Patch Tuesday — April 2024

2024-04-09 · 965 CVEs

CVEs published or modified the week of 2024-04-09, partitioned by vendor.

Microsoft (166 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24576Critical10.02024-04-09Rust is a programming language.
CVE-2024-3566Critical9.82024-04-10A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
CVE-2024-29990Critical9.02024-04-09Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-26362High8.82024-04-10HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note.
CVE-2024-29993High8.82024-04-09Azure CycleCloud Elevation of Privilege Vulnerability
CVE-2024-29988High8.8KEV2024-04-09SmartScreen Prompt Security Feature Bypass Vulnerability
CVE-2024-29985High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29984High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29983High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29982High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29053High8.82024-04-09Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2024-29048High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29047High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29046High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29044High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29043High8.82024-04-09Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28945High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28944High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28943High8.82024-04-09Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28942High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28941High8.82024-04-09Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28940High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28939High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28938High8.82024-04-09Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28937High8.82024-04-09Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28936High8.82024-04-09Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28935High8.82024-04-09Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28934High8.82024-04-09Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28933High8.82024-04-09Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28932High8.82024-04-09Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28931High8.82024-04-09Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28930High8.82024-04-09Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28929High8.82024-04-09Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28927High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28926High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28915High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28914High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28913High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28912High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28911High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28910High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28909High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28908High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28906High8.82024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-26244High8.82024-04-09Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26214High8.82024-04-09Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26210High8.82024-04-09Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26205High8.82024-04-09Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-26200High8.82024-04-09Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-26179High8.82024-04-09Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-21323High8.82024-04-09Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2024-20678High8.82024-04-09Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2024-2975High8.82024-04-09A race condition was identified through which privilege escalation was possible in certain configurations.
CVE-2024-29989High8.42024-04-09Azure Monitor Agent Elevation of Privilege Vulnerability
CVE-2024-29050High8.42024-04-09Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2024-0082High8.22024-04-08NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application.
CVE-2024-20670High8.12024-04-09Outlook for Windows Spoofing Vulnerability
CVE-2024-28925High8.02024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26240High8.02024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26189High8.02024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26180High8.02024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-30273High7.82024-04-11Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30272High7.82024-04-11Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30271High7.82024-04-11Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-20797High7.82024-04-11Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
CVE-2024-20795High7.82024-04-11Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-20772High7.82024-04-10Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-29061High7.82024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-29052High7.82024-04-09Windows Storage Elevation of Privilege Vulnerability
CVE-2024-28920High7.82024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28907High7.82024-04-09Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-28905High7.82024-04-09Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-28904High7.82024-04-09Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-26257High7.82024-04-09Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-26256High7.82024-04-09Libarchive Remote Code Execution Vulnerability
CVE-2024-26245High7.82024-04-09Windows SMB Elevation of Privilege Vulnerability
CVE-2024-26241High7.82024-04-09Win32k Elevation of Privilege Vulnerability
CVE-2024-26239High7.82024-04-09Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-26237High7.82024-04-09Windows Defender Credential Guard Elevation of Privilege Vulnerability
CVE-2024-26235High7.82024-04-09Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-26230High7.82024-04-09Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-26229High7.82024-04-09Windows CSC Service Elevation of Privilege Vulnerability
CVE-2024-26228High7.82024-04-09Windows Cryptographic Services Security Feature Bypass Vulnerability
CVE-2024-26218High7.82024-04-09Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26211High7.82024-04-09Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2024-26175High7.82024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26158High7.82024-04-09Microsoft Install Service Elevation of Privilege Vulnerability
CVE-2024-21447High7.82024-04-09Windows Authentication Elevation of Privilege Vulnerability
CVE-2024-20693High7.82024-04-09Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-29045High7.52024-04-09Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28896High7.52024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26254High7.52024-04-09Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability
CVE-2024-26248High7.52024-04-09Windows Kerberos Elevation of Privilege Vulnerability
CVE-2024-26219High7.52024-04-09HTTP.sys Denial of Service Vulnerability
CVE-2024-26215High7.52024-04-09DHCP Server Service Denial of Service Vulnerability
CVE-2024-26212High7.52024-04-09DHCP Server Service Denial of Service Vulnerability
CVE-2024-26194High7.42024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-29063High7.32024-04-09Azure AI Search Information Disclosure Vulnerability
CVE-2024-26232High7.32024-04-09Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2024-26216High7.32024-04-09Windows File Server Resource Management Service Elevation of Privilege Vulnerability
CVE-2024-21409High7.32024-04-09.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2024-29066High7.22024-04-09Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVE-2024-29055High7.22024-04-09Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-29054High7.22024-04-09Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-26233High7.22024-04-09Windows DNS Server Remote Code Execution Vulnerability
CVE-2024-26231High7.22024-04-09Windows DNS Server Remote Code Execution Vulnerability
CVE-2024-26227High7.22024-04-09Windows DNS Server Remote Code Execution Vulnerability
CVE-2024-26224High7.22024-04-09Windows DNS Server Remote Code Execution Vulnerability
CVE-2024-26223High7.22024-04-09Windows DNS Server Remote Code Execution Vulnerability
CVE-2024-26222High7.22024-04-09Windows DNS Server Remote Code Execution Vulnerability
CVE-2024-26221High7.22024-04-09Windows DNS Server Remote Code Execution Vulnerability
CVE-2024-26208High7.22024-04-09Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2024-26202High7.22024-04-09DHCP Server Service Remote Code Execution Vulnerability
CVE-2024-26195High7.22024-04-09DHCP Server Service Remote Code Execution Vulnerability
CVE-2024-21324High7.22024-04-09Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-21322High7.22024-04-09Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2024-29062High7.12024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-20689High7.12024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-20688High7.12024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26243High7.02024-04-09Windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2024-26242High7.02024-04-09Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-26236High7.02024-04-09Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-26213High7.02024-04-09Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-28897Medium6.82024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26253Medium6.82024-04-09Windows rndismp6.sys Remote Code Execution Vulnerability
CVE-2024-26252Medium6.82024-04-09Windows rndismp6.sys Remote Code Execution Vulnerability
CVE-2024-26251Medium6.82024-04-09Microsoft SharePoint Server Spoofing Vulnerability
CVE-2024-26168Medium6.82024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28924Medium6.72024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28921Medium6.72024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28919Medium6.72024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28903Medium6.72024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26250Medium6.72024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26234Medium6.72024-04-09Proxy Driver Spoofing Vulnerability
CVE-2024-26171Medium6.72024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-20669Medium6.72024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26226Medium6.52024-04-09Windows Distributed File System (DFS) Information Disclosure Vulnerability
CVE-2024-26183Medium6.52024-04-09Windows Kerberos Denial of Service Vulnerability
CVE-2024-21424Medium6.52024-04-09Azure Compute Gallery Elevation of Privilege Vulnerability
CVE-2024-0083Medium6.52024-04-08NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers.
CVE-2024-28923Medium6.42024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26193Medium6.42024-04-09Azure Migrate Remote Code Execution Vulnerability
CVE-2024-28898Medium6.32024-04-09Secure Boot Security Feature Bypass Vulnerability
CVE-2024-29064Medium6.22024-04-09Windows Hyper-V Denial of Service Vulnerability
CVE-2024-28917Medium6.22024-04-09Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability
CVE-2024-20665Medium6.12024-04-09BitLocker Security Feature Bypass Vulnerability
CVE-2024-20685Medium5.92024-04-09Azure Private 5G Core Denial of Service Vulnerability
CVE-2024-20796Medium5.52024-04-11Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20794Medium5.52024-04-11Animate versions 23.0.4, 24.0.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service.
CVE-2024-20798Medium5.52024-04-11Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20771Medium5.52024-04-11Bridge versions 13.0.6, 14.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20770Medium5.52024-04-10Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20766Medium5.52024-04-10InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20737Medium5.52024-04-10After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-29992Medium5.52024-04-09Azure Identity Library for .NET Information Disclosure Vulnerability
CVE-2024-28902Medium5.52024-04-09Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-28901Medium5.52024-04-09Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-28900Medium5.52024-04-09Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-26255Medium5.52024-04-09Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-26217Medium5.52024-04-09Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-26209Medium5.52024-04-09Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVE-2024-26207Medium5.52024-04-09Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-26172Medium5.52024-04-09Windows DWM Core Library Information Disclosure Vulnerability
CVE-2024-26220Medium5.02024-04-09Windows Mobile Hotspot Information Disclosure Vulnerability
CVE-2024-29056Medium4.32024-04-09Windows Authentication Elevation of Privilege Vulnerability
CVE-2024-28922Medium4.12024-04-09Secure Boot Security Feature Bypass Vulnerability

Other vendors (799 CVEs across 336 vendors)

