Patch Tuesday — April 2024
2024-04-09 · 965 CVEs
CVEs published or modified the week of 2024-04-09, partitioned by vendor.
Microsoft (166 CVEs)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24576 | Critical | 10.0 | — | 2024-04-09 | Rust is a programming language. |
CVE-2024-3566 | Critical | 9.8 | — | 2024-04-10 | A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. |
CVE-2024-29990 | Critical | 9.0 | — | 2024-04-09 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
CVE-2024-26362 | High | 8.8 | — | 2024-04-10 | HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. |
CVE-2024-29993 | High | 8.8 | — | 2024-04-09 | Azure CycleCloud Elevation of Privilege Vulnerability |
CVE-2024-29988 | High | 8.8 | KEV | 2024-04-09 | SmartScreen Prompt Security Feature Bypass Vulnerability |
CVE-2024-29985 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-29984 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-29983 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-29982 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-29053 | High | 8.8 | — | 2024-04-09 | Microsoft Defender for IoT Remote Code Execution Vulnerability |
CVE-2024-29048 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-29047 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-29046 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-29044 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-29043 | High | 8.8 | — | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28945 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28944 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28943 | High | 8.8 | — | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28942 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28941 | High | 8.8 | — | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28940 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28939 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28938 | High | 8.8 | — | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28937 | High | 8.8 | — | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28936 | High | 8.8 | — | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28935 | High | 8.8 | — | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28934 | High | 8.8 | — | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28933 | High | 8.8 | — | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28932 | High | 8.8 | — | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28931 | High | 8.8 | — | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28930 | High | 8.8 | — | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28929 | High | 8.8 | — | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28927 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28926 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28915 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28914 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28913 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28912 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28911 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28910 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28909 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28908 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28906 | High | 8.8 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-26244 | High | 8.8 | — | 2024-04-09 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-26214 | High | 8.8 | — | 2024-04-09 | Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability |
CVE-2024-26210 | High | 8.8 | — | 2024-04-09 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-26205 | High | 8.8 | — | 2024-04-09 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-26200 | High | 8.8 | — | 2024-04-09 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-26179 | High | 8.8 | — | 2024-04-09 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-21323 | High | 8.8 | — | 2024-04-09 | Microsoft Defender for IoT Remote Code Execution Vulnerability |
CVE-2024-20678 | High | 8.8 | — | 2024-04-09 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2024-2975 | High | 8.8 | — | 2024-04-09 | A race condition was identified through which privilege escalation was possible in certain configurations. |
CVE-2024-29989 | High | 8.4 | — | 2024-04-09 | Azure Monitor Agent Elevation of Privilege Vulnerability |
CVE-2024-29050 | High | 8.4 | — | 2024-04-09 | Windows Cryptographic Services Remote Code Execution Vulnerability |
CVE-2024-0082 | High | 8.2 | — | 2024-04-08 | NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. |
CVE-2024-20670 | High | 8.1 | — | 2024-04-09 | Outlook for Windows Spoofing Vulnerability |
CVE-2024-28925 | High | 8.0 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-26240 | High | 8.0 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-26189 | High | 8.0 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-26180 | High | 8.0 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-30273 | High | 7.8 | — | 2024-04-11 | Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30272 | High | 7.8 | — | 2024-04-11 | Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30271 | High | 7.8 | — | 2024-04-11 | Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-20797 | High | 7.8 | — | 2024-04-11 | Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. |
CVE-2024-20795 | High | 7.8 | — | 2024-04-11 | Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-20772 | High | 7.8 | — | 2024-04-10 | Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-29061 | High | 7.8 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-29052 | High | 7.8 | — | 2024-04-09 | Windows Storage Elevation of Privilege Vulnerability |
CVE-2024-28920 | High | 7.8 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-28907 | High | 7.8 | — | 2024-04-09 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
CVE-2024-28905 | High | 7.8 | — | 2024-04-09 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
CVE-2024-28904 | High | 7.8 | — | 2024-04-09 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
CVE-2024-26257 | High | 7.8 | — | 2024-04-09 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-26256 | High | 7.8 | — | 2024-04-09 | Libarchive Remote Code Execution Vulnerability |
CVE-2024-26245 | High | 7.8 | — | 2024-04-09 | Windows SMB Elevation of Privilege Vulnerability |
CVE-2024-26241 | High | 7.8 | — | 2024-04-09 | Win32k Elevation of Privilege Vulnerability |
CVE-2024-26239 | High | 7.8 | — | 2024-04-09 | Windows Telephony Server Elevation of Privilege Vulnerability |
CVE-2024-26237 | High | 7.8 | — | 2024-04-09 | Windows Defender Credential Guard Elevation of Privilege Vulnerability |
CVE-2024-26235 | High | 7.8 | — | 2024-04-09 | Windows Update Stack Elevation of Privilege Vulnerability |
CVE-2024-26230 | High | 7.8 | — | 2024-04-09 | Windows Telephony Server Elevation of Privilege Vulnerability |
CVE-2024-26229 | High | 7.8 | — | 2024-04-09 | Windows CSC Service Elevation of Privilege Vulnerability |
CVE-2024-26228 | High | 7.8 | — | 2024-04-09 | Windows Cryptographic Services Security Feature Bypass Vulnerability |
CVE-2024-26218 | High | 7.8 | — | 2024-04-09 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-26211 | High | 7.8 | — | 2024-04-09 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
CVE-2024-26175 | High | 7.8 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-26158 | High | 7.8 | — | 2024-04-09 | Microsoft Install Service Elevation of Privilege Vulnerability |
CVE-2024-21447 | High | 7.8 | — | 2024-04-09 | Windows Authentication Elevation of Privilege Vulnerability |
CVE-2024-20693 | High | 7.8 | — | 2024-04-09 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-29045 | High | 7.5 | — | 2024-04-09 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
CVE-2024-28896 | High | 7.5 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-26254 | High | 7.5 | — | 2024-04-09 | Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability |
CVE-2024-26248 | High | 7.5 | — | 2024-04-09 | Windows Kerberos Elevation of Privilege Vulnerability |
CVE-2024-26219 | High | 7.5 | — | 2024-04-09 | HTTP.sys Denial of Service Vulnerability |
CVE-2024-26215 | High | 7.5 | — | 2024-04-09 | DHCP Server Service Denial of Service Vulnerability |
CVE-2024-26212 | High | 7.5 | — | 2024-04-09 | DHCP Server Service Denial of Service Vulnerability |
CVE-2024-26194 | High | 7.4 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-29063 | High | 7.3 | — | 2024-04-09 | Azure AI Search Information Disclosure Vulnerability |
CVE-2024-26232 | High | 7.3 | — | 2024-04-09 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
CVE-2024-26216 | High | 7.3 | — | 2024-04-09 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability |
CVE-2024-21409 | High | 7.3 | — | 2024-04-09 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
CVE-2024-29066 | High | 7.2 | — | 2024-04-09 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability |
CVE-2024-29055 | High | 7.2 | — | 2024-04-09 | Microsoft Defender for IoT Elevation of Privilege Vulnerability |
CVE-2024-29054 | High | 7.2 | — | 2024-04-09 | Microsoft Defender for IoT Elevation of Privilege Vulnerability |
CVE-2024-26233 | High | 7.2 | — | 2024-04-09 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2024-26231 | High | 7.2 | — | 2024-04-09 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2024-26227 | High | 7.2 | — | 2024-04-09 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2024-26224 | High | 7.2 | — | 2024-04-09 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2024-26223 | High | 7.2 | — | 2024-04-09 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2024-26222 | High | 7.2 | — | 2024-04-09 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2024-26221 | High | 7.2 | — | 2024-04-09 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2024-26208 | High | 7.2 | — | 2024-04-09 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
CVE-2024-26202 | High | 7.2 | — | 2024-04-09 | DHCP Server Service Remote Code Execution Vulnerability |
CVE-2024-26195 | High | 7.2 | — | 2024-04-09 | DHCP Server Service Remote Code Execution Vulnerability |
CVE-2024-21324 | High | 7.2 | — | 2024-04-09 | Microsoft Defender for IoT Elevation of Privilege Vulnerability |
CVE-2024-21322 | High | 7.2 | — | 2024-04-09 | Microsoft Defender for IoT Remote Code Execution Vulnerability |
CVE-2024-29062 | High | 7.1 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-20689 | High | 7.1 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-20688 | High | 7.1 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-26243 | High | 7.0 | — | 2024-04-09 | Windows USB Print Driver Elevation of Privilege Vulnerability |
CVE-2024-26242 | High | 7.0 | — | 2024-04-09 | Windows Telephony Server Elevation of Privilege Vulnerability |
CVE-2024-26236 | High | 7.0 | — | 2024-04-09 | Windows Update Stack Elevation of Privilege Vulnerability |
CVE-2024-26213 | High | 7.0 | — | 2024-04-09 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
CVE-2024-28897 | Medium | 6.8 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-26253 | Medium | 6.8 | — | 2024-04-09 | Windows rndismp6.sys Remote Code Execution Vulnerability |
CVE-2024-26252 | Medium | 6.8 | — | 2024-04-09 | Windows rndismp6.sys Remote Code Execution Vulnerability |
CVE-2024-26251 | Medium | 6.8 | — | 2024-04-09 | Microsoft SharePoint Server Spoofing Vulnerability |
CVE-2024-26168 | Medium | 6.8 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-28924 | Medium | 6.7 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-28921 | Medium | 6.7 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-28919 | Medium | 6.7 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-28903 | Medium | 6.7 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-26250 | Medium | 6.7 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-26234 | Medium | 6.7 | — | 2024-04-09 | Proxy Driver Spoofing Vulnerability |
CVE-2024-26171 | Medium | 6.7 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-20669 | Medium | 6.7 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-26226 | Medium | 6.5 | — | 2024-04-09 | Windows Distributed File System (DFS) Information Disclosure Vulnerability |
CVE-2024-26183 | Medium | 6.5 | — | 2024-04-09 | Windows Kerberos Denial of Service Vulnerability |
CVE-2024-21424 | Medium | 6.5 | — | 2024-04-09 | Azure Compute Gallery Elevation of Privilege Vulnerability |
CVE-2024-0083 | Medium | 6.5 | — | 2024-04-08 | NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. |
CVE-2024-28923 | Medium | 6.4 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-26193 | Medium | 6.4 | — | 2024-04-09 | Azure Migrate Remote Code Execution Vulnerability |
CVE-2024-28898 | Medium | 6.3 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
CVE-2024-29064 | Medium | 6.2 | — | 2024-04-09 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2024-28917 | Medium | 6.2 | — | 2024-04-09 | Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability |
CVE-2024-20665 | Medium | 6.1 | — | 2024-04-09 | BitLocker Security Feature Bypass Vulnerability |
CVE-2024-20685 | Medium | 5.9 | — | 2024-04-09 | Azure Private 5G Core Denial of Service Vulnerability |
CVE-2024-20796 | Medium | 5.5 | — | 2024-04-11 | Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20794 | Medium | 5.5 | — | 2024-04-11 | Animate versions 23.0.4, 24.0.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service. |
CVE-2024-20798 | Medium | 5.5 | — | 2024-04-11 | Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20771 | Medium | 5.5 | — | 2024-04-11 | Bridge versions 13.0.6, 14.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20770 | Medium | 5.5 | — | 2024-04-10 | Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20766 | Medium | 5.5 | — | 2024-04-10 | InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20737 | Medium | 5.5 | — | 2024-04-10 | After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-29992 | Medium | 5.5 | — | 2024-04-09 | Azure Identity Library for .NET Information Disclosure Vulnerability |
CVE-2024-28902 | Medium | 5.5 | — | 2024-04-09 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
CVE-2024-28901 | Medium | 5.5 | — | 2024-04-09 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
CVE-2024-28900 | Medium | 5.5 | — | 2024-04-09 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
CVE-2024-26255 | Medium | 5.5 | — | 2024-04-09 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
CVE-2024-26217 | Medium | 5.5 | — | 2024-04-09 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
CVE-2024-26209 | Medium | 5.5 | — | 2024-04-09 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability |
CVE-2024-26207 | Medium | 5.5 | — | 2024-04-09 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
CVE-2024-26172 | Medium | 5.5 | — | 2024-04-09 | Windows DWM Core Library Information Disclosure Vulnerability |
CVE-2024-26220 | Medium | 5.0 | — | 2024-04-09 | Windows Mobile Hotspot Information Disclosure Vulnerability |
CVE-2024-29056 | Medium | 4.3 | — | 2024-04-09 | Windows Authentication Elevation of Privilege Vulnerability |
CVE-2024-28922 | Medium | 4.1 | — | 2024-04-09 | Secure Boot Security Feature Bypass Vulnerability |
Other vendors (799 CVEs across 336 vendors)
N/a · 59 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28718 | Critical | 9.8 | — | 2024-04-12 | An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. |
CVE-2024-31678 | Critical | 9.8 | — | 2024-04-11 | Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file. |
CVE-2024-21508 | Critical | 9.8 | — | 2024-04-11 | Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. |
CVE-2024-31819 | Critical | 9.8 | — | 2024-04-10 | An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. |
CVE-2024-31807 | Critical | 9.8 | — | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. |
CVE-2024-31022 | Critical | 9.8 | — | 2024-04-08 | An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component. |
CVE-2024-27488 | Critical | 9.8 | — | 2024-04-08 | Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. |
CVE-2024-23080 | Critical | 9.1 | — | 2024-04-10 | Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). |
