyle — church_admin

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17.2024-03-276.5CVE-2024-30193
[email protected]
andy_moyle — church_admin

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26.2024-03-276.5CVE-2024-30197
[email protected]
andy_moyle — church_admin
 
Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18.2024-03-295.4CVE-2024-30505
[email protected]
andy_moyle — church_admin
 
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7.2024-03-294.3CVE-2024-30493
[email protected]
antoine_hurkmans — football_pool

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3.2024-03-276.5CVE-2024-29802
[email protected]
appneta — tcpreplay
 
A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-285.3CVE-2024-3024
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
appsmav — gratisfaction

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Appsmav Gratisfaction allows Stored XSS.This issue affects Gratisfaction: from n/a through 4.3.4.2024-03-276.5CVE-2024-29798
[email protected]
argoproj — argo-cd

 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it’s possible to crash the repo server component through an out of memory error by pointing it to a malicious Helm registry. The loadRepoIndex() function in the ArgoCD’s helm package, does not limit the size nor time while fetching the data. It fetches it and creates a byte slice from the retrieved data in one go. If the registry is implemented to push data continuously, the repo server will keep allocating memory until it runs out of it. A patch for this vulnerability has been released in v2.10.3, v2.9.8, and v2.8.12.2024-03-296.5CVE-2024-29893
[email protected]
[email protected]
[email protected]
[email protected]
athemes — sydney_toolbox

 
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-296.4CVE-2024-2936
[email protected]
[email protected]
automationdirect — c-more_ea9_hmi_ea9-t6cl
 
In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device.2024-03-266.5CVE-2024-25138
[email protected]
automationdirect — c-more_ea9_hmi_ea9-t6cl
 
In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions.2024-03-264.3CVE-2024-25137
[email protected]
azure — azure-c-shared-utility

 
The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service, 2. By passing IoT hub service max message payload limit of 128KB, and 3. Ability to overwrite code space with remote code. Fixed in commit https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2.2024-03-266CVE-2024-29195
[email protected]
[email protected]
backie — wp-eggdrop
 
The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpegg_updateOptions() function. This makes it possible for unauthenticated attackers to update the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-03-295.4CVE-2024-2969
[email protected]
[email protected]
backie — wp-eggdrop
 
The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-03-294.4CVE-2024-2968
[email protected]
[email protected]
baptiste_placé — icalendrier

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Baptiste Placé iCalendrier allows Stored XSS.This issue affects iCalendrier: from n/a through 1.80.2024-03-276.5CVE-2024-29912
[email protected]
bdthemes — element_pack_elementor_addons

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3.2024-03-276.5CVE-2024-30185
[email protected]
bdthemes — prime_slider_-_addons_for_elementor

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BdThemes Prime Slider – Addons For Elementor allows Stored XSS.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.1.2024-03-276.5CVE-2024-30186
[email protected]
betteraddons — better_elementor_addons

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BetterAddons Better Elementor Addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.3.7.2024-03-296.5CVE-2024-30423
[email protected]
blocksera — image_hover_effects_-_elementor_addon

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Stored XSS.This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4.2024-03-276.5CVE-2024-29936
[email protected]
boldgrid — boldgrid_easy_seo_-_simple_and_effective_seo
 
The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the meta description field in all versions up to, and including, 1.6.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-1692
[email protected]
[email protected]
boldgrid — post_and_page_builder_by_boldgrid_-_visual_drag_and_drop_editor
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.26.2.2024-03-266.5CVE-2024-2888
[email protected]
boldthemes — bold_page_builder

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.7.6.2024-03-276.5CVE-2024-30179
[email protected]
boldthemes — bold_page_builder

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.8.0.2024-03-296.5CVE-2024-30442
[email protected]
booster — booster_plus_for_woocommerce
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2.2024-03-286.5CVE-2023-52231
[email protected]
booster — booster_plus_for_woocommerce
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.2.2024-03-286.5CVE-2023-52234
[email protected]
bplugins — b_slider_-_slider_for_your_block_editor

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bPlugins B Slider – Slider for your block editor allows Stored XSS.This issue affects B Slider – Slider for your block editor: from n/a through 1.1.12.2024-03-296.5CVE-2024-30432
[email protected]
bplugins — print_page_block

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bPlugins Print Page block allows Stored XSS.This issue affects Print Page block: from n/a through 1.0.8.2024-03-296.5CVE-2024-30438
[email protected]
brainstorm_force — astra
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brainstorm Force Astra allows Stored XSS.This issue affects Astra: from n/a through 4.6.4.2024-03-275.9CVE-2024-29768
[email protected]
brainstormforce — ultimate_addons_for_beaver_builder_-_liteThe Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-2141
[email protected]
[email protected]
[email protected]
brainstormforce — ultimate_addons_for_beaver_builder_-_liteThe Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-2142
[email protected]
[email protected]
[email protected]
brainstormforce — ultimate_addons_for_beaver_builder_-_liteThe Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-2143
[email protected]
[email protected]
brainstormforce — ultimate_addons_for_beaver_builder_-_liteThe Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Separator widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-2144
[email protected]
[email protected]
[email protected]
brainstormforce — ultimate_addons_for_beaver_builder_-_lite
 
The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-2140
[email protected]
[email protected]
brave — brave_popup_builder
 
Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.6.5.2024-03-295.4CVE-2024-30453
[email protected]
brice_capobianco — simple_revisions_delete
 
Cross-Site Request Forgery (CSRF) vulnerability in Brice CAPOBIANCO Simple Revisions Delete.This issue affects Simple Revisions Delete: from n/a through 1.5.3.2024-03-294.3CVE-2024-30482
[email protected]
camille_verrier — travelers’_map

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Camille Verrier Travelers’ Map allows Stored XSS.This issue affects Travelers’ Map: from n/a through 2.2.0.2024-03-276.5CVE-2024-29909
[email protected]
campcodes — house_rental_management_system
 
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257983.2024-03-265.4CVE-2024-2917
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — online_art_gallery_management_system

 
A vulnerability classified as critical has been found in Campcodes Online Art Gallery Management System 1.0. This affects an unknown part of the file /admin/adminHome.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258201 was assigned to this vulnerability.2024-03-276.3CVE-2024-2999
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — online_examination_system

 
A vulnerability was found in Campcodes Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /adminpanel/admin/facebox_modal/updateCourse.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258029 was assigned to this vulnerability.2024-03-276.3CVE-2024-2938
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — online_examination_system

 
A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /adminpanel/admin/query/loginExe.php. The manipulation of the argument pass leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258032.2024-03-276.3CVE-2024-2941
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — online_examination_system

 
A vulnerability, which was classified as critical, was found in Campcodes Online Examination System 1.0. This affects an unknown part of the file /adminpanel/admin/query/deleteQuestionExe.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258033 was assigned to this vulnerability.2024-03-276.3CVE-2024-2942
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — online_examination_system

 
A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/deleteExamExe.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258034 is the identifier assigned to this vulnerability.2024-03-276.3CVE-2024-2943
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — online_examination_system

 
A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. This issue affects some unknown processing of the file /adminpanel/admin/query/deleteCourseExe.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258035.2024-03-276.3CVE-2024-2944
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — online_examination_system

 
A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258036.2024-03-276.3CVE-2024-2945
[email protected]
[email protected]
[email protected]
[email protected]
carrierwaveuploader — carrierwave
 
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn’t fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what’s allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. Upgrade to 3.0.7 or 2.2.6.2024-03-246.8CVE-2024-29034
[email protected]
[email protected]
cartflows_inc. — funnel_builder_by_cartflows
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CartFlows Inc. Funnel Builder by CartFlows allows Stored XSS.This issue affects Funnel Builder by CartFlows: from n/a through 2.0.1.2024-03-275.9CVE-2024-29813
[email protected]
cincopa — post_video_players
 
Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through 1.159.2024-03-275.4CVE-2024-23515
[email protected]
cisco — cisco_aironet_access_point_software
 
A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to incomplete cleanup of resources when dropping certain malformed frames. An attacker could exploit this vulnerability by connecting as a wireless client to an affected AP and sending specific malformed frames over the wireless connection. A successful exploit could allow the attacker to cause degradation of service to other clients, which could potentially lead to a complete DoS condition.2024-03-274.7CVE-2024-20354
[email protected]
cisco — cisco_digital_network_architecture_center_(dna_center)
 
A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to change a specific field within the web-based management interface, even though they should not have access to change that field.2024-03-274.3CVE-2024-20333
[email protected]
cisco — cisco_ios_xe_software
 
A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root.2024-03-276.5CVE-2024-20278
[email protected]
cisco — cisco_ios_xe_software
 
A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system.2024-03-276CVE-2024-20306
[email protected]
cisco — cisco_ios_xe_software
 
A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.2024-03-275.9CVE-2024-20265
[email protected]
cisco — cisco_ios_xe_software
 
A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this vulnerability by reverse telnetting to the AUX port and sending specific data after connecting. A successful exploit could allow the attacker to cause the device to reset or stop responding, resulting in a denial of service (DoS) condition.2024-03-275.6CVE-2024-20309
[email protected]
cisco — cisco_ios_xe_software
 
A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL). This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device.2024-03-275.8CVE-2024-20316
[email protected]
cisco — cisco_ios_xe_software
 
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and show tech wireless CLI commands to access configuration details, including passwords. A successful exploit could allow the attacker to access configuration details that they are not authorized to access.2024-03-275.5CVE-2024-20324
[email protected]
cisco — ios
 
A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.2024-03-276.8CVE-2024-20307
[email protected]
cloudways — breeze
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Cloudways Breeze allows Stored XSS.This issue affects Breeze: from n/a through 2.1.3.2024-03-275.9CVE-2024-27188
[email protected]
code-projects — online_book_system

 
A vulnerability, which was classified as critical, has been found in code-projects Online Book System 1.0. This issue affects some unknown processing of the file /Product.php. The manipulation of the argument value leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258203.2024-03-276.3CVE-2024-3001
[email protected]
[email protected]
[email protected]
[email protected]
code-projects — online_book_system

 
A vulnerability, which was classified as critical, was found in code-projects Online Book System 1.0. Affected is an unknown function of the file /description.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258204.2024-03-276.3CVE-2024-3002
[email protected]
[email protected]
[email protected]
[email protected]
code-projects — online_book_system

 
A vulnerability has been found in code-projects Online Book System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cart.php. The manipulation of the argument quantity/remove leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258205 was assigned to this vulnerability.2024-03-276.3CVE-2024-3003
[email protected]
[email protected]
[email protected]
[email protected]
codepeople — google_maps_cp
 
Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43.2024-03-254.3CVE-2023-25039
[email protected]
codesupplyco — networker_-_tech_news_wordpress_theme_with_dark_mode
 
