US-CERT Vulnerability Summary for the Week of October 14, 2024

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource InfoPatch Info
Acespritech Solutions Pvt. Ltd.–Social Link Groups
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Acespritech Solutions Pvt. Ltd. Social Link Groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through 1.1.0.2024-10-208.5CVE-2024-49619[email protected]
 
acm309–PutongOJ
 
PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually.2024-10-179.1CVE-2024-48920[email protected]
[email protected]
[email protected]
 
acronis — cyber_files
 
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0×24.2024-10-177.8CVE-2024-49389[email protected]
 
acronis — cyber_files
 
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0×24.2024-10-177.3CVE-2024-49390[email protected]
 
acronis — cyber_files
 
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0×24.2024-10-177.3CVE-2024-49391[email protected]
 
acronis — cyber_protect
 
Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.2024-10-159.1CVE-2024-49388[email protected]
 
acronis — cyber_protect
 
Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.2024-10-157.5CVE-2024-49387[email protected]
 
Agustin Berasategui–AB Categories Search Widget
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Agustin Berasategui AB Categories Search Widget allows Reflected XSS.This issue affects AB Categories Search Widget: from n/a through 0.2.5.2024-10-187.1CVE-2024-49240[email protected]
 
Ahime–Ahime Image Printer
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Ahime Ahime Image Printer.This issue affects Ahime Image Printer: from n/a through 1.0.0.2024-10-167.5CVE-2024-49245[email protected]
 
Ahmet Imamoglu–Ahmeti Wp Timeline
 
Cross-Site Request Forgery (CSRF) vulnerability in Ahmet Imamoglu Ahmeti Wp Timeline allows Stored XSS.This issue affects Ahmeti Wp Timeline: from n/a through 5.1.2024-10-177.1CVE-2024-49237[email protected]
 
Al Imran Akash–Recently
 
Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object Injection.This issue affects Recently: from n/a through 1.1.2024-10-169.8CVE-2024-49218[email protected]
 
anand23–Ajax Rating with Custom Login
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in anand23 Ajax Rating with Custom Login allows SQL Injection.This issue affects Ajax Rating with Custom Login: from n/a through 1.1.2024-10-179.3CVE-2024-49246[email protected]
 
andrewmrobbins–ShopWP
 
The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating the plugin’s settings and injecting malicious scripts.2024-10-167.2CVE-2019-25214[email protected]
[email protected]
 
Apa–Apa Banner Slider
 
Cross-Site Request Forgery (CSRF) vulnerability in Apa Apa Banner Slider allows SQL Injection.This issue affects Apa Banner Slider: from n/a through 1.0.0.2024-10-208.2CVE-2024-49622[email protected]
 
Apa–APA Register Newsletter Form
 
Cross-Site Request Forgery (CSRF) vulnerability in Apa APA Register Newsletter Form allows SQL Injection.This issue affects APA Register Newsletter Form: from n/a through 1.0.0.2024-10-208.2CVE-2024-49621[email protected]
 
apache — activemq_artemis
 
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE. Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue.2024-10-148.8CVE-2023-50780[email protected]
 
apache — cloudstack
 
Users logged into the Apache CloudStack’s web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account takeover, disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1 Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.2024-10-168.8CVE-2024-45693[email protected]
[email protected]
[email protected]
 
apache — cloudstack
 
The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user’s browser can use an unexpired session to gain access to resources owned by the logged out user account. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.2024-10-167.1CVE-2024-45462[email protected]
[email protected]
[email protected]
 
Apache Software Foundation–Apache CloudStack
 
Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1, an attacker that can upload or register templates and volumes, can use them to deploy malicious instances or attach uploaded volumes to their existing instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Additionally, all user-uploaded or registered KVM-compatible templates and volumes can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run this on their secondary storage(s) and inspect output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo “Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully.”; qemu-img info -U $file | grep file: ; printf “\n\n”; done The command can also be run for the file-based primary storages; however, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives. For checking the whole template/volume features of each disk, operators can run the following command: for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo “Retrieving file [$file] info.”; qemu-img info -U $file; printf “\n\n”; done2024-10-168.5CVE-2024-45219[email protected]
[email protected]
[email protected]
 
Apache Software Foundation–Apache Solr
 
Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing. This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0. Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue.2024-10-169.8CVE-2024-45216[email protected]
 
Apache Software Foundation–Apache Solr
 
Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the “trusted” metadata. ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to “trusted” ConfigSets that may not have been created with an Authenticated request. “trusted” ConfigSets are able to load custom code into classloaders, therefore the flag is supposed to only be set when the request that uploads the ConfigSet is Authenticated & Authorized. This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before 9.7.0. This issue does not affect Solr instances that are secured via Authentication/Authorization. Users are primarily recommended to use Authentication and Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate this issue otherwise.2024-10-168.1CVE-2024-45217[email protected]
 
Arif Nezami–Better Author Bio
 
Cross-Site Request Forgery (CSRF) vulnerability in Arif Nezami Better Author Bio allows Cross-Site Scripting (XSS).This issue affects Better Author Bio: from n/a through 2.7.10.11.2024-10-177.1CVE-2024-49229[email protected]
 
arisoft–ARI Adminer WordPress Database Manager
 
The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions such as accessing a site’s database and making changes.2024-10-167.3CVE-2019-25215[email protected]
[email protected]
 
arraytics–WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin
 
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to reset the emails and passwords of arbitrary user accounts, including administrators, which makes account takeover and privilege escalation possible.2024-10-179.8CVE-2024-9263[email protected]
[email protected]
[email protected]
[email protected]
 
Asep Bagja Priandana–Woostagram Connect
 
Unrestricted Upload of File with Dangerous Type vulnerability in Asep Bagja Priandana Woostagram Connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through 1.0.2.2024-10-2010CVE-2024-49327[email protected]
 
Autodesk–Revit
 
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.2024-10-167.8CVE-2024-7993[email protected]
 
Autodesk–Revit
 
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.2024-10-167.8CVE-2024-7994[email protected]
 
Avchat.net–AVChat Video Chat
 
Cross-Site Request Forgery (CSRF) vulnerability in Avchat.Net AVChat Video Chat allows Stored XSS.This issue affects AVChat Video Chat: from n/a through 2.2.2024-10-207.1CVE-2024-49605[email protected]
 
bc2018–WordPress Landing Page Squeeze Page Responsive Landing Page Builder Free WP Lead Plus X
 
The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions, such as adding pages to the site and/or replacing site content with malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-10-168.3CVE-2020-36839[email protected]
[email protected]
[email protected]
 
Bhaskar Dhote–Back Link Tracker
 
Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Back Link Tracker allows Blind SQL Injection.This issue affects Back Link Tracker: from n/a through 1.0.0.2024-10-208.2CVE-2024-49617[email protected]
 
Boyan Raichev–IP Loc8
 
Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 allows Object Injection.This issue affects IP Loc8: from n/a through 1.1.2024-10-169.8CVE-2024-48028[email protected]
 
Brandon Clark–SiteBuilder Dynamic Components
 
Deserialization of Untrusted Data vulnerability in Brandon Clark SiteBuilder Dynamic Components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through 1.0.2024-10-209.8CVE-2024-49625[email protected]
 
Brandon White–Author Discussion
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Brandon White Author Discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through 0.2.2.2024-10-208.5CVE-2024-49609[email protected]
 
brx8r–Nice Backgrounds
 
Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through 1.0.2024-10-2010CVE-2024-49330[email protected]
 
ChanGate–Property Management System
 
Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.2024-10-159.8CVE-2024-9972[email protected]
[email protected]
 
chertz–WP Easy Post Types
 
The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the ‘text’ parameter in the ‘ajax_import_content’ function. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-10-188.8CVE-2024-10079[email protected]
[email protected]
 
chertz–WP Easy Post Types
 
The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts.2024-10-187.3CVE-2024-10078[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Cisco–Cisco Analog Telephone Adaptor (ATA) Software
 
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication on specific HTTP endpoints. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view or delete the configuration or change the firmware.2024-10-168.2CVE-2024-20458[email protected]
 
Cisco–Cisco Analog Telephone Adaptor (ATA) Software
 
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.2024-10-167.1CVE-2024-20421[email protected]
 
cmssoft–CSV Product Import Export for WooCommerce
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in cmssoft CSV Product Import Export for WooCommerce allows SQL Injection.This issue affects CSV Product Import Export for WooCommerce: from n/a through 1.0.0.2024-10-178.5CVE-2024-49244[email protected]
 
code-projects — pharmacy_management_system
 
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_customer.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-159.8CVE-2024-9976[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
code-projects–Blood Bank Management System
 
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file member_register.php. The manipulation of the argument fullname/username/password/email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “password” to be affected. But it must be assumed that other parameters are affected as well.2024-10-157.3CVE-2024-9986[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
CodeFlock–FREE DOWNLOAD MANAGER
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in CodeFlock FREE DOWNLOAD MANAGER allows Path Traversal.This issue affects FREE DOWNLOAD MANAGER: from n/a through 1.0.0.2024-10-178.6CVE-2024-49315[email protected]
 
CodePassenger–Job Board Manager for WordPress
 
Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0.2024-10-179.8CVE-2024-49322[email protected]
 
Codezips–Sales Management System
 
A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file deletecustcom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.2024-10-207.3CVE-2024-10165[email protected]
[email protected]
[email protected]
[email protected]
 
Codezips–Sales Management System
 
A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file checkuser.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.2024-10-207.3CVE-2024-10166[email protected]
[email protected]
[email protected]
[email protected]
 
Codezips–Sales Management System
 
A vulnerability classified as critical has been found in Codezips Sales Management System 1.0. This affects an unknown part of the file deletecustind.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-207.3CVE-2024-10167[email protected]
[email protected]
[email protected]
[email protected]
 
Cookie Scanner Nikel Schubert–Cookie Scanner
 
Cross-Site Request Forgery (CSRF) vulnerability in Cookie Scanner – Nikel Schubert Cookie Scanner allows Stored XSS.This issue affects Cookie Scanner: from n/a through 1.1.2024-10-177.1CVE-2024-49220[email protected]
 
cyberlord92–Miniorange OTP Verification with Firebase
 
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and the user current password check is missing. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.2024-10-179.8CVE-2024-9862[email protected]
[email protected]
[email protected]
 
cyberlord92–Miniorange OTP Verification with Firebase
 
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure ‘administrator’ default value for the ‘default_user_role’ option. This makes it possible for unauthenticated attackers to register an administrator user even if the registration form is disabled.2024-10-179.8CVE-2024-9863[email protected]
[email protected]
[email protected]
 
cyberlord92–Miniorange OTP Verification with Firebase
 
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the phone number associated with that user.2024-10-178.1CVE-2024-9861[email protected]
[email protected]
[email protected]
[email protected]
 
Dan Alexander–SermonAudio Widgets
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3.2024-10-208.5CVE-2024-49614[email protected]
 
Dassault Systmes–3DSwymer
 
An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an authenticated attacker to access some unauthorized data.2024-10-167.7CVE-2024-8040[email protected]
 
Dassault Systmes–ENOVIA Collaborative Industry Innovator
 
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user’s browser session.2024-10-168.7CVE-2024-6380[email protected]
 
Dell–Dell OpenManage Enterprise
 
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code (‘Code Injection’) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.2024-10-178CVE-2024-45766[email protected]
 
Denis–Azz Anonim Posting
 
Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9.2024-10-1610CVE-2024-49257[email protected]
 
Dennis Hoppe–Encyclopedia / Glossary / Wiki
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Dennis Hoppe Encyclopedia / Glossary / Wiki allows Reflected XSS.This issue affects Encyclopedia / Glossary / Wiki: from n/a through 1.7.60.2024-10-177.1CVE-2024-49320[email protected]
 
didi–DDMQ
 
A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-207.3CVE-2024-10173[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Dotsquares–Google Map Locations
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Dotsquares Google Map Locations allows Reflected XSS.This issue affects Google Map Locations: from n/a through 1.0.2024-10-207.1CVE-2024-49606[email protected]
 
dueclic — wp_2fa_with_telegram
 
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the ‘validate_tg’ action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator.2024-10-158.8CVE-2024-9687[email protected]
[email protected]
 
dueclic — wp_2fa_with_telegram
 
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication.2024-10-157.5CVE-2024-9820[email protected]
[email protected]
 
easy.jobs–EasyJobs
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in easy.Jobs EasyJobs allows Reflected XSS.This issue affects EasyJobs: from n/a through 2.4.14.2024-10-177.1CVE-2024-43997[email protected]
 
edo888–Translate WordPress Google Language Translator
 
The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Specifically affects users with older browsers that lack proper URL encoding support.2024-10-167.1CVE-2021-4452[email protected]
[email protected]
[email protected]
[email protected]
 
Edush Maxim–GoogleDrive folder list
 
Cross-Site Request Forgery (CSRF) vulnerability in Edush Maxim GoogleDrive folder list allows Stored XSS.This issue affects GoogleDrive folder list: from n/a through 2.2.2.2024-10-207.1CVE-2024-49335[email protected]
 
emrevona–WP Fastest Cache
 
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.2024-10-168.8CVE-2020-36836[email protected]
[email protected]
[email protected]
 
ESi Technology–AIM LINE Marketing Platform
 
AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content.2024-10-159.8CVE-2024-9982[email protected]
[email protected]
 
F5–BIG-IP
 
BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2024-10-167.2CVE-2024-45844[email protected]
 
facebook–Facebook Chat Plugin Live Chat Plugin for WordPress
 
The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites.2024-10-167.4CVE-2020-36838[email protected]
[email protected]
 
Fahad Mahmood–Endless Posts Navigation
 
Cross-Site Request Forgery (CSRF) vulnerability in Fahad Mahmood Endless Posts Navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through 2.2.7.2024-10-207.1CVE-2024-49629[email protected]
 
Fahad Mahmood–Keep Backup Daily
 
: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Daily: from n/a through 2.0.7.2024-10-177.5CVE-2024-48024[email protected]
 
filemanagerpro — file_manager
 
The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the ‘mk_file_folder_manager’ ajax action. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-10-168.8CVE-2024-8507[email protected]
[email protected]
 
filemanagerpro — file_manager
 
The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the ‘mk_file_folder_manager_shortcode’ ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if granted access to the File Manager by an administrator, to download and upload arbitrary backup files on the affected site’s server which may make remote code execution possible.2024-10-168.8CVE-2024-8746[email protected]
[email protected]
 
Fliperrr Team–Creates 3D Flipbook, PDF Flipbook
 
Unrestricted Upload of File with Dangerous Type vulnerability in Fliperrr Team Creates 3D Flipbook, PDF Flipbook allows Upload a Web Shell to a Web Server.This issue affects Creates 3D Flipbook, PDF Flipbook: from n/a through 1.2.2024-10-169.9CVE-2024-48034[email protected]
 
formosasoft — ee-class
 
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents.2024-10-158.8CVE-2024-9980[email protected]
[email protected]
 
formosasoft — ee-class
 
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server.2024-10-158.8CVE-2024-9981[email protected]
[email protected]
 
Gabriele Valenti–Telecash Ricaricaweb
 
Deserialization of Untrusted Data vulnerability in Gabriele Valenti Telecash Ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through 2.2.2024-10-169.8CVE-2024-48030[email protected]
 
Gerry Ntabuhashe–GERRYWORKS Post by Mail
 
: Incorrect Privilege Assignment vulnerability in Gerry Ntabuhashe GERRYWORKS Post by Mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through 1.0.2024-10-208.8CVE-2024-49608[email protected]
 
Giveaway Boost–Giveaway Boost
 
Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4.2024-10-209.8CVE-2024-49332[email protected]
 
google — chrome
 
Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-10-158.8CVE-2024-9954[email protected]
[email protected]
 
google — chrome
 
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)2024-10-158.8CVE-2024-9965[email protected]
[email protected]
 
Google Cloud–Migrate to Containers
 
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local “m2cuser” was greated with administrator privileges. This posed a security risk if the “analyze” or “generate” commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond2024-10-167.8CVE-2024-9858[email protected]
 