N/a · 59 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28718Critical9.82024-04-12An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py.
CVE-2024-31678Critical9.82024-04-11Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file.
CVE-2024-21508Critical9.82024-04-11Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.
CVE-2024-31819Critical9.82024-04-10An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.
CVE-2024-31807Critical9.82024-04-08TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function.
CVE-2024-31022Critical9.82024-04-08An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component.
CVE-2024-27488Critical9.82024-04-08Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information.
CVE-2024-23080Critical9.12024-04-10Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale).
CVE-2024-23078Critical9.12024-04-08JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double).
CVE-2024-31815Critical9.12024-04-08In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh
CVE-2024-29269High8.82024-04-10An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.
CVE-2024-24279High8.82024-04-08An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower functions.
CVE-2024-31814High8.82024-04-08TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function.
CVE-2024-31809High8.82024-04-08TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function.
CVE-2024-31808High8.82024-04-08TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.
CVE-2024-31507High8.62024-04-09Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "request" parameter in admin/fetch_gendercs.php.
CVE-2024-31813High8.42024-04-08TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default.
CVE-2024-28270High8.12024-04-08An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword.
CVE-2024-31811High8.02024-04-08TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function.
CVE-2024-25545High7.82024-04-12An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component.
CVE-2024-25376High7.82024-04-11An issue discovered in Thesycon Software Solutions Gmbh & Co.
CVE-2024-26574High7.82024-04-08Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe
CVE-2024-29504High7.62024-04-10Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter.
CVE-2024-29400High7.52024-04-12An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter.
CVE-2024-28458High7.52024-04-11Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c.
CVE-2023-51142High7.52024-04-11An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information.
CVE-2024-31506High7.52024-04-09Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "id" parameter in admin/admin_cs.php.
CVE-2024-31817High7.52024-04-08In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg.
CVE-2024-31816High7.52024-04-08In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg.
CVE-2020-36829High7.52024-04-08The Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allow an attacker to guess the length of a secret string.
CVE-2024-28224Medium6.62024-04-08Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resourc…
CVE-2023-48865Medium6.52024-04-11An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL.
CVE-2023-51141Medium6.52024-04-11An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component
CVE-2024-21509Medium6.52024-04-10Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.
CVE-2024-21507Medium6.52024-04-10Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning.
CVE-2024-31812Medium6.52024-04-08In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig.
CVE-2024-31806Medium6.52024-04-08TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization.
CVE-2024-31805Medium6.52024-04-08TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function.
CVE-2024-29461Medium6.32024-04-12An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component.
CVE-2024-23079Medium6.22024-04-08JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double).
CVE-2024-30845Medium6.12024-04-12Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters.
CVE-2024-30879Medium6.12024-04-11Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the imag…
CVE-2024-30878Medium6.12024-04-11A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter.
CVE-2024-23735Medium6.12024-04-10Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certifica…
CVE-2024-28402Medium5.92024-04-11TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page.
CVE-2024-28345Medium5.52024-04-10An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL.
CVE-2024-30880Medium5.42024-04-11Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the i…
CVE-2024-27665Medium5.42024-04-09Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module.
CVE-2024-31544Medium5.42024-04-09A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrower_name”, “faculty_department” par…
CVE-2024-29296Medium5.32024-04-10A user enumeration vulnerability was found in Portainer CE 2.19.4.
CVE-2024-23083Medium5.32024-04-10Time4J Base v5.9.3 was discovered to contain a NullPointerException via the component net.time4j.format.internal.FormatUtils::useDefaultWeekmodel(Locale).
CVE-2024-23734Medium5.22024-04-10Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted li…
CVE-2024-31839Medium4.82024-04-12Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.
CVE-2024-30883Medium4.72024-04-11Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in th…
CVE-2024-30915Medium4.32024-04-11An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de6b8d6c823a66, allows a local attacker to cause a denial of service and obtain sensitive information via the max_samples parameter within the DataReaderQoS component.
CVE-2024-31047Low3.32024-04-08An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.
CVE-2024-23081Low3.32024-04-08ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate).
CVE-2024-28344Low3.12024-04-10An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1.
CVE-2024-230822024-04-08ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition).

Linux · 39 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2021-47204High7.82024-04-10In the Linux kernel, the following vulnerability has been resolved: net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove Access to netdev after free_netdev() will cause use-after-free bug.
CVE-2021-47200High7.82024-04-10In the Linux kernel, the following vulnerability has been resolved: drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap drm_gem_ttm_mmap() drops a reference to the gem object on success.
CVE-2021-47198High7.82024-04-10In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfc_unr…
CVE-2021-47196High7.82024-04-10In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Set send and receive CQ before forwarding to the driver Preset both receive and send CQ pointers prior to call to the drivers and overwrite it later again til…
CVE-2021-47194High7.82024-04-10In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SE…
CVE-2021-47219High7.12024-04-10In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() The following issue was observed running syzkaller: BUG: KASAN: slab-out-of-bounds in memcpy include/lin…
CVE-2021-47191High7.12024-04-10In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() The following warning was observed running syzkaller: [ 3813.830724] sg_write: data in/out 65466/242 bytes f…
CVE-2021-47189Medium6.32024-04-10In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory ordering between normal and ordered work functions Ordered work functions aren't guaranteed to be handled by the same thread which executed the normal…
CVE-2021-47218Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: selinux: fix NULL-pointer dereference when hashtab allocation fails When the hash table slot array allocation fails in hashtab_init(), h->size is left initialized with a…
CVE-2021-47217Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails Check for a valid hv_vp_index array prior to derefencing hv_vp_index when setting Hyper-V's TS…
CVE-2021-47216Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: scsi: advansys: Fix kernel pointer leak Pointers should be printed with %p or %px rather than cast to 'unsigned long' and printed with %lx.
CVE-2021-47215Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix crash in RX resync flow For the TLS RX resync flow, we maintain a list of TLS contexts that require some attention, to communicate their resync info…
CVE-2021-47214Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: hugetlb, userfaultfd: fix reservation restore on userfaultfd error Currently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we bail out using "goto out_releas…
CVE-2021-47212Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Update error handler for UCTX and UMEM In the fast unload flow, the device state is set to internal error, which indicates that the driver started the destroy…
CVE-2021-47211Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix null pointer dereference on pointer cs_desc The pointer cs_desc return from snd_usb_find_clock_source could be null, so there is a potential null po…
CVE-2021-47210Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: usb: typec: tipd: Remove WARN_ON in tps6598x_block_read Calling tps6598x_block_read with a higher than allowed len can be handled by just returning an error.
CVE-2021-47209Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: sched/fair: Prevent dead task groups from regaining cfs_rq's Kevin is reporting crashes which point to a use-after-free of a cfs_rq in update_blocked_averages().
CVE-2021-47207Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: ALSA: gus: fix null pointer dereference on pointer block The pointer block return from snd_gf1_dma_next_block could be null, so there is a potential null pointer derefer…
CVE-2021-47206Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the re…
CVE-2021-47205Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and their provi…
CVE-2021-47203Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter.
CVE-2021-47202Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() parses the thermal-zones node and registers a thermal_zone device for each subno…
CVE-2021-47201Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: iavf: free q_vectors before queues in iavf_disable_vf iavf_free_queues() clears adapter->num_active_queues, which iavf_free_q_vectors() relies on, so swap the order of t…
CVE-2021-47199Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT, Fix multiple allocations and memleak of mod acts CT clear action offload adds additional mod hdr actions to the flow's original mod actions in order to cl…
CVE-2021-47197Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() Prior to this patch in case mlx5_core_destroy_cq() failed it proceeds to rest of destroy operations.
CVE-2021-47195Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on SPI buses") introduced a per-controller mutex.
CVE-2021-47193Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix memory leak during rmmod Driver failed to release all memory allocated.
CVE-2021-47190Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perf_env__insert_btf() perf_env__insert_btf() doesn't insert if a duplicate BTF id is encountered and this causes a memory leak.
CVE-2021-47188Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecom…
CVE-2021-47187Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency The entry/exit latency and minimum residency in state for the idle states of MSM8998 were ..bad: f…
CVE-2021-47186Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: tipc: check for null after calling kmemdup kmemdup can return a null pointer so need to check for it, otherwise the null key will be dereferenced later in tipc_crypto_ke…
CVE-2021-47184Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL ptr dereference on VSI filter sync Remove the reason of null pointer dereference in sync VSI filters.
CVE-2021-47183Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outst…
CVE-2021-47182Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsi_mode_sense() buffer length handling Several problems exist with scsi_mode_sense() buffer length handling: 1) The allocation length field of the MO…
CVE-2021-47181Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: usb: musb: tusb6010: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the ret…
CVE-2024-26815Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check taprio_parse_tc_entry() is not correctly checking TCA_TAPRIO_TC_ENTRY_INDEX attribute: int tc; // Signed valu…
CVE-2024-26811Medium5.52024-04-08In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server.
CVE-2021-47192Medium5.32024-04-10In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offl…
CVE-2021-47185Medium4.42024-04-10In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look li…

Juniper · 29 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30381High8.42024-04-12An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sen…
CVE-2024-30398High7.52024-04-12An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS…
CVE-2024-30397High7.52024-04-12An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS).
CVE-2024-30392High7.52024-04-12A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).
CVE-2024-30382High7.52024-04-12An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing…
CVE-2024-30405High7.52024-04-12An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial o…
CVE-2024-30395High7.52024-04-12An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).
CVE-2024-30394High7.52024-04-12A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS).
CVE-2024-21598High7.52024-04-12An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (Do…
CVE-2024-30403Medium6.52024-04-12A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
CVE-2024-30388Medium6.52024-04-12An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
CVE-2024-30387Medium6.52024-04-12A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).
CVE-2024-21618Medium6.52024-04-12An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS).
CVE-2024-21609Medium6.52024-04-12A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully esta…
CVE-2024-21605Medium6.52024-04-12An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
CVE-2024-21593Medium6.52024-04-12An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
CVE-2024-30402Medium5.92024-04-12An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Servic…
CVE-2024-30401Medium5.92024-04-12An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack…
CVE-2024-30389Medium5.82024-04-12An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vuln…
CVE-2024-30410Medium5.82024-04-12An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback (lo0) interface.
CVE-2024-30384Medium5.52024-04-12An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Serv…
CVE-2024-30406Medium5.52024-04-12A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with hig…
CVE-2024-30390Medium5.32024-04-12An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited Denial of Service (DoS) to the management plane.
CVE-2024-30386Medium5.32024-04-12A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).
CVE-2024-30409Medium5.32024-04-12An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetr…
CVE-2024-21590Medium5.32024-04-12An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to…
CVE-2024-21615Medium5.02024-04-12An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system.
CVE-2024-30391Medium4.82024-04-12A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact…
CVE-2024-21610Medium4.32024-04-12An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS).