The Networker – Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to modify the location of display menus.2024-03-275.3CVE-2024-2962
[email protected]
[email protected]
[email protected]
codexthemes — thegem_(elementor)
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery) allows Stored XSS.This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.2024-03-266.5CVE-2023-32237
[email protected]
[email protected]
collect.chat_inc. — collectchat

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Collect.Chat Inc. Collectchat allows Stored XSS.This issue affects Collectchat: from n/a through 2.4.1.2024-03-296.5CVE-2024-30436
[email protected]
crm_perks — crm_perks_forms

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CRM Perks CRM Perks Forms allows Stored XSS.This issue affects CRM Perks Forms: from n/a through 1.1.4.2024-03-296.5CVE-2024-30446
[email protected]
currencyrate.today — crypto_converter_widget

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.4.2024-03-276.5CVE-2024-29930
[email protected]
currencyrate.today — exchange_rates_widget

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CurrencyRate.Today Exchange Rates Widget allows Stored XSS.This issue affects Exchange Rates Widget: from n/a through 1.4.0.2024-03-276.5CVE-2024-29814
[email protected]
cyberaz0r — webrat
 
A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function download_file of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The patch is identified as 0c394a795b9c10c07085361e6fcea286ee793701. It is recommended to apply a patch to fix this issue. VDB-257782 is the identifier assigned to this vulnerability.2024-03-246.3CVE-2020-36825
[email protected]
[email protected]
[email protected]
dearhive — dearflip

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DearHive DearFlip allows Stored XSS.This issue affects DearFlip: from n/a through 2.2.26.2024-03-276.5CVE-2024-29807
[email protected]
deepak_anand — wp_dummy_content_generator
 
Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.1.2.2024-03-264.3CVE-2024-24805
[email protected]
dell — dell_openmanage_enterprise
 
Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application.2024-03-295.7CVE-2024-25944
[email protected]
dell — grab_for_windows
 
Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of application data and service disruption.2024-03-266.7CVE-2024-25958
[email protected]
dell — grab_for_windows
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in mbbhatti Upload Resume.This issue affects Upload Resume: from n/a through 1.2.0.2024-03-265.9CVE-2023-25965
[email protected]
dell — grab_for_windows
 
Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information.2024-03-265.5CVE-2024-25956
[email protected]
dell — grab_for_windows
 
Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure that could be used to access the appsync application with elevated privileges.2024-03-264.8CVE-2024-25957
[email protected]
dell — powerprotect_data_manager
 
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.2024-03-285.5CVE-2024-25971
[email protected]
dell — powerscale_onefs
 
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.2024-03-286CVE-2024-25952
[email protected]
dell — powerscale_onefs
 
Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.2024-03-286CVE-2024-25953
[email protected]
dell — powerscale_onefs
 
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.2024-03-286CVE-2024-25961
[email protected]
dell — powerscale_onefs
 
Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.2024-03-285.3CVE-2024-25954
[email protected]
dell — powerscale_onefs
 
Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.2024-03-285.9CVE-2024-25963
[email protected]
dell — powerscale_onefs
 
Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.2024-03-255.3CVE-2024-25964
[email protected]
dglingren — media_library_assistant
 
The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-296.4CVE-2024-2475
[email protected]
[email protected]
[email protected]
[email protected]
easy_social_feed — easy_social_feed

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Easy Social Feed allows Stored XSS.This issue affects Easy Social Feed: from n/a through 6.5.3.2024-03-276.5CVE-2024-30180
[email protected]
elastic — elasticsearch
 
An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files.2024-03-294.3CVE-2024-23449
[email protected]
elastic — elasticsearch
 
A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.2024-03-274.9CVE-2024-23450
[email protected]
[email protected]
elastic — elasticsearch
 
Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to read arbitrary documents from any index on the remote cluster, and only if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID. None of Elasticsearch REST API endpoints are affected by this issue.2024-03-274.4CVE-2024-23451
[email protected]
envialosimple — envíalosimple
 
Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple EnvíaloSimple.This issue affects EnvíaloSimple: from n/a through 2.3.2024-03-266.5CVE-2023-51416
[email protected]
epsiloncool — wp_fast_total_search

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Epsiloncool WP Fast Total Search allows Stored XSS.This issue affects WP Fast Total Search: from n/a through 1.59.211.2024-03-276.5CVE-2024-29799
[email protected]
espressif — esp-idf
 
ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use (TOCTOU) vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass anti-rollback protection. Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip. This attack can allow to boot past (passive) application partition having lower security version of the same device even in the presence of the flash encryption scheme. The attack requires carefully modifying the flash contents after the anti-rollback checks have been performed by the bootloader (before loading the application). The vulnerability is fixed in 4.4.7 and 5.2.1.2024-03-256.1CVE-2024-28183
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
exclusive_addons — exclusive_addons_elementor

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.8.2024-03-276.5CVE-2024-30177
[email protected]
exclusive_addons — exclusive_addons_elementor

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.2024-03-266.5CVE-2024-30232
[email protected]
expressjs — express
 
Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.2024-03-256.1CVE-2024-29041
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
extend_themes — calliopeCross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.33.2024-03-264.3CVE-2024-2904
[email protected]
extendthemes — colibri_page_builder
 
Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248.2024-03-285.4CVE-2024-28004
[email protected]
fernandobt — list_category_posts
 
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘catlist’ shortcode in all versions up to, and including, 0.89.6 due to insufficient input sanitization and output escaping on user supplied attributes like ‘title_tag’. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-1051
[email protected]
[email protected]
[email protected]
flector — easy_textillate
 
The Easy Textillate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘textillate’ shortcode in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-266.4CVE-2024-2303
[email protected]
[email protected]
flir — ax8

 
A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated as critical. This issue affects some unknown processing of the file /tools/test_login.php?action=register of the component User Registration. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258299. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-286.3CVE-2024-3013
[email protected]
[email protected]
[email protected]
[email protected]
fr-d-ric_gilles — fg_prestashop_to_woocommerce
 
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1.2024-03-295.3CVE-2024-30511
[email protected]
gamipress — gamipress
 
Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5.2024-03-294.3CVE-2024-30455
[email protected]
geonode — geonode
 
GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user’s email address to perform a full account takeover. Due to the script element not impacting the CORS policy, requests will succeed. This vulnerability is fixed in 4.2.3.2024-03-276.1CVE-2024-27091
[email protected]
[email protected]
ghozylab_inc. — web_icons

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10.2024-03-276.5CVE-2024-29933
[email protected]
ghozylab_inc. — web_icons

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10.2024-03-296.5CVE-2024-30445
[email protected]
gitlab — gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels.2024-03-284.3CVE-2024-2818
[email protected]
grafana — grafana
 
It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized. Grafana Labs would like to thank Ravid Mazon and Jay Chen of Palo Alto Research for discovering and disclosing this vulnerability. This issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5.2024-03-266.5CVE-2024-1313
[email protected]
gs_plugins — gs_testimonial_slider

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GS Plugins GS Testimonial Slider allows Stored XSS.This issue affects GS Testimonial Slider: from n/a through 3.1.4.2024-03-296.5CVE-2024-30443
[email protected]
hans_matzen — wp-forecast

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hans Matzen allows Stored XSS.This issue affects wp-forecast: from n/a through 9.2.2024-03-296.5CVE-2024-30429
[email protected]
hashthemes — hash_elements

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HashThemes Hash Elements allows Stored XSS.This issue affects Hash Elements: from n/a through 1.3.3.2024-03-296.5CVE-2024-30426
[email protected]
hashthemes — viral_news
 
Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0.2024-03-254.3CVE-2023-33923
[email protected]
[email protected]
[email protected]
hastheme — wishsuite

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasTheme WishSuite allows Stored XSS.This issue affects WishSuite: from n/a through 1.3.7.2024-03-276.5CVE-2024-29927
[email protected]
hasthemes — ht_mega

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes HT Mega allows Stored XSS.This issue affects HT Mega: from n/a through 2.4.3.2024-03-276.5CVE-2024-30182
[email protected]
hasthemes — wc_builder

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes WC Builder allows Stored XSS.This issue affects WC Builder: from n/a through 1.0.18.2024-03-276.5CVE-2024-29926
[email protected]
hewlett_packard_enterprise_(hpe) — arubaos-s_switch
 
Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon2024-03-264.9CVE-2024-26303
[email protected]
hewlett_packard_enterprise_(hpe) — icewall_gen11_icewall_sso_agent
 
A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial of service.2024-03-266.5CVE-2024-22436
[email protected]
hitachi_energy — asset_suite_eam
 
REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations.2024-03-275.3CVE-2024-2244
[email protected]
hitachi_energy — rtu500_series_cmu_firmware
 
A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file.2024-03-276.8CVE-2024-1532
[email protected]
hot_themes — hot_random_image

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hot Themes Hot Random Image allows Stored XSS.This issue affects Hot Random Image: from n/a through 1.8.1.2024-03-276.5CVE-2024-29796
[email protected]
htdat — woo_viet
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in htdat Woo Viet allows Stored XSS.This issue affects Woo Viet: from n/a through 1.5.2.2024-03-275.9CVE-2024-29816
[email protected]
https://elementor.com/ — elementor_website_builder_pro
 
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget’s custom_id in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-276.4CVE-2024-1364
[email protected]
[email protected]
https://elementor.com/ — elementor_website_builder_pro
 
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability is only exploitable on web servers running NGINX. It is not exploitable on web servers running Apache HTTP Server.2024-03-276.4CVE-2024-1521
[email protected]
[email protected]
https://elementor.com/ — elementor_website_builder_pro
 
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-276.4CVE-2024-2781
[email protected]
[email protected]
https://elementor.com/ — elementor_website_builder_pro
 
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-275.4CVE-2024-2120
[email protected]
[email protected]
https://elementor.com/ — elementor_website_builder_pro
 
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-275.4CVE-2024-2121
[email protected]
[email protected]
ibm — app_connect_enterprise
 
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893.2024-03-264.9CVE-2024-22356
[email protected]
[email protected]
ibm — qradar_siem
 
IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893.2024-03-275.4CVE-2024-28784
[email protected]
[email protected]
ibm — qradar_siem
 
IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275939.2024-03-274.8CVE-2023-50961
[email protected]
[email protected]
ibm — websphere_application_server_liberty
 
IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576.2024-03-274.7CVE-2024-27270
[email protected]
[email protected]
ideaboxcreations — powerpack_addons_for_elementor_(free_widgets_extensions_and_templates)
 
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the *_html_tag* attribute of multiple widgets in all versions up to, and including, 2.7.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-2491
[email protected]
[email protected]
infinitum_form — geo_controller

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in INFINITUM FORM Geo Controller allows Stored XSS.This issue affects Geo Controller: from n/a through 8.6.4.2024-03-296.5CVE-2024-30451
[email protected]
inspirythemes — realhomes
 
Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.2024-03-255.4CVE-2023-37886
[email protected]
inspirythemes — realhomes
 
Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.2024-03-254.3CVE-2023-37885
[email protected]
interfacelab — media_cloud_for_amazon_s3_imgix_google_cloud_storage_digitalocean_spaces_and_more

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Interfacelab Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more allows Stored XSS.This issue affects Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more: from n/a through 4.5.24.2024-03-276.5CVE-2024-29795
[email protected]
jeff_starr — user_submitted_posts
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901.2024-03-266.5CVE-2023-7251
[email protected]
jetbrains — teamcity
 
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled2024-03-286.5CVE-2024-31134
[email protected]
jetbrains — teamcity
 
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page2024-03-286.1CVE-2024-31135
[email protected]
jetbrains — teamcity
 
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration2024-03-286.8CVE-2024-31137
[email protected]
jetbrains — teamcity
 
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector2024-03-285.9CVE-2024-31139
[email protected]
jetbrains — teamcity
 
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings2024-03-284.6CVE-2024-31138
[email protected]
jetbrains — teamcity
 
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools2024-03-284.1CVE-2024-31140
[email protected]
jewel_theme — master_addons_for_elementor

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.2024-03-276.5CVE-2024-29911
[email protected]
jordy_meow — ai_engine:_chatgpt_chatbot

 
Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.2024-03-286.8CVE-2024-29090
[email protected]
jory_hogeveen — off-canvas_sidebars_&_menus_(slidebars)

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Stored XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.1.2024-03-276.5CVE-2024-29762
[email protected]
jumpserver — jumpserver
 
JumpServer is an open source bastion host and an operation and maintenance security audit system. An authorized attacker can obtain sensitive information contained within playbook files if they manage to learn the playbook_id of another user. This breach of confidentiality can lead to information disclosure and exposing sensitive data. This vulnerability is fixed in v3.10.6.2024-03-294.6CVE-2024-29020
[email protected]
jumpserver — jumpserver
 
JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager’s bulk transfer by manipulating job IDs to upload malicious files, potentially compromising the integrity and security of the system. This vulnerability is fixed in v3.10.6.2024-03-294.6CVE-2024-29024
[email protected]
katex — katex
 
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user’s KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability.2024-03-256.5CVE-2024-28243
[email protected]
[email protected]
katex — katex
 
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX supports an option named maxExpand which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for “Unicode (sub|super)script characters” allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10.2024-03-256.5CVE-2024-28244
[email protected]
[email protected]
katex — katex
 
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.2024-03-256.3CVE-2024-28245
[email protected]
[email protected]
katex — katex
 
KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX’s `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) => context.protocol !== ‘javascript’`. Upgrade to KaTeX v0.16.10 to remove this vulnerability.2024-03-255.5CVE-2024-28246
[email protected]
[email protected]
kienso — co-marquage_service-public.fr

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.71.2024-03-276.5CVE-2024-29908
[email protected]
kimai — kimai

 
Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0.2024-03-286.8CVE-2024-29200
[email protected]
kitforest — better_elementor_addons
 
The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget link URL values in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-296.4CVE-2024-2280
[email protected]
[email protected]
klarna — klarna_payments_for_woocommerce
 
Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4.2024-03-295.3CVE-2024-30477
[email protected]
klbtheme — clotya_theme
 
Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya theme, KlbTheme Cosmetsy theme, KlbTheme Furnob theme, KlbTheme Bacola theme, KlbTheme Partdo theme, KlbTheme Medibazar theme, KlbTheme Machic theme.This issue affects Clotya theme: from n/a through 1.1.6; Cosmetsy theme: from n/a through 1.7.7; Furnob theme: from n/a through 1.2.2; Bacola theme: from n/a through 1.3.3; Partdo theme: from n/a through 1.1.1; Medibazar theme: from n/a through 1.8.6; Machic theme: from n/a through 1.2.8.2024-03-264.3CVE-2023-49838
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
krunal_prajapati — wp_post_disclaimer

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Krunal Prajapati WP Post Disclaimer allows Stored XSS.This issue affects WP Post Disclaimer: from n/a through 1.0.3.2024-03-276.5CVE-2024-29761
[email protected]
kstover — ninja_forms_contact_form_-_the_drag_and_drop_form_builder_for_wordpress
 
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-294.6CVE-2024-2108
[email protected]
[email protected]
kstover — ninja_forms_contact_form_-_the_drag_and_drop_form_builder_for_wordpress
 
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the nf_download_all_subs AJAX action. This makes it possible for unauthenticated attackers to trigger an export of a form’s submission to a publicly accessible location via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-03-294.3CVE-2024-2113
[email protected]
[email protected]
kurudrive — vk_all_in_one_expansion_unit
 
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and including, 9.96.0.1 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘className.’ This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-266.4CVE-2024-2170
[email protected]
[email protected]
labib_ahmed — carousel_anything_for_wpbakery_page_builder
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Labib Ahmed Carousel Anything For WPBakery Page Builder allows Stored XSS.This issue affects Carousel Anything For WPBakery Page Builder: from n/a through 2.1.2024-03-296.5CVE-2024-30520
[email protected]
landingi — landingi_landing_pages
 
Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi Landing Pages.This issue affects Landingi Landing Pages: from n/a through 3.1.1.2024-03-295.4CVE-2024-30521
[email protected]
lg_electronics — lg_led_assistant
 
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.2024-03-255.3CVE-2024-2863
[email protected]
litonice13 — master_addons_-_free_widgets_hover_effects_toggle_conditions_animations_for_elementor
 
The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in all versions up to, and including, 2.0.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-276.4CVE-2024-2139
[email protected]
[email protected]
livemesh — livemesh_addons_for_wpbakery_page_builder

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.7.2024-03-276.5CVE-2024-30183
[email protected]
loncar — easy_appointments
 
The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ea_full_calendar’ shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-296.4CVE-2024-2842
[email protected]
[email protected]
loncar — easy_appointments
 
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders.2024-03-294.3CVE-2024-2844
[email protected]
[email protected]
[email protected]
looking_forward_software_incorporated. — popup_builder

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Looking Forward Software Incorporated. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 4.2.6.2024-03-276.5CVE-2024-30184
[email protected]
lordicon — lordicon_animated_icons
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lordicon Lordicon Animated Icons allows Stored XSS.This issue affects Lordicon Animated Icons: from n/a through 2.0.1.2024-03-296.5CVE-2024-30519
[email protected]
mailmunch — mailchimp_forms_by_mailmunch

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2.2024-03-276.5CVE-2024-29793
[email protected]
mainwp — mainwp_wordfence_extension
 
Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7.2024-03-255.4CVE-2023-22699
[email protected]
mark_kinchin — beds24_online_booking
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.24.2024-03-276.5CVE-2023-52228
[email protected]
martyn_chamberlin — don’t_muck_my_markup
 
Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin Don’t Muck My Markup.This issue affects Don’t Muck My Markup: from n/a through 1.8.2024-03-274.3CVE-2024-23510
[email protected]
marubon — pocket_news_generator
 
The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.0. This is due to missing or incorrect nonce validation on the option_page() function. This makes it possible for unauthenticated attackers to update the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-03-295.4CVE-2024-2964
[email protected]
[email protected]
marubon — pocket_news_generator
 
The Pocket News Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as “Consumer Key” and “Access Token” in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-03-294.4CVE-2024-2963
[email protected]
[email protected]
megamenu — max_mega_menu
 
Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3.2024-03-285.4CVE-2024-28003
[email protected]
mehanoid.pro — flatpm

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mehanoid.Pro FlatPM allows Stored XSS.This issue affects FlatPM: from n/a before 3.1.05.2024-03-276.5CVE-2024-29803
[email protected]
metagauss — eventprime
 
Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.2024-03-275.9CVE-2024-29776
[email protected]
metagauss — profilegrid_
 
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.2.2024-03-296.5CVE-2024-30513
[email protected]
metagauss — registrationmagic
 
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.3.0.0.2024-03-264.3CVE-2024-2951
[email protected]
miraheze — createwiki
 
CreateWiki is Miraheze’s MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it.2024-03-264.9CVE-2024-29883
[email protected]
[email protected]
[email protected]
miraheze — createwiki
 
CreateWiki is Miraheze’s MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request’s entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937.2024-03-284.9CVE-2024-29897
[email protected]
[email protected]
[email protected]
[email protected]
miraheze — createwiki
 
CreateWiki is Miraheze’s MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c.2024-03-284.9CVE-2024-29898
[email protected]
[email protected]
[email protected]
molongui — molongui

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Molongui allows Stored XSS.This issue affects Molongui: from n/a through 4.7.7.2024-03-276.5CVE-2024-29764
[email protected]
motopress — stratum

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MotoPress Stratum allows Stored XSS.This issue affects Stratum: from n/a through 1.3.15.2024-03-276.5CVE-2024-29914
[email protected]
moveaddons — move_addons_for_elementor

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.2.9.2024-03-276.5CVE-2024-29920
[email protected]
muffingroup — betheme
 
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.2024-03-255.4CVE-2022-45351
[email protected]
muffingroup — betheme
 
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.2024-03-255.4CVE-2022-45352
[email protected]
muffingroup — betheme
 
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.2024-03-255.4CVE-2022-45356
[email protected]
muffingroup — betheme
 
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.2024-03-254.3CVE-2022-45349
[email protected]
multivendorx — wc_marketplace

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MultiVendorX WC Marketplace allows Stored XSS.This issue affects WC Marketplace: from n/a through 4.1.3.2024-03-296.5CVE-2024-30433
[email protected]
munirkamal — gutenberg_block_editor_toolkit_-_editorskit
 
The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘editorskit’ shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-2794
[email protected]
[email protected]
n/a — compact_wp_audio_player

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Compact WP Audio Player allows Stored XSS.This issue affects Compact WP Audio Player: from n/a through 1.9.9.2024-03-276.5CVE-2024-29917
[email protected]
n/a — portfolio_gallery_-_image_gallery_plugin

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Portfolio Gallery – Image Gallery Plugin allows Stored XSS.This issue affects Portfolio Gallery – Image Gallery Plugin: from n/a through 1.5.6.2024-03-276.5CVE-2024-29769
[email protected]
n/a — qdrant
 
A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 is able to address this issue. The patch is named 3ab5172e9c8f14fa1f7b24e7147eac74e2412b62. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-258611.2024-03-295.5CVE-2024-3078
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
n/a — wp-crm_system
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP-CRM System allows Stored XSS.This issue affects WP-CRM System: from n/a through 3.2.9.2024-03-295.9CVE-2024-30434
[email protected]
netentsec — ns-asg_application_security_gateway

 
A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_crl_conf. The manipulation of the argument CRLId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258429 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-286.3CVE-2024-3040
[email protected]
[email protected]
[email protected]
[email protected]
netentsec — ns-asg_application_security_gateway

 
A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. This vulnerability affects unknown code of the file /protocol/log/listloginfo.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-286.3CVE-2024-3041
[email protected]
[email protected]
[email protected]
[email protected]
netty — netty
 
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.2024-03-255.3CVE-2024-29025
[email protected]
[email protected]
[email protected]
netweblogic — events_manager_-_calendar_bookings_tickets_and_more!
 
