Patch Tuesday — May 2024
2024-05-14 · 1498 CVEs
CVEs published or modified the week of 2024-05-14, partitioned by vendor.
Microsoft (114 CVEs)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33868 | Critical | 9.8 | — | 2024-05-14 | An issue was discovered in linqi before 1.4.0.1 on Windows. |
CVE-2024-33863 | Critical | 9.8 | — | 2024-05-14 | An issue was discovered in linqi before 1.4.0.1 on Windows. |
CVE-2023-45217 | High | 8.8 | — | 2024-05-16 | Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-42773 | High | 8.8 | — | 2024-05-16 | Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-38581 | High | 8.8 | — | 2024-05-16 | Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-30040 | High | 8.8 | KEV | 2024-05-14 | Windows MSHTML Platform Security Feature Bypass Vulnerability |
CVE-2024-30017 | High | 8.8 | — | 2024-05-14 | Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2024-30010 | High | 8.8 | — | 2024-05-14 | Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2024-30009 | High | 8.8 | — | 2024-05-14 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-30007 | High | 8.8 | — | 2024-05-14 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
CVE-2024-30006 | High | 8.8 | — | 2024-05-14 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-30020 | High | 8.1 | — | 2024-05-14 | Windows Cryptographic Services Remote Code Execution Vulnerability |
CVE-2023-46691 | High | 7.9 | — | 2024-05-16 | Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-30060 | High | 7.8 | — | 2024-05-16 | Azure Monitor Agent Elevation of Privilege Vulnerability |
CVE-2024-30314 | High | 7.8 | — | 2024-05-16 | Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. |
CVE-2024-30292 | High | 7.8 | — | 2024-05-16 | Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30291 | High | 7.8 | — | 2024-05-16 | Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30290 | High | 7.8 | — | 2024-05-16 | Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30289 | High | 7.8 | — | 2024-05-16 | Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30288 | High | 7.8 | — | 2024-05-16 | Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30297 | High | 7.8 | — | 2024-05-16 | Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30296 | High | 7.8 | — | 2024-05-16 | Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30295 | High | 7.8 | — | 2024-05-16 | Animate versions 24.0.2, 23.0.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30294 | High | 7.8 | — | 2024-05-16 | Animate versions 24.0.2, 23.0.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30293 | High | 7.8 | — | 2024-05-16 | Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30282 | High | 7.8 | — | 2024-05-16 | Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30275 | High | 7.8 | — | 2024-05-16 | Adobe Aero Desktop versions 23.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-20792 | High | 7.8 | — | 2024-05-16 | Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-20791 | High | 7.8 | — | 2024-05-16 | Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. |
CVE-2024-34100 | High | 7.8 | — | 2024-05-15 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-34099 | High | 7.8 | — | 2024-05-15 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-34098 | High | 7.8 | — | 2024-05-15 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-34097 | High | 7.8 | — | 2024-05-15 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-34096 | High | 7.8 | — | 2024-05-15 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-34095 | High | 7.8 | — | 2024-05-15 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-34094 | High | 7.8 | — | 2024-05-15 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30310 | High | 7.8 | — | 2024-05-15 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30284 | High | 7.8 | — | 2024-05-15 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30051 | High | 7.8 | KEV | 2024-05-14 | Windows DWM Core Library Elevation of Privilege Vulnerability |
CVE-2024-30049 | High | 7.8 | — | 2024-05-14 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
CVE-2024-30042 | High | 7.8 | — | 2024-05-14 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-30038 | High | 7.8 | — | 2024-05-14 | Win32k Elevation of Privilege Vulnerability |
CVE-2024-30035 | High | 7.8 | — | 2024-05-14 | Windows DWM Core Library Elevation of Privilege Vulnerability |
CVE-2024-30032 | High | 7.8 | — | 2024-05-14 | Windows DWM Core Library Elevation of Privilege Vulnerability |
CVE-2024-30031 | High | 7.8 | — | 2024-05-14 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
CVE-2024-30030 | High | 7.8 | — | 2024-05-14 | Win32k Elevation of Privilege Vulnerability |
CVE-2024-30028 | High | 7.8 | — | 2024-05-14 | Win32k Elevation of Privilege Vulnerability |
CVE-2024-30027 | High | 7.8 | — | 2024-05-14 | NTFS Elevation of Privilege Vulnerability |
CVE-2024-30025 | High | 7.8 | — | 2024-05-14 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2024-30018 | High | 7.8 | — | 2024-05-14 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-29996 | High | 7.8 | — | 2024-05-14 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2024-29994 | High | 7.8 | — | 2024-05-14 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability |
CVE-2024-26238 | High | 7.8 | — | 2024-05-14 | Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability |
CVE-2024-4712 | High | 7.8 | — | 2024-05-14 | An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the image-handler process, which can incorrectly create files that don’t exist whe… |
CVE-2024-3037 | High | 7.8 | — | 2024-05-14 | An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. |
CVE-2024-30048 | High | 7.6 | — | 2024-05-14 | Dynamics 365 Customer Insights Spoofing Vulnerability |
CVE-2024-30047 | High | 7.6 | — | 2024-05-14 | Dynamics 365 Customer Insights Spoofing Vulnerability |
CVE-2024-30029 | High | 7.5 | — | 2024-05-14 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-30024 | High | 7.5 | — | 2024-05-14 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-30023 | High | 7.5 | — | 2024-05-14 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-30022 | High | 7.5 | — | 2024-05-14 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-30015 | High | 7.5 | — | 2024-05-14 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-30014 | High | 7.5 | — | 2024-05-14 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-33865 | High | 7.5 | — | 2024-05-14 | An issue was discovered in linqi before 1.4.0.1 on Windows. |
CVE-2024-0097 | High | 7.5 | — | 2024-05-14 | NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. |
CVE-2024-0096 | High | 7.5 | — | 2024-05-14 | NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. |
CVE-2024-30044 | High | 7.2 | — | 2024-05-14 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
CVE-2024-22268 | High | 7.1 | — | 2024-05-14 | VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerabilit… |
CVE-2024-30033 | High | 7.0 | — | 2024-05-14 | Windows Search Service Elevation of Privilege Vulnerability |
CVE-2024-20391 | Medium | 6.8 | — | 2024-05-15 | A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of… |
CVE-2024-30021 | Medium | 6.8 | — | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-30012 | Medium | 6.8 | — | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-30005 | Medium | 6.8 | — | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-30004 | Medium | 6.8 | — | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-30003 | Medium | 6.8 | — | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-30002 | Medium | 6.8 | — | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-30001 | Medium | 6.8 | — | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-30000 | Medium | 6.8 | — | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-29999 | Medium | 6.8 | — | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-29998 | Medium | 6.8 | — | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-29997 | Medium | 6.8 | — | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-23583 | Medium | 6.7 | — | 2024-05-17 | An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. |
CVE-2023-45736 | Medium | 6.7 | — | 2024-05-16 | Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-30054 | Medium | 6.5 | — | 2024-05-14 | Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability |
CVE-2024-30053 | Medium | 6.5 | — | 2024-05-14 | Azure Migrate Cross-Site Scripting Vulnerability |
CVE-2024-30043 | Medium | 6.5 | — | 2024-05-14 | Microsoft SharePoint Server Information Disclosure Vulnerability |
CVE-2024-30036 | Medium | 6.5 | — | 2024-05-14 | Windows Deployment Services Information Disclosure Vulnerability |