CVE-2024-23078 | Critical | 9.1 | — | 2024-04-08 | JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). |
CVE-2024-31815 | Critical | 9.1 | — | 2024-04-08 | In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh |
CVE-2024-29269 | High | 8.8 | — | 2024-04-10 | An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter. |
CVE-2024-24279 | High | 8.8 | — | 2024-04-08 | An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower functions. |
CVE-2024-31814 | High | 8.8 | — | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. |
CVE-2024-31809 | High | 8.8 | — | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. |
CVE-2024-31808 | High | 8.8 | — | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. |
CVE-2024-31507 | High | 8.6 | — | 2024-04-09 | Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "request" parameter in admin/fetch_gendercs.php. |
CVE-2024-31813 | High | 8.4 | — | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. |
CVE-2024-28270 | High | 8.1 | — | 2024-04-08 | An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword. |
CVE-2024-31811 | High | 8.0 | — | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. |
CVE-2024-25545 | High | 7.8 | — | 2024-04-12 | An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component. |
CVE-2024-25376 | High | 7.8 | — | 2024-04-11 | An issue discovered in Thesycon Software Solutions Gmbh & Co. |
CVE-2024-26574 | High | 7.8 | — | 2024-04-08 | Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe |
CVE-2024-29504 | High | 7.6 | — | 2024-04-10 | Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter. |
CVE-2024-29400 | High | 7.5 | — | 2024-04-12 | An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter. |
CVE-2024-28458 | High | 7.5 | — | 2024-04-11 | Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c. |
CVE-2023-51142 | High | 7.5 | — | 2024-04-11 | An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information. |
CVE-2024-31506 | High | 7.5 | — | 2024-04-09 | Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "id" parameter in admin/admin_cs.php. |
CVE-2024-31817 | High | 7.5 | — | 2024-04-08 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. |
CVE-2024-31816 | High | 7.5 | — | 2024-04-08 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. |
CVE-2020-36829 | High | 7.5 | — | 2024-04-08 | The Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allow an attacker to guess the length of a secret string. |
CVE-2024-28224 | Medium | 6.6 | — | 2024-04-08 | Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resourc… |
CVE-2023-48865 | Medium | 6.5 | — | 2024-04-11 | An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL. |
CVE-2023-51141 | Medium | 6.5 | — | 2024-04-11 | An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component |
CVE-2024-21509 | Medium | 6.5 | — | 2024-04-10 | Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js. |
CVE-2024-21507 | Medium | 6.5 | — | 2024-04-10 | Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. |
CVE-2024-31812 | Medium | 6.5 | — | 2024-04-08 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. |
CVE-2024-31806 | Medium | 6.5 | — | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. |
CVE-2024-31805 | Medium | 6.5 | — | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. |
CVE-2024-29461 | Medium | 6.3 | — | 2024-04-12 | An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component. |
CVE-2024-23079 | Medium | 6.2 | — | 2024-04-08 | JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). |
CVE-2024-30845 | Medium | 6.1 | — | 2024-04-12 | Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters. |
CVE-2024-30879 | Medium | 6.1 | — | 2024-04-11 | Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the imag… |
CVE-2024-30878 | Medium | 6.1 | — | 2024-04-11 | A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter. |
CVE-2024-23735 | Medium | 6.1 | — | 2024-04-10 | Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certifica… |
CVE-2024-28402 | Medium | 5.9 | — | 2024-04-11 | TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. |
CVE-2024-28345 | Medium | 5.5 | — | 2024-04-10 | An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL. |
CVE-2024-30880 | Medium | 5.4 | — | 2024-04-11 | Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the i… |
CVE-2024-27665 | Medium | 5.4 | — | 2024-04-09 | Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module. |
CVE-2024-31544 | Medium | 5.4 | — | 2024-04-09 | A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrower_name”, “faculty_department” par… |
CVE-2024-29296 | Medium | 5.3 | — | 2024-04-10 | A user enumeration vulnerability was found in Portainer CE 2.19.4. |
CVE-2024-23083 | Medium | 5.3 | — | 2024-04-10 | Time4J Base v5.9.3 was discovered to contain a NullPointerException via the component net.time4j.format.internal.FormatUtils::useDefaultWeekmodel(Locale). |
CVE-2024-23734 | Medium | 5.2 | — | 2024-04-10 | Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted li… |
CVE-2024-31839 | Medium | 4.8 | — | 2024-04-12 | Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. |
CVE-2024-30883 | Medium | 4.7 | — | 2024-04-11 | Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in th… |
CVE-2024-30915 | Medium | 4.3 | — | 2024-04-11 | An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de6b8d6c823a66, allows a local attacker to cause a denial of service and obtain sensitive information via the max_samples parameter within the DataReaderQoS component. |
CVE-2024-31047 | Low | 3.3 | — | 2024-04-08 | An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp. |
CVE-2024-23081 | Low | 3.3 | — | 2024-04-08 | ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). |
CVE-2024-28344 | Low | 3.1 | — | 2024-04-10 | An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. |
CVE-2024-23082 | — | — | — | 2024-04-08 | ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition). |
Linux · 39 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2021-47204 | High | 7.8 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove Access to netdev after free_netdev() will cause use-after-free bug. |
CVE-2021-47200 | High | 7.8 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap drm_gem_ttm_mmap() drops a reference to the gem object on success. |
CVE-2021-47198 | High | 7.8 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfc_unr… |
CVE-2021-47196 | High | 7.8 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Set send and receive CQ before forwarding to the driver Preset both receive and send CQ pointers prior to call to the drivers and overwrite it later again til… |
CVE-2021-47194 | High | 7.8 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SE… |
CVE-2021-47219 | High | 7.1 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() The following issue was observed running syzkaller: BUG: KASAN: slab-out-of-bounds in memcpy include/lin… |
CVE-2021-47191 | High | 7.1 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() The following warning was observed running syzkaller: [ 3813.830724] sg_write: data in/out 65466/242 bytes f… |
CVE-2021-47189 | Medium | 6.3 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory ordering between normal and ordered work functions Ordered work functions aren't guaranteed to be handled by the same thread which executed the normal… |
CVE-2021-47218 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: selinux: fix NULL-pointer dereference when hashtab allocation fails When the hash table slot array allocation fails in hashtab_init(), h->size is left initialized with a… |
CVE-2021-47217 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails Check for a valid hv_vp_index array prior to derefencing hv_vp_index when setting Hyper-V's TS… |
CVE-2021-47216 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: scsi: advansys: Fix kernel pointer leak Pointers should be printed with %p or %px rather than cast to 'unsigned long' and printed with %lx. |
CVE-2021-47215 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix crash in RX resync flow For the TLS RX resync flow, we maintain a list of TLS contexts that require some attention, to communicate their resync info… |
CVE-2021-47214 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: hugetlb, userfaultfd: fix reservation restore on userfaultfd error Currently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we bail out using "goto out_releas… |
CVE-2021-47212 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Update error handler for UCTX and UMEM In the fast unload flow, the device state is set to internal error, which indicates that the driver started the destroy… |
CVE-2021-47211 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix null pointer dereference on pointer cs_desc The pointer cs_desc return from snd_usb_find_clock_source could be null, so there is a potential null po… |
CVE-2021-47210 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: tipd: Remove WARN_ON in tps6598x_block_read Calling tps6598x_block_read with a higher than allowed len can be handled by just returning an error. |
CVE-2021-47209 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: sched/fair: Prevent dead task groups from regaining cfs_rq's Kevin is reporting crashes which point to a use-after-free of a cfs_rq in update_blocked_averages(). |
CVE-2021-47207 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: ALSA: gus: fix null pointer dereference on pointer block The pointer block return from snd_gf1_dma_next_block could be null, so there is a potential null pointer derefer… |
CVE-2021-47206 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the re… |
CVE-2021-47205 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and their provi… |
CVE-2021-47203 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter. |
CVE-2021-47202 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() parses the thermal-zones node and registers a thermal_zone device for each subno… |
CVE-2021-47201 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: iavf: free q_vectors before queues in iavf_disable_vf iavf_free_queues() clears adapter->num_active_queues, which iavf_free_q_vectors() relies on, so swap the order of t… |
CVE-2021-47199 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT, Fix multiple allocations and memleak of mod acts CT clear action offload adds additional mod hdr actions to the flow's original mod actions in order to cl… |
CVE-2021-47197 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() Prior to this patch in case mlx5_core_destroy_cq() failed it proceeds to rest of destroy operations. |
CVE-2021-47195 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on SPI buses") introduced a per-controller mutex. |
CVE-2021-47193 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix memory leak during rmmod Driver failed to release all memory allocated. |
CVE-2021-47190 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perf_env__insert_btf() perf_env__insert_btf() doesn't insert if a duplicate BTF id is encountered and this causes a memory leak. |
CVE-2021-47188 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecom… |
CVE-2021-47187 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency The entry/exit latency and minimum residency in state for the idle states of MSM8998 were ..bad: f… |
CVE-2021-47186 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: tipc: check for null after calling kmemdup kmemdup can return a null pointer so need to check for it, otherwise the null key will be dereferenced later in tipc_crypto_ke… |
CVE-2021-47184 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL ptr dereference on VSI filter sync Remove the reason of null pointer dereference in sync VSI filters. |
CVE-2021-47183 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outst… |
CVE-2021-47182 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsi_mode_sense() buffer length handling Several problems exist with scsi_mode_sense() buffer length handling: 1) The allocation length field of the MO… |
CVE-2021-47181 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: usb: musb: tusb6010: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the ret… |
CVE-2024-26815 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check taprio_parse_tc_entry() is not correctly checking TCA_TAPRIO_TC_ENTRY_INDEX attribute: int tc; // Signed valu… |
CVE-2024-26811 | Medium | 5.5 | — | 2024-04-08 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. |
CVE-2021-47192 | Medium | 5.3 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offl… |
CVE-2021-47185 | Medium | 4.4 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look li… |
Juniper · 29 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30381 | High | 8.4 | — | 2024-04-12 | An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sen… |
CVE-2024-30398 | High | 7.5 | — | 2024-04-12 | An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS… |
CVE-2024-30397 | High | 7.5 | — | 2024-04-12 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). |
CVE-2024-30392 | High | 7.5 | — | 2024-04-12 | A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). |
CVE-2024-30382 | High | 7.5 | — | 2024-04-12 | An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing… |
CVE-2024-30405 | High | 7.5 | — | 2024-04-12 | An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial o… |
CVE-2024-30395 | High | 7.5 | — | 2024-04-12 | An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). |
CVE-2024-30394 | High | 7.5 | — | 2024-04-12 | A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS). |
CVE-2024-21598 | High | 7.5 | — | 2024-04-12 | An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (Do… |
CVE-2024-30403 | Medium | 6.5 | — | 2024-04-12 | A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). |
CVE-2024-30388 | Medium | 6.5 | — | 2024-04-12 | An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). |
CVE-2024-30387 | Medium | 6.5 | — | 2024-04-12 | A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). |
CVE-2024-21618 | Medium | 6.5 | — | 2024-04-12 | An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS). |
CVE-2024-21609 | Medium | 6.5 | — | 2024-04-12 | A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully esta… |
CVE-2024-21605 | Medium | 6.5 | — | 2024-04-12 | An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). |
CVE-2024-21593 | Medium | 6.5 | — | 2024-04-12 | An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). |
CVE-2024-30402 | Medium | 5.9 | — | 2024-04-12 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Servic… |
CVE-2024-30401 | Medium | 5.9 | — | 2024-04-12 | An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack… |
CVE-2024-30389 | Medium | 5.8 | — | 2024-04-12 | An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vuln… |
CVE-2024-30410 | Medium | 5.8 | — | 2024-04-12 | An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback (lo0) interface. |
CVE-2024-30384 | Medium | 5.5 | — | 2024-04-12 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Serv… |
CVE-2024-30406 | Medium | 5.5 | — | 2024-04-12 | A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with hig… |
CVE-2024-30390 | Medium | 5.3 | — | 2024-04-12 | An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited Denial of Service (DoS) to the management plane. |
CVE-2024-30386 | Medium | 5.3 | — | 2024-04-12 | A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). |
CVE-2024-30409 | Medium | 5.3 | — | 2024-04-12 | An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetr… |
CVE-2024-21590 | Medium | 5.3 | — | 2024-04-12 | An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to… |
CVE-2024-21615 | Medium | 5.0 | — | 2024-04-12 | An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system. |
CVE-2024-30391 | Medium | 4.8 | — | 2024-04-12 | A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact… |
CVE-2024-21610 | Medium | 4.3 | — | 2024-04-12 | An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). |
Huawei · 24 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52538 | Critical | 9.1 | — | 2024-04-08 | Vulnerability of package name verification being bypassed in the HwIms module. |
CVE-2024-27897 | High | 7.5 | — | 2024-04-08 | Input verification vulnerability in the call module. |