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-286.4CVE-2024-2111
[email protected]
[email protected]
netweblogic — events_manager_-_calendar_bookings_tickets_and_more!
 
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers to modify booking statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-03-284.3CVE-2024-2110
[email protected]
[email protected]
nickys — image_map_pro
 
Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9.2024-03-286.1CVE-2022-45850
[email protected]
niteothemes — cmp_-_coming_soon_&_maintenance
 
Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP – Coming Soon & Maintenance.This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.10.2024-03-285.5CVE-2023-50374
[email protected]
nuuo — camera
 
A vulnerability was found in NUUO Camera up to 20240319 and classified as problematic. This issue affects some unknown processing of the file /deletefile.php. The manipulation of the argument filename leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258197 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-275.4CVE-2024-2995
[email protected]
[email protected]
[email protected]
[email protected]
nvidia — gpu_display_driver_vgpu_driver_cloud_gaming_driver
 
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of this vulnerability may lead to denial of service and limited information disclosure.2024-03-276.1CVE-2024-0075
[email protected]
nvidia — gpu_display_driver_vgpu_driver_cloud_gaming_driver
 
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service.2024-03-276.5CVE-2024-0078
[email protected]
nvidia — vgpu_driver,_cloud_gaming_driver
 
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest VM can cause a NULL-pointer dereference in the host. A successful exploit of this vulnerability may lead to denial of service.2024-03-276.5CVE-2024-0079
[email protected]
oceanwp — oceanwp
 
The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system/environment data and API keys.2024-03-294.3CVE-2024-2476
[email protected]
[email protected]
oroinc — orocommerce
 
OroPlatform is a PHP Business Application Platform (BAP). Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4.2024-03-254.3CVE-2023-48296
[email protected]
[email protected]
oroinc — platform
 
OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.2024-03-254.3CVE-2023-45824
[email protected]
[email protected]
paid_memberships_pro — paid_memberships_pro_-_payfast_gateway_add_on
 
Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Payfast Gateway Add On.This issue affects Paid Memberships Pro – Payfast Gateway Add On: from n/a through 1.4.1.2024-03-295.3CVE-2024-30514
[email protected]
patrick_posner — simply_static
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Patrick Posner Simply Static allows Stored XSS.This issue affects Simply Static: from n/a through 3.1.3.2024-03-275.9CVE-2024-30178
[email protected]
peepso — community_by_peepso
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.0.9.0.2024-03-265.3CVE-2023-27630
[email protected]
peepso — community_by_peepso
 
Insertion of Sensitive Information into Log File vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.2.7.0.2024-03-285.3CVE-2024-25923
[email protected]
petri_damstén — fullscreen_galleria

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Petri Damstén Fullscreen Galleria allows Stored XSS.This issue affects Fullscreen Galleria: from n/a through 1.6.11.2024-03-276.5CVE-2024-29801
[email protected]
phpgurukul — emergency_ambulance_hiring_portal
 
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258677 was assigned to this vulnerability.2024-03-304.3CVE-2024-3084
[email protected]
[email protected]
[email protected]
[email protected]
phpgurukul — emergency_ambulance_hiring_portal
 
A vulnerability classified as problematic was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258679.2024-03-304.3CVE-2024-3086
[email protected]
[email protected]
[email protected]
[email protected]
phpgurukul — emergency_ambulance_hiring_portal
 
A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/manage-ambulance.php of the component Manage Ambulance Page. The manipulation of the argument del leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258682 is the identifier assigned to this vulnerability.2024-03-304.3CVE-2024-3089
[email protected]
[email protected]
[email protected]
[email protected]
pimcore — pimcore

 
Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer applies. Previews are broad open to any user and with just the hint of a restricted link one could gain access to possible confident / unreleased information. This vulnerability is fixed in 11.2.2 and 11.1.6.1.2024-03-266.5CVE-2024-29197
[email protected]
[email protected]
piotnet — piotnet_addons_for_elementor

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.25.2024-03-276.5CVE-2024-29934
[email protected]
pixelite — events_manager
 
Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1.2024-03-284.3CVE-2024-30421
[email protected]
plainware — locatoraid_store_locator
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.30.2024-03-275.9CVE-2024-30181
[email protected]
pluginops — landing_page_builder
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PluginOps Landing Page Builder allows Stored XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.7.2024-03-295.9CVE-2024-30452
[email protected]
podlove — podlove_web_player

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Podlove Podlove Web Player allows Stored XSS.This issue affects Podlove Web Player: from n/a through 5.7.1.2024-03-276.5CVE-2024-29788
[email protected]
poll_maker_&_voting_plugin_team_(infotheme) — wp_poll_maker
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker allows Stored XSS.This issue affects WP Poll Maker: from n/a through 3.1.2024-03-275.9CVE-2024-29818
[email protected]
posimyththemes — the_plus_addons_for_elementor
 
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.2024-03-276.4CVE-2024-2203
[email protected]
[email protected]
posimyththemes — the_plus_addons_for_elementor
 
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.2024-03-276.4CVE-2024-2210
[email protected]
[email protected]
propertyhive — propertyhive
 
Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6.2024-03-264.3CVE-2024-24718
[email protected]
quantum_cloud — slider_hero
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Quantum Cloud Slider Hero allows Stored XSS.This issue affects Slider Hero: from n/a through 8.6.1.2024-03-275.9CVE-2024-29922
[email protected]
realmag777 — bear
 
Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.3.2024-03-294.3CVE-2024-30463
[email protected]
realmag777 — husky_-_products_filter_for_woocommerce_(formerly_woof)
 
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.1.2024-03-294.3CVE-2024-30462
[email protected]
realmag777 — woocs_-_woocommerce_currency_switcher
 
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher.This issue affects WOOCS – WooCommerce Currency Switcher: from n/a through 1.4.1.7.2024-03-294.3CVE-2024-30458
[email protected]
realmag777 — wordpress_meta_data_and_taxonomies_filter_(mdtf)

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2.2024-03-276.5CVE-2024-29906
[email protected]
realmag777 — wordpress_meta_data_and_taxonomies_filter_(mdtf)

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2.2024-03-276.5CVE-2024-29932
[email protected]
realmag777 — wordpress_meta_data_and_taxonomies_filter_(mdtf)
 
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.1.2024-03-294.3CVE-2024-30457
[email protected]
realmag777 — wpcs
 
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.This issue affects WPCS: from n/a through 1.2.0.1.2024-03-294.3CVE-2024-30456
[email protected]
rednao — pdf_builder_for_wpforms

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in RedNao PDF Builder for WPForms allows Stored XSS.This issue affects PDF Builder for WPForms: from n/a through 1.2.88.2024-03-276.5CVE-2024-29820
[email protected]
reviewx — reviewx

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22.2024-03-276.5CVE-2024-29812
[email protected]
rockwell_automation — arena_simulation
 
A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.2024-03-264.4CVE-2024-21920
[email protected]
rockwell_automation — factorytalk-_view_me
 
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelViewâ„¢ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelViewâ„¢ product.2024-03-255.3CVE-2024-21914
[email protected]
ruijie — rg-eg350

 
A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Affected by this issue is the function vpnAction of the file /itbox_pi/vpn_quickset_service.php?a=set_vpn of the component HTTP POST Request Handler. The manipulation of the argument ip/port/user/pass/dns/startIp leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257978 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-266.3CVE-2024-2910
[email protected]
[email protected]
[email protected]
[email protected]
saleor — saleor
 
Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`.2024-03-274.2CVE-2024-29888
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
seraphinite_solutions — seraphinite_accelerator

 
Insertion of Sensitive Information into Log File vulnerability in Seraphinite Solutions Seraphinite Accelerator.This issue affects Seraphinite Accelerator: from n/a through 2.20.47.2024-03-285.3CVE-2024-22138
[email protected]
serverpod — serverpod
 
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6.2024-03-275.3CVE-2024-29886
[email protected]
[email protected]
servit_software_solutions — affiliate-toolkit

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Stored XSS.This issue affects affiliate-toolkit: from n/a through 3.4.5.2024-03-276.5CVE-2024-29817
[email protected]
shanghai_brad_technology — bladex

 
A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-286.3CVE-2024-3039
[email protected]
[email protected]
[email protected]
[email protected]
sharethis — sharethis_dashboard_for_google_analytics
 
Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4.2024-03-255.4CVE-2022-45851
[email protected]
simple_sponsorships — sponsors

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Simple Sponsorships Sponsors allows Stored XSS.This issue affects Sponsors: from n/a through 3.5.1.2024-03-296.5CVE-2024-30483
[email protected]
sinaextra — sina_extension_for_elementor

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.0.2024-03-276.5CVE-2024-29935
[email protected]
snp_digital — salesking
 
Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15.2024-03-266.5CVE-2024-22156
[email protected]
softlab — dracula_dark_mode_-_the_revolutionary_dark_mode_plugin_for_wordpress

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SoftLab Dracula Dark Mode – The Revolutionary Dark Mode Plugin For WordPress allows Stored XSS.This issue affects Dracula Dark Mode – The Revolutionary Dark Mode Plugin For WordPress: from n/a through 1.0.8.2024-03-276.5CVE-2024-29771
[email protected]
softlab — radio_player

 
Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.2024-03-266.5CVE-2024-2906
[email protected]
softlab — radio_player

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73.2024-03-276.5CVE-2024-29811
[email protected]
sourcecodester — online_chatting_system

 
A vulnerability classified as critical has been found in SourceCodester Online Chatting System 1.0. Affected is an unknown function of the file admin/update_room.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258012.2024-03-276.3CVE-2024-2932
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester — simple_subscription_website

 
A vulnerability classified as critical has been found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file Actions.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258300.2024-03-286.3CVE-2024-3014
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester — simple_subscription_website

 
A vulnerability classified as critical was found in SourceCodester Simple Subscription Website 1.0. Affected by this vulnerability is an unknown functionality of the file manage_plan.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258301 was assigned to this vulnerability.2024-03-286.3CVE-2024-3015
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester — simple_subscription_website

 
A vulnerability was found in SourceCodester Simple Subscription Website 1.0 and classified as critical. This issue affects some unknown processing of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258431.2024-03-286.3CVE-2024-3042
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester — todo_list_in_kanban_board

 
A vulnerability classified as critical was found in SourceCodester Todo List in Kanban Board 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-todo.php. The manipulation of the argument list leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258013 was assigned to this vulnerability.2024-03-276.3CVE-2024-2934
[email protected]
[email protected]
[email protected]
[email protected]
sparkle_wp — educenter
 