CVE-2024-30019 | Medium | 6.5 | — | 2024-05-14 | DHCP Server Service Denial of Service Vulnerability |
CVE-2024-30011 | Medium | 6.5 | — | 2024-05-14 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2024-30045 | Medium | 6.3 | — | 2024-05-14 | .NET and Visual Studio Remote Code Execution Vulnerability |
CVE-2024-30059 | Medium | 6.1 | — | 2024-05-14 | Microsoft Intune for Android Mobile Application Management Tampering Vulnerability |
CVE-2024-30046 | Medium | 5.9 | — | 2024-05-14 | Visual Studio Denial of Service Vulnerability |
CVE-2024-33864 | Medium | 5.9 | — | 2024-05-14 | An issue was discovered in linqi before 1.4.0.1 on Windows. |
CVE-2023-45315 | Medium | 5.5 | — | 2024-05-16 | Improper initialization in some Intel(R) Power Gadget software for Windwos all versions may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2024-30287 | Medium | 5.5 | — | 2024-05-16 | Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-30286 | Medium | 5.5 | — | 2024-05-16 | Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-30283 | Medium | 5.5 | — | 2024-05-16 | Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-30298 | Medium | 5.5 | — | 2024-05-16 | Animate versions 24.0.2, 23.0.5 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20793 | Medium | 5.5 | — | 2024-05-16 | Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-34101 | Medium | 5.5 | — | 2024-05-15 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-30312 | Medium | 5.5 | — | 2024-05-15 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-30311 | Medium | 5.5 | — | 2024-05-15 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-30039 | Medium | 5.5 | — | 2024-05-14 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
CVE-2024-30037 | Medium | 5.5 | — | 2024-05-14 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2024-30034 | Medium | 5.5 | — | 2024-05-14 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
CVE-2024-30016 | Medium | 5.5 | — | 2024-05-14 | Windows Cryptographic Services Information Disclosure Vulnerability |
CVE-2024-30008 | Medium | 5.5 | — | 2024-05-14 | Windows DWM Core Library Information Disclosure Vulnerability |
CVE-2024-33866 | Medium | 5.5 | — | 2024-05-14 | An issue was discovered in linqi before 1.4.0.1 on Windows. |
CVE-2024-0098 | Medium | 5.5 | — | 2024-05-14 | NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user can cause a clear-text transmission of sensitive information issue by data sniffing. |
CVE-2024-30050 | Medium | 5.4 | — | 2024-05-14 | Windows Mark of the Web Security Feature Bypass Vulnerability |
CVE-2024-30041 | Medium | 5.4 | — | 2024-05-14 | Microsoft Bing Search Spoofing Vulnerability |
CVE-2024-30055 | Medium | 5.4 | — | 2024-05-14 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
CVE-2023-41234 | Medium | 5.0 | — | 2024-05-16 | NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2024-33867 | Medium | 4.8 | — | 2024-05-14 | An issue was discovered in linqi before 1.4.0.1 on Windows. |
Other vendors (1384 CVEs across 459 vendors)
N/a · 166 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22476 | Critical | 10.0 | — | 2024-05-16 | Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access. |
CVE-2024-34919 | Critical | 9.8 | — | 2024-05-17 | An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file. |
CVE-2023-48643 | Critical | 9.8 | — | 2024-05-16 | Shrubbery tac_plus 2.x, 3.x. |
CVE-2024-33485 | Critical | 9.8 | — | 2024-05-14 | SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php component |
CVE-2024-34256 | Critical | 9.8 | — | 2024-05-14 | OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function. |
CVE-2024-32353 | Critical | 9.8 | — | 2024-05-14 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. |
CVE-2024-35099 | Critical | 9.8 | — | 2024-05-14 | TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth. |
CVE-2024-34945 | Critical | 9.8 | — | 2024-05-14 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPW parameter at ip/goform/WizardHandle. |
CVE-2024-34943 | Critical | 9.8 | — | 2024-05-14 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting. |
CVE-2024-34213 | Critical | 9.8 | — | 2024-05-14 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function. |
CVE-2024-34209 | Critical | 9.8 | — | 2024-05-14 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function. |
CVE-2024-34204 | Critical | 9.8 | — | 2024-05-14 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. |
CVE-2024-31810 | Critical | 9.8 | — | 2024-05-14 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
CVE-2024-30802 | Critical | 9.8 | — | 2024-05-14 | An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component. |
CVE-2024-28285 | Critical | 9.8 | — | 2024-05-14 | A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges. |
CVE-2024-27280 | Critical | 9.8 | — | 2024-05-14 | A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. |
CVE-2022-32504 | Critical | 9.8 | — | 2024-05-14 | An issue was discovered on certain Nuki Home Solutions devices. |
CVE-2024-34226 | Critical | 9.4 | — | 2024-05-14 | SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters. |
CVE-2024-35049 | Critical | 9.1 | — | 2024-05-14 | SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. |
CVE-2024-26517 | Critical | 9.1 | — | 2024-05-14 | SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component. |
CVE-2024-34058 | High | 8.8 | — | 2024-05-17 | The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail message). |
CVE-2024-35102 | High | 8.8 | — | 2024-05-15 | Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv-m8105) 8.6.2-1 allows a remote attacker to escalate privileges via a crafted script. |
CVE-2024-32352 | High | 8.8 | — | 2024-05-14 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary. |
CVE-2024-32351 | High | 8.8 | — | 2024-05-14 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mru" parameter in the "cstecgi.cgi" binary. |
CVE-2024-32350 | High | 8.8 | — | 2024-05-14 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecPsk" parameter in the "cstecgi.cgi" binary. |
CVE-2024-35050 | High | 8.8 | — | 2024-05-14 | An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin. |
CVE-2024-34944 | High | 8.8 | — | 2024-05-14 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient. |
CVE-2024-34942 | High | 8.8 | — | 2024-05-14 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/exeCommand. |
CVE-2024-34921 | High | 8.8 | — | 2024-05-14 | TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function. |
CVE-2024-34310 | High | 8.8 | — | 2024-05-14 | Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter. |
CVE-2024-34308 | High | 8.8 | — | 2024-05-14 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode. |
CVE-2024-34221 | High | 8.8 | — | 2024-05-14 | Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation. |
CVE-2024-34211 | High | 8.8 | — | 2024-05-14 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. |
CVE-2024-34207 | High | 8.8 | — | 2024-05-14 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function. |
CVE-2024-34200 | High | 8.8 | — | 2024-05-14 | TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function. |
CVE-2024-34196 | High | 8.8 | — | 2024-05-14 | Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. |
CVE-2022-32509 | High | 8.8 | — | 2024-05-14 | An issue was discovered on certain Nuki Home Solutions devices. |
CVE-2022-32507 | High | 8.8 | — | 2024-05-14 | An issue was discovered on certain Nuki Home Solutions devices. |
CVE-2024-34219 | High | 8.6 | — | 2024-05-14 | TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. |
CVE-2024-34199 | High | 8.6 | — | 2024-05-14 | TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line. |
CVE-2023-26566 | High | 8.6 | — | 2024-05-14 | Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface (ARI), which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sen… |
CVE-2024-35204 | High | 8.4 | — | 2024-05-14 | Veritas System Recovery before 23.3_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks. |
CVE-2023-38654 | High | 8.2 | — | 2024-05-16 | Improper input validation for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
CVE-2024-34974 | High | 8.2 | — | 2024-05-14 | Tenda AC18 v15.03.05.19 is vulnerable to Buffer Overflow in the formSetPPTPServer function via the endIp parameter. |
CVE-2024-32355 | High | 8.0 | — | 2024-05-14 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function. |
CVE-2024-21813 | High | 7.9 | — | 2024-05-16 | Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21864 | High | 7.8 | — | 2024-05-16 | Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access. |