CVE-2024-27896 | High | 7.5 | — | 2024-04-08 | Input verification vulnerability in the log module. |
CVE-2024-27895 | High | 7.5 | — | 2024-04-08 | Vulnerability of permission control in the window module. |
CVE-2023-52386 | High | 7.5 | — | 2024-04-08 | Out-of-bounds write vulnerability in the RSMC module. |
CVE-2023-52552 | High | 7.5 | — | 2024-04-08 | Input verification vulnerability in the power module. |
CVE-2023-52550 | High | 7.5 | — | 2024-04-08 | Vulnerability of data verification errors in the kernel module. |
CVE-2023-52549 | High | 7.5 | — | 2024-04-08 | Vulnerability of data verification errors in the kernel module. |
CVE-2023-52546 | High | 7.5 | — | 2024-04-08 | Vulnerability of package name verification being bypassed in the Calendar app. |
CVE-2023-52545 | High | 7.5 | — | 2024-04-08 | Vulnerability of undefined permissions in the Calendar app. |
CVE-2023-52541 | High | 7.5 | — | 2024-04-08 | Authentication vulnerability in the API for app pre-loading. |
CVE-2023-52540 | High | 7.5 | — | 2024-04-08 | Vulnerability of improper authentication in the Iaware module. |
CVE-2023-52539 | High | 7.5 | — | 2024-04-08 | Permission verification vulnerability in the Settings module. |
CVE-2023-52537 | High | 7.5 | — | 2024-04-08 | Vulnerability of package name verification being bypassed in the HwIms module. |
CVE-2023-52388 | High | 7.5 | — | 2024-04-08 | Permission control vulnerability in the clock module. |
CVE-2023-52359 | High | 7.5 | — | 2024-04-08 | Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module. |
CVE-2023-52553 | High | 7.4 | — | 2024-04-08 | Race condition vulnerability in the Wi-Fi module. |
CVE-2023-52554 | Medium | 6.5 | — | 2024-04-08 | Permission control vulnerability in the Bluetooth module. |
CVE-2023-52542 | Medium | 6.5 | — | 2024-04-08 | Permission verification vulnerability in the system module. |
CVE-2023-52364 | Medium | 6.3 | — | 2024-04-08 | Vulnerability of input parameters being not strictly verified in the RSMC module. |
CVE-2023-52385 | Medium | 6.2 | — | 2024-04-08 | Out-of-bounds write vulnerability in the RSMC module. |
CVE-2023-52543 | Medium | 6.2 | — | 2024-04-08 | Permission verification vulnerability in the system module. |
CVE-2023-52551 | Medium | 5.3 | — | 2024-04-08 | Vulnerability of data verification errors in the kernel module. |
CVE-2023-52544 | Medium | 4.3 | — | 2024-04-08 | Vulnerability of file path verification being bypassed in the email module. |
Campcodes · 23 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3535 | High | 7.3 | — | 2024-04-10 | A vulnerability, which was classified as critical, was found in Campcodes Church Management System 1.0. |
CVE-2024-3534 | High | 7.3 | — | 2024-04-10 | A vulnerability, which was classified as critical, has been found in Campcodes Church Management System 1.0. |
CVE-2024-3698 | Medium | 6.3 | — | 2024-04-12 | A vulnerability was found in Campcodes House Rental Management System 1.0. |
CVE-2024-3697 | Medium | 6.3 | — | 2024-04-12 | A vulnerability was found in Campcodes House Rental Management System 1.0. |
CVE-2024-3696 | Medium | 6.3 | — | 2024-04-12 | A vulnerability was found in Campcodes House Rental Management System 1.0 and classified as critical. |
CVE-2024-3540 | Medium | 6.3 | — | 2024-04-10 | A vulnerability was found in Campcodes Church Management System 1.0. |
CVE-2024-3539 | Medium | 6.3 | — | 2024-04-10 | A vulnerability was found in Campcodes Church Management System 1.0. |
CVE-2024-3538 | Medium | 6.3 | — | 2024-04-10 | A vulnerability was found in Campcodes Church Management System 1.0. |
CVE-2024-3537 | Medium | 6.3 | — | 2024-04-10 | A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical. |
CVE-2024-3536 | Medium | 6.3 | — | 2024-04-10 | A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. |
CVE-2024-3523 | Medium | 6.3 | — | 2024-04-09 | A vulnerability classified as critical was found in Campcodes Online Event Management System 1.0. |
CVE-2024-3522 | Medium | 6.3 | — | 2024-04-09 | A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0. |
CVE-2024-3542 | Low | 3.5 | — | 2024-04-10 | A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. |
CVE-2024-3541 | Low | 3.5 | — | 2024-04-10 | A vulnerability classified as problematic has been found in Campcodes Church Management System 1.0. |
CVE-2024-3533 | Low | 3.5 | — | 2024-04-10 | A vulnerability classified as problematic was found in Campcodes Complete Online Student Management System 1.0. |
CVE-2024-3532 | Low | 3.5 | — | 2024-04-10 | A vulnerability classified as problematic has been found in Campcodes Complete Online Student Management System 1.0. |
CVE-2024-3531 | Low | 3.5 | — | 2024-04-10 | A vulnerability was found in Campcodes Complete Online Student Management System 1.0. |
CVE-2024-3530 | Low | 3.5 | — | 2024-04-10 | A vulnerability was found in Campcodes Complete Online Student Management System 1.0. |
CVE-2024-3529 | Low | 3.5 | — | 2024-04-10 | A vulnerability was found in Campcodes Complete Online Student Management System 1.0. |
CVE-2024-3528 | Low | 3.5 | — | 2024-04-10 | A vulnerability was found in Campcodes Complete Online Student Management System 1.0 and classified as problematic. |
CVE-2024-3526 | Low | 3.5 | — | 2024-04-10 | A vulnerability has been found in Campcodes Online Event Management System 1.0 and classified as problematic. |
CVE-2024-3525 | Low | 3.5 | — | 2024-04-10 | A vulnerability, which was classified as problematic, was found in Campcodes Online Event Management System 1.0. |
CVE-2024-3524 | Low | 3.5 | — | 2024-04-10 | A vulnerability, which was classified as problematic, has been found in Campcodes Online Event Management System 1.0. |
Google · 17 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52351 | High | 7.8 | — | 2024-04-08 | In ril service, there is a possible out of bounds write due to a missing bounds check. |
CVE-2023-52342 | High | 7.5 | — | 2024-04-08 | In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. |
CVE-2023-52341 | High | 7.5 | — | 2024-04-08 | In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. |
CVE-2023-52345 | Medium | 6.0 | — | 2024-04-08 | In modem driver, there is a possible system crash due to improper input validation. |
CVE-2023-52534 | Medium | 5.9 | — | 2024-04-08 | In ngmm, there is a possible undefined behavior due to incorrect error handling. |
CVE-2023-52352 | Medium | 5.5 | — | 2024-04-08 | In Network Adapter Service, there is a possible missing permission check. |
CVE-2023-52347 | Medium | 5.5 | — | 2024-04-08 | In ril service, there is a possible out of bounds write due to a missing bounds check. |
CVE-2023-52343 | Medium | 5.5 | — | 2024-04-08 | In SecurityCommand message after as security has been actived., there is a possible improper input validation. |
CVE-2023-52533 | Medium | 5.3 | — | 2024-04-08 | In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. |
CVE-2023-52344 | Medium | 5.3 | — | 2024-04-08 | In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. |
CVE-2024-23658 | Medium | 4.4 | — | 2024-04-08 | In camera driver, there is a possible use after free due to a logic error. |
CVE-2023-52536 | Medium | 4.4 | — | 2024-04-08 | In faceid service, there is a possible out of bounds read due to a missing bounds check. |
CVE-2023-52535 | Medium | 4.4 | — | 2024-04-08 | In vsp driver, there is a possible missing verification incorrect input. |
CVE-2023-52350 | Medium | 4.4 | — | 2024-04-08 | In ril service, there is a possible out of bounds write due to a missing bounds check. |
CVE-2023-52349 | Medium | 4.4 | — | 2024-04-08 | In ril service, there is a possible out of bounds write due to a missing bounds check. |
CVE-2023-52348 | Medium | 4.4 | — | 2024-04-08 | In ril service, there is a possible out of bounds write due to a missing bounds check. |
CVE-2023-52346 | Medium | 4.4 | — | 2024-04-08 | In modem driver, there is a possible system crash due to improper input validation. |
Adobe · 14 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-20758 | Critical | 9.0 | — | 2024-04-10 | Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. |
CVE-2024-20759 | High | 8.1 | — | 2024-04-10 | Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable… |
CVE-2024-26122 | Medium | 5.4 | — | 2024-04-10 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26098 | Medium | 5.4 | — | 2024-04-10 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26097 | Medium | 5.4 | — | 2024-04-10 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26087 | Medium | 5.4 | — | 2024-04-10 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26084 | Medium | 5.4 | — | 2024-04-10 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26079 | Medium | 5.4 | — | 2024-04-10 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26076 | Medium | 5.4 | — | 2024-04-10 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26047 | Medium | 5.4 | — | 2024-04-10 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26046 | Medium | 5.4 | — | 2024-04-10 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-20780 | Medium | 5.4 | — | 2024-04-10 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-20779 | Medium | 5.4 | — | 2024-04-10 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-20778 | Medium | 5.4 | — | 2024-04-10 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
Ibm · 14 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31873 | High | 7.5 | — | 2024-04-10 | IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. |
CVE-2024-31872 | High | 7.5 | — | 2024-04-10 | IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. |
CVE-2024-31871 | High | 7.5 | — | 2024-04-10 | IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. |
CVE-2024-27261 | Medium | 6.4 | — | 2024-04-12 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. |
CVE-2024-22358 | Medium | 6.3 | — | 2024-04-12 | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to… |
CVE-2024-31874 | Medium | 6.2 | — | 2024-04-10 | IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. |
CVE-2024-22359 | Medium | 6.1 | — | 2024-04-12 | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. |
CVE-2023-50949 | Medium | 5.9 | — | 2024-04-11 | IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. |
CVE-2024-22357 | Medium | 5.4 | — | 2024-04-12 | IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. |
CVE-2023-50307 | Medium | 5.4 | — | 2024-04-12 | IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. |
CVE-2023-47714 | Medium | 4.8 | — | 2024-04-12 | IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. |
CVE-2023-45186 | Medium | 4.8 | — | 2024-04-12 | IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. |
CVE-2024-22334 | Medium | 4.4 | — | 2024-04-12 | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom s… |
CVE-2024-22339 | Medium | 4.3 | — | 2024-04-12 | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitiv… |
Apache · 13 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31866 | Critical | 9.8 | — | 2024-04-09 | Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. |
CVE-2024-31864 | Critical | 9.8 | — | 2024-04-09 | Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. |
CVE-2024-31309 | High | 7.5 | — | 2024-04-10 | HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. |
CVE-2024-27309 | High | 7.4 | — | 2024-04-12 | While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced. |
CVE-2024-31391 | Medium | 6.5 | — | 2024-04-12 | Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. |
CVE-2024-31867 | Medium | 6.5 | — | 2024-04-09 | Improper Input Validation vulnerability in Apache Zeppelin. |
CVE-2024-31865 | Medium | 6.5 | — | 2024-04-09 | Improper Input Validation vulnerability in Apache Zeppelin. |
CVE-2024-31860 | Medium | 6.5 | — | 2024-04-09 | Improper Input Validation vulnerability in Apache Zeppelin. |
CVE-2024-31868 | Medium | 6.1 | — | 2024-04-09 | Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. |
CVE-2021-28656 | Medium | 5.4 | — | 2024-04-09 | Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. |
CVE-2024-31863 | Medium | 5.3 | — | 2024-04-09 | Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. |
CVE-2024-31862 | Medium | 5.3 | — | 2024-04-09 | Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. |
CVE-2022-47894 | Medium | 5.3 | — | 2024-04-09 | Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. |
Fortinet · 12 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-45590 | Critical | 9.6 | — | 2024-04-09 | An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux… |
CVE-2024-21756 | High | 8.8 | — | 2024-04-09 | A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to… |
CVE-2024-21755 | High | 8.8 | — | 2024-04-09 | A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to… |
CVE-2024-31492 | High | 8.2 | — | 2024-04-10 | An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configu… |
CVE-2024-23671 | High | 8.1 | — | 2024-04-09 | A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unau… |
CVE-2023-41677 | High | 7.5 | — | 2024-04-09 | A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2… |
CVE-2023-48784 | Medium | 6.7 | — | 2024-04-09 | A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-ad… |
CVE-2023-47542 | Medium | 6.7 | — | 2024-04-09 | A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specia… |
CVE-2023-47541 | Medium | 6.7 | — | 2024-04-09 | An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, F… |
CVE-2023-47540 | Medium | 6.7 | — | 2024-04-09 | An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all… |
CVE-2024-31487 | Medium | 5.9 | — | 2024-04-09 | A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, Fo… |
CVE-2024-23662 | Medium | 5.3 | — | 2024-04-09 | An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclo… |
Tp-link · 12 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49134 | High | 8.1 | — | 2024-04-09 | A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build… |
CVE-2023-49133 | High | 8.1 | — | 2024-04-09 | A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build… |
CVE-2023-48724 | High | 7.5 | — | 2024-04-09 | A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. |
CVE-2023-49074 | High | 7.4 | — | 2024-04-09 | A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. |
CVE-2023-49913 | High | 7.2 | — | 2024-04-09 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. |
CVE-2023-49912 | High | 7.2 | — | 2024-04-09 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. |
CVE-2023-49911 | High | 7.2 | — | 2024-04-09 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. |
CVE-2023-49910 | High | 7.2 | — | 2024-04-09 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. |
CVE-2023-49909 | High | 7.2 | — | 2024-04-09 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. |
CVE-2023-49908 | High | 7.2 | — | 2024-04-09 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. |
CVE-2023-49907 | High | 7.2 | — | 2024-04-09 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. |
CVE-2023-49906 | High | 7.2 | — | 2024-04-09 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. |
Xwiki · 12 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31996 | Critical | 10.0 | — | 2024-04-10 | XWiki Platform is a generic wiki platform. |
CVE-2024-31982 | Critical | 10.0 | — | 2024-04-10 | XWiki Platform is a generic wiki platform. |
CVE-2024-31997 | Critical | 9.9 | — | 2024-04-10 | XWiki Platform is a generic wiki platform. |
CVE-2024-31987 | Critical | 9.9 | — | 2024-04-10 | XWiki Platform is a generic wiki platform. |
CVE-2024-31984 | Critical | 9.9 | — | 2024-04-10 | XWiki Platform is a generic wiki platform. |
CVE-2024-31983 | Critical | 9.9 | — | 2024-04-10 | XWiki Platform is a generic wiki platform. |
CVE-2024-31981 | Critical | 9.9 | — | 2024-04-10 | XWiki Platform is a generic wiki platform. |
CVE-2024-31465 | Critical | 9.9 | — | 2024-04-10 | XWiki Platform is a generic wiki platform. |
CVE-2024-31988 | Critical | 9.6 | — | 2024-04-10 | XWiki Platform is a generic wiki platform. |
CVE-2024-31986 | Critical | 9.0 | — | 2024-04-10 | XWiki Platform is a generic wiki platform. |
CVE-2024-31464 | Medium | 6.8 | — | 2024-04-10 | XWiki Platform is a generic wiki platform. |
CVE-2024-31985 | Medium | 5.4 | — | 2024-04-10 | XWiki Platform is a generic wiki platform. |