Missing Authorization vulnerability in Sparkle WP Educenter.This issue affects Educenter: from n/a through 1.5.5.2024-03-254.3CVE-2023-30480
[email protected]
specialk — simple_ajax_chat_-_add_a_fast_secure_chat_box
 
The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20231101 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-03-274.4CVE-2024-2956
[email protected]
[email protected]
squirrly — seo_plugin_by_squirrly_seo
 
Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20.2024-03-256.3CVE-2022-44626
[email protected]
step-byte-service_gmbh — openstreetmap_for_gutenberg_and_wpbakery_page_builder_(formerly_visual_composer)

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Step-Byte-Service GmbH OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) allows Stored XSS.This issue affects OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer): from n/a through 1.1.1.2024-03-296.5CVE-2024-30450
[email protected]
stormhill_media — mybooktable_bookstore

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Stormhill Media MyBookTable Bookstore allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through 3.3.7.2024-03-276.5CVE-2024-29772
[email protected]
streamweasels — streamweasels_twitch_integration

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in StreamWeasels StreamWeasels Twitch Integration allows Stored XSS.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.5.2024-03-276.5CVE-2024-29766
[email protected]
supsystic — photo_gallery_by_supsystic
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Supsystic Photo Gallery by Supsystic allows Stored XSS.This issue affects Photo Gallery by Supsystic: from n/a through 1.15.16.2024-03-275.9CVE-2024-29921
[email protected]
supsystic — slider_by_supsystic
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Supsystic Slider by Supsystic allows Stored XSS.This issue affects Slider by Supsystic: from n/a through 1.8.10.2024-03-295.9CVE-2024-30448
[email protected]
swift-server — swift-prometheus
 
Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies _un-sanitized string values into metric names or labels_, an attacker could make use of this and send a `?lang` query parameter containing newlines, `}` or similar characters which can lead to the attacker taking over the exported format — including creating unbounded numbers of stored metrics, inflating server memory usage, or causing “bogus” metrics. This vulnerability is fixed in2.0.0-alpha.2.2024-03-295.9CVE-2024-28867
[email protected]
[email protected]
syam_mohan — wpfront_notification_bar
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Syam Mohan WPFront Notification Bar allows Stored XSS.This issue affects WPFront Notification Bar: from n/a through 3.3.2.2024-03-275.9CVE-2024-29819
[email protected]
synology — surveillance_station
 
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29227
[email protected]
synology — surveillance_station
 
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29230
[email protected]
synology — surveillance_station
 
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.2024-03-285.4CVE-2024-29231
[email protected]
synology — surveillance_station
 
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29232
[email protected]
synology — surveillance_station
 
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29233
[email protected]
synology — surveillance_station
 
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29234
[email protected]
synology — surveillance_station
 
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29235
[email protected]
synology — surveillance_station
 
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29236
[email protected]
synology — surveillance_station
 
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29237
[email protected]
synology — surveillance_station
 
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29238
[email protected]
synology — surveillance_station
 
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29239
[email protected]
synology — surveillance_station
 
Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.2024-03-284.3CVE-2024-29240
[email protected]
team_heateor — fancy_comments_wordpress

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14.2024-03-276.5CVE-2024-29804
[email protected]
technocrackers — christmas_greetings
 
The Christmas Greetings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the code parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-03-296.1CVE-2024-2116
[email protected]
[email protected]
tenda — ac7
 
A vulnerability classified as critical has been found in Tenda AC7 15.03.06.44. Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257940. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-266.3CVE-2024-2897
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1202
 
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-275.5CVE-2024-2982
[email protected]
[email protected]
[email protected]
[email protected]
tenda — fh1205

 
A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-286.3CVE-2024-3009
[email protected]
[email protected]
[email protected]
[email protected]
the_beaver_builder_team — beaver_builder

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.7.4.4.2024-03-296.5CVE-2024-30425
[email protected]
themehunk — advance_wordpress_search_plugin
 
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.2024-03-256.5CVE-2022-38057
[email protected]
themeisle — multiple_page_generator_plugin_-_mpg
 
Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0.2024-03-264.3CVE-2024-30235
[email protected]
themeisle — otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse
 
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘id’. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-296.4CVE-2024-2841
[email protected]
[email protected]
themekraft — buddyforms
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue affects BuddyForms: from n/a through 2.8.5.2024-03-275.8CVE-2024-30198
[email protected]
themelocation — custom_woocommerce_checkout_fields_editor
 
Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0.2024-03-294.3CVE-2024-30518
[email protected]
themeum — tutor_lms_elementor_addons

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themeum Tutor LMS Elementor Addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.3.2024-03-276.5CVE-2024-29913
[email protected]
themify — themify_event_post
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themify Themify Event Post allows Stored XSS.This issue affects Themify Event Post: from n/a through 1.2.7.2024-03-295.9CVE-2024-30440
[email protected]
themifyme — themify_shortcodes
 
The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-265.4CVE-2024-2732
[email protected]
[email protected]
thimpress — wp_hotel_booking
 
Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2.2024-03-296.5CVE-2024-30508
[email protected]
thorsten — phpmyfaq
 
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ’s user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP’s `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user’s phpMyFAQ session. This vulnerability is fixed in 3.2.6.2024-03-255.5CVE-2024-27300
[email protected]
[email protected]
[email protected]
thorsten — phpmyfaq
 
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.2024-03-254.3CVE-2024-28106
[email protected]
[email protected]
thorsten — phpmyfaq
 
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn’t check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6.2024-03-254.7CVE-2024-28108
[email protected]
[email protected]
tianjin — publicms
 
A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257979. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-264.3CVE-2024-2911
[email protected]
[email protected]
[email protected]
[email protected]
tinymce — tinymce
 
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.2024-03-264.3CVE-2024-29203
[email protected]
[email protected]
[email protected]
[email protected]
tinymce — tinymce
 
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.2024-03-264.3CVE-2024-29881
[email protected]
[email protected]
[email protected]
[email protected]
tsina — news_wall
 
The News Wall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the nwap_newslist_page() function. This makes it possible for unauthenticated attackers to update the plugin’s settings and modify news lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-03-294.3CVE-2024-2970
[email protected]
[email protected]
tumult_inc — tumult_hype_animations
 
Cross-Site Request Forgery (CSRF) vulnerability in Tumult Inc Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.11.2024-03-294.3CVE-2024-30460
[email protected]
uncanny_owl — uncanny_toolkit_for_learndash
 
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.2024-03-274.7CVE-2023-34020
[email protected]
unitecms — unlimited_elements_for_elementor_(free_widgets,_addons,_templates)
 
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link field of an installed widget (e.g., ‘Button Link’) in all versions up to, and including, 1.5.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-0367
[email protected]
[email protected]
uriahs_victor — location_picker_at_checkout_for_woocommerce
 
Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.This issue affects Location Picker at Checkout for WooCommerce: from n/a through 1.8.9.2024-03-264.3CVE-2024-24719
[email protected]
veronalabs — wp_sms
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4.2024-03-276.5CVE-2024-25920
[email protected]
veronalabs — wp_sms
 
Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2.2024-03-294.3CVE-2024-30454
[email protected]
vinoth06. — frontend_dashboard

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in vinoth06. Frontend Dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through 2.2.1.2024-03-276.5CVE-2024-29775
[email protected]
voidcoders — void_contact_form_7_widget_for_elementor_page_builder
 
Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.3.2024-03-264.3CVE-2023-52214
[email protected]
walter_pinem — oneclick_chat_to_order

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5.2024-03-276.5CVE-2024-29789
[email protected]
wc_lovers — wcfm_-_frontend_manager_for_woocommerce
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce allows Stored XSS.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through 6.7.8.2024-03-275.9CVE-2024-29929
[email protected]
weblizar — lightbox_slider_-_responsive_lightbox_gallery
 
The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through post meta data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-03-295.4CVE-2024-1858
[email protected]
[email protected]
webtechstreet — elementor_addon_elements
 
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-285.4CVE-2024-2091
[email protected]
[email protected]
[email protected]
webtoffee — import_export_wordpress_users
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2.2024-03-294.3CVE-2024-30492
[email protected]
wedevs — woocommerce_conversion_tracking
 
Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.2024-03-264.3CVE-2024-24711
[email protected]
wholesale_team — wholesalex

 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.2024-03-266.5CVE-2024-30233
[email protected]
wholesale_team — wholesalex

 
Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.2024-03-266.5CVE-2024-30234
[email protected]
woocommerce — woocommerce_box_office
 
Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2.2024-03-266.5CVE-2024-24799
[email protected]
woocommerce — woocommerce_stripe_payment_gateway
 
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0.2024-03-275.4CVE-2023-44999
[email protected]
workos — authkit-nextjs
 
The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.2024-03-294.8CVE-2024-29901
[email protected]
[email protected]
[email protected]
wp_darko — grid_shortcodes

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Darko Grid Shortcodes allows Stored XSS.This issue affects Grid Shortcodes: from n/a through 1.1.2024-03-276.5CVE-2024-29797
[email protected]
wp_email_newsletter_team_-_fluentcrm — fluent_crm
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Email Newsletter Team – FluentCRM Fluent CRM allows Stored XSS.This issue affects Fluent CRM: from n/a through 2.8.44.2024-03-295.9CVE-2024-30430
[email protected]
wp_lab — wp-lister_lite_for_amazon
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Lab WP-Lister Lite for Amazon allows Stored XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.11.2024-03-265.9CVE-2024-2889
[email protected]
wp_sunshine — sunshine_photo_cart
 
Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1.2024-03-285.4CVE-2024-30221
[email protected]
wp_swings — points_and_rewards_for_woocommerce
 
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0.2024-03-256.5CVE-2023-27608
[email protected]
wpassist.me — wordpress_countdown_widget
 
Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting (XSS).This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1.2024-03-276.1CVE-2022-45847
[email protected]
wpexperts — wholesale_for_woocommerce
 
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.2024-03-295.3CVE-2024-30469
[email protected]
wppool — webinar_and_video_conference_with_jitsi_meet

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPPOOL Webinar and Video Conference with Jitsi Meet allows Stored XSS.This issue affects Webinar and Video Conference with Jitsi Meet: from n/a through 2.6.3.2024-03-296.5CVE-2024-30437
[email protected]
wpvibes — elementor_addon_elements

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.1.2024-03-286.5CVE-2024-30422
[email protected]
wpwax — post_grid_slider_&_carousel_ultimate

 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6.2024-03-276.5CVE-2024-29925
[email protected]
xpeedstudio — elementskit_elementor_addons
 
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-1238
[email protected]
[email protected]
xpro — 140+_widgets_|_best_addons_for_elementor_-_free
 
The 130+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-296.4CVE-2024-2250
[email protected]
[email protected]
zephyrproject-rtos — zephyr
 
An malicious BLE device can crash BLE victim device by sending malformed gatt packet2024-03-296.8CVE-2024-3077
[email protected]
zionbuilder.io — wordpress_page_builder_-_zion_builder
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in zionbuilder.Io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPress Page Builder – Zion Builder: from n/a through 3.6.9.2024-03-295.9CVE-2024-30444
[email protected]
zitadel — zitadel