CVE-2024-31556 | High | 7.8 | — | 2024-05-14 | An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function. |
CVE-2024-35205 | High | 7.8 | — | 2024-05-14 | The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. |
CVE-2024-31771 | High | 7.8 | — | 2024-05-14 | Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file |
CVE-2024-29513 | High | 7.8 | — | 2024-05-14 | An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to an improper DACL being applied… |
CVE-2024-22774 | High | 7.8 | — | 2024-05-14 | An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component. |
CVE-2024-34217 | High | 7.7 | — | 2024-05-14 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function. |
CVE-2023-41092 | High | 7.6 | — | 2024-05-16 | Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access. |
CVE-2022-32503 | High | 7.6 | — | 2024-05-14 | An issue was discovered on certain Nuki Home Solutions devices. |
CVE-2024-24981 | High | 7.5 | — | 2024-05-16 | Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access. |
CVE-2024-23980 | High | 7.5 | — | 2024-05-16 | Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access. |
CVE-2024-23487 | High | 7.5 | — | 2024-05-16 | Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. |
CVE-2024-22382 | High | 7.5 | — | 2024-05-16 | Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. |
CVE-2024-21823 | High | 7.5 | — | 2024-05-16 | Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access |
CVE-2023-40297 | High | 7.5 | — | 2024-05-15 | Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component. |
CVE-2024-34459 | High | 7.5 | — | 2024-05-14 | An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. |
CVE-2024-34220 | High | 7.5 | — | 2024-05-14 | Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter. |
CVE-2024-33818 | High | 7.5 | — | 2024-05-14 | Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR) via the userID parameter. |
CVE-2024-30172 | High | 7.5 | — | 2024-05-14 | An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. |
CVE-2024-29857 | High | 7.5 | — | 2024-05-14 | An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. |
CVE-2022-32508 | High | 7.5 | — | 2024-05-14 | An issue was discovered on certain Nuki Home Solutions devices. |
CVE-2023-52424 | High | 7.4 | — | 2024-05-17 | The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. |
CVE-2024-27353 | High | 7.4 | — | 2024-05-15 | A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to es… |
CVE-2024-35313 | High | 7.3 | — | 2024-05-17 | In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length of 3 (with full vanguards), aka TROVE-2024-004. |
CVE-2024-34224 | High | 7.3 | — | 2024-05-14 | Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname… |
CVE-2024-34215 | High | 7.3 | — | 2024-05-14 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function. |
CVE-2024-34212 | High | 7.3 | — | 2024-05-14 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function. |
CVE-2024-34210 | High | 7.3 | — | 2024-05-14 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter. |
CVE-2024-34205 | High | 7.3 | — | 2024-05-14 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function. |
CVE-2024-34201 | High | 7.3 | — | 2024-05-14 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function. |
CVE-2024-31954 | High | 7.3 | — | 2024-05-14 | An issue was discovered in the installer in Samsung Portable SSD for T5 1.6.10 on Windows. |
CVE-2023-46870 | High | 7.3 | — | 2024-05-14 | extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAPI/*.py in Nordic Semiconductor nRF Sniffer for Bluetooth LE 3.0.0, 3.1.0, 4.0.0, 4.1.0, and 4.1.1 have set incorrect file permission, which allows attackers to do code e… |
CVE-2024-22095 | High | 7.2 | — | 2024-05-16 | Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. |
CVE-2023-28402 | High | 7.2 | — | 2024-05-16 | Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2023-27504 | High | 7.2 | — | 2024-05-16 | Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2022-28132 | High | 7.2 | — | 2024-05-14 | The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. |
CVE-2024-34338 | High | 7.2 | — | 2024-05-14 | Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. |
CVE-2024-33250 | High | 7.2 | — | 2024-05-14 | An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268(Leo) and SRS/4.0.195(Leo) allows a remote attacker to execute arbitrary code via a crafted request. |
CVE-2024-25743 | High | 7.1 | — | 2024-05-15 | In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. |
CVE-2024-34231 | High | 7.1 | — | 2024-05-14 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter. |
CVE-2022-32510 | High | 7.1 | — | 2024-05-14 | An issue was discovered on certain Nuki Home Solutions devices. |
CVE-2022-32505 | High | 7.1 | — | 2024-05-14 | An issue was discovered on certain Nuki Home Solutions devices. |
CVE-2022-37410 | High | 7.0 | — | 2024-05-16 | Improper access control for some Intel(R) Thunderbolt driver software before version 89 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-22379 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21843 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21841 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21828 | Medium | 6.7 | — | 2024-05-16 | Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21818 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21774 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-43751 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path in Intel(R) Graphics Command Center Service bundled in some Intel(R) Graphics Windows DCH driver software before versions 31.0.101.3790/31.0.101.2114 may allow an authenticated user to potentially enable escalation… |
CVE-2023-42668 | Medium | 6.7 | — | 2024-05-16 | Incorrect default permissions in some onboard video driver software before version 1.14 for Intel(R) Server Boards based on Intel(R) 62X Chipset may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-42433 | Medium | 6.7 | — | 2024-05-16 | Incorrect default permissions in some Endurance Gaming Mode software installers before version 1.3.937.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-40155 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-39929 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-27282 | Medium | 6.6 | — | 2024-05-14 | An issue was discovered in Ruby 3.x through 3.3.0. |
CVE-2024-25742 | Medium | 6.5 | — | 2024-05-17 | In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. |
CVE-2024-22015 | Medium | 6.5 | — | 2024-05-16 | Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local access. |
CVE-2024-28087 | Medium | 6.5 | — | 2024-05-15 | In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. |
CVE-2024-34946 | Medium | 6.5 | — | 2024-05-14 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient. |
CVE-2024-34206 | Medium | 6.5 | — | 2024-05-14 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. |
CVE-2024-34202 | Medium | 6.5 | — | 2024-05-14 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function. |
CVE-2023-29881 | Medium | 6.5 | — | 2024-05-14 | phpok 6.4.003 is vulnerable to SQL injection in the function index_f() in phpok64/framework/api/call_control.php. |
CVE-2022-32506 | Medium | 6.4 | — | 2024-05-14 | An issue was discovered on certain Nuki Home Solutions devices. |
CVE-2024-31974 | Medium | 6.3 | — | 2024-05-17 | The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. |
CVE-2022-32502 | Medium | 6.3 | — | 2024-05-14 | An issue was discovered on certain Nuki Home Solutions devices. |
CVE-2024-35312 | Medium | 6.2 | — | 2024-05-17 | In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 (with lite vanguards), aka TROVE-2024-003. |
CVE-2024-31803 | Medium | 6.2 | — | 2024-05-14 | Buffer Overflow vulnerability in emp-ot v.0.2.4 allows a remote attacker to execute arbitrary code via the FerretCOT<T>::read_pre_data128_from_file function. |
CVE-2023-28383 | Medium | 6.1 | — | 2024-05-16 | Improper conditions check in some Intel(R) BIOS PPAM firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2024-34582 | Medium | 6.1 | — | 2024-05-16 | Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi userid_change XSS within the Forgot Password feature. |
CVE-2024-26367 | Medium | 6.1 | — | 2024-05-14 | Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firmware 8.6.5, XPS-EDGE-* Build 1467, evEDGE-EO-* Build 0029, MMA10G-* Build 0498, 570IPG-X19-10G Build 0691 allows a remote attacker to execute arbitrary code via a crafte… |
CVE-2024-34230 | Medium | 6.1 | — | 2024-05-14 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter. |
CVE-2024-34225 | Medium | 6.1 | — | 2024-05-14 | Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters. |