Huawei · 24 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52538Critical9.12024-04-08Vulnerability of package name verification being bypassed in the HwIms module.
CVE-2024-27897High7.52024-04-08Input verification vulnerability in the call module.
CVE-2024-27896High7.52024-04-08Input verification vulnerability in the log module.
CVE-2024-27895High7.52024-04-08Vulnerability of permission control in the window module.
CVE-2023-52386High7.52024-04-08Out-of-bounds write vulnerability in the RSMC module.
CVE-2023-52552High7.52024-04-08Input verification vulnerability in the power module.
CVE-2023-52550High7.52024-04-08Vulnerability of data verification errors in the kernel module.
CVE-2023-52549High7.52024-04-08Vulnerability of data verification errors in the kernel module.
CVE-2023-52546High7.52024-04-08Vulnerability of package name verification being bypassed in the Calendar app.
CVE-2023-52545High7.52024-04-08Vulnerability of undefined permissions in the Calendar app.
CVE-2023-52541High7.52024-04-08Authentication vulnerability in the API for app pre-loading.
CVE-2023-52540High7.52024-04-08Vulnerability of improper authentication in the Iaware module.
CVE-2023-52539High7.52024-04-08Permission verification vulnerability in the Settings module.
CVE-2023-52537High7.52024-04-08Vulnerability of package name verification being bypassed in the HwIms module.
CVE-2023-52388High7.52024-04-08Permission control vulnerability in the clock module.
CVE-2023-52359High7.52024-04-08Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module.
CVE-2023-52553High7.42024-04-08Race condition vulnerability in the Wi-Fi module.
CVE-2023-52554Medium6.52024-04-08Permission control vulnerability in the Bluetooth module.
CVE-2023-52542Medium6.52024-04-08Permission verification vulnerability in the system module.
CVE-2023-52364Medium6.32024-04-08Vulnerability of input parameters being not strictly verified in the RSMC module.
CVE-2023-52385Medium6.22024-04-08Out-of-bounds write vulnerability in the RSMC module.
CVE-2023-52543Medium6.22024-04-08Permission verification vulnerability in the system module.
CVE-2023-52551Medium5.32024-04-08Vulnerability of data verification errors in the kernel module.
CVE-2023-52544Medium4.32024-04-08Vulnerability of file path verification being bypassed in the email module.

Campcodes · 23 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3535High7.32024-04-10A vulnerability, which was classified as critical, was found in Campcodes Church Management System 1.0.
CVE-2024-3534High7.32024-04-10A vulnerability, which was classified as critical, has been found in Campcodes Church Management System 1.0.
CVE-2024-3698Medium6.32024-04-12A vulnerability was found in Campcodes House Rental Management System 1.0.
CVE-2024-3697Medium6.32024-04-12A vulnerability was found in Campcodes House Rental Management System 1.0.
CVE-2024-3696Medium6.32024-04-12A vulnerability was found in Campcodes House Rental Management System 1.0 and classified as critical.
CVE-2024-3540Medium6.32024-04-10A vulnerability was found in Campcodes Church Management System 1.0.
CVE-2024-3539Medium6.32024-04-10A vulnerability was found in Campcodes Church Management System 1.0.
CVE-2024-3538Medium6.32024-04-10A vulnerability was found in Campcodes Church Management System 1.0.
CVE-2024-3537Medium6.32024-04-10A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical.
CVE-2024-3536Medium6.32024-04-10A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical.
CVE-2024-3523Medium6.32024-04-09A vulnerability classified as critical was found in Campcodes Online Event Management System 1.0.
CVE-2024-3522Medium6.32024-04-09A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0.
CVE-2024-3542Low3.52024-04-10A vulnerability classified as problematic was found in Campcodes Church Management System 1.0.
CVE-2024-3541Low3.52024-04-10A vulnerability classified as problematic has been found in Campcodes Church Management System 1.0.
CVE-2024-3533Low3.52024-04-10A vulnerability classified as problematic was found in Campcodes Complete Online Student Management System 1.0.
CVE-2024-3532Low3.52024-04-10A vulnerability classified as problematic has been found in Campcodes Complete Online Student Management System 1.0.
CVE-2024-3531Low3.52024-04-10A vulnerability was found in Campcodes Complete Online Student Management System 1.0.
CVE-2024-3530Low3.52024-04-10A vulnerability was found in Campcodes Complete Online Student Management System 1.0.
CVE-2024-3529Low3.52024-04-10A vulnerability was found in Campcodes Complete Online Student Management System 1.0.
CVE-2024-3528Low3.52024-04-10A vulnerability was found in Campcodes Complete Online Student Management System 1.0 and classified as problematic.
CVE-2024-3526Low3.52024-04-10A vulnerability has been found in Campcodes Online Event Management System 1.0 and classified as problematic.
CVE-2024-3525Low3.52024-04-10A vulnerability, which was classified as problematic, was found in Campcodes Online Event Management System 1.0.
CVE-2024-3524Low3.52024-04-10A vulnerability, which was classified as problematic, has been found in Campcodes Online Event Management System 1.0.

Google · 17 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52351High7.82024-04-08In ril service, there is a possible out of bounds write due to a missing bounds check.
CVE-2023-52342High7.52024-04-08In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling.
CVE-2023-52341High7.52024-04-08In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check.
CVE-2023-52345Medium6.02024-04-08In modem driver, there is a possible system crash due to improper input validation.
CVE-2023-52534Medium5.92024-04-08In ngmm, there is a possible undefined behavior due to incorrect error handling.
CVE-2023-52352Medium5.52024-04-08In Network Adapter Service, there is a possible missing permission check.
CVE-2023-52347Medium5.52024-04-08In ril service, there is a possible out of bounds write due to a missing bounds check.
CVE-2023-52343Medium5.52024-04-08In SecurityCommand message after as security has been actived., there is a possible improper input validation.
CVE-2023-52533Medium5.32024-04-08In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling.
CVE-2023-52344Medium5.32024-04-08In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling.
CVE-2024-23658Medium4.42024-04-08In camera driver, there is a possible use after free due to a logic error.
CVE-2023-52536Medium4.42024-04-08In faceid service, there is a possible out of bounds read due to a missing bounds check.
CVE-2023-52535Medium4.42024-04-08In vsp driver, there is a possible missing verification incorrect input.
CVE-2023-52350Medium4.42024-04-08In ril service, there is a possible out of bounds write due to a missing bounds check.
CVE-2023-52349Medium4.42024-04-08In ril service, there is a possible out of bounds write due to a missing bounds check.
CVE-2023-52348Medium4.42024-04-08In ril service, there is a possible out of bounds write due to a missing bounds check.
CVE-2023-52346Medium4.42024-04-08In modem driver, there is a possible system crash due to improper input validation.