 
ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim `urn:zitadel:iam:user:resourceowner:name`. To compensate for this we introduced a protection that does prevent actions from changing claims that start with `urn:zitadel:iam`. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17.2024-03-276.1CVE-2024-29892
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

Back to top

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
ampache — ampache
 
Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting (XSS) vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of /preferences.php?action=admin_update_preferences. This vulnerability is fixed in 6.3.1.2024-03-273.9CVE-2024-28853
[email protected]
awesomestcode — livebot
 
A vulnerability was found in AwesomestCode LiveBot. It has been classified as problematic. Affected is the function parseSend of the file js/parseMessage.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. Upgrading to version 0.1 is able to address this issue. The name of the patch is 57505527f838d1e46e8f93d567ba552a30185bfa. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257784.2024-03-253.5CVE-2020-36826
[email protected]
[email protected]
[email protected]
[email protected]
bdtask — multi-store_inventory_management_system
 
A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258198 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-272.4CVE-2024-2996
[email protected]
[email protected]
[email protected]
[email protected]
bdtask — multi-store_inventory_management_system
 
A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Name/Unit Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258199. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-272.4CVE-2024-2997
[email protected]
[email protected]
[email protected]
[email protected]
bdtask — multi-store_inventory_management_system
 
A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Store Update Page. The manipulation of the argument Store Name/Store Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258200. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-272.4CVE-2024-2998
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — online_examination_system
 
A vulnerability classified as problematic has been found in Campcodes Online Examination System 1.0. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258030 is the identifier assigned to this vulnerability.2024-03-273.5CVE-2024-2939
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — online_examination_system
 
A vulnerability classified as problematic was found in Campcodes Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /adminpanel/admin/facebox_modal/updateCourse.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258031.2024-03-273.5CVE-2024-2940
[email protected]
[email protected]
[email protected]
[email protected]
code-projects — online_book_system
 
A vulnerability was found in code-projects Online Book System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Product.php. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258206 is the identifier assigned to this vulnerability.2024-03-273.5CVE-2024-3004
[email protected]
[email protected]
[email protected]
[email protected]
easycorp — easyadmin
 
A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. The attack can be launched remotely. Upgrading to version 4.8.10 is able to address this issue. The identifier of the patch is 127436e4c3f56276d548070f99e61b7234200a11. It is recommended to upgrade the affected component. The identifier VDB-258613 was assigned to this vulnerability.2024-03-293.5CVE-2024-3081
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
hcl_software — bigfix_platform
 
An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options.2024-03-283.5CVE-2023-45705
[email protected]
hcl_software — bigfix_platform

 
The console may experience a service interruption when processing file names with invalid characters.2024-03-283.5CVE-2023-45715
[email protected]
hcl_software — bigfix_platform

 
An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration.2024-03-282CVE-2023-45706
[email protected]
ibm — common_cryptographic_architecture
 
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.2024-03-263.7CVE-2023-33855
[email protected]
[email protected]
molongui — molongui
 
Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7.2024-03-292.7CVE-2024-30507
[email protected]
nautobot — nautobot
 
Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9.2024-03-263.7CVE-2024-29199
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
phpgurukul — emergency_ambulance_hiring_portal
 
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258683.2024-03-302.4CVE-2024-3090
[email protected]
[email protected]
[email protected]
[email protected]
phpgurukul — emergency_ambulance_hiring_portal
 
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/search.php of the component Search Request Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258684.2024-03-302.4CVE-2024-3091
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester — todo_list_in_kanban_board
 
A vulnerability, which was classified as problematic, has been found in SourceCodester Todo List in Kanban Board 1.0. Affected by this issue is some unknown functionality of the component Add ToDo. The manipulation of the argument Todo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258014 is the identifier assigned to this vulnerability.2024-03-273.5CVE-2024-2935
[email protected]
[email protected]
[email protected]
[email protected]
thorsten — phpmyfaq
 
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.2024-03-263.8CVE-2024-29196
[email protected]
[email protected]
xpdf — xpdf
 
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.2024-03-262.9CVE-2024-2971
[email protected]

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache_software_foundation — apache_airflow
 
Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow’s local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix group of the folders. In the case Airflow is run with the root user (not recommended) it added group write permission to all folders up to the root of the filesystem. If your log files are stored in the home directory, these permission changes might impact your ability to run SSH operations after your home directory becomes group-writeable. This issue does not affect users who use or extend Airflow using Official Airflow Docker reference images ( https://hub.docker.com/r/apache/airflow/ ) – those images require to have group write permission set anyway. You are affected only if you install Airflow using local installation / virtualenv or other Docker images, but the issue has no impact if docker containers are used as intended, i.e. where Airflow components do not share containers with other applications and users. Also you should not be affected if your umask is 002 (group write enabled) – this is the default on many linux systems. Recommendation for users using Airflow outside of the containers: * if you are using root to run Airflow, change your Airflow user to use non-root * upgrade Apache Airflow to 2.8.4 or above * If you prefer not to upgrade, you can change the https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#file-task-handler-new-folder-permissions  to 0o755 (original value 0o775). * if you already ran Airflow tasks before and your default umask is 022 (group write disabled) you should stop Airflow components, check permissions of AIRFLOW_HOME/logs in all your components and all parent directories of this directory and remove group write access for all the parent directories2024-03-26not yet calculatedCVE-2024-29735
[email protected]
[email protected]
apple — ios_and_ipados
 
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data.2024-03-28not yet calculatedCVE-2023-42893
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apple — ios_and_ipados
 
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system.2024-03-28not yet calculatedCVE-2023-42896
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apple — ios_and_ipados
 
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data.2024-03-28not yet calculatedCVE-2023-42936
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apple — ios_and_ipados
 
A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox.2024-03-28not yet calculatedCVE-2023-42947
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apple — ios_and_ipados
 
This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. A remote attacker may be able to cause a denial-of-service.2024-03-28not yet calculatedCVE-2023-42962
[email protected]
[email protected]
apple — ios_and_ipados
 
A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges.2024-03-28not yet calculatedCVE-2023-42974
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apple — macos
 
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data.2024-03-28not yet calculatedCVE-2023-40390
[email protected]
apple — macos
 
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A local attacker may be able to elevate their privileges.2024-03-28not yet calculatedCVE-2023-42892
[email protected]
[email protected]
[email protected]
apple — macos
 
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions.2024-03-28not yet calculatedCVE-2023-42913
[email protected]
apple — macos
 
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. An app may be able to modify protected parts of the file system.2024-03-28not yet calculatedCVE-2023-42930
[email protected]
[email protected]
[email protected]
apple — macos
 
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication.2024-03-28not yet calculatedCVE-2023-42931
[email protected]
[email protected]
[email protected]
apple — safari
 
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.2024-03-28not yet calculatedCVE-2023-42950
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
apple — safari
 
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service.2024-03-28not yet calculatedCVE-2023-42956
[email protected]
[email protected]
[email protected]
ari_susanto — easy-popup-show
 
Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unauthenticated attacker to hijack the authentication of the administrator and to perform unintended operations if the administrator views a malicious page while logged in.2024-03-25not yet calculatedCVE-2024-29009
[email protected]
[email protected]
curl — curl
 
When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl –proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.2024-03-27not yet calculatedCVE-2024-2004
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
curl — curl
 
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.2024-03-27not yet calculatedCVE-2024-2379
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
curl — curl
 
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.2024-03-27not yet calculatedCVE-2024-2398
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
curl — curl
 
libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc).2024-03-27not yet calculatedCVE-2024-2466
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
devolutions — server
 
Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request.2024-03-26not yet calculatedCVE-2024-2915
[email protected]
devolutions — server
 
Improper access control in PAM vault permissions in Devolutions Server 2024.1.6 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions.2024-03-26not yet calculatedCVE-2024-2921
[email protected]
flash_cgi — mini_thread
 
Cross-site scripting vulnerability exists in Mini Thread Version 3.33?i. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33?i.2024-03-26not yet calculatedCVE-2024-28034
[email protected]
fortunefield — ffbull
 
OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using ffBull ver.4.11.2024-03-26not yet calculatedCVE-2024-28048
[email protected]
google — chrome
 
Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)2024-03-26not yet calculatedCVE-2024-2883
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
google — chrome
 
Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-03-26not yet calculatedCVE-2024-2885
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
google — chrome
 
Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)2024-03-26not yet calculatedCVE-2024-2886
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
google — chrome
 
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)2024-03-26not yet calculatedCVE-2024-2887
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
gradio-app — gradio-app/gradio
 
Previously, it was possible to exfiltrate secrets in Gradio’s CI, but this is now fixed.2024-03-27not yet calculatedCVE-2024-1540
[email protected]
[email protected]
gradio-app — gradio-app/gradio
 
Th password check condition is vulnerable to timing attack to guess the password2024-03-29not yet calculatedCVE-2024-1729
[email protected]
[email protected]
gradio-app — gradio-app/gradio
 
The /proxy route allows a user to proxy arbitrary urls including potential internal endpoints.2024-03-27not yet calculatedCVE-2024-2206
[email protected]
[email protected]
hp,_inc. — hp_printer_firmware_update_utility
 
A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution.2024-03-27not yet calculatedCVE-2024-2209
[email protected]
kddi_corporation — hgw_bl1500hm
 
HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command.2024-03-25not yet calculatedCVE-2024-28041
[email protected]
[email protected]
kddi_corporation — hgw_bl1500hm
 
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings.2024-03-25not yet calculatedCVE-2024-29071
[email protected]
[email protected]
kddi_corporation — hgw_bl1500hm
 
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.2024-03-25not yet calculatedCVE-2024-21865
[email protected]
[email protected]
langchain-ai — langchain-ai/langchain
 