CVE-2024-28277 | Medium | 6.1 | — | 2024-05-14 | In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= parameter, enabling Stored Cross-Site Scripting (XSS) attacks. |
CVE-2024-28276 | Medium | 6.1 | — | 2024-05-14 | Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=. |
CVE-2024-25662 | Medium | 6.1 | — | 2024-05-14 | Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting (XSS) for malicious URLs. |
CVE-2024-24157 | Medium | 6.1 | — | 2024-05-14 | Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vulnerable to Cross Site Scripting (XSS) via board.py. |
CVE-2023-47165 | Medium | 6.0 | — | 2024-05-16 | Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local access. |
CVE-2024-32354 | Medium | 6.0 | — | 2024-05-14 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. |
CVE-2024-32349 | Medium | 6.0 | — | 2024-05-14 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary. |
CVE-2024-34273 | Medium | 5.9 | — | 2024-05-16 | njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method. |
CVE-2024-34222 | Medium | 5.9 | — | 2024-05-14 | Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter. |
CVE-2024-30171 | Medium | 5.9 | — | 2024-05-14 | An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. |
CVE-2023-22662 | Medium | 5.8 | — | 2024-05-16 | Improper input validation of EpsdSrMgmtConfig in UEFI firmware for some Intel(R) Server Board S2600BP products may allow a privileged user to potentially enable denial of service via local access. |
CVE-2023-49614 | Medium | 5.7 | — | 2024-05-16 | Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information disclosure. |
CVE-2024-35110 | Medium | 5.5 | — | 2024-05-17 | A reflected XSS vulnerability has been found in YzmCMS 7.1. |
CVE-2023-47859 | Medium | 5.5 | — | 2024-05-16 | Improper access control for some Intel(R) Wireless Bluetooth products for Windows before version 23.20 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2024-30801 | Medium | 5.5 | — | 2024-05-14 | SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component. |
CVE-2024-34913 | Medium | 5.4 | — | 2024-05-15 | An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. |
CVE-2024-27593 | Medium | 5.4 | — | 2024-05-15 | A stored cross-site scripting (XSS) vulnerability in the Filter function of Eramba Version 3.22.3 Community Edition allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the filter name… |
CVE-2023-24204 | Medium | 5.4 | — | 2024-05-14 | SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php. |
CVE-2023-24203 | Medium | 5.4 | — | 2024-05-14 | Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query parameter(s). |
CVE-2024-34243 | Medium | 5.4 | — | 2024-05-14 | Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter. |
CVE-2024-34899 | Medium | 5.4 | — | 2024-05-14 | WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS). |
CVE-2024-34914 | Medium | 5.3 | — | 2024-05-14 | php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. |
CVE-2024-34241 | Medium | 4.8 | — | 2024-05-17 | A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications. |
CVE-2024-33433 | Medium | 4.8 | — | 2024-05-14 | Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page. |
CVE-2024-21792 | Medium | 4.7 | — | 2024-05-16 | Time-of-check Time-of-use race condition in Intel(R) Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access. |
CVE-2023-47210 | Medium | 4.7 | — | 2024-05-16 | Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
CVE-2023-46103 | Medium | 4.7 | — | 2024-05-16 | Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2023-43487 | Medium | 4.7 | — | 2024-05-16 | Improper access control in some Intel(R) CST before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2024-33819 | Medium | 4.6 | — | 2024-05-14 | Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Save Query function. |
CVE-2024-27281 | Medium | 4.5 | — | 2024-05-14 | An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. |
CVE-2024-22390 | Medium | 4.4 | — | 2024-05-16 | Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of service. |
CVE-2023-45845 | Medium | 4.4 | — | 2024-05-16 | Improper conditions check for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.20 may allow a privileged user to potentially enable denial of service via local access. |
CVE-2023-41082 | Medium | 4.4 | — | 2024-05-16 | Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2023-39433 | Medium | 4.4 | — | 2024-05-16 | Improper access control for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-40536 | Medium | 4.3 | — | 2024-05-16 | Race condition for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
CVE-2023-38417 | Medium | 4.3 | — | 2024-05-16 | Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
CVE-2024-35048 | Medium | 4.3 | — | 2024-05-14 | An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password. |
CVE-2024-34223 | Medium | 4.3 | — | 2024-05-14 | Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket. |
CVE-2024-28759 | Medium | 4.3 | — | 2024-05-14 | A crafted network packet may cause a buffer overrun in Wind River VxWorks 7 through 23.09. |
CVE-2023-47282 | Low | 3.9 | — | 2024-05-16 | Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-22656 | Low | 3.9 | — | 2024-05-16 | Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-34218 | Low | 3.8 | — | 2024-05-14 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. |
CVE-2024-34203 | Low | 3.8 | — | 2024-05-14 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function. |
CVE-2023-48727 | Low | 3.3 | — | 2024-05-16 | NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access. |
CVE-2024-4317 | Low | 3.1 | — | 2024-05-14 | Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. |
CVE-2024-22384 | Low | 2.8 | — | 2024-05-16 | Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access. |
CVE-2023-45733 | Low | 2.8 | — | 2024-05-16 | Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. |
CVE-2023-43745 | Low | 2.8 | — | 2024-05-16 | Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local access. |
Linux · 94 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0087 | Critical | 9.0 | — | 2024-05-14 | NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. |
CVE-2024-35814 | High | 8.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: swiotlb: Fix double-allocation of slots due to broken alignment handling Commit bbb73a103fbb ("swiotlb: fix a braino in the alignment check fix"), which was a fix for co… |
CVE-2024-27407 | High | 8.4 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mi_enum_attr() |
CVE-2024-35856 | High | 7.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hci_devcd_append() would free the skb on error so the caller don't have to free it again otherwise it woul… |
CVE-2024-35855 | High | 7.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules an… |
CVE-2023-52688 | High | 7.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix the error handler of rfkill config When the core rfkill config throws error, it should free the allocated resources. |
CVE-2023-52667 | High | 7.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a potential double-free in fs_any_create_groups When kcalloc() for ft->g succeeds but kvzalloc() for in fails, fs_any_create_groups() will free ft->g. |
CVE-2023-52664 | High | 7.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on s… |
CVE-2024-35792 | High | 7.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: crypto: rk3288 - Fix use after free in unprepare The unprepare call must be carried out before the finalize call as the latter can free the request. |
CVE-2024-27433 | High | 7.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() 'clk_data' is allocated with mtk_devm_alloc_clk_data(). |
CVE-2024-27394 | High | 7.4 | — | 2024-05-14 | In the Linux kernel, the following vulnerability has been resolved: tcp: Fix Use-After-Free in tcp_ao_connect_init Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of tcp_ao_connect_init, is not part of the RCU r… |
CVE-2023-52697 | High | 7.1 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL sof_sdw_rt_sdca_jack_exit() are used by different codecs, and some of them use the same dai name. |
CVE-2023-52682 | High | 7.1 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait on block writeback for post_read case If inode is compressed, but not encrypted, it missed to call f2fs_wait_on_block_writeback() to wait for GCed page… |
CVE-2024-27397 | High | 7.0 | — | 2024-05-14 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. |
CVE-2024-35843 | Medium | 6.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Use device rbtree in iopf reporting path The existing I/O page fault handler currently locates the PCI device by calling pci_get_domain_bus_and_slot(). |