Oretnom23 · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3465 | Medium | 6.3 | — | 2024-04-08 | A vulnerability was found in SourceCodester Laundry Management System 1.0. |
CVE-2024-3464 | Medium | 6.3 | — | 2024-04-08 | A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical. |
CVE-2024-3445 | Medium | 6.3 | — | 2024-04-08 | A vulnerability was found in SourceCodester Laundry Management System 1.0. |
CVE-2024-3466 | Medium | 5.5 | — | 2024-04-08 | A vulnerability was found in SourceCodester Laundry Management System 1.0. |
CVE-2024-3695 | Low | 3.5 | — | 2024-04-12 | A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic. |
CVE-2024-3616 | Low | 3.5 | — | 2024-04-11 | A vulnerability classified as problematic was found in SourceCodester Warehouse Management System 1.0. |
CVE-2024-3614 | Low | 3.5 | — | 2024-04-11 | A vulnerability classified as problematic has been found in SourceCodester Warehouse Management System 1.0. |
CVE-2024-3613 | Low | 3.5 | — | 2024-04-11 | A vulnerability was found in SourceCodester Warehouse Management System 1.0. |
CVE-2024-3612 | Low | 3.5 | — | 2024-04-11 | A vulnerability was found in SourceCodester Warehouse Management System 1.0. |
CVE-2024-3463 | Low | 3.5 | — | 2024-04-08 | A vulnerability has been found in SourceCodester Laundry Management System 1.0 and classified as problematic. |
Fast5 · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3439 | High | 7.3 | — | 2024-04-08 | A vulnerability was found in SourceCodester Prison Management System 1.0. |
CVE-2024-3438 | High | 7.3 | — | 2024-04-08 | A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as critical. |
CVE-2024-3437 | High | 7.3 | — | 2024-04-08 | A vulnerability was found in SourceCodester Prison Management System 1.0. |
CVE-2024-3442 | Medium | 6.3 | — | 2024-04-08 | A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. |
CVE-2024-3441 | Medium | 6.3 | — | 2024-04-08 | A vulnerability was found in SourceCodester Prison Management System 1.0. |
CVE-2024-3436 | Medium | 6.3 | — | 2024-04-08 | A vulnerability was found in SourceCodester Prison Management System 1.0. |
CVE-2024-3440 | Medium | 4.7 | — | 2024-04-08 | A vulnerability was found in SourceCodester Prison Management System 1.0. |
CVE-2024-3443 | Low | 3.5 | — | 2024-04-08 | A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. |
Palo Alto Networks · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3400 | Critical | 10.0 | KEV | 2024-04-12 | A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated atta… |
CVE-2024-3385 | High | 7.5 | — | 2024-04-10 | A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. |
CVE-2024-3384 | High | 7.5 | — | 2024-04-10 | A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. |
CVE-2024-3382 | High | 7.5 | — | 2024-04-10 | A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. |
CVE-2024-3383 | High | 7.4 | — | 2024-04-10 | A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. |
CVE-2024-3387 | Medium | 5.3 | — | 2024-04-10 | A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls… |
CVE-2024-3386 | Medium | 5.3 | — | 2024-04-10 | An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. |
CVE-2024-3388 | Medium | 4.1 | — | 2024-04-10 | A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. |
Sap_se · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27899 | High | 8.8 | — | 2024-04-09 | Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. |
CVE-2024-27901 | High | 7.2 | — | 2024-04-09 | SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. |
CVE-2024-30218 | Medium | 6.5 | — | 2024-04-09 | The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. |
CVE-2024-28167 | Medium | 6.5 | — | 2024-04-09 | SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
CVE-2024-30215 | Medium | 4.8 | — | 2024-04-09 | The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. |
CVE-2024-30214 | Medium | 4.8 | — | 2024-04-09 | The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. |
CVE-2024-30217 | Medium | 4.3 | — | 2024-04-09 | Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
CVE-2024-30216 | Medium | 4.3 | — | 2024-04-09 | Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
Siemens · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30191 | High | 8.4 | — | 2024-04-09 | A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6G… |
CVE-2024-26275 | High | 7.8 | — | 2024-04-09 | A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (A… |
CVE-2024-31978 | High | 7.6 | — | 2024-04-09 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). |
CVE-2023-50821 | Medium | 6.2 | — | 2024-04-09 | A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC W… |
CVE-2024-30190 | Medium | 6.1 | — | 2024-04-09 | A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6G… |
CVE-2024-30189 | Medium | 6.1 | — | 2024-04-09 | A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) (All versions), SCALANCE W722-1 RJ45 (6GK5… |
CVE-2024-26277 | Low | 3.3 | — | 2024-04-09 | A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (A… |
CVE-2024-26276 | Low | 3.3 | — | 2024-04-09 | A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (A… |
Livemesh · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2655 | Medium | 6.4 | — | 2024-04-10 | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on auth… |
CVE-2024-2539 | Medium | 6.4 | — | 2024-04-10 | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget '_id' attributes in all versions up to, and including, 8.3.6 due to insufficient input sanitization and output escaping on user s… |
CVE-2024-1466 | Medium | 6.4 | — | 2024-04-09 | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_style’ attribute of the Posts Multislider widget in all versions up to, and including, 8.3.4 due to insufficient input sanit… |
CVE-2024-1465 | Medium | 6.4 | — | 2024-04-09 | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘carousel_skin’ attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitiz… |
CVE-2024-1464 | Medium | 6.4 | — | 2024-04-09 | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and… |
CVE-2024-1461 | Medium | 6.4 | — | 2024-04-09 | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Team Members widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and… |
CVE-2024-1458 | Medium | 6.4 | — | 2024-04-09 | The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text_alignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitiz… |
Bold-themes · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2736 | Medium | 6.4 | — | 2024-04-10 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. |
CVE-2024-2735 | Medium | 6.4 | — | 2024-04-10 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Price List' element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied at… |
CVE-2024-2734 | Medium | 6.4 | — | 2024-04-10 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attri… |
CVE-2024-3267 | Medium | 6.4 | — | 2024-04-09 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on u… |
CVE-2024-3266 | Medium | 6.4 | — | 2024-04-09 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplie… |
CVE-2024-2733 | Medium | 5.4 | — | 2024-04-10 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Separator" element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user sup… |
Cobham · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-44852 | High | 8.2 | — | 2024-04-12 | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_traps_decode function in the acu_web file. |
CVE-2023-44857 | High | 8.1 | — | 2024-04-12 | An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component. |
CVE-2023-44855 | Medium | 6.5 | — | 2024-04-12 | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web fi… |
CVE-2023-44856 | Medium | 6.1 | — | 2024-04-12 | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients' parameters of the sub_21D24 function in the acu_web… |
CVE-2023-44854 | Medium | 6.1 | — | 2024-04-12 | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web file. |
CVE-2023-44853 | Medium | 4.8 | — | 2024-04-12 | \An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file. |
Leevio · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2789 | Medium | 6.4 | — | 2024-04-09 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on use… |
CVE-2024-2788 | Medium | 6.4 | — | 2024-04-09 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user su… |
CVE-2024-2787 | Medium | 6.4 | — | 2024-04-09 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user su… |
CVE-2024-1498 | Medium | 6.4 | — | 2024-04-09 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on… |
CVE-2024-2786 | Medium | 5.4 | — | 2024-04-09 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on the title_tag a… |
CVE-2024-1387 | Medium | 4.3 | — | 2024-04-09 | The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. |
Contao · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28235 | High | 8.3 | — | 2024-04-09 | Contao is an open source content management system. |
CVE-2024-30262 | Medium | 5.9 | — | 2024-04-09 | Contao is an open source content management system. |
CVE-2024-28190 | Medium | 5.4 | — | 2024-04-09 | Contao is an open source content management system. |
CVE-2024-28234 | Medium | 4.3 | — | 2024-04-09 | Contao is an open source content management system. |
CVE-2024-28191 | Low | 3.1 | — | 2024-04-09 | Contao is an open source content management system. |
Fedoraproject · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3157 | Critical | 9.6 | — | 2024-04-10 | Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. |
CVE-2023-2794 | High | 8.1 | — | 2024-04-10 | A flaw was found in ofono, an Open Source Telephony on Linux. |
CVE-2023-49528 | High | 8.0 | — | 2024-04-12 | Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. |
CVE-2024-3516 | Medium | 6.5 | — | 2024-04-10 | Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2024-3515 | Medium | 6.5 | — | 2024-04-10 | Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Formtools · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22718 | Critical | 9.6 | — | 2024-04-11 | Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL. |
CVE-2024-22719 | High | 8.1 | — | 2024-04-11 | SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client. |
CVE-2024-22722 | High | 7.2 | — | 2024-04-11 | Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. |
CVE-2024-22721 | Medium | 6.3 | — | 2024-04-11 | Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link. |
CVE-2024-22717 | Medium | 6.1 | — | 2024-04-11 | Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application. |
Leap13 · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2665 | Medium | 6.4 | — | 2024-04-10 | The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button in all versions up to, and including, 4.10.27 due to insufficient input sanitization and output escaping on user sup… |
CVE-2024-2664 | Medium | 6.4 | — | 2024-04-10 | The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping o… |
CVE-2024-0376 | Medium | 6.4 | — | 2024-04-09 | The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escapin… |
CVE-2024-2666 | Medium | 5.4 | — | 2024-04-10 | The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and outpu… |
CVE-2024-31278 | Medium | 4.3 | — | 2024-04-10 | Insertion of Sensitive Information Into Sent Data vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.This issue affects Premium Addons for Elementor: from n/a through <= 4.10.22. |
Mayurik · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3621 | Medium | 4.7 | — | 2024-04-11 | A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. |
CVE-2024-3620 | Medium | 4.7 | — | 2024-04-11 | A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. |
CVE-2024-3619 | Medium | 4.7 | — | 2024-04-11 | A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. |
CVE-2024-3618 | Medium | 4.7 | — | 2024-04-11 | A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. |
CVE-2024-3617 | Medium | 4.7 | — | 2024-04-11 | A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. |
Mintplex-labs · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3025 | Critical | 9.9 | — | 2024-04-10 | mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. |
CVE-2024-3569 | High | 7.5 | — | 2024-04-10 | A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. |
CVE-2024-3283 | High | 7.2 | — | 2024-04-10 | A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. |
CVE-2024-3101 | High | 7.2 | — | 2024-04-10 | In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. |
CVE-2024-3570 | Medium | 5.4 | — | 2024-04-10 | A stored Cross-Site Scripting (XSS) vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. |
Wpzoom · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2187 | Medium | 6.4 | — | 2024-04-09 | The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonials widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. |
CVE-2024-2186 | Medium | 6.4 | — | 2024-04-09 | The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Members widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. |
CVE-2024-2185 | Medium | 6.4 | — | 2024-04-09 | The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. |
CVE-2024-2183 | Medium | 6.4 | — | 2024-04-09 | The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. |
CVE-2024-2181 | Medium | 6.4 | — | 2024-04-09 | The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. |
Dell · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22450 | High | 7.4 | — | 2024-04-10 | Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. |
CVE-2024-0159 | Medium | 6.7 | — | 2024-04-10 | Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. |
CVE-2024-0157 | Medium | 5.9 | — | 2024-04-12 | Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. |
CVE-2024-22448 | Medium | 4.7 | — | 2024-04-10 | Dell BIOS contains an Out-of-Bounds Write vulnerability. |
Gitlab · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3092 | High | 8.7 | — | 2024-04-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. |
CVE-2024-2279 | High | 8.7 | — | 2024-04-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. |
CVE-2023-6678 | Medium | 4.3 | — | 2024-04-12 | An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. |
CVE-2023-6489 | Medium | 4.3 | — | 2024-04-12 | A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service d… |
Gnu · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27632 | High | 8.8 | — | 2024-04-08 | An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function. |
CVE-2024-29399 | High | 7.6 | — | 2024-04-11 | An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. |
CVE-2024-27630 | High | 7.5 | — | 2024-04-08 | Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function. |
CVE-2024-27631 | Medium | 6.0 | — | 2024-04-08 | Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php |
Jfree · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22949 | Critical | 9.1 | — | 2024-04-08 | JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. |
CVE-2023-52070 | High | 8.4 | — | 2024-04-10 | JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. |
CVE-2024-23077 | High | 7.5 | — | 2024-04-10 | JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the component /chart/plot/CompassPlot.java. |
CVE-2024-23076 | High | 7.5 | — | 2024-04-10 | JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. |
Lg · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6320 | Critical | 9.1 | — | 2024-04-09 | A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. |
CVE-2023-6319 | Critical | 9.1 | — | 2024-04-09 | A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. |
CVE-2023-6318 | Critical | 9.1 | — | 2024-04-09 | A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. |
CVE-2023-6317 | High | 7.2 | — | 2024-04-09 | A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. |
Lollms · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1520 | Critical | 9.8 | — | 2024-04-10 | An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. |
CVE-2024-1511 | Critical | 9.8 | — | 2024-04-10 | The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. |
CVE-2024-1600 | Critical | 9.3 | — | 2024-04-10 | A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. |
CVE-2024-1602 | Medium | 6.1 | — | 2024-04-10 | parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). |
Lunary · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1741 | Critical | 9.1 | — | 2024-04-10 | lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. |