Google–Chrome
 
Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)2024-10-158.8CVE-2024-9955[email protected]
[email protected]
 
Google–Chrome
 
Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)2024-10-158.8CVE-2024-9957[email protected]
[email protected]
 
Google–Chrome
 
Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)2024-10-158.8CVE-2024-9959[email protected]
[email protected]
 
Google–Chrome
 
Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)2024-10-158.8CVE-2024-9960[email protected]
[email protected]
 
Google–Chrome
 
Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)2024-10-158.8CVE-2024-9961[email protected]
[email protected]
 
Google–Chrome
 
Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)2024-10-157.8CVE-2024-9956[email protected]
[email protected]
 
Gora Tech LLC–Cooked Pro
 
Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0.2024-10-1710CVE-2024-49291[email protected]
 
Grafana–Grafana
 
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana’s $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.2024-10-189.9CVE-2024-9264[email protected]
 
Grayson Robbins–Disc Golf Manager
 
Deserialization of Untrusted Data vulnerability in Grayson Robbins Disc Golf Manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through 1.0.0.2024-10-169.8CVE-2024-48026[email protected]
 
Hasan Movahed–Duplicate Title Validate
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Hasan Movahed Duplicate Title Validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through 1.0.2024-10-208.5CVE-2024-49623[email protected]
 
helmholz — myrex24_v2_virtual_server
 
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.2024-10-157.5CVE-2024-45272[email protected]
[email protected]
 
Henrique Rodrigues–SafetyForms
 
Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms allows Blind SQL Injection.This issue affects SafetyForms: from n/a through 1.0.0.2024-10-208.2CVE-2024-49615[email protected]
 
Hgiga–OAKlouds
 
The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently .2024-10-149.8CVE-2024-9924[email protected]
[email protected]
 
HMS Networks–EWON FLEXY 202
 
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials.2024-10-178.2CVE-2024-7755[email protected]
 
HP Inc.–Certain HP DesignJet products
 
Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials.2024-10-157.5CVE-2024-5749[email protected]
 
Hung Trang Si–SB Random Posts Widget
 
: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Hung Trang Si SB Random Posts Widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through 1.0.2024-10-167.5CVE-2024-48029[email protected]
 
Igor Funa–Ad Inserter
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Igor Funa Ad Inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a through 2.7.37.2024-10-177.1CVE-2024-49248[email protected]
 
Imagination Technologies–Graphics DDK
 
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.2024-10-147.8CVE-2024-43701367425dc-4d06-4041-9650-c2dc6aaa27ce
 
Infotuts–SW Contact Form
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Infotuts SW Contact Form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a through 1.0.2024-10-208.5CVE-2024-49612[email protected]
 
Innovaweb Sp. z o.o.–Free Stock Photos Foter
 
Deserialization of Untrusted Data vulnerability in Innovaweb Sp. Z o.O. Free Stock Photos Foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through 1.5.4.2024-10-168.8CVE-2024-49227[email protected]
 
Jack Zhu–photokit
 
Unrestricted Upload of File with Dangerous Type vulnerability in Jack Zhu allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through 1.0.2024-10-2010CVE-2024-49610[email protected]
 
James Park–Analyse Uploads
 
Relative Path Traversal vulnerability in James Park Analyse Uploads allows Relative Path Traversal.This issue affects Analyse Uploads: from n/a through 0.5.2024-10-168.6CVE-2024-49253[email protected]
 
JetBrains–YouTrack
 
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests2024-10-178.1CVE-2024-49579[email protected]
 
jetmonsters–Timetable and Event Schedule by MotoPress
 
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety of actions such as including random template, injecting malicious web scripts, and more.2024-10-167.3CVE-2020-36840[email protected]
[email protected]
 
Jon Vincent Mendoza–Dynamic Elementor Addons
 
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Jon Vincent Mendoza Dynamic Elementor Addons allows PHP Local File Inclusion.This issue affects Dynamic Elementor Addons: from n/a through 1.0.0.2024-10-187.5CVE-2024-49243[email protected]
 
Jordan Lyall–MyTweetLinks
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Jordan Lyall MyTweetLinks allows Blind SQL Injection.This issue affects MyTweetLinks: from n/a through 1.1.1.2024-10-208.5CVE-2024-49618[email protected]
 
Joshua Clayton–Feed Comments Number
 
Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Clayton Feed Comments Number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a through 0.2.1.2024-10-1610CVE-2024-49216[email protected]
 
Julian Weinert // cs&m–cSlider
 
Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m cSlider allows Stored XSS.This issue affects cSlider: from n/a through 2.4.2.2024-10-177.1CVE-2024-49221[email protected]
 
Kubernetes–Image Builder
 
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider.2024-10-159.8CVE-2024-9486[email protected]
[email protected]
[email protected]
 
Limb–WordPress Gallery Plugin Limb Image Gallery
 
Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7.2024-10-169.9CVE-2024-49260[email protected]
 
LiteSpeed Technologies–LiteSpeed Cache
 
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1.2024-10-209.8CVE-2024-44000[email protected]
[email protected]
 
LiteSpeed Technologies–LiteSpeed Cache
 
: Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through 6.4.1.2024-10-168.8CVE-2024-47637[email protected]
 
Lodel Geraldo–Simple Code Insert Shortcode
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Lodel Geraldo Simple Code Insert Shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through 1.0.2024-10-208.5CVE-2024-49613[email protected]
 
M. Konieczny, DH9SB–ADIF Log Search Widget
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in M. Konieczny, DH9SB ADIF Log Search Widget allows Reflected XSS.This issue affects ADIF Log Search Widget: from n/a through 1.0f.2024-10-187.1CVE-2024-49238[email protected]
 
Maantheme–Maan Addons For Elementor
 
: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Maantheme Maan Addons For Elementor allows Local Code Inclusion.This issue affects Maan Addons For Elementor: from n/a through 1.0.1.2024-10-167.5CVE-2024-49251[email protected]
 
Madiri Salman Aashish–Adding drop down roles in registration
 
Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1.2024-10-179.8CVE-2024-49217[email protected]
 
magicbug — cloudlog
 
Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection.2024-10-149.8CVE-2024-48253[email protected]
[email protected]
[email protected]
 
magicbug — cloudlog
 
Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection.2024-10-149.8CVE-2024-48255[email protected]
[email protected]
[email protected]
 
Mahesh Patel–Mitm Bug Tracker
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Mahesh Patel Mitm Bug Tracker allows Reflected XSS.This issue affects Mitm Bug Tracker: from n/a through 1.0.2024-10-187.1CVE-2024-49224[email protected]
 
mainwp–MainWP Dashboard: WordPress Management without the SaaS
 
The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwp_setup_purchase_username’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-167.2CVE-2016-15041[email protected]
[email protected]
[email protected]
[email protected]
 
Marco Heine–PDF-Rechnungsverwaltung
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Marco Heine PDF-Rechnungsverwaltung allows PHP Local File Inclusion.This issue affects PDF-Rechnungsverwaltung: from n/a through 0.0.1.2024-10-177.5CVE-2024-49287[email protected]
 
MB connect line–mbNET.mini
 
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.2024-10-158.4CVE-2024-45271[email protected]
[email protected]
 
mbconnectline — mbnet.mini_firmware
 
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.2024-10-159.8CVE-2024-45274[email protected]
[email protected]
 
mbconnectline — mbnet.mini_firmware
 
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.2024-10-159.8CVE-2024-45275[email protected]
[email protected]
 
mbconnectline — mbnet.mini_firmware
 
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.2024-10-157.8CVE-2024-45273[email protected]
[email protected]
[email protected]
[email protected]
 
mbconnectline — mbnet.mini_firmware
 
An unauthenticated remote attacker can get read access to files in the “/tmp” directory due to missing authentication.2024-10-157.5CVE-2024-45276[email protected]
[email protected]
 
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability2024-10-179.8CVE-2024-43566[email protected]
 
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability2024-10-178.3CVE-2024-43578[email protected]
 
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability2024-10-178.3CVE-2024-43579[email protected]
 
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability2024-10-178.1CVE-2024-43587[email protected]
 
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability2024-10-178.8CVE-2024-43595[email protected]
 
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability2024-10-178.8CVE-2024-43596[email protected]
 
Microsoft–Microsoft Azure Functions
 
Improper Access Control in Imagine Cup allows an authorized attacker to elevate privileges over a network.2024-10-157.5CVE-2024-38204[email protected]
 
Microsoft–Microsoft Dataverse
 
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.2024-10-158.7CVE-2024-38139[email protected]
 
Microsoft–Microsoft Power Platform
 
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.2024-10-158.6CVE-2024-38190[email protected]
 
mndpsingh287–File Manager
 
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution.2024-10-169.8CVE-2018-25105[email protected]
[email protected]
 
Moridrin–SSV Events
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Moridrin SSV Events allows PHP Local File Inclusion.This issue affects SSV Events: from n/a through 3.2.7.2024-10-209.6CVE-2024-49286[email protected]
 
Moridrin–SSV MailChimp
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Moridrin SSV MailChimp allows PHP Local File Inclusion.This issue affects SSV MailChimp: from n/a through 3.1.5.2024-10-177.5CVE-2024-49285[email protected]
 
moxa — mxsecurity
 
MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.2024-10-187.5CVE-2024-4740[email protected]
 
Moxa–EDR-8010 Series
 
The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.2024-10-149.4CVE-2024-9137[email protected]
 
Moxa–EDR-8010 Series
 
The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.2024-10-147.2CVE-2024-9139[email protected]
 
Mozilla–Firefox for iOS
 
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.2024-10-159.1CVE-2024-10004[email protected]
[email protected]
 
Myriad Solutionz–Property Lot Management System
 
Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38.2024-10-209.9CVE-2024-49331[email protected]
 
n/a–http-proxy-middleware
 
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.2024-10-197.5CVE-2024-21536[email protected]
[email protected]
[email protected]
[email protected]
 
n/a–Kento Post View Counter
 
The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the ‘kento_pvc_geo’ parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-10-169.8CVE-2016-15040[email protected]
[email protected]
 
n/a–n/a
 
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a “create function” statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.2024-10-179.8CVE-2023-26785[email protected]
[email protected]
 
n/a–n/a
 
Nagios XI before 5.11.3 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate.2024-10-149.1CVE-2023-48082[email protected]
 
n/a–n/a
 
Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.2024-10-149.8CVE-2024-46535[email protected]
 
n/a–n/a
 
D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function.2024-10-149.8CVE-2024-48150[email protected]
 
n/a–n/a
 
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function.2024-10-149.8CVE-2024-48153[email protected]
 
n/a–n/a
 
A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code.2024-10-149.8CVE-2024-48168[email protected]
 
n/a–n/a
 
ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.2024-10-169.8CVE-2024-48180[email protected]
 
n/a–n/a
 
Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter.2024-10-159.8CVE-2024-48283[email protected]
 
n/a–n/a
 
itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to SQL Injection (SQLI) via a crafted payload to the val-email parameter in forget_password.php.2024-10-159.8CVE-2024-48411[email protected]
 
n/a–n/a
 
An issue in Wanxing Technology’s Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory.2024-10-159.8CVE-2024-48779[email protected]
 
n/a–n/a
 
An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat.2024-10-159.8CVE-2024-48781[email protected]
 
n/a–n/a
 
File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end.2024-10-159.8CVE-2024-48782[email protected]
 
n/a–n/a
 
Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page.2024-10-149.8CVE-2024-48823[email protected]
 
n/a–n/a
 
Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair2024-10-159.8CVE-2024-49195[email protected]
[email protected]
 
n/a–n/a
 
Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component.2024-10-178.1CVE-2024-33453[email protected]
 
n/a–n/a
 
SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the lack to sanitisation. The application takes arbitrary value from “X-Forwarded-For” header and appends it to a SQL INSERT statement directly, leading to SQL Injection.2024-10-158.8CVE-2024-35584[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.2024-10-158.1CVE-2024-41311[email protected]
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root2024-10-178CVE-2024-48192[email protected]
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.2024-10-178CVE-2024-48629[email protected]
[email protected]
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.2024-10-178CVE-2024-48630[email protected]
[email protected]
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.2024-10-178CVE-2024-48631[email protected]
[email protected]
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.2024-10-178CVE-2024-48632[email protected]
[email protected]
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.2024-10-178CVE-2024-48633[email protected]
[email protected]
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.2024-10-178CVE-2024-48634[email protected]
[email protected]
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.2024-10-178CVE-2024-48635[email protected]
[email protected]
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.2024-10-178CVE-2024-48636[email protected]
[email protected]
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.2024-10-178CVE-2024-48637[email protected]
[email protected]
 
n/a–n/a
 
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.2024-10-178CVE-2024-48638[email protected]
[email protected]
 
n/a–n/a
 
Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php page.2024-10-148.8CVE-2024-48822[email protected]
 
n/a–n/a
 
Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component.2024-10-177.1CVE-2024-30875[email protected]
 
n/a–n/a
 
A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges.2024-10-157.5CVE-2024-41344[email protected]
 
n/a–n/a
 
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request.2024-10-157.5CVE-2024-44775[email protected]
 
n/a–n/a
 
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability.2024-10-167.2CVE-2024-46213[email protected]
 
n/a–n/a
 
Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode.2024-10-147.3CVE-2024-48249[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station_id or callsign.2024-10-147.3CVE-2024-48259[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request.2024-10-157.6CVE-2024-48279[email protected]
 
n/a–n/a
 
A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request.2024-10-157.6CVE-2024-48280[email protected]
 
n/a–n/a
 
A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail parameter in a POST HTTP request.2024-10-157.6CVE-2024-48282[email protected]
 
n/a–n/a
 
An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process.2024-10-147.5CVE-2024-48789[email protected]
[email protected]
 
n/a–n/a
 
An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to obtain sensitive information via the firmware update process2024-10-147.5CVE-2024-48791[email protected]
[email protected]
 
n/a–n/a
 
An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information via the firmware update process.2024-10-147.5CVE-2024-48792[email protected]
[email protected]
 
n/a–n/a
 
An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information via the firmware update process.2024-10-147.5CVE-2024-48796[email protected]
[email protected]
 
n/a–n/a
 
An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker to obtain sensitive information via the firmware update process.2024-10-147.5CVE-2024-48797[email protected]
[email protected]
 
n/a–n/a
 
An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process.2024-10-147.5CVE-2024-48798[email protected]
[email protected]
 
n/a–n/a
 
An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process.2024-10-147.5CVE-2024-48799[email protected]
[email protected]
 
n/a–n/a
 
An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to obtain sensitive information via the Racine & FileName parameters in the download-file.php component.2024-10-147.5CVE-2024-48824[email protected]
 
n/a–n/a
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Digitally allows Reflected XSS.This issue affects Digitally: from n/a through 1.0.8.2024-10-177.1CVE-2024-49309[email protected]
 
N/A–VMware HCX
 
An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager.  Updates are available to remediate this vulnerability in affected VMware products.2024-10-168.8CVE-2024-38814[email protected]
 
JiangQie–JiangQie Free Mini Program
 
Unrestricted Upload of File with Dangerous Type vulnerability in ?? JiangQie Free Mini Program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through 2.5.2.2024-10-1710CVE-2024-49314[email protected]
 
Najeeb Ahmad–Simple User Registration
 
Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5.2024-10-209.8CVE-2024-49604[email protected]
 
Naudin Vladimir–FERMA.ru.net
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Naudin Vladimir FERMA.Ru.Net allows Blind SQL Injection.This issue affects FERMA.Ru.Net: from n/a through 1.3.3.2024-10-208.5CVE-2024-49620[email protected]
 
newtype — flowmaster_bpm_plus
 
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.2024-10-158.8CVE-2024-9970[email protected]
[email protected]
 
newtype — flowmaster_bpm_plus
 
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.2024-10-158.8CVE-2024-9971[email protected]
[email protected]
 
newtype — webeip
 
WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended to upgrade to the new product.2024-10-158.8CVE-2024-9968[email protected]
[email protected]
 
nextendweb–Nextend Social Login Pro
 
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.2024-10-169.8CVE-2024-9893[email protected]
[email protected]
[email protected]
 