Adobe · 14 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-20758Critical9.02024-04-10Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem.
CVE-2024-20759High8.12024-04-10Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable…
CVE-2024-26122Medium5.42024-04-10Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-26098Medium5.42024-04-10Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-26097Medium5.42024-04-10Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-26087Medium5.42024-04-10Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-26084Medium5.42024-04-10Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-26079Medium5.42024-04-10Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-26076Medium5.42024-04-10Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-26047Medium5.42024-04-10Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-26046Medium5.42024-04-10Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-20780Medium5.42024-04-10Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-20779Medium5.42024-04-10Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-20778Medium5.42024-04-10Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

Ibm · 14 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31873High7.52024-04-10IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor.
CVE-2024-31872High7.52024-04-10IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation.
CVE-2024-31871High7.52024-04-10IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation.
CVE-2024-27261Medium6.42024-04-12IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed.
CVE-2024-22358Medium6.32024-04-12IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to…
CVE-2024-31874Medium6.22024-04-10IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service.
CVE-2024-22359Medium6.12024-04-12IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting.
CVE-2023-50949Medium5.92024-04-11IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation.
CVE-2024-22357Medium5.42024-04-12IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting.
CVE-2023-50307Medium5.42024-04-12IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting.
CVE-2023-47714Medium4.82024-04-12IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting.
CVE-2023-45186Medium4.82024-04-12IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting.
CVE-2024-22334Medium4.42024-04-12IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom s…
CVE-2024-22339Medium4.32024-04-12IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitiv…

Apache · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31866Critical9.82024-04-09Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
CVE-2024-31864Critical9.82024-04-09Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.
CVE-2024-31309High7.52024-04-10HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server.  Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected.
CVE-2024-27309High7.42024-04-12While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced.
CVE-2024-31391Medium6.52024-04-12Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator.
CVE-2024-31867Medium6.52024-04-09Improper Input Validation vulnerability in Apache Zeppelin.
CVE-2024-31865Medium6.52024-04-09Improper Input Validation vulnerability in Apache Zeppelin.
CVE-2024-31860Medium6.52024-04-09Improper Input Validation vulnerability in Apache Zeppelin.
CVE-2024-31868Medium6.12024-04-09Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
CVE-2021-28656Medium5.42024-04-09Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request.
CVE-2024-31863Medium5.32024-04-09Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.
CVE-2024-31862Medium5.32024-04-09Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.
CVE-2022-47894Medium5.32024-04-09Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0.

Fortinet · 12 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-45590Critical9.62024-04-09An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux…
CVE-2024-21756High8.82024-04-09A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to…
CVE-2024-21755High8.82024-04-09A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to…
CVE-2024-31492High8.22024-04-10An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configu…
CVE-2024-23671High8.12024-04-09A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unau…
CVE-2023-41677High7.52024-04-09A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2…
CVE-2023-48784Medium6.72024-04-09A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-ad…
CVE-2023-47542Medium6.72024-04-09A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specia…
CVE-2023-47541Medium6.72024-04-09An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, F…
CVE-2023-47540Medium6.72024-04-09An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all…
CVE-2024-31487Medium5.92024-04-09A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, Fo…
CVE-2024-23662Medium5.32024-04-09An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclo…
CVESeverityCVSSKEVPublishedSummary
CVE-2023-49134High8.12024-04-09A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build…
CVE-2023-49133High8.12024-04-09A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build…
CVE-2023-48724High7.52024-04-09A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926.
CVE-2023-49074High7.42024-04-09A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926.
CVE-2023-49913High7.22024-04-09A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926.
CVE-2023-49912High7.22024-04-09A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926.
CVE-2023-49911High7.22024-04-09A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926.
CVE-2023-49910High7.22024-04-09A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926.
CVE-2023-49909High7.22024-04-09A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926.
CVE-2023-49908High7.22024-04-09A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926.
CVE-2023-49907High7.22024-04-09A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926.
CVE-2023-49906High7.22024-04-09A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926.

Xwiki · 12 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31996Critical10.02024-04-10XWiki Platform is a generic wiki platform.
CVE-2024-31982Critical10.02024-04-10XWiki Platform is a generic wiki platform.
CVE-2024-31997Critical9.92024-04-10XWiki Platform is a generic wiki platform.
CVE-2024-31987Critical9.92024-04-10XWiki Platform is a generic wiki platform.
CVE-2024-31984Critical9.92024-04-10XWiki Platform is a generic wiki platform.
CVE-2024-31983Critical9.92024-04-10XWiki Platform is a generic wiki platform.
CVE-2024-31981Critical9.92024-04-10XWiki Platform is a generic wiki platform.
CVE-2024-31465Critical9.92024-04-10XWiki Platform is a generic wiki platform.
CVE-2024-31988Critical9.62024-04-10XWiki Platform is a generic wiki platform.
CVE-2024-31986Critical9.02024-04-10XWiki Platform is a generic wiki platform.
CVE-2024-31464Medium6.82024-04-10XWiki Platform is a generic wiki platform.
CVE-2024-31985Medium5.42024-04-10XWiki Platform is a generic wiki platform.

Oretnom23 · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3465Medium6.32024-04-08A vulnerability was found in SourceCodester Laundry Management System 1.0.
CVE-2024-3464Medium6.32024-04-08A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical.
CVE-2024-3445Medium6.32024-04-08A vulnerability was found in SourceCodester Laundry Management System 1.0.
CVE-2024-3466Medium5.52024-04-08A vulnerability was found in SourceCodester Laundry Management System 1.0.
CVE-2024-3695Low3.52024-04-12A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic.
CVE-2024-3616Low3.52024-04-11A vulnerability classified as problematic was found in SourceCodester Warehouse Management System 1.0.
CVE-2024-3614Low3.52024-04-11A vulnerability classified as problematic has been found in SourceCodester Warehouse Management System 1.0.
CVE-2024-3613Low3.52024-04-11A vulnerability was found in SourceCodester Warehouse Management System 1.0.
CVE-2024-3612Low3.52024-04-11A vulnerability was found in SourceCodester Warehouse Management System 1.0.
CVE-2024-3463Low3.52024-04-08A vulnerability has been found in SourceCodester Laundry Management System 1.0 and classified as problematic.

Fast5 · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3439High7.32024-04-08A vulnerability was found in SourceCodester Prison Management System 1.0.
CVE-2024-3438High7.32024-04-08A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as critical.
CVE-2024-3437High7.32024-04-08A vulnerability was found in SourceCodester Prison Management System 1.0.
CVE-2024-3442Medium6.32024-04-08A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0.
CVE-2024-3441Medium6.32024-04-08A vulnerability was found in SourceCodester Prison Management System 1.0.
CVE-2024-3436Medium6.32024-04-08A vulnerability was found in SourceCodester Prison Management System 1.0.
CVE-2024-3440Medium4.72024-04-08A vulnerability was found in SourceCodester Prison Management System 1.0.
CVE-2024-3443Low3.52024-04-08A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0.

Palo Alto Networks · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3400Critical10.0KEV2024-04-12A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated atta…
CVE-2024-3385High7.52024-04-10A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls.
CVE-2024-3384High7.52024-04-10A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers.
CVE-2024-3382High7.52024-04-10A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic.
CVE-2024-3383High7.42024-04-10A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups.
CVE-2024-3387Medium5.32024-04-10A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls…
CVE-2024-3386Medium5.32024-04-10An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended.
CVE-2024-3388Medium4.12024-04-10A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets.

Sap_se · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27899High8.82024-04-09Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer.
CVE-2024-27901High7.22024-04-09SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's.
CVE-2024-30218Medium6.52024-04-09The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
CVE-2024-28167Medium6.52024-04-09SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2024-30215Medium4.82024-04-09The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page.
CVE-2024-30214Medium4.82024-04-09The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response.
CVE-2024-30217Medium4.32024-04-09Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2024-30216Medium4.32024-04-09Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Siemens · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30191High8.42024-04-09A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6G…
CVE-2024-26275High7.82024-04-09A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (A…
CVE-2024-31978High7.62024-04-09A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2).
CVE-2023-50821Medium6.22024-04-09A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC W…
CVE-2024-30190Medium6.12024-04-09A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6G…
CVE-2024-30189Medium6.12024-04-09A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) (All versions), SCALANCE W722-1 RJ45 (6GK5…
CVE-2024-26277Low3.32024-04-09A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (A…
CVE-2024-26276Low3.32024-04-09A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (A…

Livemesh · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2655Medium6.42024-04-10The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on auth…
CVE-2024-2539Medium6.42024-04-10The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget '_id' attributes in all versions up to, and including, 8.3.6 due to insufficient input sanitization and output escaping on user s…
CVE-2024-1466Medium6.42024-04-09The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_style’ attribute of the Posts Multislider widget in all versions up to, and including, 8.3.4 due to insufficient input sanit…
CVE-2024-1465Medium6.42024-04-09The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘carousel_skin’ attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitiz…
CVE-2024-1464Medium6.42024-04-09The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and…
CVE-2024-1461Medium6.42024-04-09The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Team Members widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and…
CVE-2024-1458Medium6.42024-04-09The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text_alignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitiz…

Bold-themes · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2736Medium6.42024-04-10The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes.
CVE-2024-2735Medium6.42024-04-10The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Price List' element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied at…
CVE-2024-2734Medium6.42024-04-10The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attri…
CVE-2024-3267Medium6.42024-04-09The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on u…
CVE-2024-3266Medium6.42024-04-09The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplie…
CVE-2024-2733Medium5.42024-04-10The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Separator" element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user sup…

Cobham · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-44852High8.22024-04-12Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_traps_decode function in the acu_web file.
CVE-2023-44857High8.12024-04-12An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component.
CVE-2023-44855Medium6.52024-04-12Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web fi…
CVE-2023-44856Medium6.12024-04-12Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients' parameters of the sub_21D24 function in the acu_web…
CVE-2023-44854Medium6.12024-04-12Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web file.
CVE-2023-44853Medium4.82024-04-12\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file.