CVE-2024-1740 | Critical | 9.1 | — | 2024-04-10 | In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user removed from an organization can still read, create, modify, and delete logs by re-using an old authorization token. |
CVE-2024-1902 | High | 7.5 | — | 2024-04-10 | lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. |
CVE-2024-1625 | Medium | 6.5 | — | 2024-04-10 | An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. |
Metagauss · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1991 | High | 8.8 | — | 2024-04-09 | The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions… |
CVE-2024-1990 | High | 8.8 | — | 2024-04-09 | The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5… |
CVE-2024-31362 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. |
CVE-2024-25935 | Medium | 4.3 | — | 2024-04-11 | Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. |
Netentsec · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3458 | Medium | 6.3 | — | 2024-04-08 | A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. |
CVE-2024-3457 | Medium | 6.3 | — | 2024-04-08 | A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. |
CVE-2024-3456 | Medium | 6.3 | — | 2024-04-08 | A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. |
CVE-2024-3455 | Medium | 6.3 | — | 2024-04-08 | A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. |
Open-xchange Gmbh · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23192 | Medium | 6.1 | — | 2024-04-08 | RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised accounts. |
CVE-2024-23191 | Medium | 5.4 | — | 2024-04-08 | Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. |
CVE-2024-23190 | Medium | 5.4 | — | 2024-04-08 | Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. |
CVE-2024-23189 | Medium | 5.4 | — | 2024-04-08 | Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. |
Opengnsys · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3704 | Critical | 9.8 | — | 2024-04-12 | SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). |
CVE-2024-3705 | High | 8.8 | — | 2024-04-12 | Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). |
CVE-2024-3706 | Medium | 5.9 | — | 2024-04-12 | Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). |
CVE-2024-3707 | Medium | 5.3 | — | 2024-04-12 | Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). |
Red Hat · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3446 | High | 8.2 | — | 2024-04-09 | A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. |
CVE-2023-6236 | High | 7.3 | — | 2024-04-10 | A flaw was found in Red Hat Enterprise Application Platform 8. |
CVE-2024-1233 | High | 7.3 | — | 2024-04-09 | A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. |
CVE-2024-1481 | Medium | 5.3 | — | 2024-04-10 | A flaw was found in FreeIPA. |
Theme-fusion · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2344 | High | 7.2 | — | 2024-04-09 | The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exist… |
CVE-2024-2343 | Medium | 6.4 | — | 2024-04-09 | The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action function. |
CVE-2024-2311 | Medium | 6.4 | — | 2024-04-09 | The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes. |
CVE-2024-2340 | Medium | 5.3 | — | 2024-04-09 | The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. |
Themeisle · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3344 | Medium | 6.4 | — | 2024-04-11 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.6.8 due to insufficient input saniti… |
CVE-2024-3343 | Medium | 6.4 | — | 2024-04-11 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 2.6.8 due to insufficien… |
CVE-2024-2226 | Medium | 6.4 | — | 2024-04-09 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to… |
CVE-2024-31301 | Medium | 5.4 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. |
Unknown · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1956 | Medium | 6.1 | — | 2024-04-08 | The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting |
CVE-2024-1958 | Medium | 4.8 | — | 2024-04-08 | The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or una… |
CVE-2024-1292 | Medium | 4.7 | — | 2024-04-08 | The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin |
CVE-2023-6385 | Medium | 4.3 | — | 2024-04-10 | The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs. |
Wpdeveloper · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3244 | Medium | 6.4 | — | 2024-04-09 | The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_cale… |
CVE-2024-2650 | Medium | 6.4 | — | 2024-04-09 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget in all ver… |
CVE-2024-2623 | Medium | 6.4 | — | 2024-04-09 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's message parameter in all versions up to, and i… |
CVE-2024-2974 | Medium | 5.3 | — | 2024-04-09 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the load_more function. |
Bdthemes · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31357 | Medium | 6.5 | — | 2024-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1… |
CVE-2024-2966 | Medium | 5.3 | — | 2024-04-11 | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the element_p… |
CVE-2024-24883 | Medium | 4.3 | — | 2024-04-11 | Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.11.10. |
Brainstormforce · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2347 | Medium | 6.4 | — | 2024-04-09 | The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. |
CVE-2024-2305 | Medium | 6.4 | — | 2024-04-09 | The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user suppl… |
CVE-2023-6486 | Medium | 6.4 | — | 2024-04-09 | The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. |
Devitemsllc · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1974 | High | 8.8 | — | 2024-04-09 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. |
CVE-2024-2946 | Medium | 6.4 | — | 2024-04-09 | The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to… |
CVE-2024-1960 | Medium | 6.4 | — | 2024-04-09 | The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all ver… |
Honeywell · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5392 | High | 7.5 | — | 2024-04-11 | C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. |
CVE-2023-5394 | High | 7.4 | — | 2024-04-11 | Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the produc… |
CVE-2023-5393 | High | 7.4 | — | 2024-04-11 | Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. |
Iosix · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28878 | Critical | 9.6 | — | 2024-04-12 | IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code. |
CVE-2024-31069 | High | 7.4 | — | 2024-04-12 | IO-1020 Micro ELD web server uses a default password for authentication. |
CVE-2024-30210 | High | 7.4 | — | 2024-04-12 | IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device. |
Kadencewp · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6964 | High | 8.5 | — | 2024-04-09 | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. |
CVE-2024-1999 | Medium | 6.4 | — | 2024-04-09 | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget's anchor style parameter in all versions up to, and including, 3.2.25 due to insuff… |
CVE-2024-0598 | Medium | 4.4 | — | 2024-04-09 | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input san… |
Leantime · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27474 | High | 8.8 | — | 2024-04-10 | Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). |
CVE-2024-27477 | Medium | 6.1 | — | 2024-04-10 | In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). |
CVE-2024-27476 | Medium | 4.7 | — | 2024-04-10 | Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket. |
Mautic · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2731 | Medium | 5.4 | — | 2024-04-10 | Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaig… |
CVE-2024-2730 | Medium | 5.3 | — | 2024-04-10 | Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. |
CVE-2024-3448 | Medium | 5.0 | — | 2024-04-10 | Users with low privileges can perform certain AJAX actions. |
Mikkotommila · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23086 | Critical | 9.8 | — | 2024-04-08 | Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double. |
CVE-2024-23084 | High | 7.5 | — | 2024-04-08 | Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). |
CVE-2024-23085 | High | 7.5 | — | 2024-04-08 | Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]). |
Ninjaforms · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25572 | High | 8.8 | — | 2024-04-11 | Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. |
CVE-2024-29220 | Medium | 6.1 | — | 2024-04-11 | Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. |
CVE-2024-26019 | Medium | 5.4 | — | 2024-04-11 | Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. |
Pencidesign · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31367 | High | 7.1 | — | 2024-04-09 | Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. |
CVE-2024-31368 | Medium | 6.5 | — | 2024-04-09 | Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. |
CVE-2024-31369 | Medium | 5.4 | — | 2024-04-09 | Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. |
Planet · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2740 | High | 7.7 | — | 2024-04-11 | Information exposure vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. |
CVE-2024-2741 | High | 7.1 | — | 2024-04-11 | Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. |
CVE-2024-2742 | Medium | 6.4 | — | 2024-04-11 | Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. |
Podsfoundation · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6999 | High | 8.8 | — | 2024-04-09 | The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). |
CVE-2023-6967 | High | 8.8 | — | 2024-04-09 | The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2) due to insufficient escaping on… |
CVE-2023-6965 | Medium | 4.3 | — | 2024-04-09 | The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). |
Tribulant · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31355 | High | 8.5 | — | 2024-04-10 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. |
CVE-2024-31353 | Medium | 5.3 | — | 2024-04-10 | Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. |
CVE-2024-31354 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. |
Zoom · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24694 | Medium | 5.9 | — | 2024-04-09 | Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access. |
CVE-2024-27247 | Medium | 5.5 | — | 2024-04-09 | Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. |
CVE-2024-27242 | Medium | 4.1 | — | 2024-04-09 | Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access. |
Aimhubio · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2195 | Critical | 9.8 | — | 2024-04-10 | A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. |
CVE-2024-2196 | High | 8.8 | — | 2024-04-10 | aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. |
Beaver Builder · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6695 | Medium | 6.5 | — | 2024-04-09 | The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. |
CVE-2023-6694 | Medium | 6.4 | — | 2024-04-09 | The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custo… |
Bestwebsoft · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2200 | Medium | 6.1 | — | 2024-04-09 | The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_subject’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output… |
CVE-2024-2198 | Medium | 6.1 | — | 2024-04-09 | The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_address’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output… |
Bitdefender · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2224 | High | 8.1 | — | 2024-04-09 | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. |
CVE-2024-2223 | High | 8.1 | — | 2024-04-09 | An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. |
Bracketspace · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31926 | Medium | 5.9 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BracketSpace Advanced Cron Manager – debug & control allows Stored XSS.This issue affects Advanced Cron Manager – debug & control: from n… |
CVE-2024-31935 | Medium | 4.3 | — | 2024-04-11 | Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6. |
Comesio · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3214 | Medium | 5.8 | — | 2024-04-09 | The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. |
CVE-2024-3213 | Medium | 5.3 | — | 2024-04-09 | The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. |
Crocoblock · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2507 | Medium | 6.4 | — | 2024-04-09 | The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user suppli… |
CVE-2024-2138 | Medium | 6.4 | — | 2024-04-09 | The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. |
Croixhaug · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2342 | High | 8.8 | — | 2024-04-09 | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customer_id parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on… |
CVE-2024-2341 | High | 8.8 | — | 2024-04-09 | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the use… |
Dedecms · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3685 | Medium | 6.3 | — | 2024-04-12 | A vulnerability, which was classified as critical, was found in DedeCMS 5.7.112-UTF8. |
CVE-2024-3686 | Medium | 4.3 | — | 2024-04-12 | A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. |
Devolutions · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3545 | Medium | 4.3 | — | 2024-04-09 | Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations containe… |
CVE-2024-2918 | Low | 3.6 | — | 2024-04-09 | Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a… |
Elementor · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2117 | Medium | 6.4 | — | 2024-04-09 | The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping o… |
CVE-2024-31289 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0. |
Elextensions · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31364 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. |
CVE-2024-32105 | Medium | 4.3 | — | 2024-04-11 | Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. |
Eprosima · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30916 | High | 7.1 | — | 2024-04-11 | An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter in DurabilityService QoS component. |
CVE-2024-30917 | Medium | 5.5 | — | 2024-04-11 | An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component. |
Givewp · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1424 | Medium | 6.4 | — | 2024-04-09 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.5.1 due to insufficient input sanitization and ou… |
CVE-2022-40211 | Medium | 5.9 | — | 2024-04-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1. |
Hcl Software · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23584 | Medium | 6.6 | — | 2024-04-08 | The NMAP Importer service may expose data store credentials to authorized users of the Windows Registry. |
CVE-2023-50347 | Low | 3.7 | — | 2024-04-10 | HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. |
Ideabox · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2492 | Medium | 6.4 | — | 2024-04-09 | The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. |
CVE-2024-2289 | Medium | 6.4 | — | 2024-04-09 | The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link in multiple elements in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escapin… |
Incsub · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1794 | High | 7.2 | — | 2024-04-09 | The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. |
CVE-2024-3053 | Medium | 6.4 | — | 2024-04-09 | The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficie… |
Inteset · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-29500 | Critical | 9.8 | — | 2024-04-10 | An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. |
CVE-2024-29502 | Medium | 6.5 | — | 2024-04-10 | An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths. |
Irontec · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3120 | Critical | 9.0 | — | 2024-04-10 | A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. |