Nikhil Vaghela–Add Categories Post Footer
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Nikhil Vaghela Add Categories Post Footer allows Reflected XSS.This issue affects Add Categories Post Footer: from n/a through 2.2.2.2024-10-187.1CVE-2024-49239[email protected]
 
nmedia–N-Media Post Front-end Form
 
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.2024-10-169.8CVE-2016-15042[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Nokia–SR OS (7250 IXR, 7450 ESS, 7750 SR, 7950 IXR, VSR), 7705 SAR OS, 7210 SAS OS
 
Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with “access console.” Consequently, a low privilege authenticated user with “access console” can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted.2024-10-177.3CVE-2023-6729b48c3b8f-639e-4c16-8725-497bc411dad0
 
numanrki–AADMY Add Auto Date Month Year Into Posts
 
The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.2024-10-157.3CVE-2024-9837[email protected]
[email protected]
[email protected]
[email protected]
 
Nyasro–Rate Own Post
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Nyasro Rate Own Post allows Blind SQL Injection.This issue affects Rate Own Post: from n/a through 1.0.2024-10-208.5CVE-2024-49616[email protected]
 
OISF–libhtp
 
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49.2024-10-167.5CVE-2024-45797[email protected]
[email protected]
 
OISF–suricata
 
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented “unset” option can trigger an assertion during traffic parsing, leading to denial of service. This issue is addressed in 7.0.7. As a workaround, use only trusted and well tested rulesets.2024-10-167.5CVE-2024-45795[email protected]
[email protected]
 
OISF–suricata
 
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for “thash” leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules.2024-10-167.5CVE-2024-47187[email protected]
[email protected]
 
OISF–suricata
 
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for “thash” leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7.2024-10-167.5CVE-2024-47188[email protected]
[email protected]
 
OISF–suricata
 
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround.2024-10-167.5CVE-2024-47522[email protected]
[email protected]
 
OpenSight Software–FlashFXP
 
A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-177.8CVE-2024-10068[email protected]
[email protected]
[email protected]
 
oracle — banking_liquidity_management
 
Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 14.5.0.12.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).2024-10-157.1CVE-2024-21284[email protected]
 
oracle — banking_liquidity_management
 
Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 14.5.0.12.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).2024-10-157.1CVE-2024-21285[email protected]
 
oracle — bi_publisher
 
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).2024-10-158.8CVE-2024-21254[email protected]
 
oracle — bi_publisher
 
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Layout Templates). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).2024-10-157.6CVE-2024-21195[email protected]
 
oracle — fusion_middleware
 
Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Global Lifecycle Management FMW Installer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management FMW Installer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).2024-10-157.5CVE-2024-21190[email protected]
 
oracle — fusion_middleware
 
Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Fusion Middleware Control. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Fusion Middleware Control, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Fusion Middleware Control accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Fusion Middleware Control accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).2024-10-157.6CVE-2024-21191[email protected]
 
oracle — fusion_middleware
 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).2024-10-157.5CVE-2024-21215[email protected]
 
oracle — peoplesoft_enterprise_peopletools
 
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21214[email protected]
 
oracle — peoplesoft_enterprise_peopletools
 
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XMLPublisher). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).2024-10-158.8CVE-2024-21255[email protected]
 
oracle — product_hub
 
Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item Catalog). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Product Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Product Hub accessible data as well as unauthorized access to critical data or complete access to all Oracle Product Hub accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21252[email protected]
 
oracle — service_bus
 
Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).2024-10-157.5CVE-2024-21246[email protected]
 
oracle — vm_virtualbox
 
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).2024-10-157.5CVE-2024-21259[email protected]
 
oracle — weblogic_server
 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).2024-10-159.8CVE-2024-21216[email protected]
 
oracle — weblogic_server
 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).2024-10-157.5CVE-2024-21234[email protected]
 
oracle — weblogic_server
 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).2024-10-157.5CVE-2024-21260[email protected]
 
oracle — weblogic_server
 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).2024-10-157.5CVE-2024-21274[email protected]
 
Oracle Corporation–MySQL Connectors
 
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).2024-10-157.5CVE-2024-21272[email protected]
 
Oracle Corporation–Oracle Advanced Pricing
 
Vulnerability in the Oracle Advanced Pricing product of Oracle E-Business Suite (component: Price List). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Pricing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Pricing accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Pricing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21266[email protected]
 
Oracle Corporation–Oracle Applications Manager
 
Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21268[email protected]
 
Oracle Corporation–Oracle Common Applications Calendar
 
Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.2.6-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Common Applications Calendar accessible data as well as unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21270[email protected]
 
Oracle Corporation–Oracle Contract Lifecycle Management for Public Sector
 
Vulnerability in the Oracle Contract Lifecycle Management for Public Sector product of Oracle E-Business Suite (component: Award Processes). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Contract Lifecycle Management for Public Sector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Contract Lifecycle Management for Public Sector accessible data as well as unauthorized access to critical data or complete access to all Oracle Contract Lifecycle Management for Public Sector accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21278[email protected]
 
Oracle Corporation–Oracle Cost Management
 
Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.12-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Cost Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Cost Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Cost Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21267[email protected]
 
Oracle Corporation–Oracle Field Service
 
Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Field Service Engineer Portal). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Field Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Field Service accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21271[email protected]
 
Oracle Corporation–Oracle Financials
 
Vulnerability in the Oracle Financials product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financials. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financials accessible data as well as unauthorized access to critical data or complete access to all Oracle Financials accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21282[email protected]
 
Oracle Corporation–Oracle Hospitality OPERA 5
 
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.19, 5.6.25.8 and 5.6.26.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. While the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).2024-10-159CVE-2024-21172[email protected]
 
Oracle Corporation–Oracle Incentive Compensation
 
Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: Compensation Plan). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Incentive Compensation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Incentive Compensation accessible data as well as unauthorized access to critical data or complete access to all Oracle Incentive Compensation accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21269[email protected]
 
Oracle Corporation–Oracle MES for Process Manufacturing
 
Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Device Integration). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle MES for Process Manufacturing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle MES for Process Manufacturing accessible data as well as unauthorized access to critical data or complete access to all Oracle MES for Process Manufacturing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21277[email protected]
 
Oracle Corporation–Oracle Process Manufacturing Product Development
 
Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Manager Specification). Supported versions that are affected are 12.2.13-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Product Development. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Process Manufacturing Product Development accessible data as well as unauthorized access to critical data or complete access to all Oracle Process Manufacturing Product Development accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21250[email protected]
 
Oracle Corporation–Oracle Quoting
 
Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.7-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Quoting accessible data as well as unauthorized access to critical data or complete access to all Oracle Quoting accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21275[email protected]
 
Oracle Corporation–Oracle Service Contracts
 
Vulnerability in the Oracle Service Contracts product of Oracle E-Business Suite (component: Authoring). Supported versions that are affected are 12.2.5-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Contracts. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Service Contracts accessible data as well as unauthorized access to critical data or complete access to all Oracle Service Contracts accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21280[email protected]
 
Oracle Corporation–Oracle Site Hub
 
Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Site Hierarchy Flows). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Site Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Site Hub accessible data as well as unauthorized access to critical data or complete access to all Oracle Site Hub accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21265[email protected]
 
Oracle Corporation–Oracle Sourcing
 
Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Auctions). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Sourcing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sourcing accessible data as well as unauthorized access to critical data or complete access to all Oracle Sourcing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21279[email protected]
 
Oracle Corporation–Oracle Work in Process
 
Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite (component: Messages). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Work in Process. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Work in Process accessible data as well as unauthorized access to critical data or complete access to all Oracle Work in Process accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21276[email protected]
 
Oracle Corporation–PeopleSoft Enterprise HCM Global Payroll Core
 
Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are affected are 9.2.48-9.2.50. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Global Payroll Core accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).2024-10-158.1CVE-2024-21283[email protected]
 
oretnom23 — online_eyewear_shop
 
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=reports of the component Report Viewing Page. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-159.8CVE-2024-9973[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
oretnom23 — online_eyewear_shop
 
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=add_to_card of the component POST Request Handler. The manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.2024-10-159.8CVE-2024-9974[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Paxman–Product Website Showcase
 
Unrestricted Upload of File with Dangerous Type vulnerability in Paxman Product Website Showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a through 1.0.2024-10-2010CVE-2024-49611[email protected]
 
paytium — paytium
 
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to set up a mollie account.2024-10-168.1CVE-2023-7291[email protected]
[email protected]
 
PHPGurukul–Boat Booking System
 
A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Sign In Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-197.3CVE-2024-10156[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
PHPGurukul–Boat Booking System
 
A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/password-recovery.php of the component Reset Your Password Page. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-197.3CVE-2024-10157[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
PHPGurukul–Boat Booking System
 
A vulnerability classified as critical was found in PHPGurukul Boat Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php of the component My Profile Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “mobilenumber” to be affected. But it must be assumed that other parameters are affected as well.2024-10-207.3CVE-2024-10159[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
pickplugins–Post Grid and Gutenberg Blocks
 
The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-10-168.8CVE-2021-4450[email protected]
[email protected]
 
Piyushmca–Shipyaari Shipping Management
 
Deserialization of Untrusted Data vulnerability in Piyushmca Shipyaari Shipping Management allows Object Injection.This issue affects Shipyaari Shipping Management: from n/a through 1.2.2024-10-209.8CVE-2024-49626[email protected]
 
publishpress–Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors
 
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the action_edited_author() due to missing validation on the ‘authors-user_id’ user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update arbitrary user accounts email addresses, including administrators, which can then be leveraged to reset that user’s account password and gain access.2024-10-178.8CVE-2024-9215[email protected]
[email protected]
[email protected]
 
quadlayers–WordPress Mega Menu QuadMenu
 
The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code.2024-10-169.8CVE-2021-4443[email protected]
[email protected]
[email protected]
 
ragic — enterprise_cloud_database
 
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user’s session cookie.2024-10-159.8CVE-2024-9984[email protected]
[email protected]
 
ragic — enterprise_cloud_database
 
Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server.2024-10-159.8CVE-2024-9985[email protected]
[email protected]
 
ragic — enterprise_cloud_database
 
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.2024-10-157.5CVE-2024-9983[email protected]
[email protected]
 
Redwan Hilali–WP Dropbox Dropins
 
Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0.2024-10-2010CVE-2024-49607[email protected]
 
rems — drag_and_drop_image_upload
 
A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.2024-10-158.8CVE-2024-9975[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
RestaurantConnect, Inc–Restaurant Reservations Widget
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in RestaurantConnect, Inc Restaurant Reservations Widget allows Reflected XSS.This issue affects Restaurant Reservations Widget: from n/a through 1.0.2024-10-177.1CVE-2024-48023[email protected]
 
RITTAL GmbH & Co. KG–IoT Interface & CMC III Processing Unit
 
The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions. This is not only due to the use of an (insecure) rand() function call but also because of missing initialization via srand(). As a result only the PIDs are effectively used as seed.2024-10-159.1CVE-2024-47945551230f0-3615-47bd-b7cc-93e92e730bbf
551230f0-3615-47bd-b7cc-93e92e730bbf
 
Rockwell Automation–ControlLogix 5580
 
CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running.2024-10-147.5CVE-2024-6207[email protected]
 
Rockwell Automation–RSLogix 500
 
VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research – Team82. A feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been opened without user intervention. This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. Connected devices may also be impacted by exploitation of this vulnerability.2024-10-147.7CVE-2024-7847[email protected]
 
RudeStan–VKontakte Wall Post
 
Cross-Site Request Forgery (CSRF) vulnerability in RudeStan VKontakte Wall Post allows Stored XSS.This issue affects VKontakte Wall Post: from n/a through 2.0.2024-10-177.1CVE-2024-49313[email protected]
 
Sajid Javed–Top Bar PopUps by WPOptin
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Sajid Javed Top Bar – PopUps – by WPOptin allows PHP Local File Inclusion.This issue affects Top Bar – PopUps – by WPOptin: from n/a through 2.0.1.2024-10-167.5CVE-2024-47645[email protected]
 
SayenThemes–Kaswara Modern VC Addons
 
The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions such as importing data, uploading arbitrary files, deleting arbitrary files, and more.2024-10-167.3CVE-2021-4448[email protected]
[email protected]
 
ScienceLogic–SL1
 
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.2024-10-189.8CVE-2024-95379119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
 
Scott Olson–My Reading Library
 
Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object Injection.This issue affects My Reading Library: from n/a through 1.0.2024-10-179.8CVE-2024-49318[email protected]
 
Scott Paterson–Contact Form 7 PayPal & Stripe Add-on
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.3.2024-10-177.1CVE-2024-48021[email protected]
 
Scott Paterson–Time Clock Pro
 
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the ‘etimeclockwp_load_function_callback’ function. This allows unauthenticated attackers to execute code on the server. The invoked function’s parameters cannot be specified.2024-10-188.3CVE-2024-9593[email protected]
[email protected]
[email protected]
 
scottopolis–AppPresser Mobile App Framework
 
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_password() and validate_reset_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator.2024-10-168.1CVE-2024-9305[email protected]
[email protected]
[email protected]
[email protected]
 
SECOM–WRTM326
 
The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests.2024-10-189.8CVE-2024-10119[email protected]
[email protected]
 
SECOM–WRTR-304GN-304TW-UPSC
 
SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.2024-10-189.8CVE-2024-10118[email protected]
[email protected]
 
sekler–Mapplic Lite
 
The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site’s server and ultimately perform an XSS attack if requesting an SVG file.2024-10-168.3CVE-2012-10018[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
sendpulse–SendPulse Free Web Push
 
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-177.2CVE-2024-9184[email protected]
[email protected]
[email protected]
[email protected]
 
Shafiq–Digital Lottery
 
Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5.2024-10-1610CVE-2024-49242[email protected]
 
Shibu Lijack a.k.a CyberJack–CJ Change Howdy
 
Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.K.A CyberJack CJ Change Howdy allows Stored XSS.This issue affects CJ Change Howdy: from n/a through 3.3.1.2024-10-177.1CVE-2024-49223[email protected]
 
ShortPixel–ShortPixel Image Optimizer
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ShortPixel ShortPixel Image Optimizer allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3.2024-10-177.6CVE-2024-48043[email protected]
 
SICK AG–SICK CLV6xx
 
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password.2024-10-179.1CVE-2024-10025[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
siteground–Speed Optimizer The All-In-One Performance-Boosting Plugin
 
The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switch_php function called via the /switch-php REST API route. This allows attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.2024-10-169.8CVE-2019-25217[email protected]
[email protected]
 
Smartdevth–Advanced Advertising System
 
Deserialization of Untrusted Data vulnerability in Smartdevth Advanced Advertising System allows Object Injection.This issue affects Advanced Advertising System: from n/a through 1.3.1.2024-10-209.8CVE-2024-49624[email protected]
 
solarwinds — serv-u
 
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability2024-10-168.8CVE-2024-45711[email protected]
 
solarwinds — solarwinds_platform
 
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.2024-10-167.8CVE-2024-45710[email protected]
 
SolarWinds–SolarWinds Platform
 
The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.2024-10-167.1CVE-2024-45715[email protected]
 
sooskriszta, webforza–BuddyPress Better Registration
 
: Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza BuddyPress Better Registration allows : Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through 1.6.2024-10-169.8CVE-2024-49247[email protected]
 
Sourav–All in One Slider
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Sourav All in One Slider allows Reflected XSS.This issue affects All in One Slider: from n/a through 1.1.2024-10-207.1CVE-2024-49323[email protected]
 