CVE-2024-0100 | Medium | 6.5 | — | 2024-05-14 | NVIDIA Triton Inference Server for Linux contains a vulnerability in the tracing API, where a user can corrupt system files. |
CVE-2024-27402 | Medium | 5.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skb_queue_empty() use The receive queues are protected by their respective spin-lock, not the socket lock. |
CVE-2024-35859 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: block: fix module reference leakage from bdev_open_by_dev error path At the time bdev_may_open() is called, module reference is grabbed already, hence module reference s… |
CVE-2024-35858 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix memory leak when bringing down interface When bringing down the TX rings we flush the rings but forget to reclaimed the flushed packets. |
CVE-2024-35852 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work The rehash delayed work is rescheduled with a delay if the number of credits at end of the work is n… |
CVE-2024-35851 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev suspend Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev… |
CVE-2024-35850 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev po… |
CVE-2024-35846 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. |
CVE-2024-35844 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix reserve_cblocks counting error when out of space When a file only needs one direct_node, performing the following operations will cause the file to b… |
CVE-2024-35842 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Add NULL check for normal_link string It's not granted that all entries of struct sof_conn_stream declare a `normal_link` (a non-SOF, direct… |
CVE-2024-35841 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: net: tls, fix WARNIING in __sk_msg_free A splice with MSG_SPLICE_PAGES will cause tls code to use the tls_sw_sendmsg_splice path in the TLS sendmsg code to move the user… |
CVE-2024-35840 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none) that may contain garbage unless O… |
CVE-2024-35839 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: replace physindev with physinif in nf_bridge_info An skb can be added to a neigh->arp_queue while waiting for an arp reply. |
CVE-2023-52698 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: calipso: fix memory leak in netlbl_calipso_add_pass() If IPv6 support is disabled at boot (ipv6.disable=1), the calipso_init() -> netlbl_calipso_ops_register() function… |
CVE-2023-52695 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check writeback connectors in create_validate_stream_for_sink [WHY & HOW] This is to check connector type to avoid unhandled null pointer for writeback… |
CVE-2023-52692 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() scarlett2_usb_set_config() calls scarlett2_usb_get() but was not checking the result. |
CVE-2023-52689 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing mutex lock around get meter levels As scarlett2_meter_ctl_get() uses meter_level_map[], the data_mutex should be locked while accessing it. |
CVE-2023-52687 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel - Add error handling for dma_map_sg() calls Macro dma_map_sg() may return 0 on error. |
CVE-2023-52684 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: qseecom: fix memory leaks in error paths Fix instances of returning error codes directly instead of jumping to the relevant labels where memory allocated… |
CVE-2023-52681 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: efivarfs: Free s_fs_info on unmount Now that we allocate a s_fs_info struct on fs context creation, we should ensure that we free it again when the superblock goes away. |
CVE-2023-52680 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to *_ctl_get() The *_ctl_get() functions which call scarlett2_update_*() were not checking the return value. |
CVE-2023-52678 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c Before using list_first_entry, make sure to check that list is not empty, if li… |
CVE-2023-52677 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: riscv: Check if the code to patch lies in the exit section Otherwise we fall through to vmalloc_to_page() which panics since the address does not lie in the vmalloc regi… |
CVE-2023-52676 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32… |
CVE-2023-52675 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. |
CVE-2023-52674 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() Ensure the value passed to scarlett2_mixer_ctl_put() is between 0 and SCARLETT2_MIXER_MAX_VALUE so we don't att… |
CVE-2024-35838 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential sta-link leak When a station is allocated, links are added but not set to valid yet (e.g. |
CVE-2024-35836 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed (other kernel module instance of the same PCI d… |
CVE-2024-35834 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: xsk: recycle buffer in case Rx queue was full Add missing xsk_buff_free() call when __xsk_rcv_zc() failed to produce descriptor to XSK Rx queue. |
CVE-2024-35832 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit bch_fs::snapshots is allocated by kvzalloc in __snapshot_t_mut. |
CVE-2024-35831 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: io_uring: Fix release of pinned pages when __io_uaddr_map fails Looking at the error path of __io_uaddr_map, if we fail after pinning the pages for any reasons, ret will… |
CVE-2024-35827 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() The "controllen" variable is type size_t (unsigned long). |
CVE-2024-35826 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: block: Fix page refcounts for unaligned buffers in __bio_release_pages() Fix an incorrect number of pages being released for buffers that do not start at the beginning o… |
CVE-2024-35824 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume When not configured for wakeup lis3lv02d_i2c_suspend() will call lis3lv02d_poweroff() e… |
CVE-2024-35818 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: LoongArch: Define the __io_aw() hook as mmiowb() Commit fb24ea52f78e0d595852e ("drivers: Remove explicit invocations of mmiowb()") remove all mmiowb() in drivers, but it… |
CVE-2024-35817 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Otherwise after the GTT bo is released, the GTT and gart space is freed but amdgpu_ttm_backend_unbind will not clear… |
CVE-2024-35816 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: prevent leak of left-over IRQ on unbind Commit 5a95f1ded28691e6 ("firewire: ohci: use devres for requested IRQ") also removed the call to free_irq() in p… |
CVE-2024-35810 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix the lifetime of the bo cursor memory The cleanup can be dispatched while the atomic update is still active, which means that the memory acquired in the a… |
CVE-2024-35808 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call md_reap_sync_thread() directly Currently md_reap_sync_thread() is called from raid_message() directly without holding 'reconfig_mutex', this is de… |
CVE-2024-35804 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Mark target gfn of emulated atomic instruction as dirty When emulating an atomic access on behalf of the guest, mark the target gfn dirty if the CMPXCHG by KVM… |
CVE-2024-35803 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub wa… |
CVE-2024-35801 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Commit 672365477ae8 ("x86/fpu: Update XFD state where required") and commit 8bf26758ca96 ("x86/fpu: Add XFD state to fp… |
CVE-2024-35800 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel Check if get_next_variable() is actually valid pointer before calling it. |
CVE-2024-35799 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent crash when disable stream [Why] Disabling stream encoder invokes a function that no longer exists. |
CVE-2024-35797 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix two shmem bugs When cachestat on shmem races with swapping and invalidation, there are two possible bugs: 1) A swapin error can have resulted in a po… |
CVE-2024-35795 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu… |
CVE-2023-52673 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a debugfs null pointer error [WHY & HOW] Check whether get_subvp_en() callback exists before calling it. |
CVE-2023-52671 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 [Why] Under some circumstances, disabling an OPTC and attempting to reclaim its OPP(s) for a different O… |