CVE-2024-3119 | Critical | 9.0 | — | 2024-04-10 | A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. |
Joomunited · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25907 | Medium | 5.4 | — | 2024-04-11 | Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. |
CVE-2024-25908 | Medium | 4.3 | — | 2024-04-11 | Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. |
Kibokolabs · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0873 | Medium | 6.4 | — | 2024-04-09 | The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user su… |
CVE-2024-0872 | Medium | 4.3 | — | 2024-04-09 | The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. |
Link Whisper · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27992 | High | 7.1 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Whisper Link Whisper Free allows Reflected XSS.This issue affects Link Whisper Free: from n/a through 0.6.8. |
CVE-2024-31934 | Medium | 4.3 | — | 2024-04-11 | Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.9. |
Mbis · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2738 | Medium | 6.1 | — | 2024-04-09 | The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and… |
CVE-2024-2543 | Medium | 4.3 | — | 2024-04-09 | The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. |
Nozomi Networks · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0218 | High | 7.5 | — | 2024-04-10 | A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted ma… |
CVE-2023-6916 | High | 7.2 | — | 2024-04-10 | Audit records for OpenAPI requests may include sensitive information. |
Octolize · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31944 | Medium | 4.3 | — | 2024-04-10 | Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/a through 2.2.4. |
CVE-2024-31943 | Medium | 4.3 | — | 2024-04-10 | Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2. |
Phpgurukul · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3691 | High | 7.3 | — | 2024-04-12 | A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. |
CVE-2024-3690 | Medium | 6.3 | — | 2024-04-12 | A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. |
Pickplugins · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0881 | Medium | 5.4 | — | 2024-04-11 | The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthen… |
CVE-2024-1641 | Medium | 5.4 | — | 2024-04-09 | The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all versions up to, and including, 2.2.96. |
Pressified · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1588 | Medium | 6.8 | — | 2024-04-08 | The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_ht… |
CVE-2024-1589 | Medium | 6.1 | — | 2024-04-08 | The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_ht… |
Princeahmed · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1042 | Medium | 6.4 | — | 2024-04-10 | The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and includin… |
CVE-2024-1041 | Medium | 6.4 | — | 2024-04-10 | The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input saniti… |
Psi-4ward · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31454 | Medium | 6.5 | — | 2024-04-09 | PsiTransfer is an open source, self-hosted file sharing solution. |
CVE-2024-31453 | Medium | 6.5 | — | 2024-04-09 | PsiTransfer is an open source, self-hosted file sharing solution. |
Radiustheme · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1315 | High | 8.8 | — | 2024-04-09 | The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. |
CVE-2024-1352 | Medium | 6.5 | — | 2024-04-09 | The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() fun… |
Redisbloom · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25115 | High | 7.0 | — | 2024-04-09 | RedisBloom adds a set of probabilistic data structures to Redis. |
CVE-2024-25116 | Medium | 5.5 | — | 2024-04-09 | RedisBloom adds a set of probabilistic data structures to Redis. |
Saleswonder Team: Tobias · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31358 | High | 7.5 | — | 2024-04-10 | Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.2.67. |
CVE-2024-31375 | Medium | 5.4 | — | 2024-04-08 | Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.This issue affects WP2LEADS: from n/a through <= 3.2.7. |
Sap · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25646 | High | 7.7 | — | 2024-04-09 | Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. |
CVE-2024-27898 | Medium | 5.3 | — | 2024-04-09 | SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from… |
Sigstore · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-29903 | Medium | 4.2 | — | 2024-04-10 | Cosign provides code signing and transparency for containers and binaries. |
CVE-2024-29902 | Medium | 4.2 | — | 2024-04-10 | Cosign provides code signing and transparency for containers and binaries. |
Stylemix · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3136 | Critical | 9.8 | — | 2024-04-09 | The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. |
CVE-2024-1904 | Medium | 4.3 | — | 2024-04-09 | The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. |
Supsystic · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31271 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16. |
CVE-2024-31269 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11. |
Themify · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31366 | High | 7.1 | — | 2024-04-09 | Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8. |
CVE-2024-31365 | High | 7.1 | — | 2024-04-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a before 2.1.1. |
Thimpress · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1289 | Medium | 6.5 | — | 2024-04-09 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information… |
CVE-2024-1463 | Medium | 4.4 | — | 2024-04-09 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization… |
Traccar · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31214 | Critical | 9.6 | — | 2024-04-10 | Traccar is an open source GPS tracking system. |
CVE-2024-24809 | High | 8.5 | — | 2024-04-10 | Traccar is an open source GPS tracking system. |
Webtoffee · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31235 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5. |
CVE-2024-31254 | Low | 3.7 | — | 2024-04-10 | Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7. |
Welotec · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-1083 | Critical | 9.8 | — | 2024-04-09 | An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. |
CVE-2023-1082 | High | 8.8 | — | 2024-04-09 | An remote attacker with low privileges can perform a command injection which can lead to root access. |
Xibosignage · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-29022 | High | 8.8 | — | 2024-04-12 | Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. |
CVE-2024-29023 | High | 7.2 | — | 2024-04-12 | Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. |
10web · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2112 | Medium | 5.9 | — | 2024-04-09 | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. |
Abrhil · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-43216 | Critical | 9.1 | — | 2024-04-08 | AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a SQL injection vulnerability in the login page. |
Aerin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31263 | Medium | 5.4 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4. |
Alex Tselegidis · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32295 | Medium | 6.3 | — | 2024-04-11 | Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3. |
Amcsgroup · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22734 | Medium | 6.2 | — | 2024-04-12 | An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg co… |
Ametys · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30614 | Medium | 5.3 | — | 2024-04-12 | An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope. |
Aminur Islam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31927 | Medium | 5.9 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aminur Islam WP Login and Logout Redirect allows Stored XSS.This issue affects WP Login and Logout Redirect: from n/a through 1.2. |
Appcheap · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31282 | Medium | 4.7 | — | 2024-04-10 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7. |
Apppresser · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31268 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. |
Aresit · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1934 | High | 7.5 | — | 2024-04-09 | The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all versions up to, and including, 6.11.10. |
Arnan De Gans · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31372 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1. |
Athemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3208 | Medium | 6.4 | — | 2024-04-09 | The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user s… |
Authzed · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32001 | Low | 2.2 | — | 2024-04-10 | SpiceDB is a graph database purpose-built for storing and evaluating access control data. |
Automatic1111 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31462 | Medium | 6.3 | — | 2024-04-12 | stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. |
Automattic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52211 | Medium | 5.3 | — | 2024-04-12 | Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0. |
Awesomemotive · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2302 | Medium | 5.3 | — | 2024-04-09 | The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. |
Ayecode · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2423 | Medium | 6.4 | — | 2024-04-09 | The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and includi… |
Ayecode Ltd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31936 | Medium | 5.4 | — | 2024-04-11 | Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6. |
Bandisoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22526 | Medium | 5.5 | — | 2024-04-12 | Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file. |
Bdwm · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1664 | Medium | 6.1 | — | 2024-04-09 | The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html… |
Berriai · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2952 | Critical | 9.8 | — | 2024-04-10 | BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. |
Bfintal · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2039 | Medium | 6.4 | — | 2024-04-09 | The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11 due to insufficient input sanitization and outpu… |
Bihell · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3687 | Low | 3.5 | — | 2024-04-12 | A vulnerability was found in bihell Dice 3.1.0 and classified as problematic. |
Binary-husky · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31224 | Critical | 9.8 | — | 2024-04-08 | GPT Academic provides interactive interfaces for large language models. |
Blazethemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1587 | Medium | 5.3 | — | 2024-04-09 | The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. |
Bogdanfix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27970 | Medium | 5.4 | — | 2024-04-11 | Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0. |
Bootstrapped · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1571 | Medium | 4.4 | — | 2024-04-09 | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. |
Bosch · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32228 | Medium | 4.6 | — | 2024-04-11 | A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user. |
Bricksforge · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31242 | Medium | 5.3 | — | 2024-04-10 | Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17. |
Bunny.net · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31361 | Medium | 5.9 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.Net allows Stored XSS.This issue affects bunny.Net: from n/a through 2.0.1. |
Butlerblog · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1852 | High | 7.2 | — | 2024-04-09 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. |
Byzoro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3521 | Medium | 4.7 | — | 2024-04-09 | A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. |
Caseproof · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1412 | Medium | 6.1 | — | 2024-04-09 | The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping. |
Catch Plugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31279 | Medium | 5.4 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Generate Child Theme.This issue affects Generate Child Theme: from n/a through 2.0. |
Celomitan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2348 | Medium | 6.4 | — | 2024-04-09 | The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. |
Circontrol · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-8006 | High | 8.8 | — | 2024-04-12 | The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. |
Clamxav · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24245 | High | 7.8 | — | 2024-04-09 | An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component. |
Clavaque · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0899 | Medium | 5.3 | — | 2024-04-09 | The s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the… |
Code-atlantic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2336 | Medium | 6.4 | — | 2024-04-09 | The Popup Maker – Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.18.2 due to insufficient input sanitization and o… |
Codecabin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6777 | Medium | 5.3 | — | 2024-04-09 | The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. |
Coded Commerce, Llc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31360 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through 4.1. |
Codeisawesome · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31370 | High | 8.5 | — | 2024-04-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeIsAwesome AIKit aikit-wordpress-ai-writing-assistant-using-gpt3.This issue affects AIKit: from n/a through <= 4.14.1. |
Codepeople · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31302 | Medium | 5.3 | — | 2024-04-10 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44. |
Colorlib · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0662 | Medium | 4.4 | — | 2024-04-09 | The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. |
Convertkit · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31245 | Medium | 5.3 | — | 2024-04-10 | Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5. |
Conveythis · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6811 | High | 7.2 | — | 2024-04-11 | The Language Translate Widget for WordPress – ConveyThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key’ parameter in all versions up to, and including, 223 due to insufficient input sanitization and out… |
Corezoid · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27592 | Medium | 4.3 | — | 2024-04-11 | Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL. |
Cp Plus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3434 | Medium | 5.4 | — | 2024-04-08 | A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. |
Creativeminds · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-4965 | Medium | 6.1 | — | 2024-04-09 | The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘target_id’ parameter in all versions up to, and including, 1.5.4 due to insufficient input sani… |
Creativethemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31932 | Medium | 5.4 | — | 2024-04-11 | Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28. |
Cssigniterteam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2335 | Medium | 6.4 | — | 2024-04-09 | The Elements Plus! |
Csutils · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2243 | High | 7.6 | — | 2024-04-10 | A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers. |
Customily · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1774 | High | 7.2 | — | 2024-04-09 | The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input sanitization and output escaping. |