Sovratec–Sovratec Case Management
 
Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through 1.0.0.2024-10-2010CVE-2024-49324[email protected]
 
splunk — splunk
 
In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the “admin” or “power” Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive.2024-10-148CVE-2024-45731[email protected]
[email protected]
 
splunk — splunk
 
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the “admin” or “power” Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.2024-10-148.8CVE-2024-45733[email protected]
[email protected]
 
ss-proj — shirasagi
 
SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests.2024-10-157.5CVE-2024-46898[email protected]
[email protected]
[email protected]
 
starfishwp–Rich Reviews by Starfish
 
The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body ‘update’ parameter in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-167.2CVE-2019-25216[email protected]
[email protected]
[email protected]
[email protected]
 
strategy11team–Formidable Forms Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
 
The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like ‘after_html’ in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim’s browser.2024-10-168.3CVE-2017-20192[email protected]
[email protected]
[email protected]
 
Sumit Surai–Featured Posts with Multiple Custom Groups (FPMCG)
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Sumit Surai Featured Posts with Multiple Custom Groups (FPMCG) allows Reflected XSS.This issue affects Featured Posts with Multiple Custom Groups (FPMCG): from n/a through 4.0.2024-10-177.1CVE-2024-48032[email protected]
 
sunburntkamel–disconnected
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in sunburntkamel disconnected allows Reflected XSS.This issue affects disconnected: from n/a through 1.3.0.2024-10-167.1CVE-2024-49268[email protected]
 
Sunjianle–ajax-extend
 
Improper Control of Generation of Code (‘Code Injection’) vulnerability in Sunjianle allows Code Injection.This issue affects ajax-extend: from n/a through 1.0.2024-10-1610CVE-2024-49254[email protected]
 
Supsystic–Contact Form by Supsystic
 
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Contact Form by Supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through 1.7.28.2024-10-169.1CVE-2024-48042[email protected]
 
Surfer–Surfer
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Surfer allows SQL Injection.This issue affects Surfer: from n/a through 1.5.0.502.2024-10-177.6CVE-2024-49299[email protected]
 
SUSE–apiserver
 
A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server’s public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser2024-10-168.3CVE-2023-32192[email protected]
[email protected]
 
SUSE–Container suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122
 
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root2024-10-167.8CVE-2024-22029[email protected]
 
SUSE–norman
 
A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman’s public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely.2024-10-168.3CVE-2023-32193[email protected]
[email protected]
 
SUSE–openSUSE Tumbleweed
 
mlocate’s %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges.2024-10-167.8CVE-2023-32190[email protected]
 
SUSE–rancher
 
A vulnerability has been identified which may lead to sensitive data being leaked into Rancher’s audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) set to `1 or above` are impacted by this issue.2024-10-168.4CVE-2023-22649[email protected]
[email protected]
 
SUSE–rancher
 
A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s tokens still usable.2024-10-168.8CVE-2023-22650[email protected]
[email protected]
 
SUSE–rancher
 
A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL.2024-10-168CVE-2024-22030[email protected]
[email protected]
 
SUSE–rancher
 
A vulnerability has been identified when granting a create or * global role for a resource type of “namespaces”; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project.2024-10-167.2CVE-2023-32194[email protected]
[email protected]
 
SUSE–rke
 
When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin.2024-10-169.9CVE-2023-32191[email protected]
[email protected]
 
taismartfactory — qplant_sf
 
SQL injection vulnerability in TAI Smart Factory’s QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the ’email’ parameter on the ‘RequestPasswordChange’ endpoint.2024-10-159.8CVE-2024-9925[email protected]
 
Takayuki Imanishi–ACF Images Search And Insert
 
Unrestricted Upload of File with Dangerous Type vulnerability in Takayuki Imanishi ACF Images Search And Insert allows Upload a Web Shell to a Web Server.This issue affects ACF Images Search And Insert: from n/a through 1.1.4.2024-10-169.9CVE-2024-48035[email protected]
 
TAKETIN–TAKETIN To WP Membership
 
Deserialization of Untrusted Data vulnerability in TAKETIN TAKETIN To WP Membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through 2.8.0.2024-10-168.8CVE-2024-49226[email protected]
 
teamplus technology–team+
 
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents.2024-10-149.8CVE-2024-9921[email protected]
[email protected]
 
teamplus technology–team+
 
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.2024-10-147.5CVE-2024-9922[email protected]
[email protected]
 
TECNO–com.transsion.aivoiceassistant
 
Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component.2024-10-169.8CVE-2024-10018907edf6c-bf03-423e-ab1a-8da27e1aa1ea
907edf6c-bf03-423e-ab1a-8da27e1aa1ea
 
Tenda–AC8
 
A vulnerability was found in Tenda AC8 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function compare_parentcontrol_time of the file /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This is not the same issue like CVE-2023-33671. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-188.8CVE-2024-10123[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Tenda–AC8
 
A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. This vulnerability affects the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-188.8CVE-2024-10130[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
THATplugin–Iconize
 
Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize.This issue affects Iconize: from n/a through 1.2.4.2024-10-169.1CVE-2024-47649[email protected]
 
The CSSIgniter Team–MaxSlider
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in The CSSIgniter Team MaxSlider allows Path Traversal.This issue affects MaxSlider: from n/a through 1.2.3.2024-10-167.5CVE-2024-47351[email protected]
 
themegrill–ThemeGrill Demo Importer
 
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named ‘admin’, the attacker will become automatically logged in as an administrator.2024-10-169.9CVE-2020-36837[email protected]
[email protected]
[email protected]
[email protected]
 
themehunk–WP Popup Builder Popup Forms and Marketing Lead Generation
 
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. NOTE: This vulnerability was partially fixed in version 1.3.5 with a nonce check, which effectively prevented access to the affected function. However, version 1.3.6 incorporates the correct authorization check to prevent unauthorized access.2024-10-167.3CVE-2024-9061[email protected]
[email protected]
 
Themeisle–Multiple Page Generator Plugin MPG
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7.2024-10-208.5CVE-2024-47325[email protected]
 
themexpo–RS-Members
 
Incorrect Privilege Assignment vulnerability in themexpo RS-Members allows Privilege Escalation.This issue affects RS-Members: from n/a through 1.0.3.2024-10-178.8CVE-2024-49219[email protected]
 
Themis Solutions, Inc.–Clio Grow
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Themis Solutions, Inc. Clio Grow allows Reflected XSS.This issue affects Clio Grow: from n/a through 1.0.2.2024-10-177.1CVE-2024-49276[email protected]
 
thinkst — opencanary
 
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon. Version 0.9.4 contains a fix for the issue.2024-10-147.8CVE-2024-48911[email protected]
[email protected]
[email protected]
 
Toast Plugins–Animator
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Toast Plugins Animator allows Reflected XSS.This issue affects Animator: from n/a through 3.0.11.2024-10-177.1CVE-2024-49308[email protected]
 
Tophive–Ultimate AI
 
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the ‘ultimate_ai_register_or_login_with_google’ function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.2024-10-169.8CVE-2024-9105[email protected]
[email protected]
 
Unizoe Web Solutions–jLayer Parallax Slider
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Unizoe Web Solutions jLayer Parallax Slider allows Reflected XSS.This issue affects jLayer Parallax Slider: from n/a through 1.0.2024-10-207.1CVE-2024-49334[email protected]
 
Unknown–Logo Slider
 
The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks2024-10-177.6CVE-2024-5429[email protected]
 
Unlimited Elements–Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
 
: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows : Command Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121.2024-10-169.1CVE-2024-49271[email protected]
 
Vasilis Kerasiotis–Affiliator
 
Unrestricted Upload of File with Dangerous Type vulnerability in Vasilis Kerasiotis Affiliator allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through 2.1.3.2024-10-2010CVE-2024-49326[email protected]
 
vasyltech–Advanced Access Manager Restricted Content, Users & Roles, Enhanced Security and More
 
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php2024-10-169.8CVE-2019-25213[email protected]
[email protected]
 
vendure-ecommerce–vendure
 
Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure’s asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI. Patches are available in versions 3.0.5 and 2.3.3. Some workarounds are also available. One may use object storage rather than the local file system, e.g. MinIO or S3, or define middleware which detects and blocks requests with urls containing `/../`.2024-10-159.1CVE-2024-48914[email protected]
[email protected]
[email protected]
[email protected]
 
VideoWhisper.com–Contact Forms, Live Support, CRM, Video Messages
 
Insertion of Sensitive Information Into Sent Data vulnerability in VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through 1.10.2.2024-10-177.5CVE-2024-49235[email protected]
 
VillaTheme–CURCY
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in VillaTheme CURCY allows Reflected XSS.This issue affects CURCY: from n/a through 2.2.3.2024-10-177.1CVE-2024-49283[email protected]
 
Vivek Tamrakar–WP REST API FNS
 
Unrestricted Upload of File with Dangerous Type vulnerability in Vivek Tamrakar WP REST API FNS allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through 1.0.0.2024-10-2010CVE-2024-49329[email protected]
 
Vivek Tamrakar–WP REST API FNS
 
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0.2024-10-209.8CVE-2024-49328[email protected]
 
VSO–ConvertXtoDvd
 
A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-177.8CVE-2024-10093[email protected]
[email protected]
[email protected]
 
wavelog — wavelog
 
Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode.2024-10-149.8CVE-2024-48251[email protected]
[email protected]
[email protected]
 
wavelog — wavelog
 
Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin.2024-10-149.8CVE-2024-48257[email protected]
[email protected]
[email protected]
 
WAVLINK–WN530H4
 
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-208.8CVE-2024-10194[email protected]
[email protected]
[email protected]
[email protected]
 
webdevmattcrom–GiveWP Donation Plugin and Fundraising Platform
 
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the give_company_name parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to achieve remote code execution.2024-10-169.8CVE-2024-9634[email protected]
[email protected]
[email protected]
 
wfh45678–Radar
 
A vulnerability has been found in wfh45678 Radar up to 1.0.8 and classified as critical. This vulnerability affects unknown code of the file /services/v1/common/upload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-187.3CVE-2024-10120[email protected]
[email protected]
[email protected]
[email protected]
 
wfh45678–Radar
 
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This appears not to be a path traversal weakness. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-187.3CVE-2024-10121[email protected]
[email protected]
[email protected]
[email protected]
 
woobewoo–Product Filter by WBW
 
The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery.2024-10-167.3CVE-2021-4444[email protected]
[email protected]
 
wpchill–Download Monitor
 
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators.2024-10-167.5CVE-2022-4972[email protected]
[email protected]
 
wpdevteam–Essential Addons for Elementor Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
 
The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user.2024-10-168.8CVE-2021-4447[email protected]
[email protected]
 
WPFactory–Email Verification for WooCommerce
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPFactory Email Verification for WooCommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through 2.8.10.2024-10-179.3CVE-2024-49305[email protected]
 
WPFactory–EU/UK VAT Manager for WooCommerce
 
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPFactory EU/UK VAT Manager for WooCommerce allows Cross-Site Scripting (XSS).This issue affects EU/UK VAT Manager for WooCommerce: from n/a through 2.12.14.2024-10-207.1CVE-2024-44061[email protected]
 
WPGrim–Classic Editor and Classic Widgets
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPGrim Classic Editor and Classic Widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through 1.4.1.2024-10-178.5CVE-2024-47312[email protected]
 
wpindeed–Indeed Membership Pro
 
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via the username or user ID.2024-10-169.8CVE-2020-36832[email protected]
[email protected]
[email protected]
 
WPManageNinja LLC–Fluent Support
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPManageNinja LLC Fluent Support allows SQL Injection.This issue affects Fluent Support: from n/a through 1.8.0.2024-10-178.5CVE-2024-47304[email protected]
 
wpvividplugins–Migration, Backup, Staging WPvivid
 
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. This affects versions up to, and including 0.9.35.2024-10-168.8CVE-2020-36842[email protected]
[email protected]
[email protected]
 
WSIFY Sales can fly–Wsify Widget
 
Cross-Site Request Forgery (CSRF) vulnerability in WSIFY – Sales can fly Wsify Widget allows Stored XSS.This issue affects Wsify Widget: from n/a through 1.0.2024-10-177.1CVE-2024-48048[email protected]
 
xaraartech–External featured image from bing
 
Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through 1.0.2.2024-10-169.9CVE-2024-48027[email protected]
 
Xerox–AltaLink B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807
 
Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products.2024-10-177.2CVE-2024-633310b61619-3869-496c-8a1e-f291b0e71e3f
 
ZIPANG–Point Maker
 
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ZIPANG Point Maker allows PHP Local File Inclusion.This issue affects Point Maker: from n/a through 0.1.4.2024-10-177.5CVE-2024-49317[email protected]
 
zodiac–Akismet htaccess writer
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in zodiac Akismet htaccess writer allows Reflected XSS.This issue affects Akismet htaccess writer: from n/a through 1.0.1.2024-10-177.1CVE-2024-49316[email protected]
 
Zoho CRM–Zoho CRM Lead Magnet
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Zoho CRM Zoho CRM Lead Magnet allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through 1.7.9.0.2024-10-178.5CVE-2024-49297[email protected]
 
ZoomIt–ZoomSounds – WordPress Wave Audio Player with Playlist
 
The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘savepng.php’ file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.2024-10-169.8CVE-2021-4449[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource InfoPatch Info
A WP Life–Contact Form Widget
 
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.4.2.2024-10-175.4CVE-2024-48037[email protected]
 
acronis — cyber_files
 
Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0×24.2024-10-175.7CVE-2024-49386[email protected]
 
acronis — cyber_files
 
Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0×24.2024-10-174.8CVE-2024-49392[email protected]
 
acronis — cyber_protect
 
Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.2024-10-154.3CVE-2024-49382[email protected]
 
acronis — cyber_protect
 
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.2024-10-154.3CVE-2024-49383[email protected]
 
acronis — cyber_protect
 
Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.2024-10-154.3CVE-2024-49384[email protected]
 
Adobe–Substance3D – Sampler
 
Substance3D – Sampler versions 4.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-10-175.5CVE-2024-47459[email protected]
 
alimir–WP ULike All-in-One Engagement Toolkit
 
The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or incorrect nonce validation on the wp_ulike_delete_history_api() function. This makes it possible for unauthenticated attackers to delete engagements via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-10-164.3CVE-2024-9649[email protected]
[email protected]
[email protected]
 
apache — cloudstack
 
The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Alternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting “quota.enable.service” to “false”.2024-10-166.3CVE-2024-45461[email protected]
[email protected]
[email protected]
 
apintop–Add Widget After Content
 
The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-10-184.4CVE-2024-9892[email protected]
[email protected]
 
B.M. Rafiul Alam–Awesome Contact Form7 for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in B.M. Rafiul Alam Awesome Contact Form7 for Elementor allows Stored XSS.This issue affects Awesome Contact Form7 for Elementor: from n/a through 3.0.2024-10-176.5CVE-2024-49319[email protected]
 
Bert Kler–Movie Database
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Bert Kößler Movie Database allows Stored XSS.This issue affects Movie Database: from n/a through 1.0.11.2024-10-185.9CVE-2024-43300[email protected]
 
blindsidenetworks–BigBlueButton
 
The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the moderator code and viewer code fields in versions up to, and including, 3.0.0-beta.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author privileges or higher to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-166.4CVE-2023-7296[email protected]
[email protected]
 
BogdanFix–WP SendFox
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox allows Retrieve Embedded Sensitive Data.This issue affects WP SendFox: from n/a through 1.3.1.2024-10-175.3CVE-2024-49284[email protected]
 
bqworks–Accordion Slider
 
The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Successful exploitation by Contributor-level users requires an Administrator-level user to provide access to the plugin’s admin area via the `Access` plugin setting, which is restricted to administrators by default.2024-10-166.4CVE-2024-9582[email protected]
[email protected]
 
cert — vince
 
A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profile, which may lead to a DoS condition when the profile is accessed. While the Django server restricts unpickling to prevent server crashes, this vulnerability could still disrupt operations.2024-10-144.9CVE-2024-9953[email protected]
 
chertz–WP Easy Post Types
 
The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-186.4CVE-2024-10080[email protected]
[email protected]
 
Cisco–Cisco Analog Telephone Adaptor (ATA) Software
 
A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system. This vulnerability is due to a lack of input sanitization in the web-based management interface. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.2024-10-166.5CVE-2024-20459[email protected]
 