Leevio · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2789Medium6.42024-04-09The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on use…
CVE-2024-2788Medium6.42024-04-09The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user su…
CVE-2024-2787Medium6.42024-04-09The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user su…
CVE-2024-1498Medium6.42024-04-09The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on…
CVE-2024-2786Medium5.42024-04-09The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on the title_tag a…
CVE-2024-1387Medium4.32024-04-09The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4.

Contao · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28235High8.32024-04-09Contao is an open source content management system.
CVE-2024-30262Medium5.92024-04-09Contao is an open source content management system.
CVE-2024-28190Medium5.42024-04-09Contao is an open source content management system.
CVE-2024-28234Medium4.32024-04-09Contao is an open source content management system.
CVE-2024-28191Low3.12024-04-09Contao is an open source content management system.

Fedoraproject · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3157Critical9.62024-04-10Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures.
CVE-2023-2794High8.12024-04-10A flaw was found in ofono, an Open Source Telephony on Linux.
CVE-2023-49528High8.02024-04-12Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.
CVE-2024-3516Medium6.52024-04-10Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2024-3515Medium6.52024-04-10Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Formtools · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22718Critical9.62024-04-11Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL.
CVE-2024-22719High8.12024-04-11SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client.
CVE-2024-22722High7.22024-04-11Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application.
CVE-2024-22721Medium6.32024-04-11Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link.
CVE-2024-22717Medium6.12024-04-11Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application.

Leap13 · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2665Medium6.42024-04-10The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button in all versions up to, and including, 4.10.27 due to insufficient input sanitization and output escaping on user sup…
CVE-2024-2664Medium6.42024-04-10The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping o…
CVE-2024-0376Medium6.42024-04-09The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escapin…
CVE-2024-2666Medium5.42024-04-10The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and outpu…
CVE-2024-31278Medium4.32024-04-10Insertion of Sensitive Information Into Sent Data vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.This issue affects Premium Addons for Elementor: from n/a through <= 4.10.22.

Mayurik · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3621Medium4.72024-04-11A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0.
CVE-2024-3620Medium4.72024-04-11A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical.
CVE-2024-3619Medium4.72024-04-11A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical.
CVE-2024-3618Medium4.72024-04-11A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0.
CVE-2024-3617Medium4.72024-04-11A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0.

Mintplex-labs · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3025Critical9.92024-04-10mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality.
CVE-2024-3569High7.52024-04-10A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password.
CVE-2024-3283High7.22024-04-10A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue.
CVE-2024-3101High7.22024-04-10In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'.
CVE-2024-3570Medium5.42024-04-10A stored Cross-Site Scripting (XSS) vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session.

Wpzoom · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2187Medium6.42024-04-09The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonials widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping.
CVE-2024-2186Medium6.42024-04-09The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Members widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping.
CVE-2024-2185Medium6.42024-04-09The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping.
CVE-2024-2183Medium6.42024-04-09The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping.
CVE-2024-2181Medium6.42024-04-09The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping.

Dell · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22450High7.42024-04-10Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability.
CVE-2024-0159Medium6.72024-04-10Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system.
CVE-2024-0157Medium5.92024-04-12Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent.
CVE-2024-22448Medium4.72024-04-10Dell BIOS contains an Out-of-Bounds Write vulnerability.

Gitlab · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3092High8.72024-04-12An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2.
CVE-2024-2279High8.72024-04-12An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2.
CVE-2023-6678Medium4.32024-04-12An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2.
CVE-2023-6489Medium4.32024-04-12A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service d…

Gnu · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27632High8.82024-04-08An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
CVE-2024-29399High7.62024-04-11An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.
CVE-2024-27630High7.52024-04-08Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.
CVE-2024-27631Medium6.02024-04-08Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php

Jfree · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22949Critical9.12024-04-08JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation.
CVE-2023-52070High8.42024-04-10JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method.
CVE-2024-23077High7.52024-04-10JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the component /chart/plot/CompassPlot.java.
CVE-2024-23076High7.52024-04-10JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java.

Lg · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6320Critical9.12024-04-09A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6.
CVE-2023-6319Critical9.12024-04-09A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7.
CVE-2023-6318Critical9.12024-04-09A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7.
CVE-2023-6317High7.22024-04-09A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7.

Lollms · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1520Critical9.82024-04-10An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter.
CVE-2024-1511Critical9.82024-04-10The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths.
CVE-2024-1600Critical9.32024-04-10A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route.
CVE-2024-1602Medium6.12024-04-10parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE).

Lunary · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1741Critical9.12024-04-10lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token.
CVE-2024-1740Critical9.12024-04-10In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user removed from an organization can still read, create, modify, and delete logs by re-using an old authorization token.
CVE-2024-1902High7.52024-04-10lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization.
CVE-2024-1625Medium6.52024-04-10An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project.

Metagauss · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1991High8.82024-04-09The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions…
CVE-2024-1990High8.82024-04-09The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5…
CVE-2024-31362Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.
CVE-2024-25935Medium4.32024-04-11Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9.

Netentsec · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3458Medium6.32024-04-08A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3.
CVE-2024-3457Medium6.32024-04-08A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.
CVE-2024-3456Medium6.32024-04-08A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3.
CVE-2024-3455Medium6.32024-04-08A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3.

Open-xchange Gmbh · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23192Medium6.12024-04-08RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised accounts.
CVE-2024-23191Medium5.42024-04-08Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session.
CVE-2024-23190Medium5.42024-04-08Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session.
CVE-2024-23189Medium5.42024-04-08Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session.

Opengnsys · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3704Critical9.82024-04-12SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto).
CVE-2024-3705High8.82024-04-12Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto).
CVE-2024-3706Medium5.92024-04-12Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto).
CVE-2024-3707Medium5.32024-04-12Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto).

Red Hat · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3446High8.22024-04-09A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues.
CVE-2023-6236High7.32024-04-10A flaw was found in Red Hat Enterprise Application Platform 8.
CVE-2024-1233High7.32024-04-09A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request.
CVE-2024-1481Medium5.32024-04-10A flaw was found in FreeIPA.

Theme-fusion · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2344High7.22024-04-09The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exist…
CVE-2024-2343Medium6.42024-04-09The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action function.
CVE-2024-2311Medium6.42024-04-09The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes.
CVE-2024-2340Medium5.32024-04-09The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory.

Themeisle · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3344Medium6.42024-04-11The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.6.8 due to insufficient input saniti…
CVE-2024-3343Medium6.42024-04-11The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 2.6.8 due to insufficien…
CVE-2024-2226Medium6.42024-04-09The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to…
CVE-2024-31301Medium5.42024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0.

Unknown · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1956Medium6.12024-04-08The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting
CVE-2024-1958Medium4.82024-04-08The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or una…
CVE-2024-1292Medium4.72024-04-08The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-6385Medium4.32024-04-10The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs.

Wpdeveloper · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3244Medium6.42024-04-09The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_cale…
CVE-2024-2650Medium6.42024-04-09The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget in all ver…
CVE-2024-2623Medium6.42024-04-09The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's message parameter in all versions up to, and i…
CVE-2024-2974Medium5.32024-04-09The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the load_more function.

Bdthemes · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31357Medium6.52024-04-08Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1…
CVE-2024-2966Medium5.32024-04-11The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the element_p…
CVE-2024-24883Medium4.32024-04-11Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.11.10.

Brainstormforce · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2347Medium6.42024-04-09The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping.
CVE-2024-2305Medium6.42024-04-09The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user suppl…
CVE-2023-6486Medium6.42024-04-09The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping.

Devitemsllc · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1974High8.82024-04-09The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function.
CVE-2024-2946Medium6.42024-04-09The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to…
CVE-2024-1960Medium6.42024-04-09The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all ver…

Honeywell · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5392High7.52024-04-11C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product.
CVE-2023-5394High7.42024-04-11Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the produc…
CVE-2023-5393High7.42024-04-11Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution.

Iosix · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28878Critical9.62024-04-12IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code.
CVE-2024-31069High7.42024-04-12IO-1020 Micro ELD web server uses a default password for authentication.
CVE-2024-30210High7.42024-04-12IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.

Kadencewp · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6964High8.52024-04-09The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action.
CVE-2024-1999Medium6.42024-04-09The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget's anchor style parameter in all versions up to, and including, 3.2.25 due to insuff…
CVE-2024-0598Medium4.42024-04-09The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input san…

Leantime · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27474High8.82024-04-10Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF).
CVE-2024-27477Medium6.12024-04-10In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos).
CVE-2024-27476Medium4.72024-04-10Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket.

Mautic · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2731Medium5.42024-04-10Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaig…
CVE-2024-2730Medium5.32024-04-10Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data.
CVE-2024-3448Medium5.02024-04-10Users with low privileges can perform certain AJAX actions.

Mikkotommila · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23086Critical9.82024-04-08Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double.
CVE-2024-23084High7.52024-04-08Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]).
CVE-2024-23085High7.52024-04-08Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]).