Data443 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6257 | Medium | 4.3 | — | 2024-04-11 | The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve t… |
Dataease · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30269 | Medium | 5.3 | — | 2024-04-08 | DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. |
Datafeedrcom · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1308 | High | 7.5 | — | 2024-04-09 | The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalink_settings_save' function in all versions up to, and including, 1.0.33. |
Dattateccom · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2125 | High | 8.8 | — | 2024-04-09 | The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. |
Davidlingren · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2871 | Medium | 6.4 | — | 2024-04-09 | The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient pre… |
Dcooney · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1790 | Medium | 4.9 | — | 2024-04-09 | The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the 'type' parameter. |
Debian · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-26816 | Medium | 5.5 | — | 2024-04-10 | In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the "startup… |
Derbynet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31818 | Critical | 9.8 | — | 2024-04-12 | Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component. |
Devowl · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2027 | Medium | 6.4 | — | 2024-04-09 | The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its style attributes in all versions up to, and including, 4.22.7 due to insufficient input sanitization and… |
Dfactory · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31264 | Medium | 4.3 | — | 2024-04-12 | Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counter <= 1.4.4 versions. |
Digitalbazaar · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31995 | Medium | 4.3 | — | 2024-04-10 | `@digitalbazaar/zcap` provides JavaScript reference implementation for Authorization Capabilities. |
Diracgrid · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-29905 | High | 8.1 | — | 2024-04-09 | DIRAC is an interware, meaning a software framework for distributed computing. |
Discuz · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30884 | High | 7.1 | — | 2024-04-11 | Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! |
Dlink · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27683 | Critical | 9.8 | — | 2024-04-11 | D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. |
Dnspython · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-29483 | High | 7.0 | — | 2024-04-11 | eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. |
Dronecode · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-29460 | Medium | 6.6 | — | 2024-04-10 | An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component. |
Dsgvo-for-wp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27967 | Medium | 4.3 | — | 2024-04-11 | Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3. |
Easy Digital Downloads · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31293 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6. |
Eclipse · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3046 | High | 7.5 | — | 2024-04-09 | In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. |
Ecwid · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2456 | Medium | 6.4 | — | 2024-04-09 | The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on u… |
Elbanyaoui · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0626 | Medium | 5.3 | — | 2024-04-09 | The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. |
Envato · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2334 | Medium | 6.4 | — | 2024-04-09 | The Template Kit – Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. |
Esphome · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-29019 | High | 8.1 | — | 2024-04-11 | ESPHome is a system to control microcontrollers remotely through Home Automation systems. |
Expresstech · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27966 | Medium | 5.9 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2. |
Facuet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28732 | High | 7.5 | — | 2024-04-08 | An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). |
Faktor Vier · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31925 | Medium | 5.9 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FAKTOR VIER F4 Improvements allows Stored XSS.This issue affects F4 Improvements: from n/a through 1.8.0. |
Fastify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31999 | High | 7.4 | — | 2024-04-10 | @festify/secure-session creates a secure stateless cookie session for Fastify. |
Fetch Designs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31303 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through <= 2.2.11.1. |
Filemanagerpro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2654 | Medium | 6.8 | — | 2024-04-09 | The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. |
Flipped-aurora · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31457 | High | 7.7 | — | 2024-04-09 | gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. |
Fooplugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2081 | Medium | 6.4 | — | 2024-04-09 | The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitiz… |
Fredericgilles · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31247 | Medium | 5.3 | — | 2024-04-10 | Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3. |
Freebsd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-29937 | Critical | 9.8 | — | 2024-04-11 | NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption. |
Funnelkit · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51672 | High | 7.5 | — | 2024-04-11 | Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. |
Furuno Systems Co.,ltd. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28744 | High | 8.8 | — | 2024-04-08 | The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. |
Gaizhenbiao · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2217 | High | 7.5 | — | 2024-04-10 | gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. |
Gamerz · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2011-10006 | Low | 3.5 | — | 2024-04-08 | A vulnerability was found in GamerZ WP-PostRatings up to 1.64. |
Gamipress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2783 | Medium | 6.4 | — | 2024-04-09 | The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6… |
Getbowtied · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2801 | Medium | 6.4 | — | 2024-04-12 | The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_slide' shortcode in all versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user… |
Gowebsmarty · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7046 | High | 7.5 | — | 2024-04-09 | The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key file… |
Gradio-app · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1728 | High | 7.5 | — | 2024-04-10 | gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. |
Hadsky · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30885 | Medium | 6.1 | — | 2024-04-11 | Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component . |
Hidekazu Ishikawa · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31386 | Medium | 4.3 | — | 2024-04-10 | Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconn… |
Hp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3281 | High | 8.8 | — | 2024-04-09 | A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. |
Huggingface · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3568 | Critical | 9.6 | — | 2024-04-10 | The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. |
I Thirteen Web Solution · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27989 | Medium | 6.5 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs allows Stored XSS.This issue affects WP Responsive Tabs… |
Iain Poulson · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31929 | Medium | 5.9 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iain Poulson Intagrate Lite instagrate-to-wordpress.This issue affects Intagrate Lite: from n/a through <= 1.3.7. |
Imagely · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3097 | Medium | 5.3 | — | 2024-04-09 | The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. |
Infotheme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31240 | High | 7.7 | — | 2024-04-10 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1. |
Inpsyde · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7164 | High | 7.5 | — | 2024-04-08 | The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database. |
Iptanus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2847 | Medium | 6.4 | — | 2024-04-09 | The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user suppl… |
J_3rk · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2033 | Medium | 4.3 | — | 2024-04-09 | The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the get_assign_host_id AJAX action. |
Jackdewey · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2325 | Medium | 6.1 | — | 2024-04-09 | The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and output escaping. |
Jcodex · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31262 | Medium | 5.4 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8. |
Jetmonsters · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1948 | Medium | 6.4 | — | 2024-04-09 | The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. |
Joel Hardi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31298 | Medium | 5.3 | — | 2024-04-10 | Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0. |
Jokr · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2804 | Critical | 9.8 | — | 2024-04-09 | The Network Summary plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter in all versions up to, and including, 2.0.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio… |
Jordy Meow · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51409 | Critical | 10.0 | — | 2024-04-12 | Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98. |
Jtermaat · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1637 | Medium | 4.3 | — | 2024-04-09 | The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. |
Jtsternberg · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1792 | High | 7.5 | — | 2024-04-09 | The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the text_datetime_timestamp_timezone field. |
Julien Berthelot / Mpembed.com · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32109 | Medium | 4.3 | — | 2024-04-11 | Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode allows Cross Site Request Forgery.This issue affects WP Matterport Shortcode: from n/a through 2.1.9. |
Juniper Networks, Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30407 | High | 8.1 | — | 2024-04-12 | The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks whic… |
Junkcoder, Ristoniinemets · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-47604 | Medium | 4.3 | — | 2024-04-11 | Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13. |
Kekotron · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1850 | Medium | 6.3 | — | 2024-04-09 | The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. |
Kurudrive · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2093 | Medium | 6.5 | — | 2024-04-09 | The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. |
Leadinfo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32112 | Medium | 4.3 | — | 2024-04-11 | Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. |
Levelfourstorefront · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3211 | High | 8.8 | — | 2024-04-12 | The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user suppli… |
Libreswan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3652 | Medium | 6.5 | — | 2024-04-11 | The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. |
Lifterlms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31363 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issue affects LifterLMS: from n/a through 7.5.0. |
Linksys · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25852 | High | 8.8 | — | 2024-04-11 | Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. |
Linkwhspr · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2693 | High | 8.8 | — | 2024-04-09 | The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta value. |
Lizardbyte · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31221 | Medium | 5.9 | — | 2024-04-08 | Sunshine is a self-hosted game stream host for Moonlight. |
Lunary-ai · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1643 | Critical | 9.1 | — | 2024-04-10 | By knowing an organization's ID, an attacker can join the organization without permission and gain the ability to read and modify all data within that organization. |
Makeplane · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31461 | Critical | 9.1 | — | 2024-04-10 | Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. |
Mark Stockton · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24850 | Medium | 5.3 | — | 2024-04-11 | Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. |
Matrix-org · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32000 | Medium | 4.3 | — | 2024-04-12 | matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. |
Max Foundry · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31287 | Medium | 6.5 | — | 2024-04-10 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.8. |
Melapress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2018 | High | 8.8 | — | 2024-04-09 | The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient p… |
Mervb1 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1893 | High | 8.8 | — | 2024-04-09 | The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘property_status’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter… |
Metaslider · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3285 | Medium | 6.4 | — | 2024-04-11 | The Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'metaslider' shortcode in all versions up to, and including, 3.70.0 due to… |
Mitel · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28066 | High | 8.8 | — | 2024-04-08 | In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). |
Mojolicious · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2021-47208 | Medium | 4.3 | — | 2024-04-08 | The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service. |
Mudler · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2029 | Critical | 9.8 | — | 2024-04-10 | A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription. |
Namithjawahar · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2014-125111 | Low | 3.5 | — | 2024-04-08 | A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and classified as problematic. |
Nerdpressteam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2501 | High | 7.5 | — | 2024-04-09 | The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the 'dpsp_maybe_unserialize' functio… |
Netdata · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32019 | High | 8.8 | — | 2024-04-12 | Netdata is an open source observability tool. |
Nick Pelton · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32080 | Medium | 5.9 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Pelton Search Keyword Redirect allows Stored XSS.This issue affects Search Keyword Redirect: from n/a through 1.0. |
Ninjateam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2513 | Medium | 6.4 | — | 2024-04-09 | The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageAlt' block attribute in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied at… |
Nodejs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27983 | High | 8.2 | — | 2024-04-09 | An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. |
Nosilver4u · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31924 | Medium | 4.3 | — | 2024-04-10 | Cross-Site Request Forgery (CSRF) vulnerability in nosilver4u EWWW Image Optimizer ewww-image-optimizer.This issue affects EWWW Image Optimizer: from n/a through <= 7.2.3. |