CVE-2023-52668 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix lock ordering in btrfs_zone_activate() The btrfs CI reported a lockdep warning as follows by running generic generic/129. |
CVE-2023-52663 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() Driver uses kasprintf() to initialize fw_{code,data}_bin members of struct acp_dev_data, but kfree() is never call… |
CVE-2023-52662 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node When ida_alloc_max fails, resources allocated before should be freed, including *res allocated by kmalloc and ttm_res… |
CVE-2023-52661 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() If clk_get_sys(..., "pll_d2_out0") fails, the clk_get_sys() call must be undone. |
CVE-2024-35794 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen sync_thread during suspend 1) commit f52f5c71f3d4 ("md: fix stopping sync thread") remove MD_RECOVERY_FROZEN from __md_stop_writes() and doesn'… |
CVE-2024-35793 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: debugfs: fix wait/cancellation handling during remove Ben Greear further reports deadlocks during concurrent debugfs remove while files are being accessed, even though t… |
CVE-2024-35790 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace befo… |
CVE-2024-35787 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix incorrect usage for sb_index Commit d7038f951828 ("md-bitmap: don't use ->index for pages backing the bitmap file") removed page->index from bitmap cod… |
CVE-2024-35786 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf If VM_BIND is enabled on the client the legacy submission ioctl can't be used, however if a client tries… |
CVE-2024-35784 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdep splat with fiemap and pagefaulting with my new… |
CVE-2024-27435 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while… |
CVE-2024-27434 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. |
CVE-2024-27432 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix PPE hanging issue A patch to resolve an issue was found in MediaTek's GPL-licensed SDK: In the mtk_ppe_stop() function, the PPE scan mode… |
CVE-2023-52660 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ handling due to shared interrupts The driver requests the interrupts as IRQF_SHARED, so the interrupt handlers can be called at any time. |
CVE-2023-52659 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type On 64-bit platforms, the pfn_to_kaddr() macro requires that the input value is 64 bits in order to ens… |
CVE-2024-27418 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: net: mctp: take ownership of skb in mctp_local_output Currently, mctp_local_output only takes ownership of skb on success, and we may leak an skb if mctp_local_output fa… |
CVE-2024-27411 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: keep DMA buffers required for suspend/resume Nouveau deallocates a few buffers post GPU init which are required for GPU suspend/resume to function correctly. |
CVE-2024-27409 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup The Linked list element and pointer are not stored in the same memory as the HDM… |
CVE-2024-27406 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: lib/Kconfig.debug: TEST_IOV_ITER depends on MMU Trying to run the iov_iter unit test on a nommu system such as the qemu kc705-nommu emulation results in a crash. |
CVE-2024-27403 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_flow_offload: reset dst in route object after setting up flow dst is transferred to the flow object, route object does not own it anymore. |
CVE-2023-52658 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b. |
CVE-2023-52657 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd/pm: resolve reboot exception for si oland" This reverts commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86. |
CVE-2024-27393 | Medium | 5.5 | — | 2024-05-14 | In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to… |
CVE-2024-0088 | Medium | 5.5 | — | 2024-05-14 | NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an improper memory access issue by a network API. |
CVE-2023-52655 | Medium | 5.5 | — | 2024-05-14 | In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: check packet for fixup for true limit If a device sends a packet that is inbetween 0 and sizeof(u64) the value passed to skb_trim() as length will wrap arou… |
CVE-2024-35857 | Medium | 5.3 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: icmp: prevent possible NULL dereferences from icmp_build_probe() First problem is a double call to __in_dev_get_rcu(), because the second one could return NULL. |
CVE-2024-35798 | Medium | 4.7 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race in read_extent_buffer_pages() There are reports from tree-checker that detects corrupted nodes, without any obvious pattern so possibly an overwrite in m… |
CVE-2024-27415 | Medium | 4.7 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, wh… |
CVE-2024-27408 | Medium | 4.7 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup The Linked list element and pointer are not stored in the same memory as the eDM… |
CVE-2024-27404 | Medium | 4.7 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data races on remote_id Similar to the previous patch, address the data race on remote_id, adding the suitable ONCE annotations. |
CVE-2023-52654 | Medium | 4.7 | — | 2024-05-14 | In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly ri… |
Debian · 64 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35845 | Critical | 9.1 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is terminated correctly before using it. |
CVE-2024-35854 | High | 8.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of availa… |
CVE-2024-4777 | High | 8.8 | — | 2024-05-14 | Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. |
CVE-2024-4367 | High | 8.8 | — | 2024-05-14 | A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. |
CVE-2024-32004 | High | 8.1 | — | 2024-05-14 | Git is a revision control system. |
CVE-2024-35847 | High | 7.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Prevent double free on error The error handling path in its_vpe_irq_domain_alloc() causes a double free when its_vpe_init() fails after successfully… |
CVE-2023-52691 | High | 7.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a double-free in si_dpm_init When the allocation of adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails, amdgpu_free_extended_power_table is… |
CVE-2023-52679 | High | 7.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to… |
CVE-2023-52669 | High | 7.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr code will always read a whole block, even if there isn't a whole block of… |
CVE-2024-35791 | High | 7.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Do the cache flush of converted pages in svm_register_enc_region() before dropping kvm->loc… |
CVE-2024-35789 | High | 7.8 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a… |
CVE-2024-27398 | High | 7.8 | — | 2024-05-14 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be schedule… |
CVE-2024-27396 | High | 7.8 | — | 2024-05-14 | In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critica… |
CVE-2024-27395 | High | 7.8 | — | 2024-05-14 | In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the R… |
CVE-2023-52696 | High | 7.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_powercap_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. |
CVE-2024-27405 | High | 7.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, t… |
CVE-2024-32465 | High | 7.3 | — | 2024-05-14 | Git is a revision control system. |
CVE-2024-35849 | High | 7.1 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Syzbot reported the following information leak for in btrfs_ioctl_logical_to_ino(): BUG: KMSAN: kernel-inf… |
CVE-2024-35785 | High | 7.1 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix kernel panic caused by incorrect error handling The error path while failing to register devices on the TEE bus has a bug leading to kernel panic as foll… |
CVE-2024-27401 | High | 7.1 | — | 2024-05-14 | In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the user_length provided. |
CVE-2024-3044 | Medium | 6.5 | — | 2024-05-14 | Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. |
CVE-2024-35853 | Medium | 6.4 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. |
CVE-2024-4768 | Medium | 6.1 | — | 2024-05-14 | A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. |
CVE-2024-4769 | Medium | 5.9 | — | 2024-05-14 | When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. |