The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html This primarily affects users that combine an LLM (or agent) with the `XMLOutputParser` and expose the component via an endpoint on a web-service. This would allow a malicious party to attempt to manipulate the LLM to produce a malicious payload for the parser that would compromise the availability of the service. A successful attack is predicated on: 1. Usage of XMLOutputParser 2. Passing of malicious input into the XMLOutputParser either directly or by trying to manipulate an LLM to do so on the users behalf 3. Exposing the component via a web-service2024-03-26not yet calculatedCVE-2024-1455
[email protected]
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: net: zero-initialize tc skb extension on allocation Function skb_ext_add() doesn’t initialize created skb extension with any value and leaves it up to the user. However, since extension of type TC_SKB_EXT originally contained only single value tc_skb_ext->chain its users used to just assign the chain value without setting whole extension memory to zero first. This assumption changed when TC_SKB_EXT extension was extended with additional fields but not all users were updated to initialize the new fields which leads to use of uninitialized memory afterwards. UBSAN log: [ 778.299821] UBSAN: invalid-load in net/openvswitch/flow.c:899:28 [ 778.301495] load of value 107 is not a valid value for type ‘_Bool’ [ 778.303215] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.12.0-rc7+ #2 [ 778.304933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 778.307901] Call Trace: [ 778.308680] <IRQ> [ 778.309358] dump_stack+0xbb/0x107 [ 778.310307] ubsan_epilogue+0x5/0x40 [ 778.311167] __ubsan_handle_load_invalid_value.cold+0x43/0x48 [ 778.312454] ? memset+0x20/0x40 [ 778.313230] ovs_flow_key_extract.cold+0xf/0x14 [openvswitch] [ 778.314532] ovs_vport_receive+0x19e/0x2e0 [openvswitch] [ 778.315749] ? ovs_vport_find_upcall_portid+0x330/0x330 [openvswitch] [ 778.317188] ? create_prof_cpu_mask+0x20/0x20 [ 778.318220] ? arch_stack_walk+0x82/0xf0 [ 778.319153] ? secondary_startup_64_no_verify+0xb0/0xbb [ 778.320399] ? stack_trace_save+0x91/0xc0 [ 778.321362] ? stack_trace_consume_entry+0x160/0x160 [ 778.322517] ? lock_release+0x52e/0x760 [ 778.323444] netdev_frame_hook+0x323/0x610 [openvswitch] [ 778.324668] ? ovs_netdev_get_vport+0xe0/0xe0 [openvswitch] [ 778.325950] __netif_receive_skb_core+0x771/0x2db0 [ 778.327067] ? lock_downgrade+0x6e0/0x6f0 [ 778.328021] ? lock_acquire+0x565/0x720 [ 778.328940] ? generic_xdp_tx+0x4f0/0x4f0 [ 778.329902] ? inet_gro_receive+0x2a7/0x10a0 [ 778.330914] ? lock_downgrade+0x6f0/0x6f0 [ 778.331867] ? udp4_gro_receive+0x4c4/0x13e0 [ 778.332876] ? lock_release+0x52e/0x760 [ 778.333808] ? dev_gro_receive+0xcc8/0x2380 [ 778.334810] ? lock_downgrade+0x6f0/0x6f0 [ 778.335769] __netif_receive_skb_list_core+0x295/0x820 [ 778.336955] ? process_backlog+0x780/0x780 [ 778.337941] ? mlx5e_rep_tc_netdevice_event_unregister+0x20/0x20 [mlx5_core] [ 778.339613] ? seqcount_lockdep_reader_access.constprop.0+0xa7/0xc0 [ 778.341033] ? kvm_clock_get_cycles+0x14/0x20 [ 778.342072] netif_receive_skb_list_internal+0x5f5/0xcb0 [ 778.343288] ? __kasan_kmalloc+0x7a/0x90 [ 778.344234] ? mlx5e_handle_rx_cqe_mpwrq+0x9e0/0x9e0 [mlx5_core] [ 778.345676] ? mlx5e_xmit_xdp_frame_mpwqe+0x14d0/0x14d0 [mlx5_core] [ 778.347140] ? __netif_receive_skb_list_core+0x820/0x820 [ 778.348351] ? mlx5e_post_rx_mpwqes+0xa6/0x25d0 [mlx5_core] [ 778.349688] ? napi_gro_flush+0x26c/0x3c0 [ 778.350641] napi_complete_done+0x188/0x6b0 [ 778.351627] mlx5e_napi_poll+0x373/0x1b80 [mlx5_core] [ 778.352853] __napi_poll+0x9f/0x510 [ 778.353704] ? mlx5_flow_namespace_set_mode+0x260/0x260 [mlx5_core] [ 778.355158] net_rx_action+0x34c/0xa40 [ 778.356060] ? napi_threaded_poll+0x3d0/0x3d0 [ 778.357083] ? sched_clock_cpu+0x18/0x190 [ 778.358041] ? __common_interrupt+0x8e/0x1a0 [ 778.359045] __do_softirq+0x1ce/0x984 [ 778.359938] __irq_exit_rcu+0x137/0x1d0 [ 778.360865] irq_exit_rcu+0xa/0x20 [ 778.361708] common_interrupt+0x80/0xa0 [ 778.362640] </IRQ> [ 778.363212] asm_common_interrupt+0x1e/0x40 [ 778.364204] RIP: 0010:native_safe_halt+0xe/0x10 [ 778.365273] Code: 4f ff ff ff 4c 89 e7 e8 50 3f 40 fe e9 dc fe ff ff 48 89 df e8 43 3f 40 fe eb 90 cc e9 07 00 00 00 0f 00 2d 74 05 62 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 64 05 62 00 f4 c3 cc cc 0f 1f 44 00 [ 778.369355] RSP: 0018:ffffffff84407e48 EFLAGS: 00000246 [ 778.370570] RAX —truncated—2024-03-25not yet calculatedCVE-2021-47136
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter.2024-03-25not yet calculatedCVE-2021-47137
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these invalid values in the register can lead to out-of-bound memory access. So, fix by using the saved server TID base when clearing filters.2024-03-25not yet calculatedCVE-2021-47138
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this case, if user try to change the channel number or ring param, it may cause the hns3_set_rx_cpu_rmap() being called twice, and report bug. [47199.416502] hns3 0000:35:00.0 eth1: set channels: tqp_num=1, rxfh=0 [47199.430340] hns3 0000:35:00.0 eth1: already uninitialized [47199.438554] hns3 0000:35:00.0: rss changes from 4 to 1 [47199.511854] hns3 0000:35:00.0: Channels changed, rss_size from 4 to 1, tqps from 4 to 1 [47200.163524] ————[ cut here ]———— [47200.171674] kernel BUG at lib/cpu_rmap.c:142! [47200.177847] Internal error: Oops – BUG: 0 [#1] PREEMPT SMP [47200.185259] Modules linked in: hclge(+) hns3(-) hns3_cae(O) hns_roce_hw_v2 hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O) [last unloaded: hclge] [47200.205912] CPU: 1 PID: 8260 Comm: ethtool Tainted: G O 5.11.0-rc3+ #1 [47200.215601] Hardware name: , xxxxxx 02/04/2021 [47200.223052] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=–) [47200.230188] pc : cpu_rmap_add+0x38/0x40 [47200.237472] lr : irq_cpu_rmap_add+0x84/0x140 [47200.243291] sp : ffff800010e93a30 [47200.247295] x29: ffff800010e93a30 x28: ffff082100584880 [47200.254155] x27: 0000000000000000 x26: 0000000000000000 [47200.260712] x25: 0000000000000000 x24: 0000000000000004 [47200.267241] x23: ffff08209ba03000 x22: ffff08209ba038c0 [47200.273789] x21: 000000000000003f x20: ffff0820e2bc1680 [47200.280400] x19: ffff0820c970ec80 x18: 00000000000000c0 [47200.286944] x17: 0000000000000000 x16: ffffb43debe4a0d0 [47200.293456] x15: fffffc2082990600 x14: dead000000000122 [47200.300059] x13: ffffffffffffffff x12: 000000000000003e [47200.306606] x11: ffff0820815b8080 x10: ffff53e411988000 [47200.313171] x9 : 0000000000000000 x8 : ffff0820e2bc1700 [47200.319682] x7 : 0000000000000000 x6 : 000000000000003f [47200.326170] x5 : 0000000000000040 x4 : ffff800010e93a20 [47200.332656] x3 : 0000000000000004 x2 : ffff0820c970ec80 [47200.339168] x1 : ffff0820e2bc1680 x0 : 0000000000000004 [47200.346058] Call trace: [47200.349324] cpu_rmap_add+0x38/0x40 [47200.354300] hns3_set_rx_cpu_rmap+0x6c/0xe0 [hns3] [47200.362294] hns3_reset_notify_init_enet+0x1cc/0x340 [hns3] [47200.370049] hns3_change_channels+0x40/0xb0 [hns3] [47200.376770] hns3_set_channels+0x12c/0x2a0 [hns3] [47200.383353] ethtool_set_channels+0x140/0x250 [47200.389772] dev_ethtool+0x714/0x23d0 [47200.394440] dev_ioctl+0x4cc/0x640 [47200.399277] sock_do_ioctl+0x100/0x2a0 [47200.404574] sock_ioctl+0x28c/0x470 [47200.409079] __arm64_sys_ioctl+0xb4/0x100 [47200.415217] el0_svc_common.constprop.0+0x84/0x210 [47200.422088] do_el0_svc+0x28/0x34 [47200.426387] el0_svc+0x28/0x70 [47200.431308] el0_sync_handler+0x1a4/0x1b0 [47200.436477] el0_sync+0x174/0x180 [47200.441562] Code: 11000405 79000c45 f8247861 d65f03c0 (d4210000) [47200.448869] —[ end trace a01efe4ce42e5f34 ]— The process is like below: excuting hns3_client_init | register_netdev() | hns3_set_channels() | | hns3_set_rx_cpu_rmap() hns3_reset_notify_uninit_enet() | | | quit without calling function | hns3_free_rx_cpu_rmap for flag | HNS3_NIC_STATE_INITED is unset. | | | hns3_reset_notify_init_enet() | | set HNS3_NIC_STATE_INITED call hns3_set_rx_cpu_rmap()– crash Fix it by calling register_netdev() at the end of function hns3_client_init().2024-03-25not yet calculatedCVE-2021-47139
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Clear DMA ops when switching domain Since commit 08a27c1c3ecf (“iommu: Add support to change default domain of an iommu group”) a user can switch a device between IOMMU and direct DMA through sysfs. This doesn’t work for AMD IOMMU at the moment because dev->dma_ops is not cleared when switching from a DMA to an identity IOMMU domain. The DMA layer thus attempts to use the dma-iommu ops on an identity domain, causing an oops: # echo 0000:00:05.0 > /sys/sys/bus/pci/drivers/e1000e/unbind # echo identity > /sys/bus/pci/devices/0000:00:05.0/iommu_group/type # echo 0000:00:05.0 > /sys/sys/bus/pci/drivers/e1000e/bind … BUG: kernel NULL pointer dereference, address: 0000000000000028 … Call Trace: iommu_dma_alloc e1000e_setup_tx_resources e1000e_open Since iommu_change_dev_def_domain() calls probe_finalize() again, clear the dma_ops there like Vt-d does.2024-03-25not yet calculatedCVE-2021-47140
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: gve: Add NULL pointer checks when freeing irqs. When freeing notification blocks, we index priv->msix_vectors. If we failed to allocate priv->msix_vectors (see abort_with_msix_vectors) this could lead to a NULL pointer dereference if the driver is unloaded.2024-03-25not yet calculatedCVE-2021-47141
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI [ 1235.989074] Call Trace: [ 1235.991751] sg_free_table+0x17/0x20 [ 1235.995667] amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu] [ 1236.002288] amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu] [ 1236.008464] ttm_tt_destroy+0x1e/0x30 [ttm] [ 1236.013066] ttm_bo_cleanup_memtype_use+0x51/0xa0 [ttm] [ 1236.018783] ttm_bo_release+0x262/0xa50 [ttm] [ 1236.023547] ttm_bo_put+0x82/0xd0 [ttm] [ 1236.027766] amdgpu_bo_unref+0x26/0x50 [amdgpu] [ 1236.032809] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu] [ 1236.040400] kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu] [ 1236.046912] kfd_ioctl+0x463/0x690 [amdgpu]2024-03-25not yet calculatedCVE-2021-47142