Cisco–Cisco Analog Telephone Adaptor (ATA) Software
 
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user&nbsp;to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information on an affected device.2024-10-166.1CVE-2024-20460[email protected]
 
Cisco–Cisco Analog Telephone Adaptor (ATA) Software
 
A vulnerability in the CLI&nbsp;of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user. This vulnerability exists because CLI input is not properly sanitized. An attacker could exploit this vulnerability by sending malicious characters to the CLI. A successful exploit could allow the attacker to read and write to the underlying operating system as the root user.2024-10-166CVE-2024-20461[email protected]
 
Cisco–Cisco Analog Telephone Adaptor (ATA) Software
 
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect authorization verification by the HTTP server. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to run commands as the Admin user.2024-10-165.4CVE-2024-20420[email protected]
 
Cisco–Cisco Analog Telephone Adaptor (ATA) Software
 
A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users.2024-10-165.5CVE-2024-20462[email protected]
 
Cisco–Cisco Analog Telephone Adaptor (ATA) Software
 
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface on an affected device. A successful exploit could allow the attacker to make limited modifications to the configuration or reboot the device, resulting in a denial of service (DoS) condition.&nbsp;2024-10-165.4CVE-2024-20463[email protected]
 
Cisco–Cisco Unified Computing System Central Software
 
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attacker with access to a backup file to learn sensitive information that is stored in full state backup files and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key.2024-10-166.3CVE-2024-20280[email protected]
 
Cisco–Cisco Unified Contact Center Management Portal
 
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.2024-10-166.1CVE-2024-20512[email protected]
 
code-projects–Blood Bank System
 
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-204.7CVE-2024-10171[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
code-projects–Hospital Management System
 
A vulnerability classified as critical was found in code-projects Hospital Management System 1.0. This vulnerability affects unknown code of the file change-password.php. The manipulation of the argument cpass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-206.3CVE-2024-10169[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
code-projects–Hospital Management System
 
A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. This issue affects some unknown processing of the file get_doctor.php. The manipulation of the argument specilizationid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-206.3CVE-2024-10170[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
code-projects–Pharmacy Management System
 
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/manage_purchase.php?action=search&tag=VOUCHER_NUMBER. The manipulation of the argument text leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.2024-10-166.3CVE-2024-10021[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
code-projects–Pharmacy Management System
 
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_supplier.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-166.3CVE-2024-10022[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
code-projects–Pharmacy Management System
 
A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/add_new_medicine.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-166.3CVE-2024-10023[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
code-projects–Pharmacy Management System
 
A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. This issue affects some unknown processing of the file /php/manage_medicine_stock.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-166.3CVE-2024-10024[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
code-projects–Pharmacy Management System
 
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_invoice.php. The manipulation of the argument invoice_number leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-196.3CVE-2024-10136[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
code-projects–Pharmacy Management System
 
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /manage_medicine.php?action=delete. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-196.3CVE-2024-10137[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
code-projects–Pharmacy Management System
 
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. Affected is an unknown function of the file /add_new_purchase.php?action=is_supplier. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-196.3CVE-2024-10138[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
code-projects–Pharmacy Management System
 
A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add_new_supplier.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.2024-10-196.3CVE-2024-10139[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
code-projects–Pharmacy Management System
 
A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. Affected by this issue is some unknown functionality of the file /manage_supplier.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.2024-10-196.3CVE-2024-10140[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
CodeAstrology Team–UltraAddons Elementor Lite
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CodeAstrology Team UltraAddons Elementor Lite allows Stored XSS.This issue affects UltraAddons Elementor Lite: from n/a through 1.1.8.2024-10-176.5CVE-2024-49277[email protected]
 
codepeople–Calculated Fields Form
 
The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views form submissions in their email.2024-10-175.3CVE-2024-9940[email protected]
[email protected]
 
Coder426–Custom Add to Cart Button Label and Link
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Coder426 Custom Add to Cart Button Label and Link allows Stored XSS.This issue affects Custom Add to Cart Button Label and Link: from n/a through 1.6.1.2024-10-176.5CVE-2024-49296[email protected]
 
CrossedCode–bVerse Convert
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CrossedCode bVerse Convert allows Stored XSS.This issue affects bVerse Convert: from n/a through 1.3.7.1.2024-10-186.5CVE-2024-49228[email protected]
 
Daniele Alessandra–Da Reactions
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Daniele Alessandra Da Reactions allows Stored XSS.This issue affects Da Reactions: from n/a through 5.1.5.2024-10-176.5CVE-2024-49255[email protected]
 
Dell–Dell OpenManage Enterprise
 
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.2024-10-174.3CVE-2024-45767[email protected]
 
Dell–Secure Connect Gateway (SCG) 5.0 Appliance – SRS
 
Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition.2024-10-185.5CVE-2024-47240[email protected]
 
Dell–Secure Connect Gateway (SCG) 5.0 Appliance – SRS
 
Dell Secure Connect Gateway (SCG) 5.0 Appliance – SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data.2024-10-185.5CVE-2024-47241[email protected]
 
Dell–Secure Connect Gateway (SCG) 5.0 Appliance – SRS
 
Dell Secure Connect Gateway (SCG) 5.0 Appliance – SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account.2024-10-184.6CVE-2024-48016[email protected]
 
dFactory–Responsive Lightbox
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in dFactory Responsive Lightbox allows Stored XSS.This issue affects Responsive Lightbox: from n/a through 2.4.8.2024-10-175.9CVE-2024-49282[email protected]
 
DOGROW.NET–Simple Baseball Scoreboard
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in DOGROW.NET Simple Baseball Scoreboard allows Stored XSS.This issue affects Simple Baseball Scoreboard: from n/a through 1.3.2024-10-176.5CVE-2024-48025[email protected]
 
dpdbaltics–DPD Baltic Shipping
 
The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_value’ parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-186.1CVE-2024-9350[email protected]
[email protected]
 
Eclipse Foundation–Jetty
 
There exists a security vulnerability in Jetty’s ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server’s memory.2024-10-145.9CVE-2024-8184[email protected]
[email protected]
[email protected]
 
Eclipse Foundation–Jetty
 
There exists a security vulnerability in Jetty’s DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server’s memory finally.2024-10-145.3CVE-2024-9823[email protected]
[email protected]
[email protected]
 
elbanyaoui–Smart Online Order for Clover
 
The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-166.1CVE-2024-8787[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
elementinvader–ElementInvader Addons for Elementor
 
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s contact form widget redirect URL in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-165.4CVE-2024-9888[email protected]
[email protected]
 
elementinvader–ElementInvader Addons for Elementor
 
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level access and above, to view private/draft/password protected posts, pages, and Elementor templates that they should not have access to.2024-10-194.3CVE-2024-9889[email protected]
[email protected]
 
elementor — website_builder
 
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract either excerpt data or titles of private or password-protected posts.2024-10-154.3CVE-2024-6757[email protected]
[email protected]
 
EmbedThis–GoAhead
 
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS).2024-10-175.9CVE-2024-3184[email protected]
 
EmbedThis–GoAhead
 
CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template (JST) files to trigger a crash and cause a Denial of Service (DoS) by providing malicious templates.2024-10-175.3CVE-2024-3186[email protected]
 
EmbedThis–GoAhead
 
This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent.2024-10-175.9CVE-2024-3187[email protected]
 
enalean — tuleap
 
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to. Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue.2024-10-145.7CVE-2024-46988[email protected]
[email protected]
 
enalean — tuleap
 
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward label allowing them to execute uncontrolled code (or at least achieve content injection) in a mail client. Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue.2024-10-144.8CVE-2024-46980[email protected]
[email protected]
[email protected]
[email protected]
 
enalean — tuleap
 
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue.2024-10-144.9CVE-2024-47766[email protected]
[email protected]
[email protected]
[email protected]
 
enalean — tuleap
 
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not have access to. Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue.2024-10-144.3CVE-2024-47767[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
ESAFENET–CDG
 
A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function actionPassMainApplication of the file /com/esafenet/servlet/client/MailDecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-176.3CVE-2024-10069[email protected]
[email protected]
[email protected]
[email protected]
 
ESAFENET–CDG
 
A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function actionPolicyPush of the file /com/esafenet/policy/action/PolicyPushControlAction.java. The manipulation of the argument policyId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-176.3CVE-2024-10070[email protected]
[email protected]
[email protected]
[email protected]
 
ESAFENET–CDG
 
A vulnerability classified as critical was found in ESAFENET CDG 5. This vulnerability affects the function actionUpdateEncryptPolicyEdit of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument encryptPolicyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-176.3CVE-2024-10071[email protected]
[email protected]
[email protected]
[email protected]
 
ESAFENET–CDG
 
A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. This issue affects the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument checklist leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-176.3CVE-2024-10072[email protected]
[email protected]
[email protected]
[email protected]
 
ESAFENET–CDG
 
A vulnerability has been found in ESAFENET CDG 5 and classified as critical. Affected by this vulnerability is the function updateNetSecPolicyPriority of the file /com/esafenet/servlet/ajax/NetSecPolicyAjax.java. The manipulation of the argument id/frontId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-196.3CVE-2024-10133[email protected]
[email protected]
[email protected]
[email protected]
 
ESAFENET–CDG
 
A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is the function connectLogout of the file /com/esafenet/servlet/ajax/MultiServerAjax.java. The manipulation of the argument servername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-196.3CVE-2024-10134[email protected]
[email protected]
[email protected]
[email protected]
 
ESAFENET–CDG
 
A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects the function actionDelNetSecConfig of the file /com/esafenet/servlet/netSec/NetSecConfigService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-196.3CVE-2024-10135[email protected]
[email protected]
[email protected]
[email protected]
 
EventON–EventON Pro
 
The EventON PRO – WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. This makes it possible for unauthenticated attackers to send test emails to arbitrary email addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-10-194.3CVE-2023-6243[email protected]
[email protected]
[email protected]
 
Exclusive Addons–Exclusive Addons Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.7.1.2024-10-176.5CVE-2024-49292[email protected]
 
F5–BIG-IQ
 
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2024-10-166.8CVE-2024-47139[email protected]
 
fahadmahmood–RSS Feed Widget
 
The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s rfw-youtube-videos shortcode in all versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-186.4CVE-2024-10057[email protected]
[email protected]
[email protected]
 
fatcatapps–GetResponse Forms by Optin Cat
 
The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-186.1CVE-2024-8740[email protected]
[email protected]
 
filemanagerpro — file_manager
 
The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting.2024-10-165.4CVE-2024-8918[email protected]
[email protected]
 
flairNLP–flair
 
A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-175CVE-2024-10073[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
flexmls–Flexmls IDX Plugin
 
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters like ‘MaxBeds’ and ‘MinBeds’ in all versions up to, and including, 3.14.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-176.1CVE-2024-8719[email protected]
[email protected]
 
flycart–Discount Rules for WooCommerce Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons
 
The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying rules and saving configurations.2024-10-166.3CVE-2020-36834[email protected]
[email protected]
 
flycart–Discount Rules for WooCommerce Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons
 
The Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a site administrator into performing an action such as clicking on a link. Please note that this is only exploitable when the ‘Leave a Review’ notice is present, which occurs after 100 orders are made and disappears after a user dismisses the notice.2024-10-164.7CVE-2024-8541[email protected]
[email protected]
[email protected]
 
gantry–Gantry 4 Framework
 
The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘override_id’ parameter in all versions up to, and including, 4.1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-186.1CVE-2024-9382[email protected]
[email protected]
 
giuliopanda–Bulk images optimizer: Resize, optimize, convert to webp, rename 
 
The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘save_configuration’ function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options.2024-10-184.3CVE-2024-9361[email protected]
[email protected]
 
google — chrome
 
Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)2024-10-155.3CVE-2024-9966[email protected]
[email protected]
 
google — chrome
 
Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)2024-10-154.3CVE-2024-9958[email protected]
[email protected]
 
google — chrome
 
Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)2024-10-154.3CVE-2024-9962[email protected]
[email protected]
 
google — chrome
 
Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)2024-10-154.3CVE-2024-9963[email protected]
[email protected]
 
google — chrome
 
Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)2024-10-154.3CVE-2024-9964[email protected]
[email protected]
 
Gora Tech LLC–Cooked Pro
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Gora Tech LLC Cooked Pro allows Stored XSS.This issue affects Cooked Pro: from n/a before 1.8.0.2024-10-176.5CVE-2024-49289[email protected]
 
Gora Tech LLC–Cooked Pro
 
Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0.2024-10-204.3CVE-2024-49290[email protected]
 
Hafiz Uddin Ahmed–Crazy Call To Action Box
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Hafiz Uddin Ahmed Crazy Call To Action Box allows Stored XSS.This issue affects Crazy Call To Action Box: from n/a through 1.0.5.2024-10-186.5CVE-2024-49236[email protected]
 
Hans Matzen–wp-Monalisa
 
Cross-Site Request Forgery (CSRF) vulnerability in Hans Matzen wp-Monalisa allows Cross Site Request Forgery.This issue affects wp-Monalisa: from n/a through 6.4.2024-10-174.3CVE-2024-48038[email protected]
 
Harpreet Singh–Ajax Custom CSS/JS
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Harpreet Singh Ajax Custom CSS/JS allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through 2.0.4.2024-10-186.5CVE-2024-49230[email protected]
 
HashThemes–Smart Blocks
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in HashThemes Smart Blocks allows Stored XSS.This issue affects Smart Blocks: from n/a through 2.0.2024-10-166.5CVE-2024-49270[email protected]
 
hcltech — bigfix_platform
 
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.2024-10-145.3CVE-2024-30117[email protected]
 
heateor–Social Sharing Plugin Sassy Social Share
 
The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘urls’ parameter called via the ‘heateor_sss_sharing_count’ AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-166.1CVE-2022-4971[email protected]
[email protected]
 
HFO4–shudong-share
 
A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/create_share.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-186.3CVE-2024-10129[email protected]
[email protected]
[email protected]
[email protected]
 
honojs–hono
 
Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. This can allow an attacker to bypass CSRF protection implemented with Hono CSRF middleware. Version 4.6.5 fixes this issue.2024-10-155.9CVE-2024-48913[email protected]
[email protected]
[email protected]
 
HT Plugins–WP Education
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in HT Plugins WP Education allows Stored XSS.This issue affects WP Education: from n/a through 1.2.8.2024-10-206.5CVE-2024-49630[email protected]
 
IBM–Watson Studio Local
 
IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.2024-10-164.3CVE-2024-49340[email protected]
 
IBM–WebSphere Application Server
 
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.2024-10-165.5CVE-2024-45071[email protected]
 
IBM–WebSphere Application Server
 
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.2024-10-165.5CVE-2024-45072[email protected]
 
IBM–WebSphere Application Server
 
IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service.2024-10-155.9CVE-2024-45085[email protected]
 
india-web-developer–SEO Manager
 
The SEO Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-166.4CVE-2024-9521[email protected]
[email protected]
 
Infomaniak Staff–VOD Infomaniak
 
Cross-Site Request Forgery (CSRF) vulnerability in Infomaniak Staff VOD Infomaniak allows Cross Site Request Forgery.This issue affects VOD Infomaniak: from n/a through 1.5.7.2024-10-205.4CVE-2024-49274[email protected]
 
ioannup–Edit WooCommerce Templates
 
The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-186.1CVE-2024-10049[email protected]
[email protected]
 
Javier Loureiro–El mejor Cluster
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Javier Loureiro El mejor Cluster allows DOM-Based XSS.This issue affects El mejor Cluster: from n/a through 1.1.14.2024-10-186.5CVE-2024-49232[email protected]
 
JetBrains–Ktor
 
In JetBrains Ktor before 3.0.0 improper caching in HttpCache Plugin could lead to response information disclosure2024-10-175.3CVE-2024-49580[email protected]
 
k2servicecom–Product Customizer Light
 
The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-186.4CVE-2024-9848[email protected]
[email protected]
 