Ninjaforms · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25572High8.82024-04-11Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31.
CVE-2024-29220Medium6.12024-04-11Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels.
CVE-2024-26019Medium5.42024-04-11Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing.

Pencidesign · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31367High7.12024-04-09Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
CVE-2024-31368Medium6.52024-04-09Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
CVE-2024-31369Medium5.42024-04-09Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.

Planet · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2740High7.72024-04-11Information exposure vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528.
CVE-2024-2741High7.12024-04-11Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528.
CVE-2024-2742Medium6.42024-04-11Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528.

Podsfoundation · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6999High8.82024-04-09The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2).
CVE-2023-6967High8.82024-04-09The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2) due to insufficient escaping on…
CVE-2023-6965Medium4.32024-04-09The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2).

Tribulant · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31355High8.52024-04-10Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.
CVE-2024-31353Medium5.32024-04-10Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.
CVE-2024-31354Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.

Zoom · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24694Medium5.92024-04-09Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2024-27247Medium5.52024-04-09Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access.
CVE-2024-27242Medium4.12024-04-09Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access.

Aimhubio · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2195Critical9.82024-04-10A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0.
CVE-2024-2196High8.82024-04-10aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent.

Beaver Builder · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6695Medium6.52024-04-09The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode.
CVE-2023-6694Medium6.42024-04-09The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custo…

Bestwebsoft · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2200Medium6.12024-04-09The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_subject’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output…
CVE-2024-2198Medium6.12024-04-09The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_address’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output…

Bitdefender · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2224High8.12024-04-09Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances.
CVE-2024-2223High8.12024-04-09An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay.

Bracketspace · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31926Medium5.92024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BracketSpace Advanced Cron Manager – debug & control allows Stored XSS.This issue affects Advanced Cron Manager – debug & control: from n…
CVE-2024-31935Medium4.32024-04-11Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6.

Comesio · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3214Medium5.82024-04-09The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1.
CVE-2024-3213Medium5.32024-04-09The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1.

Crocoblock · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2507Medium6.42024-04-09The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user suppli…
CVE-2024-2138Medium6.42024-04-09The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping.

Croixhaug · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2342High8.82024-04-09The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customer_id parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on…
CVE-2024-2341High8.82024-04-09The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the use…

Dedecms · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3685Medium6.32024-04-12A vulnerability, which was classified as critical, was found in DedeCMS 5.7.112-UTF8.
CVE-2024-3686Medium4.32024-04-12A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic.

Devolutions · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3545Medium4.32024-04-09Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations containe…
CVE-2024-2918Low3.62024-04-09Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a…

Elementor · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2117Medium6.42024-04-09The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping o…
CVE-2024-31289Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0.

Elextensions · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31364Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2.
CVE-2024-32105Medium4.32024-04-11Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2.

Eprosima · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30916High7.12024-04-11An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter in DurabilityService QoS component.
CVE-2024-30917Medium5.52024-04-11An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component.

Givewp · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1424Medium6.42024-04-09The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.5.1 due to insufficient input sanitization and ou…
CVE-2022-40211Medium5.92024-04-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1.

Hcl Software · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23584Medium6.62024-04-08The NMAP Importer service​ may expose data store credentials to authorized users of the Windows Registry.
CVE-2023-50347Low3.72024-04-10HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries.

Ideabox · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2492Medium6.42024-04-09The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping.
CVE-2024-2289Medium6.42024-04-09The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link in multiple elements in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escapin…

Incsub · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1794High7.22024-04-09The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g.
CVE-2024-3053Medium6.42024-04-09The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficie…

Inteset · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-29500Critical9.82024-04-10An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance.
CVE-2024-29502Medium6.52024-04-10An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths.

Irontec · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3120Critical9.02024-04-10A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1.
CVE-2024-3119Critical9.02024-04-10A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers.

Joomunited · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25907Medium5.42024-04-11Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.
CVE-2024-25908Medium4.32024-04-11Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.

Kibokolabs · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0873Medium6.42024-04-09The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user su…
CVE-2024-0872Medium4.32024-04-09The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode.
CVESeverityCVSSKEVPublishedSummary
CVE-2024-27992High7.12024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Whisper Link Whisper Free allows Reflected XSS.This issue affects Link Whisper Free: from n/a through 0.6.8.
CVE-2024-31934Medium4.32024-04-11Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.9.

Mbis · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2738Medium6.12024-04-09The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and…
CVE-2024-2543Medium4.32024-04-09The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1.

Nozomi Networks · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0218High7.52024-04-10A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted ma…
CVE-2023-6916High7.22024-04-10Audit records for OpenAPI requests may include sensitive information.

Octolize · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31944Medium4.32024-04-10Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/a through 2.2.4.
CVE-2024-31943Medium4.32024-04-10Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2.

Phpgurukul · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3691High7.32024-04-12A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0.
CVE-2024-3690Medium6.32024-04-12A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0.

Pickplugins · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0881Medium5.42024-04-11The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthen…
CVE-2024-1641Medium5.42024-04-09The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all versions up to, and including, 2.2.96.

Pressified · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1588Medium6.82024-04-08The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_ht…
CVE-2024-1589Medium6.12024-04-08The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_ht…

Princeahmed · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1042Medium6.42024-04-10The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and includin…
CVE-2024-1041Medium6.42024-04-10The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input saniti…

Psi-4ward · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31454Medium6.52024-04-09PsiTransfer is an open source, self-hosted file sharing solution.
CVE-2024-31453Medium6.52024-04-09PsiTransfer is an open source, self-hosted file sharing solution.

Radiustheme · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1315High8.82024-04-09The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4.
CVE-2024-1352Medium6.52024-04-09The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() fun…

Redisbloom · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25115High7.02024-04-09RedisBloom adds a set of probabilistic data structures to Redis.
CVE-2024-25116Medium5.52024-04-09RedisBloom adds a set of probabilistic data structures to Redis.

Saleswonder Team: Tobias · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31358High7.52024-04-10Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.2.67.
CVE-2024-31375Medium5.42024-04-08Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.This issue affects WP2LEADS: from n/a through <= 3.2.7.

Sap · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25646High7.72024-04-09Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document.
CVE-2024-27898Medium5.32024-04-09SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from…

Sigstore · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-29903Medium4.22024-04-10Cosign provides code signing and transparency for containers and binaries.
CVE-2024-29902Medium4.22024-04-10Cosign provides code signing and transparency for containers and binaries.

Stylemix · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3136Critical9.82024-04-09The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter.
CVE-2024-1904Medium4.32024-04-09The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13.

Supsystic · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31271Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16.
CVE-2024-31269Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11.

Themify · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31366High7.12024-04-09Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8.
CVE-2024-31365High7.12024-04-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a before 2.1.1.

Thimpress · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1289Medium6.52024-04-09The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information…
CVE-2024-1463Medium4.42024-04-09The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization…

Traccar · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31214Critical9.62024-04-10Traccar is an open source GPS tracking system.
CVE-2024-24809High8.52024-04-10Traccar is an open source GPS tracking system.

Webtoffee · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31235Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5.
CVE-2024-31254Low3.72024-04-10Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7.

Welotec · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-1083Critical9.82024-04-09An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.
CVE-2023-1082High8.82024-04-09An remote attacker with low privileges can perform a command injection which can lead to root access.

Xibosignage · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-29022High8.82024-04-12Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software.
CVE-2024-29023High7.22024-04-12Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software.

10web · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2112Medium5.92024-04-09The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality.

Abrhil · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-43216Critical9.12024-04-08AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a SQL injection vulnerability in the login page.

Aerin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31263Medium5.42024-04-12Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4.

Alex Tselegidis · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32295Medium6.32024-04-11Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3.

Amcsgroup · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22734Medium6.22024-04-12An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg co…

Ametys · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30614Medium5.32024-04-12An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope.

Aminur Islam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31927Medium5.92024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aminur Islam WP Login and Logout Redirect allows Stored XSS.This issue affects WP Login and Logout Redirect: from n/a through 1.2.

Appcheap · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31282Medium4.72024-04-10URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7.

Apppresser · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31268Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.

Aresit · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1934High7.52024-04-09The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all versions up to, and including, 6.11.10.

Arnan De Gans · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31372Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1.

Athemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3208Medium6.42024-04-09The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user s…

Authzed · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32001Low2.22024-04-10SpiceDB is a graph database purpose-built for storing and evaluating access control data.

Automatic1111 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31462Medium6.32024-04-12stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library.

Automattic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52211Medium5.32024-04-12Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0.

Awesomemotive · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2302Medium5.32024-04-09The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9.

Ayecode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2423Medium6.42024-04-09The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and includi…

Ayecode Ltd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31936Medium5.42024-04-11Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6.

Bandisoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22526Medium5.52024-04-12Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file.

Bdwm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1664Medium6.12024-04-09The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html…

Berriai · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2952Critical9.82024-04-10BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint.