CVE-2023-52694 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function With tpd12s015_remove() marked with __exit this function is discarded when the driver is compiled… |
CVE-2023-52693 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: ACPI: video: check for error while searching for backlight device parent If acpi_get_parent() called in acpi_video_dev_register_backlight() fails, for example, because a… |
CVE-2023-52690 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check to scom_debug_init_one() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. |
CVE-2023-52686 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_event_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. |
CVE-2023-52683 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT: Avoid u32 multiplication overflow In lpit_update_residency() there is a possibility of overflow in multiplication, if tsc_khz is large enough (> UINT_MAX/100… |
CVE-2024-35837 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel using kexec which results in kernel panic. |
CVE-2024-35833 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dma_alloc_coherent() is undone neither in the remove function, nor in the error handling pat… |
CVE-2024-35830 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2 async device, thus allowin… |
CVE-2024-35829 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix a memleak in lima_heap_alloc When lima_vm_map_bo fails, the resources need to be deallocated, or there will be memleaks. |
CVE-2024-35828 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmd… |
CVE-2024-35825 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX set to 65536, it has been observed that we rece… |
CVE-2024-35822 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from mass storage function, WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget… |
CVE-2024-35821 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: ubifs: Set page uptodate in the correct place Page cache reads are lockless, so setting the freshly allocated page uptodate before we've overwritten it with the data it'… |
CVE-2024-35819 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlock for cgr_lock smp_call_function always runs its callback in hard IRQ context, even on PREEMPT_RT, where spinlocks can sleep. |
CVE-2024-35815 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct… |
CVE-2024-35813 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access Commit 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") assigns prev_idata = idatas[i - 1], but doesn't check… |
CVE-2024-35811 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach This is the candidate patch of CVE-2023-47233 : https://nvd.nist.gov/vuln/detail/CVE-2023-47233 In brcm8… |
CVE-2024-35807 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size. |
CVE-2024-35806 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Always disable interrupts when taking cgr_lock smp_call_function_single disables IRQs when executing the callback. |
CVE-2024-35805 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: dm snapshot: fix lockup in dm_exception_table_exit There was reported lockup when we exit a snapshot with many exceptions. |
CVE-2024-35796 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called… |
CVE-2023-52672 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: pipe: wakeup wr_wait after setting max_usage Commit c73be61cede5 ("pipe: Add general notification queue support") a regression was introduced that would lock up resized… |
CVE-2023-52670 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driver_override when rpmsg_remove() Free driver_override when rpmsg_remove(), otherwise the following memory leak will occur: unreferenced object 0x… |
CVE-2024-27436 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. |
CVE-2024-27431 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdp_rxq_info struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdp_rxq_in… |
CVE-2024-27417 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID value but no IFA_ADDRESS and IFA_LOCAL attr… |
CVE-2024-27416 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST If we received HCI_EV_IO_CAPA_REQUEST while HCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume th… |
CVE-2024-27414 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back In the commit d73ef2d69c0d ("rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length"), an adjustm… |
CVE-2024-27413 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: d… |
CVE-2024-27412 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx-i2c: Do not free non existing IRQ The bq27xxx i2c-client may not have an IRQ, in which case client->irq will be 0. |
CVE-2024-27410 | Medium | 5.5 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as chan… |
CVE-2024-27399 | Medium | 5.5 | — | 2024-05-14 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and l2cap_chan_del(). |
CVE-2023-52656 | Medium | 5.5 | — | 2024-05-14 | In the Linux kernel, the following vulnerability has been resolved: io_uring: drop any code related to SCM_RIGHTS This is dead code after we dropped support for passing io_uring fds over SCM_RIGHTS, get rid of it. |
CVE-2024-35835 | Medium | 5.3 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a double-free in arfs_create_groups When `in` allocated by kvzalloc fails, arfs_create_groups will free ft->g and return an error. |
CVE-2024-35823 | Medium | 5.3 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corruption when deleting characters This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 ("vt: fix memory overlapp… |
CVE-2024-35848 | Medium | 4.7 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn d… |
CVE-2024-35809 | Medium | 4.7 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: PCI/PM: Drain runtime-idle callbacks before driver removal A race condition between the .runtime_idle() callback and the .remove() callback in the rtsx_pcr PCI driver le… |
CVE-2024-27419 | Medium | 4.7 | — | 2024-05-17 | In the Linux kernel, the following vulnerability has been resolved: netrom: Fix data-races around sysctl_net_busy_read We need to protect the reader reading the sysctl value because the value can be changed concurrently. |
CVE-2024-4767 | Medium | 4.3 | — | 2024-05-14 | If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. |
CVE-2024-32021 | Low | 3.9 | — | 2024-05-14 | Git is a revision control system. |
Campcodes · 62 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4919 | Medium | 6.3 | — | 2024-05-16 | A vulnerability was found in Campcodes Online Examination System 1.0. |
CVE-2024-4918 | Medium | 6.3 | — | 2024-05-15 | A vulnerability was found in Campcodes Online Examination System 1.0. |
CVE-2024-4917 | Medium | 6.3 | — | 2024-05-15 | A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. |
CVE-2024-4916 | Medium | 6.3 | — | 2024-05-15 | A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. |
CVE-2024-4915 | Medium | 6.3 | — | 2024-05-15 | A vulnerability, which was classified as critical, was found in Campcodes Online Examination System 1.0. |
CVE-2024-4914 | Medium | 6.3 | — | 2024-05-15 | A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. |
CVE-2024-4913 | Medium | 6.3 | — | 2024-05-15 | A vulnerability classified as critical was found in Campcodes Online Examination System 1.0. |
CVE-2024-4912 | Medium | 6.3 | — | 2024-05-15 | A vulnerability classified as critical has been found in Campcodes Online Examination System 1.0. |
CVE-2024-4911 | Medium | 6.3 | — | 2024-05-15 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4910 | Medium | 6.3 | — | 2024-05-15 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4909 | Medium | 6.3 | — | 2024-05-15 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4908 | Medium | 6.3 | — | 2024-05-15 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. |
CVE-2024-4907 | Medium | 6.3 | — | 2024-05-15 | A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. |
CVE-2024-4906 | Medium | 6.3 | — | 2024-05-15 | A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4817 | Medium | 6.3 | — | 2024-05-14 | A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. |
CVE-2024-4796 | Medium | 6.3 | — | 2024-05-14 | A vulnerability was found in Campcodes Online Laundry Management System 1.0. |
CVE-2024-4795 | Medium | 6.3 | — | 2024-05-14 | A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as critical. |
CVE-2024-4794 | Medium | 6.3 | — | 2024-05-14 | A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. |