Kubernetes–Image Builder
 
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time the image build was occurring.2024-10-156.3CVE-2024-9594[email protected]
[email protected]
[email protected]
 
leap13–Premium Addons for Elementor
 
The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the pa_dismiss_admin_notice AJAX action. This makes it possible for authenticated subscriber+ attackers to change arbitrary options with a restricted value of 1 on vulnerable WordPress sites.2024-10-166.5CVE-2021-4445[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Limb–WordPress Gallery Plugin Limb Image Gallery
 
Path Traversal: ‘…/…//’ vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7.2024-10-166.5CVE-2024-49258[email protected]
 
linux — linux_kernel
 
In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping – it is just a raw mapping of PFNs with no reference counting of a ‘struct page’. That’s all very much intentional, but it does mean that it’s easy to mess up the cleanup in case of errors. Yes, a failed mmap() will always eventually clean up any partial mappings, but without any explicit lifetime in the page table mapping itself, it’s very easy to do the error handling in the wrong order. In particular, it’s easy to mistakenly free the physical backing store before the page tables are actually cleaned up and (temporarily) have stale dangling PTE entries. To make this situation less error-prone, just make sure that any partial pfn mapping is torn down early, before any other error handling.2024-10-155.5CVE-2024-47674416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
lolitaframework–Branding
 
The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-186.4CVE-2024-9452[email protected]
[email protected]
 
LOOS,Inc.–Arkhe Blocks
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.23.0.2024-10-176.5CVE-2024-49261[email protected]
 
madrasthemes–MAS Companies For WP Job Manager
 
The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.13. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-186.1CVE-2024-9206[email protected]
[email protected]
[email protected]
 
MadrasThemes–MAS Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in MadrasThemes MAS Elementor allows DOM-Based XSS.This issue affects MAS Elementor: from n/a through 1.1.6.2024-10-186.5CVE-2024-49233[email protected]
 
Martin Gibson–IdeaPush
 
Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson IdeaPush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through 8.69.2024-10-204.3CVE-2024-49275[email protected]
 
maxfoundry–WordPress Social Share Buttons
 
The WordPress Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-196.1CVE-2024-9219[email protected]
[email protected]
[email protected]
[email protected]
 
Md Abdul Kader–Easy Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Md Abdul Kader Easy Addons for Elementor allows Stored XSS.This issue affects Easy Addons for Elementor: from n/a through 1.3.0.2024-10-206.5CVE-2024-49631[email protected]
 
Michael Tran–Table of Contents Plus
 
Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through 2408.2024-10-204.3CVE-2024-49250[email protected]
 
Microchip–RN4870
 
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked.2024-10-164.3CVE-2024-29155dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
 
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability2024-10-175.4CVE-2024-43580[email protected]
 
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability2024-10-185.3CVE-2024-49023[email protected]
 
Microsoft–Microsoft Edge (Chromium-based)
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability2024-10-184.3CVE-2024-43577[email protected]
 
Mighty Plugins–Mighty Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Mighty Plugins Mighty Builder allows Stored XSS.This issue affects Mighty Builder: from n/a through 1.0.2.2024-10-206.5CVE-2024-48049[email protected]
 
mikexstudios–Xcomic
 
A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.3 is able to address this issue. The patch is named 6ed8e3cc336e29f09c7e791863d0559939da98bf. It is recommended to upgrade the affected component.2024-10-175.6CVE-2005-10003[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
MitraStar–GPT-2541GNAC
 
A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly.2024-10-154.7CVE-2024-9977[email protected]
[email protected]
[email protected]
[email protected]
 
Mitsubishi Electric Corporation–Mitsubishi Electric CNC M800V Series M800VW
 
Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop.2024-10-175.9CVE-2024-7316[email protected]
[email protected]
[email protected]
 
morceaudebois–Debrandify Remove or Replace WordPress Branding
 
The Debrandify · Remove or Replace WordPress Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-186.4CVE-2024-9674[email protected]
[email protected]
[email protected]
 
Moxa–MXsecurity Series
 
The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.2024-10-185.3CVE-2024-4739[email protected]
 
n/a–CoinGate Plugin
 
A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. The manipulation leads to business logic errors. The attack may be launched remotely. Upgrading to version 1.2.8 is able to address this issue. The patch is identified as 0a3097db0aec7c5d66686c142c6abaa1e126ca16. It is recommended to upgrade the affected component.2024-10-174.3CVE-2018-25104[email protected]
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.2024-10-156.6CVE-2023-31493[email protected]
[email protected]
 
n/a–n/a
 
An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the `warp://action/docker/open_subshell` intent that when clicked by the victim results in command execution on the victim’s machine.2024-10-146.6CVE-2024-41997[email protected]
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere v3.4.1 and v4.1.1 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.2024-10-146.5CVE-2024-46528[email protected]
[email protected]
 
n/a–n/a
 
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.2024-10-166.1CVE-2024-46605[email protected]
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the “Opportunities” module. An attacker can inject malicious JavaScript code into the “Name” field when creating a list.2024-10-146.5CVE-2024-48120[email protected]
 
n/a–n/a
 
A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter.2024-10-156.6CVE-2024-48622[email protected]
 
n/a–n/a
 
In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.2024-10-156.5CVE-2024-48710[email protected]
 
n/a–n/a
 
In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.2024-10-156.5CVE-2024-48712[email protected]
 
n/a–n/a
 
In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.2024-10-156.5CVE-2024-48713[email protected]
 
n/a–n/a
 
In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.2024-10-156.5CVE-2024-48714[email protected]
 
n/a–n/a
 
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via “searchinput” POST request parameter.2024-10-166.1CVE-2024-48744[email protected]
 
n/a–n/a
 
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code2024-10-166.1CVE-2024-48758[email protected]
 
n/a–n/a
 
Cross Site Scripting vulnerability in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php component.2024-10-146.1CVE-2024-48821[email protected]
 
n/a–n/a
 
Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.2024-10-175.6CVE-2023-39593[email protected]
[email protected]
 
n/a–n/a
 
An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.2024-10-175.7CVE-2024-27766[email protected]
[email protected]
 
n/a–n/a
 
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.2024-10-165.3CVE-2024-44762[email protected]
 
n/a–n/a
 
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.2024-10-165.4CVE-2024-46606[email protected]
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML.2024-10-145.4CVE-2024-48119[email protected]
 
n/a–n/a
 
Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php.2024-10-155.5CVE-2024-48278[email protected]
 
n/a–n/a
 
In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS).2024-10-155.3CVE-2024-48623[email protected]
 
n/a–n/a
 
In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability.2024-10-155.3CVE-2024-48624[email protected]
 
n/a–n/a
 
An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive information via the firmware update process.2024-10-145.3CVE-2024-48790[email protected]
[email protected]
 
n/a–n/a
 
An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker to obtain sensitive information via the firmware update process.2024-10-145.9CVE-2024-48793[email protected]
[email protected]
 
n/a–n/a
 
An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 2.00.02 allows a remote attacker to obtain sensitive information via the firmware update process.2024-10-145.3CVE-2024-48795[email protected]
[email protected]
 
n/a–n/a
 
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.2024-10-145.3CVE-2024-49214[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
n/a–n/a
 
An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Code bypass through Electromagnetic Fault Injection allows an attacker to successfully authenticate and write to the RPMB (Replay Protected Memory Block) area without possessing secret information.2024-10-154.9CVE-2024-31955[email protected]
 
n/a–n/a
 
An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal.2024-10-164.9CVE-2024-46212[email protected]
 
nayon46–Unlimited Addon For Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in nayon46 Unlimited Addon For Elementor allows Stored XSS.This issue affects Unlimited Addon For Elementor: from n/a through 2.0.0.2024-10-166.5CVE-2024-49267[email protected]
 
netgear — ex3700_firmware
 
Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter.2024-10-146.8CVE-2024-35519[email protected]
 
netgear — ex6120_firmware
 
Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter.2024-10-146.8CVE-2024-35518[email protected]
 
netgear — r7000_firmware
 
Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.2024-10-146.8CVE-2024-35520[email protected]
 
newtype — webeip
 
NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer maintained. It is recommended to upgrade to the new product.2024-10-155.4CVE-2024-9969[email protected]
[email protected]
 
nextscripts–NextScripts: Social Networks Auto-Poster
 
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user.2024-10-165CVE-2020-36831[email protected]
[email protected]
[email protected]
[email protected]
 
NicheAddons–Events Addon for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Events Addon for Elementor allows Stored XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.0.2024-10-176.5CVE-2024-49264[email protected]
 
NicheAddons–Primary Addon for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.8.2024-10-176.5CVE-2024-49259[email protected]
 
nik00726–Photo Gallery Slideshow & Masonry Tiled Gallery
 
The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-10-194.9CVE-2019-25218[email protected]
[email protected]
[email protected]
[email protected]
 
nik00726–Video Grid
 
The Video Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-166.1CVE-2023-7295[email protected]
[email protected]
 
NinjaTeam–Click to Chat WP Support All-in-One Floating Widget
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NinjaTeam Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.3.2024-10-176.5CVE-2024-49281[email protected]
 
ninjateam–Click to Chat WP Support All-in-One Floating Widget
 
The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-186.4CVE-2024-10055[email protected]
[email protected]
[email protected]
 
nintechnet–NinjaFirewall (WP Edition) Advanced Security Plugin and Firewall
 
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).2024-10-166.6CVE-2021-4451[email protected]
[email protected]
 
Noor Alam–WordPress Image SEO
 
Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n/a through 1.1.4.2024-10-204.3CVE-2024-49627[email protected]
 
NVIDIA–NeMo
 
NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.2024-10-156.3CVE-2024-0129[email protected]
 
OISF–suricata
 
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This issue has been addressed in 7.0.7.2024-10-165.3CVE-2024-45796[email protected]
[email protected]
 
Oliver Schlbe–Admin Management Xtended
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Oliver Schlöbe Admin Management Xtended allows Stored XSS.This issue affects Admin Management Xtended: from n/a through 2.4.6.2024-10-176.5CVE-2024-49307[email protected]
 
omnipressteam–Omnipress
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in omnipressteam Omnipress allows Stored XSS.This issue affects Omnipress: from n/a through 1.4.3.2024-10-176.5CVE-2024-49278[email protected]
 
opajaap–WP Photo Album Plus
 
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wppa-tab’ parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-176.1CVE-2024-9951[email protected]
[email protected]
 
oracle — fusion_middleware
 
Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).2024-10-156.5CVE-2024-21205[email protected]
 
oracle — fusion_middleware
 
Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).2024-10-154.4CVE-2024-21192[email protected]
 
oracle — graalvm
 
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).2024-10-154.8CVE-2024-21235[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).2024-10-156.5CVE-2024-21196[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).2024-10-156.5CVE-2024-21230[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).2024-10-155.3CVE-2024-21238[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-10-154.9CVE-2024-21193[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-10-154.9CVE-2024-21194[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-10-154.9CVE-2024-21197[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-10-154.9CVE-2024-21198[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-10-154.9CVE-2024-21199[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-10-154.9CVE-2024-21200[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-10-154.9CVE-2024-21201[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-10-154.9CVE-2024-21203[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.4.0 and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-10-154.9CVE-2024-21204[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38 and prior, 8.4.1 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-10-154.9CVE-2024-21207[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Health Monitor). Supported versions that are affected are 8.0.39 and prior and 8.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-10-154.4CVE-2024-21212[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).2024-10-154.2CVE-2024-21213[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-10-154.9CVE-2024-21218[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-10-154.9CVE-2024-21219[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-10-154.9CVE-2024-21236[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-10-154.9CVE-2024-21239[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-10-154.9CVE-2024-21241[email protected]
 
oracle — peoplesoft_enterprise_people_tools
 
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-10-156.1CVE-2024-21202[email protected]
 
oracle — vm_virtualbox
 
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H).2024-10-156.1CVE-2024-21263[email protected]
 
oracle — vm_virtualbox
 
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).2024-10-156CVE-2024-21273[email protected]
 
oracle — vm_virtualbox
 
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L).2024-10-155.3CVE-2024-21248[email protected]
 
Oracle Corporation–MySQL Connectors
 
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).2024-10-156.5CVE-2024-21262[email protected]
 
Oracle Corporation–Oracle Application Express
 
Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. While the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N).2024-10-154.9CVE-2024-21261[email protected]
 
Oracle Corporation–Oracle Banking Liquidity Management
 
Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.7.0.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Liquidity Management accessible data as well as unauthorized read access to a subset of Oracle Banking Liquidity Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L).2024-10-155.3CVE-2024-21281[email protected]
 
Oracle Corporation–Oracle Database Server
 
Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Core accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).2024-10-154.3CVE-2024-21233[email protected]
 
Oracle Corporation–Oracle Enterprise Command Center Framework
 
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are ECC:11-13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).2024-10-154.3CVE-2024-21206[email protected]
 
Oracle Corporation–Oracle Installed Base
 
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).2024-10-155.3CVE-2024-21258[email protected]
 
Oracle Corporation–PeopleSoft Enterprise CC Common Application Objects
 
Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).2024-10-155.4CVE-2024-21264[email protected]
 
Oracle Corporation–PeopleSoft Enterprise ELM Enterprise Learning Management
 
Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management product of Oracle PeopleSoft (component: Enterprise Learning Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise ELM Enterprise Learning Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise ELM Enterprise Learning Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).2024-10-155.4CVE-2024-21286[email protected]
 
Oracle Corporation–PeopleSoft Enterprise FIN Expenses
 
Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Expenses. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FIN Expenses accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).2024-10-154.3CVE-2024-21249[email protected]
 
oretnom23 — online_eyewear_shop
 
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=system_info/contact_info of the component Contact Information Page. The manipulation of the argument Address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.2024-10-154.8CVE-2024-9952[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
parcelpro–Parcel Pro
 
The Parcel Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘action’ parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-186.1CVE-2024-9383[email protected]
[email protected]
 
paretodigital–YASR Yet Another Star Rating Plugin for WordPress
 
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.2024-10-166.3CVE-2022-4974[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Partnerships at Booking.com–Booking.com Banner Creator
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Partnerships at Booking.Com Booking.Com Banner Creator allows Stored XSS.This issue affects Booking.Com Banner Creator: from n/a through 1.4.6.2024-10-166.5CVE-2024-49265[email protected]
 
paulirish-1–Infinite-Scroll
 
The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_ajax_edit and process_ajax_delete function. This makes it possible for unauthenticated attackers to make changes to plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-10-185.3CVE-2024-10040[email protected]
[email protected]
[email protected]
 
paytium — paytium
 
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to create a mollie payment profile.2024-10-166.5CVE-2023-7294[email protected]
[email protected]
 
paytium — paytium
 
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to cancel a subscription to the plugin.2024-10-165.4CVE-2023-7287[email protected]
[email protected]
 
paytium — paytium
 
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin settings.2024-10-164.3CVE-2023-7288[email protected]
[email protected]
 
paytium — paytium
 
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin API keys.2024-10-164.3CVE-2023-7289[email protected]
[email protected]
 
paytium — paytium
 
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to check profile statuses.2024-10-164.3CVE-2023-7290[email protected]
[email protected]
 
paytium — paytium
 
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to dismiss admin notices.2024-10-164.3CVE-2023-7292[email protected]
[email protected]
 
paytium — paytium
 
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to verify the existence of a mollie account.2024-10-164.3CVE-2023-7293[email protected]
[email protected]
 
peepso–Community by PeepSo Social Network, Membership, Registration, User Profiles, Premium Mobile App
 
The Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments, and profiles when Markdown support is enabled in all versions up to, and including, 6.4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-165.4CVE-2024-9873[email protected]
[email protected]
 
Pepro Dev. Group–PeproDev Ultimate Invoice
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice allows Stored XSS.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.6.2024-10-176.5CVE-2024-49298[email protected]
 
persianscript– Persian WooCommerce SMS
 
The ?????? ????? ??????? Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-176.1CVE-2024-9213[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Peter CyClop–WordPress Video
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Peter CyClop WordPress Video allows Stored XSS.This issue affects WordPress Video: from n/a through 1.0.2024-10-186.5CVE-2024-49231[email protected]
 