Bfintal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2039Medium6.42024-04-09The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11 due to insufficient input sanitization and outpu…

Bihell · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3687Low3.52024-04-12A vulnerability was found in bihell Dice 3.1.0 and classified as problematic.

Binary-husky · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31224Critical9.82024-04-08GPT Academic provides interactive interfaces for large language models.

Blazethemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1587Medium5.32024-04-09The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'.

Bogdanfix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27970Medium5.42024-04-11Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0.

Bootstrapped · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1571Medium4.42024-04-09The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping.

Bosch · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32228Medium4.62024-04-11A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user.

Bricksforge · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31242Medium5.32024-04-10Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.

Bunny.net · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31361Medium5.92024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.Net allows Stored XSS.This issue affects bunny.Net: from n/a through 2.0.1.

Butlerblog · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1852High7.22024-04-09The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping.

Byzoro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3521Medium4.72024-04-09A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317.

Caseproof · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1412Medium6.12024-04-09The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping.

Catch Plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31279Medium5.42024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Generate Child Theme.This issue affects Generate Child Theme: from n/a through 2.0.

Celomitan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2348Medium6.42024-04-09The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping.

Circontrol · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2020-8006High8.82024-04-12The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root.

Clamxav · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24245High7.82024-04-09An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component.

Clavaque · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0899Medium5.32024-04-09The s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the…

Code-atlantic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2336Medium6.42024-04-09The Popup Maker – Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.18.2 due to insufficient input sanitization and o…

Codecabin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6777Medium5.32024-04-09The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files.

Coded Commerce, Llc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31360Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through 4.1.

Codeisawesome · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31370High8.52024-04-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeIsAwesome AIKit aikit-wordpress-ai-writing-assistant-using-gpt3.This issue affects AIKit: from n/a through <= 4.14.1.

Codepeople · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31302Medium5.32024-04-10Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44.

Colorlib · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0662Medium4.42024-04-09The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping.

Convertkit · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31245Medium5.32024-04-10Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5.

Conveythis · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6811High7.22024-04-11The Language Translate Widget for WordPress – ConveyThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key’ parameter in all versions up to, and including, 223 due to insufficient input sanitization and out…

Corezoid · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27592Medium4.32024-04-11Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL.

Cp Plus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3434Medium5.42024-04-08A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401.

Creativeminds · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-4965Medium6.12024-04-09The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘target_id’ parameter in all versions up to, and including, 1.5.4 due to insufficient input sani…

Creativethemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31932Medium5.42024-04-11Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28.

Cssigniterteam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2335Medium6.42024-04-09The Elements Plus!

Csutils · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2243High7.62024-04-10A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.

Customily · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1774High7.22024-04-09The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input sanitization and output escaping.

Data443 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6257Medium4.32024-04-11The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve t…

Dataease · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30269Medium5.32024-04-08DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0.

Datafeedrcom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1308High7.52024-04-09The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalink_settings_save' function in all versions up to, and including, 1.0.33.

Dattateccom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2125High8.82024-04-09The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.

Davidlingren · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2871Medium6.42024-04-09The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient pre…

Dcooney · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1790Medium4.92024-04-09The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the 'type' parameter.

Debian · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-26816Medium5.52024-04-10In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the "startup…

Derbynet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31818Critical9.82024-04-12Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component.

Devowl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2027Medium6.42024-04-09The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its style attributes in all versions up to, and including, 4.22.7 due to insufficient input sanitization and…

Dfactory · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31264Medium4.32024-04-12Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counter <= 1.4.4 versions.

Digitalbazaar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31995Medium4.32024-04-10`@digitalbazaar/zcap` provides JavaScript reference implementation for Authorization Capabilities.

Diracgrid · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-29905High8.12024-04-09DIRAC is an interware, meaning a software framework for distributed computing.

Discuz · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30884High7.12024-04-11Reflected Cross-Site Scripting (XSS) vulnerability in Discuz!
CVESeverityCVSSKEVPublishedSummary
CVE-2024-27683Critical9.82024-04-11D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main.

Dnspython · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-29483High7.02024-04-11eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack.

Dronecode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-29460Medium6.62024-04-10An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component.

Dsgvo-for-wp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27967Medium4.32024-04-11Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3.

Easy Digital Downloads · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31293Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6.

Eclipse · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3046High7.52024-04-09In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs.

Ecwid · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2456Medium6.42024-04-09The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on u…

Elbanyaoui · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0626Medium5.32024-04-09The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1.

Envato · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2334Medium6.42024-04-09The Template Kit – Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping.

Esphome · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-29019High8.12024-04-11ESPHome is a system to control microcontrollers remotely through Home Automation systems.

Expresstech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27966Medium5.92024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2.

Facuet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28732High7.52024-04-08An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

Faktor Vier · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31925Medium5.92024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FAKTOR VIER F4 Improvements allows Stored XSS.This issue affects F4 Improvements: from n/a through 1.8.0.

Fastify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31999High7.42024-04-10@festify/secure-session creates a secure stateless cookie session for Fastify.

Fetch Designs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31303Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through <= 2.2.11.1.

Filemanagerpro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2654Medium6.82024-04-09The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function.

Flipped-aurora · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31457High7.72024-04-09gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack.

Fooplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2081Medium6.42024-04-09The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitiz…

Fredericgilles · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31247Medium5.32024-04-10Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3.

Freebsd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-29937Critical9.82024-04-11NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.

Funnelkit · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51672High7.52024-04-11Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.

Furuno Systems Co.,ltd. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28744High8.82024-04-08The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier.

Gaizhenbiao · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2217High7.52024-04-10gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file.

Gamerz · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2011-10006Low3.52024-04-08A vulnerability was found in GamerZ WP-PostRatings up to 1.64.

Gamipress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2783Medium6.42024-04-09The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6…

Getbowtied · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2801Medium6.42024-04-12The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_slide' shortcode in all versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user…

Gowebsmarty · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7046High7.52024-04-09The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key file…

Gradio-app · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1728High7.52024-04-10gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component.

Hadsky · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30885Medium6.12024-04-11Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component .

Hidekazu Ishikawa · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31386Medium4.32024-04-10Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconn…

Hp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3281High8.82024-04-09A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices.

Huggingface · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3568Critical9.62024-04-10The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class.

I Thirteen Web Solution · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27989Medium6.52024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs allows Stored XSS.This issue affects WP Responsive Tabs…

Iain Poulson · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31929Medium5.92024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iain Poulson Intagrate Lite instagrate-to-wordpress.This issue affects Intagrate Lite: from n/a through <= 1.3.7.

Imagely · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3097Medium5.32024-04-09The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59.

Infotheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31240High7.72024-04-10Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1.

Inpsyde · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7164High7.52024-04-08The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database.

Iptanus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2847Medium6.42024-04-09The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user suppl…

J_3rk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2033Medium4.32024-04-09The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the get_assign_host_id AJAX action.

Jackdewey · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2325Medium6.12024-04-09The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and output escaping.

Jcodex · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31262Medium5.42024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8.

Jetmonsters · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1948Medium6.42024-04-09The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping.

Joel Hardi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31298Medium5.32024-04-10Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0.

Jokr · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2804Critical9.82024-04-09The Network Summary plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter in all versions up to, and including, 2.0.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio…

Jordy Meow · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51409Critical10.02024-04-12Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.

Jtermaat · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1637Medium4.32024-04-09The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12.

Jtsternberg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1792High7.52024-04-09The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the text_datetime_timestamp_timezone field.

Julien Berthelot / Mpembed.com · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32109Medium4.32024-04-11Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode allows Cross Site Request Forgery.This issue affects WP Matterport Shortcode: from n/a through 2.1.9.

Juniper Networks, Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30407High8.12024-04-12The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks whic…

Junkcoder, Ristoniinemets · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-47604Medium4.32024-04-11Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13.

Kekotron · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1850Medium6.32024-04-09The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3.

Kurudrive · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2093Medium6.52024-04-09The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags.

Leadinfo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32112Medium4.32024-04-11Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo.

Levelfourstorefront · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3211High8.82024-04-12The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user suppli…

Libreswan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3652Medium6.52024-04-11The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line.

Lifterlms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31363Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issue affects LifterLMS: from n/a through 7.5.0.

Linksys · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25852High8.82024-04-11Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point.

Linkwhspr · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2693High8.82024-04-09The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta value.

Lizardbyte · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31221Medium5.92024-04-08Sunshine is a self-hosted game stream host for Moonlight.

Lunary-ai · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1643Critical9.12024-04-10By knowing an organization's ID, an attacker can join the organization without permission and gain the ability to read and modify all data within that organization.

Makeplane · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31461Critical9.12024-04-10Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev.

Mark Stockton · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24850Medium5.32024-04-11Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1.

Matrix-org · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32000Medium4.32024-04-12matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol.

Max Foundry · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31287Medium6.52024-04-10Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.8.