Nudgify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31239 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3. |
Nuknightlab · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2287 | Medium | 6.4 | — | 2024-04-09 | The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.3.3 due to insufficient input sanitization and output escaping on user suppli… |
Oceanwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3167 | Medium | 6.4 | — | 2024-04-09 | The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_username’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. |
Open-telemetry · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32028 | Medium | 4.1 | — | 2024-04-12 | OpenTelemetry dotnet is a dotnet telemetry framework. |
Openssl · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2511 | Medium | 5.9 | — | 2024-04-08 | Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that wou… |
Opentext · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2834 | High | 8.7 | — | 2024-04-08 | A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. |
Pagelayer · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2504 | Medium | 6.4 | — | 2024-04-09 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attr' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and o… |
Pdfcrowd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31930 | Medium | 5.9 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.1 . |
Peach Payments · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25922 | Medium | 5.4 | — | 2024-04-11 | Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9. |
Peepso · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31251 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1. |
Persian-vc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1752 | Medium | 6.1 | — | 2024-04-08 | The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i… |
Ping Identity · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-40148 | Medium | 6.5 | — | 2024-04-10 | Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests. |
Pluginsware · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2222 | Medium | 4.3 | — | 2024-04-09 | The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. |
Pluginus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31430 | Medium | 4.3 | — | 2024-04-10 | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects W… |
Popup Likebox Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31387 | Medium | 5.9 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through 3.7.2. |
Presstigers · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1813 | Critical | 9.8 | — | 2024-04-09 | The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the job_board_applicant_list_columns_value function. |
Prestoplayer · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2428 | Medium | 4.7 | — | 2024-04-10 | The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. |
Properfraction · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3210 | Medium | 6.4 | — | 2024-04-10 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in… |
Propertyhive · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27985 | Medium | 5.4 | — | 2024-04-11 | Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9. |
Qdrant · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2221 | Critical | 9.8 | — | 2024-04-10 | qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. |
Qemu · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3567 | Medium | 5.5 | — | 2024-04-10 | A flaw was found in QEMU. |
Qodeinteractive · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0826 | Medium | 6.4 | — | 2024-04-09 | The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied… |
Rainbowgeek · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2165 | Medium | 6.4 | — | 2024-04-09 | The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. |
Rankmath · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2536 | Medium | 6.4 | — | 2024-04-09 | The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo block attributes in all versions up to, and including, 1.0.214 due to insufficient input sanitization and output escaping o… |
Redon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31442 | High | 8.8 | — | 2024-04-08 | Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. |
Repute Infosystems · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31272 | Medium | 6.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. |
Reservation Diary · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31299 | High | 7.1 | — | 2024-04-10 | Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Cross-Site Scripting (XSS).This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. |
Revolution Slider · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2306 | Medium | 6.4 | — | 2024-04-09 | The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. |
Rtcamp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31305 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.This issue affects Transcoder: from n/a through 1.3.5. |
Run-llama · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3098 | Critical | 9.8 | — | 2024-04-10 | A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. |
Saleor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31205 | Medium | 4.2 | — | 2024-04-08 | Saleor is an e-commerce platform. |
Saumya Majumder · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31250 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3. |
Searchiq · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31259 | High | 7.5 | — | 2024-04-10 | Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5. |
Setriosoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1780 | Medium | 6.1 | — | 2024-04-10 | The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.1.0.25 due to insufficient input sanitization and output escaping. |
Shamsbd71 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2137 | Medium | 6.4 | — | 2024-04-12 | The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. |
Shapedplugin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3020 | High | 7.2 | — | 2024-04-10 | The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. |
Shopware · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31447 | Medium | 5.3 | — | 2024-04-08 | Shopware 6 is an open commerce platform based on Symfony Framework and Vue. |
Shortpixel · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31230 | Medium | 5.3 | — | 2024-04-10 | Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.2. |
Silverks · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1984 | Medium | 5.3 | — | 2024-04-09 | The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. |
Skymoonlabs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25912 | Critical | 9.8 | — | 2024-04-11 | Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. |
Smartwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2436 | Medium | 6.4 | — | 2024-04-09 | The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user suppl… |
Soflyy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31939 | Medium | 4.3 | — | 2024-04-10 | Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3. |
Solwin Infotech · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31356 | High | 7.6 | — | 2024-04-10 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log.This issue affects User Activity Log: from n/a through 1.8. |
Sonaar · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31343 | High | 7.5 | — | 2024-04-10 | Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1. |
Stacklok · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31455 | Medium | 4.3 | — | 2024-04-09 | Minder by Stacklok is an open source software supply chain security platform. |
Staxwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3064 | Medium | 6.4 | — | 2024-04-09 | The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Heading' widgets in all versions up to, and including, 1.4.4.1 due to insufficient input sanitization… |
Stellarwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2261 | Medium | 4.3 | — | 2024-04-09 | The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. |
Stephanie Leary · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32108 | Medium | 4.3 | — | 2024-04-11 | Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Convert Post Types.This issue affects Convert Post Types: from n/a through 1.4. |
Strangerstudios · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0588 | Medium | 4.3 | — | 2024-04-09 | The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. |
Subnet Solutions · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3313 | High | 8.4 | — | 2024-04-09 | SUBNET Solutions Inc. |
Sumome · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31265 | Low | 3.7 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34. |
Supportcandy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27991 | Medium | 6.5 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3. |
Tausworks · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2327 | Medium | 6.4 | — | 2024-04-09 | The Global Elementor Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link URL in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied… |
The Moneytizer · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27990 | Medium | 6.5 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Moneytizer allows Stored XSS.This issue affects The Moneytizer: from n/a through 9.5.20. |
The Tcpdump Group · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2397 | Medium | 6.2 | — | 2024-04-12 | Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. |
Themepunch · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3235 | Medium | 5.3 | — | 2024-04-10 | The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. |
Tooltip · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31285 | High | 7.1 | — | 2024-04-11 | Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3. |
Totalpressorg · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6993 | Medium | 6.4 | — | 2024-04-09 | The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitizatio… |
Traefik · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28869 | High | 7.5 | — | 2024-04-12 | Traefik is an HTTP reverse proxy and load balancer. |
Unattributed · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31931 | Medium | 5.9 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Save as Image plugin by Pdfcrowd allows Stored XSS.This issue affects Save as Image plugin by Pdfcrowd: from n/a through 3.2.1 . |
Undsgn · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51515 | High | 8.8 | — | 2024-04-12 | Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8. |
Varun Kumar · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32083 | Medium | 5.9 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Varun Kumar Easy Logo allows Stored XSS.This issue affects Easy Logo: from n/a through 1.9.3. |
Visitor Analytics · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31937 | Medium | 5.9 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visitor Analytics TWIPLA (Visitor Analytics IO) allows Stored XSS.This issue affects TWIPLA (Visitor Analytics IO): from n/a through 1.2… |
Wangshen · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3444 | Medium | 4.7 | — | 2024-04-08 | A vulnerability was found in Wangshen SecGate 3600 up to 20240408. |
Webfactory · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6799 | Medium | 5.9 | — | 2024-04-09 | The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. |
Webtechstreet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2792 | Medium | 6.4 | — | 2024-04-09 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. |
Wedevs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0952 | High | 7.2 | — | 2024-04-09 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insuff… |
Wen Themes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27988 | Medium | 6.5 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS.This issue affects WEN Responsive Columns: from n/a through 1.3.2. |
Wintercms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32003 | High | 8.8 | — | 2024-04-12 | wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk browser testing into Winter CMS. |
Woocommerce · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51499 | Medium | 4.3 | — | 2024-04-12 | Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4. |
Wow-company · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2457 | Medium | 6.4 | — | 2024-04-09 | The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output esca… |
Wp Compress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32106 | Medium | 4.3 | — | 2024-04-11 | Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One].This issue affects WP Compress – Image Optimizer [All-In-One]: from n/a through 6.10.35. |
Wp Darko · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31928 | Medium | 5.9 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Darko Top Bar allows Stored XSS.This issue affects Top Bar: from n/a through 3.0.5. |
Wp Enhanced · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27969 | Medium | 6.5 | — | 2024-04-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Enhanced Free Downloads WooCommerce allows Stored XSS.This issue affects Free Downloads WooCommerce: from n/a through 3.5.8.2. |
Wp Swings · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-27607 | Medium | 5.4 | — | 2024-04-11 | Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. |
Wp-oauth · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31253 | Medium | 4.7 | — | 2024-04-10 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3. |
Wpchill · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2026 | Medium | 6.4 | — | 2024-04-09 | The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user su… |
Wpcloudgallery · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31342 | Medium | 6.5 | — | 2024-04-10 | Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3. |
Wpdevteam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2845 | Medium | 6.4 | — | 2024-04-09 | The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up… |
Wpeverest · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1812 | High | 7.2 | — | 2024-04-09 | The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. |
Wpexperts · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31297 | High | 7.5 | — | 2024-04-10 | Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. |
Wpkube · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31249 | Medium | 5.3 | — | 2024-04-10 | Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725. |
Wpvivid · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3054 | High | 7.2 | — | 2024-04-12 | WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. |
Xiamen Four-faith · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3688 | Medium | 6.3 | — | 2024-04-12 | A vulnerability was found in Xiamen Four-Faith RMP Router Management Platform 5.2.2. |
Xlplugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32107 | Medium | 4.3 | — | 2024-04-11 | Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. |
Xylus Themes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31371 | Medium | 4.3 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6. |
Yith · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-44633 | Medium | 6.5 | — | 2024-04-11 | Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1. |
Yt-dlp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22423 | High | 8.3 | — | 2024-04-09 | yt-dlp is a youtube-dl fork with additional features and fixes. |
Zauberzeug · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32005 | High | 8.2 | — | 2024-04-12 | NiceGUI is an easy-to-use, Python-based UI framework. |
Zaytech · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31238 | Medium | 5.4 | — | 2024-04-12 | Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5. |
Zhejiang Land Zongheng Network Technology · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3689 | Low | 3.7 | — | 2024-04-12 | A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. |