PHPGurukul–Boat Booking System
 
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument nopeople leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.2024-10-196.3CVE-2024-10153[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
PHPGurukul–Boat Booking System
 
A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file status.php of the component Check Booking Status Page. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.2024-10-196.3CVE-2024-10154[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
PHPGurukul–Boat Booking System
 
A vulnerability, which was classified as critical, has been found in PHPGurukul Boat Booking System 1.0. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php of the component BW Dates Report Page. The manipulation of the argument fdate/tdate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “fdate” to be affected. But it must be assumed “tdate” is affected as well.2024-10-206.3CVE-2024-10160[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
PHPGurukul–Boat Booking System
 
A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-206.3CVE-2024-10161[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
PHPGurukul–Boat Booking System
 
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-subadmin.php of the component Edit Subdomain Details Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “mobilenumber” to be affected. But it must be assumed that other parameters are affected as well.2024-10-206.3CVE-2024-10162[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
PHPGurukul–Boat Booking System
 
A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0. Affected is the function session_start. The manipulation leads to session fixiation. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-194.3CVE-2024-10158[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
PINPOINT.WORLD–Pinpoint Booking System
 
Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1.2024-10-175.4CVE-2024-49304[email protected]
 
plainware–Locatoraid Store Locator
 
The Locatoraid Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST keys in all versions up to, and including, 3.9.47 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-166.1CVE-2024-9652[email protected]
[email protected]
[email protected]
 
podpirate–ACF Quick Edit Fields
 
The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users capability to access metadata of other users, this includes contributor-level users and above.2024-10-166.5CVE-2023-7286[email protected]
[email protected]
[email protected]
 
Portfoliohub–WordPress Portfolio Builder Portfolio Gallery
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7.2024-10-176.5CVE-2024-49302[email protected]
 
prasidhda–Woo Manage Fraud Orders
 
The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 6.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-166.1CVE-2024-9937[email protected]
[email protected]
[email protected]
 
PressTigers–Simple Testimonials Showcase
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in PressTigers Simple Testimonials Showcase.This issue affects Simple Testimonials Showcase: from n/a through 1.1.6.2024-10-175.9CVE-2024-49295[email protected]
 
quantizor — markdown-to-jsx
 
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.2024-10-156.1CVE-2024-21535[email protected]
[email protected]
 
quomodosoft–ElementsReady Addons for Elementor
 
The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-166.4CVE-2024-9444[email protected]
[email protected]
[email protected]
[email protected]
 
Razon Komar Pal–Linked Variation for WooCommerce
 
Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Linked Variation for WooCommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through 1.0.5.2024-10-174.3CVE-2024-48047[email protected]
 
Red Hat–OpenShift Developer Tools and Services
 
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`–userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.2024-10-156.5CVE-2024-9676[email protected]
[email protected]
[email protected]
 
Red Hat–Red Hat Ansible Automation Platform 2
 
A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the “?next=” in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.2024-10-165.4CVE-2024-10033[email protected]
[email protected]
 
Red Hat–Red Hat Ansible Automation Platform 2
 
A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.2024-10-155.3CVE-2024-9979[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Red Hat–Red Hat Quay 3
 
A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement.  While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future.2024-10-174.8CVE-2024-9683[email protected]
[email protected]
 
RITTAL GmbH & Co. KG–IoT Interface & CMC III Processing Unit
 
The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function.2024-10-156.8CVE-2024-47944551230f0-3615-47bd-b7cc-93e92e730bbf
551230f0-3615-47bd-b7cc-93e92e730bbf
 
sajjad67–Advanced Category and Custom Taxonomy Image
 
The Advanced Category and Custom Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ad_tax_image shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-186.4CVE-2024-9425[email protected]
[email protected]
[email protected]
[email protected]
 
shaonsina–Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
 
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.2024-10-164.3CVE-2024-9540[email protected]
[email protected]
 
Sinan Yorulmaz–G Meta Keywords
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Sinan Yorulmaz G Meta Keywords allows Stored XSS.This issue affects G Meta Keywords: from n/a through 1.4.2024-10-176.5CVE-2024-49301[email protected]
 
SKT Themes–SKT Blocks Gutenberg based Page Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in SKT Themes SKT Blocks – Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.6.2024-10-176.5CVE-2024-48036[email protected]
 
smackcoders–SendGrid for WordPress
 
The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘wp_mailplus_clear_logs’ function in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin’s log files.2024-10-184.3CVE-2024-9364[email protected]
[email protected]
[email protected]
 
SolarWinds–Kiwi CatTools
 
SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes.2024-10-175.1CVE-2024-45713[email protected]
 
SolarWinds–Serv-U
 
Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload.2024-10-164.8CVE-2024-45714[email protected]
 
SourceCodester–Sentiment Based Movie Rating System
 
A vulnerability was found in SourceCodester Sentiment Based Movie Rating System 1.0. It has been classified as critical. Affected is an unknown function of the file /msrps/movie_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure mentions a slightly changed product name.2024-10-206.3CVE-2024-10163[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
splunk — splunk
 
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the “admin” or “power” Splunk roles could run a search as the “nobody” Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.2024-10-146.5CVE-2024-45732[email protected]
[email protected]
 
splunk — splunk
 
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft a search query with an improperly formatted “INGEST_EVAL” parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).2024-10-146.5CVE-2024-45736[email protected]
[email protected]
 
splunk — splunk
 
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.2024-10-145.4CVE-2024-45740[email protected]
[email protected]
 
splunk — splunk
 
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the “admin” or “power” Splunk roles could create a malicious payload through a custom configuration file that the “api.uri” parameter from the “/manager/search/apps/local” endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.2024-10-145.4CVE-2024-45741[email protected]
[email protected]
 
splunk — splunk
 
In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the “admin” or “power” Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard.2024-10-144.3CVE-2024-45734[email protected]
[email protected]
 
splunk — splunk
 
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the “admin” or “power” Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.2024-10-144.3CVE-2024-45735[email protected]
[email protected]
 
splunk — splunk
 
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level.2024-10-144.9CVE-2024-45738[email protected]
[email protected]
 
splunk — splunk
 
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level.2024-10-144.9CVE-2024-45739[email protected]
[email protected]
 
strategy11team–Formidable Forms Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
 
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.2024-10-165.3CVE-2017-20194[email protected]
[email protected]
 
Streamline.lv–CartBounty Save and recover abandoned carts for WooCommerce
 
Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty – Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a through 8.2.2024-10-206.5CVE-2024-47634[email protected]
 
streamweasels–StreamWeasels Twitch Integration
 
The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-196.4CVE-2024-9897[email protected]
[email protected]
[email protected]
[email protected]
 
sukiwp–Suki Sites Import
 
The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-186.4CVE-2024-8916[email protected]
[email protected]
 
Sumit Surai–Featured Posts with Multiple Custom Groups (FPMCG)
 
Cross-Site Request Forgery (CSRF) vulnerability in Sumit Surai Featured Posts with Multiple Custom Groups (FPMCG) allows Cross Site Request Forgery.This issue affects Featured Posts with Multiple Custom Groups (FPMCG): from n/a through 4.0.2024-10-176.5CVE-2024-48031[email protected]
 
Supsystic–Contact Form by Supsystic
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Supsystic Contact Form by Supsystic allows Stored XSS.This issue affects Contact Form by Supsystic: from n/a through 1.7.28.2024-10-175.9CVE-2024-48046[email protected]
 
SUSE–rancher
 
A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation.2024-10-166.6CVE-2023-32196[email protected]
[email protected]
 
SUSE–rancher
 
A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled. When reconciling, the Kube API secret values are written in plaintext on the AppliedSpec. Cluster owners, Cluster members, and Project members (for projects within the cluster), all have RBAC permissions to view the cluster object from the apiserver.2024-10-166.5CVE-2024-22032[email protected]
[email protected]
 
SUSE–SUSE Linux Enterprise Desktop 15 SP5
 
Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim2024-10-165.5CVE-2024-22034[email protected]
 
SUSE–SUSE Manager Server Module 4.3
 
Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys2024-10-165.9CVE-2023-32189[email protected]
 
SUSE–SUSE Package Hub 15 SP5
 
The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps2024-10-166.3CVE-2024-22033[email protected]
 
Swebdeveloper–wpPricing Builder
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Swebdeveloper wpPricing Builder allows Stored XSS.This issue affects wpPricing Builder: from n/a through 1.5.0.2024-10-186.5CVE-2024-49225[email protected]
 
SysBasics–Shortcode For Elementor Templates
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in SysBasics Shortcode For Elementor Templates allows Stored XSS.This issue affects Shortcode For Elementor Templates: from n/a through 1.0.0.2024-10-176.5CVE-2024-48022[email protected]
 
Tady Walsh–Tito
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Tady Walsh Tito allows DOM-Based XSS.This issue affects Tito: from n/a through 2.3.2024-10-186.5CVE-2024-49241[email protected]
 
Takashi Matsuyama–My Favorites
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Takashi Matsuyama My Favorites allows Stored XSS.This issue affects My Favorites: from n/a through 1.4.1.2024-10-176.5CVE-2024-49263[email protected]
 
teamplus technology–team+
 
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them.2024-10-144.9CVE-2024-9923[email protected]
[email protected]
 
Tecno–4G Portable WiFi TR118
 
A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-204.7CVE-2024-10195[email protected]
[email protected]
[email protected]
[email protected]
 
Teplitsa of social technologies–Leyka
 
: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.6.2024-10-165.3CVE-2024-49252[email protected]
 
thecatkin–ReDi Restaurant Reservation
 
The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 24.0902. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-176.1CVE-2024-9240[email protected]
[email protected]
[email protected]
 
thehowarde–Parallax Image
 
The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-176.4CVE-2024-9898[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
themeid–Elemenda
 
The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-186.4CVE-2024-9373[email protected]
[email protected]
 
themeinwp–Social Share With Floating Bar
 
The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-186.1CVE-2024-8790[email protected]
[email protected]
 
Themesflat–Themesflat Addons For Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.0.2024-10-176.5CVE-2024-49310[email protected]
 
themeworm–Plexx Elementor Extension
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in themeworm Plexx Elementor Extension allows Stored XSS.This issue affects Plexx Elementor Extension: from n/a through 1.3.4.2024-10-186.5CVE-2024-49234[email protected]
 
Thimo Grauerholz–WP-Spreadplugin
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Thimo Grauerholz WP-Spreadplugin allows Stored XSS.This issue affects WP-Spreadplugin: from n/a through 4.8.9.2024-10-165.9CVE-2024-49266[email protected]
 
tiandi–Flat UI Button
 
The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-186.4CVE-2024-10014[email protected]
[email protected]
 
TipTopPress–Hyperlink Group Block
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in TipTopPress Hyperlink Group Block allows Stored XSS.This issue affects Hyperlink Group Block: from n/a through 1.17.5.2024-10-176.5CVE-2024-49279[email protected]
 
tkama–Kama SpamBlock
 
The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST values in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-166.1CVE-2024-9647[email protected]
[email protected]
[email protected]
 
Tophive–Ultimate AI
 
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated value check in the ‘ultimate_ai_change_pass’ function. This makes it possible for unauthenticated attackers to reset the password of the first user, whose account is not yet activated or the first user who activated their account, who are subscribers.2024-10-165.6CVE-2024-9104[email protected]
[email protected]
 
tychesoftwares–Arconix Shortcodes
 
The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘button’ shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-186.4CVE-2024-9703[email protected]
[email protected]
 
vercel–next.js
 
Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned.2024-10-145.9CVE-2024-47831[email protected]
[email protected]
 
VillaTheme–Email Template Customizer for WooCommerce
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through 1.2.5.2024-10-175.9CVE-2024-49288[email protected]
 
vladolaru–Fonto Custom Web Fonts Manager
 
The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-176.4CVE-2024-8920[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
WAVLINK–WN530H4
 
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-204.7CVE-2024-10193[email protected]
[email protected]
[email protected]
[email protected]
 
Weblizar–Lightbox slider Responsive Lightbox Gallery
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Weblizar Lightbox slider – Responsive Lightbox Gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n/a through 1.10.0.2024-10-176.5CVE-2024-49280[email protected]
 
wepic–Country Flags for Elementor
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in wepic Country Flags for Elementor allows Stored XSS.This issue affects Country Flags for Elementor: from n/a through 1.0.1.2024-10-176.5CVE-2024-49262[email protected]
 
WhileTrue–Most And Least Read Posts Widget
 
Cross-Site Request Forgery (CSRF) vulnerability in WhileTrue Most And Least Read Posts Widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.18.2024-10-204.3CVE-2024-49628[email protected]
 
WisdmLabs–Edwiser Bridge
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WisdmLabs Edwiser Bridge allows Stored XSS.This issue affects Edwiser Bridge: from n/a through 3.0.7.2024-10-176.5CVE-2024-49311[email protected]
 
WisdmLabs–Edwiser Bridge
 
Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.7.2024-10-174.9CVE-2024-49312[email protected]
 
withastro–astro
 
The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting (XSS) in websites enables Astro’s client-side routing and has *stored* attacker-controlled scriptless HTML elements (i.e., `iframe` tags with unsanitized `name` attributes) on the destination pages. This vulnerability can result in cross-site scripting (XSS) attacks on websites that built with Astro that enable the client-side routing with `ViewTransitions` and store the user-inserted scriptless HTML tags without properly sanitizing the `name` attributes on the page. Version 4.16.1 contains a patch for this issue.2024-10-145.9CVE-2024-47885[email protected]
[email protected]
[email protected]
 
woocommerce — woocommerce
 
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions.2024-10-156.1CVE-2024-9944[email protected]
[email protected]
[email protected]
[email protected]
 
WooCommerce–Product Vendors
 
The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the ‘vendor_description’ parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-164.7CVE-2017-20193[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
WooCommerce–WooCommerce Smart Coupons
 
The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to send themselves gift certificates of any value, which could be redeemed for products sold on the victim’s storefront.2024-10-165.3CVE-2020-36841[email protected]
[email protected]
 
WordPress Foundation–WordPress
 
WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page.2024-10-164.9CVE-2022-4973[email protected]
[email protected]
[email protected]
[email protected]
 
WP-buy–WP Content Copy Protection & No Right Click
 
Cross-Site Request Forgery (CSRF) vulnerability in WP-buy WP Content Copy Protection & No Right Click allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through 3.5.9.2024-10-204.3CVE-2024-49306[email protected]
 
wp-slimstat — slimstat_analytics
 
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-156.1CVE-2024-9548[email protected]
[email protected]
[email protected]
 
wpdevteam–Essential Addons for Elementor Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
 
The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform many unauthorized actions such as changing settings and installing arbitrary plugins.2024-10-166.3CVE-2021-4446[email protected]
[email protected]
 
wpdiscover–Photo Gallery Builder
 
Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions.2024-10-204.3CVE-2024-49325[email protected]
 
wpextended–The Ultimate WordPress Toolkit WP Extended
 
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpext-export’ parameter in all versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-10-176.1CVE-2024-9347[email protected]
[email protected]
[email protected]
 
wpindeed–Indeed Membership Pro
 
The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 – 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subscriber, to perform a variety of actions such as modifying settings and viewing sensitive data.2024-10-166.3CVE-2020-36833[email protected]
[email protected]
 
wpmudev–Forminator Forms Contact Form, Payment Form & Custom Form Builder
 
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the quiz ‘create_module’ function. This makes it possible for unauthenticated attackers to create draft quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-10-174.3CVE-2024-9351[email protected]
[email protected]
[email protected]
 
wpmudev–Forminator Forms Contact Form, Payment Form & Custom Form Builder
 
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the custom form ‘create_module’ function. This makes it possible for unauthenticated attackers to create draft forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-10-174.3CVE-2024-9352[email protected]
[email protected]
[email protected]
 
wproyal–Royal Elementor Addons and Templates
 
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected posts.2024-10-174.3CVE-2024-7417[email protected]
[email protected]
[email protected]
 
wpvividplugins–Migration, Backup, Staging WPvivid
 
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site’s database due to missing capability checks on the wp_ajax_wpvivid_add_remote AJAX action that allows low-level authenticated attackers to send back-ups to a remote location of their choice for review. This affects versions up to, and including 0.9.35.2024-10-164.9CVE-2020-36835[email protected]
[email protected]
[email protected]
 