Melapress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2018High8.82024-04-09The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient p…

Mervb1 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1893High8.82024-04-09The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘property_status’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter…

Metaslider · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3285Medium6.42024-04-11The Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'metaslider' shortcode in all versions up to, and including, 3.70.0 due to…

Mitel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28066High8.82024-04-08In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).

Mojolicious · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2021-47208Medium4.32024-04-08The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service.

Mudler · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2029Critical9.82024-04-10A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription.

Namithjawahar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2014-125111Low3.52024-04-08A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and classified as problematic.

Nerdpressteam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2501High7.52024-04-09The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the 'dpsp_maybe_unserialize' functio…

Netdata · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32019High8.82024-04-12Netdata is an open source observability tool.

Nick Pelton · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32080Medium5.92024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Pelton Search Keyword Redirect allows Stored XSS.This issue affects Search Keyword Redirect: from n/a through 1.0.

Ninjateam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2513Medium6.42024-04-09The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageAlt' block attribute in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied at…

Nodejs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27983High8.22024-04-09An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside.

Nosilver4u · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31924Medium4.32024-04-10Cross-Site Request Forgery (CSRF) vulnerability in nosilver4u EWWW Image Optimizer ewww-image-optimizer.This issue affects EWWW Image Optimizer: from n/a through <= 7.2.3.

Nudgify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31239Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3.

Nuknightlab · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2287Medium6.42024-04-09The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.3.3 due to insufficient input sanitization and output escaping on user suppli…

Oceanwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3167Medium6.42024-04-09The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_username’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping.

Open-telemetry · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32028Medium4.12024-04-12OpenTelemetry dotnet is a dotnet telemetry framework.

Openssl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2511Medium5.92024-04-08Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that wou…

Opentext · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2834High8.72024-04-08A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform.

Pagelayer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2504Medium6.42024-04-09The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attr' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and o…

Pdfcrowd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31930Medium5.92024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.1 .

Peach Payments · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25922Medium5.42024-04-11Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9.

Peepso · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31251Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1.

Persian-vc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1752Medium6.12024-04-08The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i…

Ping Identity · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-40148Medium6.52024-04-10Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests.

Pluginsware · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2222Medium4.32024-04-09The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0.

Pluginus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31430Medium4.32024-04-10Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects W…

Popup Likebox Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31387Medium5.92024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through 3.7.2.

Presstigers · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1813Critical9.82024-04-09The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the job_board_applicant_list_columns_value function.

Prestoplayer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2428Medium4.72024-04-10The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them.

Properfraction · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3210Medium6.42024-04-10The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in…

Propertyhive · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27985Medium5.42024-04-11Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9.

Qdrant · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2221Critical9.82024-04-10qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter.

Qemu · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3567Medium5.52024-04-10A flaw was found in QEMU.

Qodeinteractive · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0826Medium6.42024-04-09The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied…

Rainbowgeek · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2165Medium6.42024-04-09The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping.

Rankmath · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2536Medium6.42024-04-09The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo block attributes in all versions up to, and including, 1.0.214 due to insufficient input sanitization and output escaping o…

Redon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31442High8.82024-04-08Redon Hub is a Roblox Product Delivery Bot, also known as a Hub.

Repute Infosystems · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31272Medium6.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.

Reservation Diary · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31299High7.12024-04-10Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Cross-Site Scripting (XSS).This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.

Revolution Slider · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2306Medium6.42024-04-09The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping.

Rtcamp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31305Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.This issue affects Transcoder: from n/a through 1.3.5.

Run-llama · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3098Critical9.82024-04-10A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution.

Saleor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31205Medium4.22024-04-08Saleor is an e-commerce platform.

Saumya Majumder · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31250Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3.

Searchiq · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31259High7.52024-04-10Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5.

Setriosoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1780Medium6.12024-04-10The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.1.0.25 due to insufficient input sanitization and output escaping.

Shamsbd71 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2137Medium6.42024-04-12The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g.

Shapedplugin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3020High7.22024-04-10The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter.

Shopware · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31447Medium5.32024-04-08Shopware 6 is an open commerce platform based on Symfony Framework and Vue.

Shortpixel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31230Medium5.32024-04-10Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.2.

Silverks · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1984Medium5.32024-04-09The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2.

Skymoonlabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25912Critical9.82024-04-11Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.

Smartwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2436Medium6.42024-04-09The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user suppl…

Soflyy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31939Medium4.32024-04-10Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3.

Solwin Infotech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31356High7.62024-04-10Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log.This issue affects User Activity Log: from n/a through 1.8.

Sonaar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31343High7.52024-04-10Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1.

Stacklok · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31455Medium4.32024-04-09Minder by Stacklok is an open source software supply chain security platform.

Staxwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3064Medium6.42024-04-09The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Heading' widgets in all versions up to, and including, 1.4.4.1 due to insufficient input sanitization…

Stellarwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2261Medium4.32024-04-09The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality.

Stephanie Leary · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32108Medium4.32024-04-11Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Convert Post Types.This issue affects Convert Post Types: from n/a through 1.4.

Strangerstudios · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0588Medium4.32024-04-09The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10.

Subnet Solutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3313High8.42024-04-09SUBNET Solutions Inc.

Sumome · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31265Low3.72024-04-12Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34.

Supportcandy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27991Medium6.52024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3.

Tausworks · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2327Medium6.42024-04-09The Global Elementor Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link URL in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied…

The Moneytizer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27990Medium6.52024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Moneytizer allows Stored XSS.This issue affects The Moneytizer: from n/a through 9.5.20.

The Tcpdump Group · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2397Medium6.22024-04-12Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile.

Themepunch · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3235Medium5.32024-04-10The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function.

Tooltip · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31285High7.12024-04-11Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3.

Totalpressorg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6993Medium6.42024-04-09The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitizatio…

Traefik · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28869High7.52024-04-12Traefik is an HTTP reverse proxy and load balancer.

Unattributed · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31931Medium5.92024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Save as Image plugin by Pdfcrowd allows Stored XSS.This issue affects Save as Image plugin by Pdfcrowd: from n/a through 3.2.1 .

Undsgn · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51515High8.82024-04-12Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8.

Varun Kumar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32083Medium5.92024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Varun Kumar Easy Logo allows Stored XSS.This issue affects Easy Logo: from n/a through 1.9.3.

Visitor Analytics · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31937Medium5.92024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visitor Analytics TWIPLA (Visitor Analytics IO) allows Stored XSS.This issue affects TWIPLA (Visitor Analytics IO): from n/a through 1.2…

Wangshen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3444Medium4.72024-04-08A vulnerability was found in Wangshen SecGate 3600 up to 20240408.

Webfactory · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6799Medium5.92024-04-09The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names.

Webtechstreet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2792Medium6.42024-04-09The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes.

Wedevs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0952High7.22024-04-09The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insuff…

Wen Themes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27988Medium6.52024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS.This issue affects WEN Responsive Columns: from n/a through 1.3.2.

Wintercms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32003High8.82024-04-12wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk browser testing into Winter CMS.

Woocommerce · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51499Medium4.32024-04-12Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4.

Wow-company · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2457Medium6.42024-04-09The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output esca…

Wp Compress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32106Medium4.32024-04-11Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One].This issue affects WP Compress – Image Optimizer [All-In-One]: from n/a through 6.10.35.

Wp Darko · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31928Medium5.92024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Darko Top Bar allows Stored XSS.This issue affects Top Bar: from n/a through 3.0.5.

Wp Enhanced · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27969Medium6.52024-04-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Enhanced Free Downloads WooCommerce allows Stored XSS.This issue affects Free Downloads WooCommerce: from n/a through 3.5.8.2.

Wp Swings · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-27607Medium5.42024-04-11Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0.

Wp-oauth · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31253Medium4.72024-04-10URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3.

Wpchill · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2026Medium6.42024-04-09The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user su…

Wpcloudgallery · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31342Medium6.52024-04-10Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3.

Wpdevteam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2845Medium6.42024-04-09The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up…

Wpeverest · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1812High7.22024-04-09The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter.

Wpexperts · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31297High7.52024-04-10Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.

Wpkube · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31249Medium5.32024-04-10Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725.

Wpvivid · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3054High7.22024-04-12WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action.

Xiamen Four-faith · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3688Medium6.32024-04-12A vulnerability was found in Xiamen Four-Faith RMP Router Management Platform 5.2.2.

Xlplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32107Medium4.32024-04-11Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0.

Xylus Themes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31371Medium4.32024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6.

Yith · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-44633Medium6.52024-04-11Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1.

Yt-dlp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22423High8.32024-04-09yt-dlp is a youtube-dl fork with additional features and fixes.

Zauberzeug · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32005High8.22024-04-12NiceGUI is an easy-to-use, Python-based UI framework.

Zaytech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31238Medium5.42024-04-12Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5.

Zhejiang Land Zongheng Network Technology · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3689Low3.72024-04-12A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403.