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: net/smc: remove device from smcd_dev_list after failed device_add() If the device_add() for a smcd_dev fails, there’s no cleanup step that rolls back the earlier list_add(). The device subsequently gets freed, and we end up with a corrupted list. Add some error handling that removes the device from the list.2024-03-25not yet calculatedCVE-2021-47143
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix refcount leak [Why] the gem object rfb->base.obj[0] is get according to num_planes in amdgpufb_create, but is not put according to num_planes [How] put rfb->base.obj[0] in amdgpu_fbdev_destroy according to num_planes2024-03-25not yet calculatedCVE-2021-47144
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON in link_to_fixup_dir While doing error injection testing I got the following panic kernel BUG at fs/btrfs/tree-log.c:1862! invalid opcode: 0000 [#1] SMP NOPTI CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ #305 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014 RIP: 0010:link_to_fixup_dir+0xd5/0xe0 RSP: 0018:ffffb5800180fa30 EFLAGS: 00010216 RAX: fffffffffffffffb RBX: 00000000fffffffb RCX: ffff8f595287faf0 RDX: ffffb5800180fa37 RSI: ffff8f5954978800 RDI: 0000000000000000 RBP: ffff8f5953af9450 R08: 0000000000000019 R09: 0000000000000001 R10: 000151f408682970 R11: 0000000120021001 R12: ffff8f5954978800 R13: ffff8f595287faf0 R14: ffff8f5953c77dd0 R15: 0000000000000065 FS: 00007fc5284c8c40(0000) GS:ffff8f59bbd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5287f47c0 CR3: 000000011275e002 CR4: 0000000000370ee0 Call Trace: replay_one_buffer+0x409/0x470 ? btree_read_extent_buffer_pages+0xd0/0x110 walk_up_log_tree+0x157/0x1e0 walk_log_tree+0xa6/0x1d0 btrfs_recover_log_trees+0x1da/0x360 ? replay_one_extent+0x7b0/0x7b0 open_ctree+0x1486/0x1720 btrfs_mount_root.cold+0x12/0xea ? __kmalloc_track_caller+0x12f/0x240 legacy_get_tree+0x24/0x40 vfs_get_tree+0x22/0xb0 vfs_kern_mount.part.0+0x71/0xb0 btrfs_mount+0x10d/0x380 ? vfs_parse_fs_string+0x4d/0x90 legacy_get_tree+0x24/0x40 vfs_get_tree+0x22/0xb0 path_mount+0x433/0xa10 __x64_sys_mount+0xe3/0x120 do_syscall_64+0x3d/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae We can get -EIO or any number of legitimate errors from btrfs_search_slot(), panicing here is not the appropriate response. The error path for this code handles errors properly, simply return the error.2024-03-25not yet calculatedCVE-2021-47145
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mld_newpack() mld_newpack() doesn’t allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skb_put(). Test commands: ip netns del A ip netns del B ip netns add A ip netns add B ip link add veth0 type veth peer name veth1 ip link set veth0 netns A ip link set veth1 netns B ip netns exec A ip link set lo up ip netns exec A ip link set veth0 up ip netns exec A ip -6 a a 2001:db8:0::1/64 dev veth0 ip netns exec B ip link set lo up ip netns exec B ip link set veth1 up ip netns exec B ip -6 a a 2001:db8:0::2/64 dev veth1 for i in {1..99} do let A=$i-1 ip netns exec A ip link add ip6gre$i type ip6gre \ local 2001:db8:$A::1 remote 2001:db8:$A::2 encaplimit 100 ip netns exec A ip -6 a a 2001:db8:$i::1/64 dev ip6gre$i ip netns exec A ip link set ip6gre$i up ip netns exec B ip link add ip6gre$i type ip6gre \ local 2001:db8:$A::2 remote 2001:db8:$A::1 encaplimit 100 ip netns exec B ip -6 a a 2001:db8:$i::2/64 dev ip6gre$i ip netns exec B ip link set ip6gre$i up done Splat looks like: kernel BUG at net/core/skbuff.c:110! invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.12.0+ #891 Workqueue: ipv6_addrconf addrconf_dad_work RIP: 0010:skb_panic+0x15d/0x15f Code: 92 fe 4c 8b 4c 24 10 53 8b 4d 70 45 89 e0 48 c7 c7 00 ae 79 83 41 57 41 56 41 55 48 8b 54 24 a6 26 f9 ff <0f> 0b 48 8b 6c 24 20 89 34 24 e8 4a 4e 92 fe 8b 34 24 48 c7 c1 20 RSP: 0018:ffff88810091f820 EFLAGS: 00010282 RAX: 0000000000000089 RBX: ffff8881086e9000 RCX: 0000000000000000 RDX: 0000000000000089 RSI: 0000000000000008 RDI: ffffed1020123efb RBP: ffff888005f6eac0 R08: ffffed1022fc0031 R09: ffffed1022fc0031 R10: ffff888117e00187 R11: ffffed1022fc0030 R12: 0000000000000028 R13: ffff888008284eb0 R14: 0000000000000ed8 R15: 0000000000000ec0 FS: 0000000000000000(0000) GS:ffff888117c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8b801c5640 CR3: 0000000033c2c006 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 skb_put.cold.104+0x22/0x22 ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 ? rcu_read_lock_sched_held+0x91/0xc0 mld_newpack+0x398/0x8f0 ? ip6_mc_hdr.isra.26.constprop.46+0x600/0x600 ? lock_contended+0xc40/0xc40 add_grhead.isra.33+0x280/0x380 add_grec+0x5ca/0xff0 ? mld_sendpack+0xf40/0xf40 ? lock_downgrade+0x690/0x690 mld_send_initial_cr.part.34+0xb9/0x180 ipv6_mc_dad_complete+0x15d/0x1b0 addrconf_dad_completed+0x8d2/0xbb0 ? lock_downgrade+0x690/0x690 ? addrconf_rs_timer+0x660/0x660 ? addrconf_dad_work+0x73c/0x10e0 addrconf_dad_work+0x73c/0x10e0 Allowing high order page allocation could fix this problem.2024-03-25not yet calculatedCVE-2021-47146
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix a resource leak in an error handling path If an error occurs after a successful ‘pci_ioremap_bar()’ call, it must be undone by a corresponding ‘pci_iounmap()’ call, as already done in the remove function.2024-03-25not yet calculatedCVE-2021-47147
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context() This function is called from ethtool_set_rxfh() and “*rss_context” comes from the user. Add some bounds checking to prevent memory corruption.2024-03-25not yet calculatedCVE-2021-47148
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: net: fujitsu: fix potential null-ptr-deref In fmvj18x_get_hwinfo(), if ioremap fails there will be NULL pointer deref. To fix this, check the return value of ioremap and return -1 to the caller in case of failure.2024-03-25not yet calculatedCVE-2021-47149
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: net: fec: fix the potential memory leak in fec_enet_init() If the memory allocated for cbd_base is failed, it should free the memory allocated for the queues, otherwise it causes memory leak. And if the memory allocated for the queues is failed, it can return error directly.2024-03-25not yet calculatedCVE-2021-47150
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: bcm-voter: add a missing of_node_put() Add a missing of_node_put() in of_bcm_voter_get() to avoid the reference leak.2024-03-25not yet calculatedCVE-2021-47151
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data stream corruption Maxim reported several issues when forcing a TCP transparent proxy to use the MPTCP protocol for the inbound connections. He also provided a clean reproducer. The problem boils down to ‘mptcp_frag_can_collapse_to()’ assuming that only MPTCP will use the given page_frag. If others – e.g. the plain TCP protocol – allocate page fragments, we can end-up re-using already allocated memory for mptcp_data_frag. Fix the issue ensuring that the to-be-expanded data fragment is located at the current page frag end. v1 -> v2: – added missing fixes tag (Mat)2024-03-25not yet calculatedCVE-2021-47152
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don’t generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a attempt to recover from a timed out transaction triggers an interrupt. Unfortunately, the interrupt handler (i801_isr) is not prepared for this situation and will try to process the interrupt as if it was signaling the end of a successful transaction. In the case of a block transaction, this can result in an out-of-range memory access. This condition was reproduced several times by syzbot: https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79 So disable interrupts while trying to reset the bus. Interrupts will be enabled again for the following transaction.2024-03-25not yet calculatedCVE-2021-47153
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: add error handling in sja1105_setup() If any of sja1105_static_config_load(), sja1105_clocking_setup() or sja1105_devlink_setup() fails, we can’t just return in the middle of sja1105_setup() or memory will leak. Add a cleanup path.2024-03-25not yet calculatedCVE-2021-47158
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix a crash if ->get_sset_count() fails If ds->ops->get_sset_count() fails then it “count” is a negative error code such as -EOPNOTSUPP. Because “i” is an unsigned int, the negative error code is type promoted to a very high value and the loop will corrupt memory until the system crashes. Fix this by checking for error codes and changing the type of “i” to just int.2024-03-25not yet calculatedCVE-2021-47159
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mt7530: fix VLAN traffic leaks PCR_MATRIX field was set to all 1’s when VLAN filtering is enabled, but was not reset when it is disabled, which may cause traffic leaks: ip link add br0 type bridge vlan_filtering 1 ip link add br1 type bridge vlan_filtering 1 ip link set swp0 master br0 ip link set swp1 master br1 ip link set br0 type bridge vlan_filtering 0 ip link set br1 type bridge vlan_filtering 0 # traffic in br0 and br1 will start leaking to each other As port_bridge_{add,del} have set up PCR_MATRIX properly, remove the PCR_MATRIX write from mt7530_port_set_vlan_aware.2024-03-25not yet calculatedCVE-2021-47160
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-dspi: Fix a resource leak in an error handling path ‘dspi_request_dma()’ should be undone by a ‘dspi_release_dma()’ call in the error handling path of the probe function, as already done in the remove function2024-03-25not yet calculatedCVE-2021-47161
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: tipc: skb_linearize the head skb when reassembling msgs It’s not a good idea to append the frag skb to a skb’s frag_list if the frag_list already has skbs from elsewhere, such as this skb was created by pskb_copy() where the frag_list was cloned (all the skbs in it were skb_get’ed) and shared by multiple skbs. However, the new appended frag skb should have been only seen by the curren