WPWeb–Social Auto Poster
 
Cross-Site Request Forgery (CSRF) vulnerability in WPWeb Social Auto Poster allows Cross Site Request Forgery.This issue affects Social Auto Poster: from n/a through 5.3.15.2024-10-204.3CVE-2024-49272[email protected]
 
wpzest–Easy Menu Manager | WPZest
 
The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-186.4CVE-2024-9366[email protected]
[email protected]
 
wpzita–Zita Elementor Site Library
 
The Zita Elementor Site Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.2024-10-166.4CVE-2024-8921[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
xplodedthemes — wpide
 
The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution results. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.2024-10-155.3CVE-2024-9546[email protected]
[email protected]
 
zaytech — smart_online_order_for_clover
 
The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-10-155.4CVE-2024-9895[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
zluck–Multiline files upload for contact form 7
 
The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugin_form_submission() function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate the plugin and send a custom reason from the site.2024-10-164.3CVE-2024-9891[email protected]
[email protected]
[email protected]
 

Back to top

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource InfoPatch Info
Admidio–admidio
 
Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue.2024-10-163.5CVE-2024-47836[email protected]
 
authzed — spicedb
 
SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources2` and have caveats in the evaluation path for their requests can return a permissionship of `CONDITIONAL` with context marked as missing, even then the context was supplied. LookupResources2 is the new default in SpiceDB 1.37.0 and has been opt-in since SpiceDB 1.35.0. The bug is patched as part of SpiceDB 1.37.1. As a workaround, disable LookupResources2 via the `–enable-experimental-lookup-resources` flag by setting it to `false`.2024-10-142.4CVE-2024-48909[email protected]
[email protected]
 
code-projects–Blood Bank System
 
A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /viewrequest.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-193.5CVE-2024-10142[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Eclipse Foundation–Jetty
 
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.2024-10-143.1CVE-2024-6762[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Eclipse Foundation–Jetty
 
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.2024-10-143.7CVE-2024-6763[email protected]
[email protected]
[email protected]
 
elabftw–elabftw
 
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to 5.1.5 allows an attacker to inject arbitrary HTML tags in the pages: “experiments.php” (show mode), “database.php” (show mode) or “search.php”. It works by providing HTML code in the extended search string, which will then be displayed back to the user in the error message. This means that injected HTML will appear in a red “alert/danger” box, and be part of an error message. Due to some other security measures, it is not possible to execute arbitrary javascript from this attack. As such, this attack is deemed low impact. Users should upgrade to at least version 5.1.5 to receive a patch. No known workarounds are available.2024-10-143.5CVE-2024-47826[email protected]
[email protected]
 
jsbroks–COCO Annotator
 
A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRET_KEY leads to predictable from observable state. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.2024-10-193.7CVE-2024-10141[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
oracle — graalvm
 
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).2024-10-153.7CVE-2024-21217[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L).2024-10-153.1CVE-2024-21231[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data as well as unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).2024-10-153.8CVE-2024-21247[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).2024-10-152CVE-2024-21209[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).2024-10-152.2CVE-2024-21232[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).2024-10-152.2CVE-2024-21237[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).2024-10-152.2CVE-2024-21243[email protected]
 
oracle — mysql
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).2024-10-152.2CVE-2024-21244[email protected]
 
oracle — vm_virtualbox
 
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).2024-10-152.3CVE-2024-21253[email protected]
 
Oracle Corporation–GraalVM
 
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).2024-10-153.7CVE-2024-21211[email protected]
 
Oracle Corporation–Oracle Database Server
 
Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via HTTP to compromise XML Database. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XML Database. CVSS 3.1 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).2024-10-153.5CVE-2024-21242[email protected]
 
Oracle Corporation–Oracle Database Server
 
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).2024-10-153.1CVE-2024-21251[email protected]
 
Oracle Corporation–Oracle Hyperion BI+
 
Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.18.0.000. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Hyperion BI+ executes to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hyperion BI+ accessible data. CVSS 3.1 Base Score 3.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).2024-10-153CVE-2024-21257[email protected]
 
Oracle Corporation–Oracle Java SE
 
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).2024-10-153.7CVE-2024-21208[email protected]
 
Oracle Corporation–Oracle Java SE
 
Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).2024-10-153.7CVE-2024-21210[email protected]
 
PHPGurukul–Boat Booking System
 
A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument phone_number leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-193.5CVE-2024-10155[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
PHPGurukul–Boat Booking System
 
A vulnerability, which was classified as problematic, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/book-details.php of the component Booking Details Page. The manipulation of the argument Official Remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.2024-10-203.5CVE-2024-10191[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
PHPGurukul–IFSC Code Finder Project
 
A vulnerability has been found in PHPGurukul IFSC Code Finder Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file search.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.2024-10-203.5CVE-2024-10192[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
splunk — splunk
 
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the “admin” or “power” Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).2024-10-143.5CVE-2024-45737[email protected]
[email protected]
 
Topdata–Inner Rep Plus WebServer
 
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-182.7CVE-2024-10122[email protected]
[email protected]
[email protected]
 
Topdata–Inner Rep Plus WebServer
 
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.2024-10-182.7CVE-2024-10128[email protected]
[email protected]
[email protected]
 
VMware–Spring
 
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.2024-10-183.1CVE-2024-38820[email protected]
 
vue–vue
 
Improper regular expression in Vue’s parseHTML function leads to a potential regular expression denial of service vulnerability.2024-10-153.7CVE-2024-950636c7be3b-2937-45df-85ea-ca7133ea542c
 

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource InfoPatch Info
Apache Software Foundation–Apache Roller
 
Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller’s CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4. Roller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue. Roller 6.1.4 release announcement:  https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw2024-10-14not yet calculatedCVE-2024-46911[email protected]
 
AstroxNetwork–agent_dart
 
Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in `lib/agent/certificate.dart` does not occur properly. During the delegation verification in the `_checkDelegation` function, the canister_ranges aren’t verified. The impact of not checking the canister_ranges is that a subnet can sign canister responses in behalf of another subnet. The certificate’s timestamp, i.e /time path, is also not verified, meaning that the certificate effectively has no expiration time. Version 1.0.0-dev.29 implements appropriate certificate verification.2024-10-15not yet calculatedCVE-2024-48915[email protected]
[email protected]
[email protected]
[email protected]
 
binary-husky–binary-husky/gpt_academic
 
A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration values.2024-10-17not yet calculatedCVE-2024-10100[email protected]
 
binary-husky–binary-husky/gpt_academic
 
A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payload in the victim’s browser when the file is accessed. This can result in the theft of session cookies or other sensitive information.2024-10-17not yet calculatedCVE-2024-10101[email protected]
 
BItdefender–Total Security
 
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites.2024-10-18not yet calculatedCVE-2023-6056[email protected]
 
Bitdefender–Total Security
 
A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site’s certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate.2024-10-18not yet calculatedCVE-2023-49567[email protected]
 
Bitdefender–Total Security
 
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn’t authorized to issue certificates. This occurs when the “Basic Constraints” extension in the certificate indicates that it is meant to be an “End Entity”. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website.2024-10-18not yet calculatedCVE-2023-49570[email protected]
 
Bitdefender–Total Security
 
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the “Server Authentication” specification in the Extended Key Usage extension, the product does not verify the certificate’s compliance with the site, deeming such certificates as valid. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website.2024-10-18not yet calculatedCVE-2023-6055[email protected]
 
Bitdefender–Total Security
 
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate.2024-10-18not yet calculatedCVE-2023-6057[email protected]
 
Bitdefender–Total Security
 
A vulnerability has been identified in Bitdefender Safepay’s handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications.2024-10-18not yet calculatedCVE-2023-6058[email protected]
 
Checkmk GmbH–Checkmk
 
Insertion of Sensitive Information into Log File in Checkmk GmbH’s Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators.2024-10-14not yet calculatedCVE-2024-38862[email protected]
 
Checkmk GmbH–Checkmk
 
Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH’s Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks.2024-10-14not yet calculatedCVE-2024-38863[email protected]
 
comfyanonymous–comfyanonymous/comfyui
 
A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the `/api/upload/image` endpoint. The payload is executed when the file is viewed through the `/view` API endpoint, leading to potential execution of arbitrary JavaScript code.2024-10-17not yet calculatedCVE-2024-10099[email protected]
 
Docker–Docker Desktop
 
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.2024-10-16not yet calculatedCVE-2024-9348[email protected]
 
element-hq–element-desktop
 
Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets.2024-10-15not yet calculatedCVE-2024-47771[email protected]
[email protected]
[email protected]
 
element-hq–element-web
 
Element is a Matrix web client built using the Matrix React SDK .Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Note that despite superficial similarity to CVE-2024-47771, this is an entirely separate vulnerability, caused by a separate piece of code included only in Element Web. Element Web and Element Desktop share most but not all, of their code and this vulnerability exists in the part of the code base which is not shared between the projects. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets.2024-10-15not yet calculatedCVE-2024-47779[email protected]
[email protected]
 
Elvaco–M-Bus Metering Gateway CMe3100
 
The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information.2024-10-17not yet calculatedCVE-2024-49396[email protected]
 
Elvaco–M-Bus Metering Gateway CMe3100
 
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts.2024-10-17not yet calculatedCVE-2024-49397[email protected]
 
Elvaco–M-Bus Metering Gateway CMe3100
 
The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code.2024-10-17not yet calculatedCVE-2024-49398[email protected]
 
Elvaco–M-Bus Metering Gateway CMe3100
 
The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information.2024-10-17not yet calculatedCVE-2024-49399[email protected]
 
encode–starlette
 
Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fields and cause Starlette to both slow down significantly due to excessive memory allocations and copy operations, and also consume more and more memory until the server starts swapping and grinds to a halt, or the OS terminates the server process with an OOM error. Uploading multiple such requests in parallel may be enough to render a service practically unusable, even if reasonable request size limits are enforced by a reverse proxy in front of Starlette. This Denial of service (DoS) vulnerability affects all applications built with Starlette (or FastAPI) accepting form requests. Verison 0.40.0 fixes this issue.2024-10-15not yet calculatedCVE-2024-47874[email protected]
[email protected]
 
Hewlett Packard Enterprise (HPE)–HPE OneView
 
This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.2024-10-18not yet calculatedCVE-2024-42508[email protected]
 
Hikvision–HikCentral Master Lite
 
There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file.2024-10-18not yet calculatedCVE-2024-47485[email protected]
 
Hikvision–HikCentral Master Lite
 
There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could inject scripts into certain pages by building malicious data.2024-10-18not yet calculatedCVE-2024-47486[email protected]
 
Hikvision–HikCentral Professional
 
There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries.2024-10-18not yet calculatedCVE-2024-47487[email protected]
 
infiniflow–infiniflow/ragflow
 
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input `req[‘llm_factory’]` and `req[‘llm_name’]` to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to potentially execute arbitrary code due to the lack of comprehensive input validation or sanitization. An attacker could provide a malicious value for ‘llm_factory’ that, when used as an index to these model dictionaries, results in the execution of arbitrary code.2024-10-19not yet calculatedCVE-2024-10131[email protected]
 
Ivanti–Connect Secure
 
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.2024-10-18not yet calculatedCVE-2024-37404[email protected]
 
Ivanti–DSM
 
Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector.2024-10-18not yet calculatedCVE-2024-29213[email protected]
 
Ivanti–DSM
 
Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector.2024-10-18not yet calculatedCVE-2024-29821[email protected]
 
Kajitori Co.,Ltd–Exment
 
Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table.2024-10-18not yet calculatedCVE-2024-46897[email protected]
[email protected]
[email protected]
 
Kajitori Co.,Ltd–Exment
 
Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser of the user.2024-10-18not yet calculatedCVE-2024-47793[email protected]
[email protected]
[email protected]
 
Lakeside Software–SysTrack LsiAgent Installer
 
Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access.2024-10-18not yet calculatedCVE-2023-6080[email protected]
[email protected]
[email protected]
 
LCDS – Leo Consultoria e Desenvolvimento de Sistemas Ltda ME–LAquis SCADA
 
In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. This could allow an attacker to steal cookies, redirect users, or perform unauthorized actions.2024-10-17not yet calculatedCVE-2024-9414[email protected]
 
matrix-org–matrix-js-sdk
 
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061) and is commonly used to share historical message keys with newly invited users, granting them access to past messages in the room. However, it unconditionally sends these “shared” keys to all of the invited user’s devices, regardless of whether the user’s cryptographic identity is verified or whether the user’s devices are signed by that identity. This allows the attacker to potentially inject its own devices to receive sensitive historical keys without proper security checks. Note that this only affects clients running the SDK with the legacy crypto stack. Clients using the new Rust cryptography stack (i.e. those that call `MatrixClient.initRustCrypto()` instead of `MatrixClient.initCrypto()`) are unaffected by this vulnerability, because `MatrixClient.sendSharedHistoryKeys()` raises an exception in such environments. The vulnerability was fixed in matrix-js-sdk 34.8.0 by removing the vulnerable functionality. As a workaround, remove use of affected functionality from clients.2024-10-15not yet calculatedCVE-2024-47080[email protected]
[email protected]
[email protected]
 
matrix-org–matrix-react-sdk
 
matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that room, via injection of a malicious device controlled by the homeserver. This is possible because matrix-react-sdk before 3.102.0 shared historical message keys on invite. Version 3.102.0 fixes this issue by disabling sharing message keys on invite by removing calls to the vulnerable functionality. No known workarounds are available.2024-10-15not yet calculatedCVE-2024-47824[email protected]
[email protected]
[email protected]
 
MessagePack-CSharp–MessagePack-CSharp
 
### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialized. This is similar to [a prior advisory](https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf), which provided an inadequate fix for the hash collision part of the vulnerability. ### Patches The following steps are required to mitigate this risk. 1. Upgrade to a version of the library where a fix is available. 1. Review the steps in [this previous advisory](https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf) to ensure you have your application configured for untrusted data. ### Workarounds If upgrading MessagePack to a patched version is not an option for you, you may apply a manual workaround as follows: 1. Declare a class that derives from `MessagePackSecurity`. 2. Override the `GetHashCollisionResistantEqualityComparer<T>` method to provide a collision-resistant hash function of your own and avoid calling `base.GetHashCollisionResistantEqualityComparer<T>()`. 3. Configure a `MessagePackSerializerOptions` with an instance of your derived type by calling `WithSecurity` on an existing options object. 4. Use your custom options object for all deserialization operations. This may be by setting the `MessagePackSerializer.DefaultOptions` static property, if you call methods that rely on this default property, and/or by passing in the options object explicitly to any `Deserialize` method. ### References – Learn more about best security practices when reading untrusted data with [MessagePack 1.x](https://github.com/MessagePack-CSharp/MessagePack-CSharp/tree/v1.x#security) or [MessagePack 2.x](https://github.com/MessagePack-CSharp/MessagePack-CSharp#security). – The .NET team’s [discussion on hash collision vulnerabilities of their `HashCode` struct](https://github.com/GrabYourPitchforks/runtime/blob/threat_models/docs/design/security/System.HashCode.md). ### For more information If you have any questions or comments about this advisory: * [Start a public discussion](https://github.com/MessagePack-CSharp/MessagePack-CSharp/discussions) * [Email us privately](mailto:[email protected])2024-10-17not yet calculatedCVE-2024-48924[email protected]
[email protected]
[email protected]
 
Meta–Tacquito
 
Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That would have potentially allowed unauthorized commands to be executed.2024-10-17not yet calculatedCVE-2024-49400[email protected]
 
Mozilla–Firefox
 
When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3.2024-10-14not yet calculatedCVE-2024-9936[email protected]
[email protected]
 
n/a–n/a
 
The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.2024-10-15not yet calculatedCVE-2024-44337[email protected]