CVE-2024-4793 | Medium | 6.3 | — | 2024-05-14 | A vulnerability, which was classified as critical, was found in Campcodes Online Laundry Management System 1.0. |
CVE-2024-4792 | Medium | 6.3 | — | 2024-05-14 | A vulnerability, which was classified as critical, has been found in Campcodes Online Laundry Management System 1.0. |
CVE-2024-4818 | Medium | 5.3 | — | 2024-05-14 | A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic. |
CVE-2024-4681 | Medium | 4.7 | — | 2024-05-14 | A vulnerability, which was classified as critical, was found in Campcodes Legal Case Management System 1.0. |
CVE-2024-4819 | Medium | 4.3 | — | 2024-05-14 | A vulnerability was found in Campcodes Online Laundry Management System 1.0. |
CVE-2024-4797 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Online Laundry Management System 1.0. |
CVE-2024-4738 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Legal Case Management System 1.0. |
CVE-2024-4737 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Legal Case Management System 1.0. |
CVE-2024-4736 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Legal Case Management System 1.0 and classified as problematic. |
CVE-2024-4735 | Low | 3.5 | — | 2024-05-14 | A vulnerability has been found in Campcodes Legal Case Management System 1.0 and classified as problematic. |
CVE-2024-4732 | Low | 3.5 | — | 2024-05-14 | A vulnerability, which was classified as problematic, has been found in Campcodes Legal Case Management System 1.0. |
CVE-2024-4731 | Low | 3.5 | — | 2024-05-14 | A vulnerability classified as problematic was found in Campcodes Legal Case Management System 1.0. |
CVE-2024-4730 | Low | 3.5 | — | 2024-05-14 | A vulnerability classified as problematic has been found in Campcodes Legal Case Management System 1.0. |
CVE-2024-4729 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Legal Case Management System 1.0. |
CVE-2024-4728 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Legal Case Management System 1.0. |
CVE-2024-4727 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Legal Case Management System 1.0. |
CVE-2024-4726 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Legal Case Management System 1.0 and classified as problematic. |
CVE-2024-4725 | Low | 3.5 | — | 2024-05-14 | A vulnerability has been found in Campcodes Legal Case Management System 1.0 and classified as problematic. |
CVE-2024-4724 | Low | 3.5 | — | 2024-05-14 | A vulnerability, which was classified as problematic, was found in Campcodes Legal Case Management System 1.0. |
CVE-2024-4723 | Low | 3.5 | — | 2024-05-14 | A vulnerability, which was classified as problematic, has been found in Campcodes Legal Case Management System 1.0. |
CVE-2024-4722 | Low | 3.5 | — | 2024-05-14 | A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4721 | Low | 3.5 | — | 2024-05-14 | A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4720 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4719 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4718 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4717 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. |
CVE-2024-4716 | Low | 3.5 | — | 2024-05-14 | A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. |
CVE-2024-4715 | Low | 3.5 | — | 2024-05-14 | A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4714 | Low | 3.5 | — | 2024-05-14 | A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4713 | Low | 3.5 | — | 2024-05-14 | A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4688 | Low | 3.5 | — | 2024-05-14 | A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4687 | Low | 3.5 | — | 2024-05-14 | A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4686 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4685 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4684 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4683 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. |
CVE-2024-4682 | Low | 3.5 | — | 2024-05-14 | A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. |
CVE-2024-4678 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4677 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4676 | Low | 3.5 | — | 2024-05-14 | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. |
CVE-2024-4675 | Low | 3.5 | — | 2024-05-14 | A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. |
CVE-2024-4674 | Low | 3.5 | — | 2024-05-14 | A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4673 | Low | 3.5 | — | 2024-05-14 | A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. |
CVE-2024-4672 | Low | 3.5 | — | 2024-05-14 | A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. |
Siemens · 55 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32741 | Critical | 10.0 | — | 2024-05-14 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). |
CVE-2024-30207 | Critical | 10.0 | — | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver… |
CVE-2024-32740 | Critical | 9.8 | — | 2024-05-14 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). |
CVE-2024-27939 | Critical | 9.8 | — | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). |
CVE-2024-30209 | Critical | 9.6 | — | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver… |
CVE-2024-33499 | Critical | 9.1 | — | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver… |
CVE-2024-30206 | High | 8.8 | — | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver… |
CVE-2024-27941 | High | 8.8 | — | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). |
CVE-2024-27940 | High | 8.8 | — | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). |
CVE-2024-34773 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). |
CVE-2024-34772 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 4). |
CVE-2024-34771 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). |
CVE-2024-34086 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions… |
CVE-2024-34085 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions… |
CVE-2024-33577 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). |
CVE-2024-33493 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). |
CVE-2024-33492 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). |
CVE-2024-33491 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). |
CVE-2024-33490 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). |
CVE-2024-33489 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). |
CVE-2024-32639 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0011). |
CVE-2024-32636 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions… |
CVE-2024-32635 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions… |
CVE-2024-32066 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). |
CVE-2024-32065 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). |
CVE-2024-32064 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). |
CVE-2024-32063 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). |
CVE-2024-32062 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). |
CVE-2024-32061 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). |
CVE-2024-32060 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). |
CVE-2024-32059 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). |
CVE-2024-32058 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). |
CVE-2024-32057 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). |
CVE-2024-32055 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). |
CVE-2024-31980 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.210), Parasolid V36.1 (All versions < V36.1.185). |
CVE-2024-31484 | High | 7.8 | — | 2024-05-14 | A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30), CPCX26 Central Processing/Communication (All versions < V06.02), ETA4 Et… |
CVE-2024-32742 | High | 7.6 | — | 2024-05-14 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). |
CVE-2024-27942 | High | 7.5 | — | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). |
CVE-2024-31485 | High | 7.2 | — | 2024-05-14 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). |
CVE-2024-27945 | High | 7.2 | — | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). |
CVE-2024-27944 | High | 7.2 | — | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). |
CVE-2024-27943 | High | 7.2 | — | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). |
CVE-2024-33647 | Medium | 6.5 | — | 2024-05-14 | A vulnerability has been identified in Polarion ALM (All versions < V2404.0). |
CVE-2024-33495 | Medium | 6.5 | — | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver… |
CVE-2024-33494 | Medium | 6.5 | — | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver… |
CVE-2024-27946 | Medium | 6.5 | — | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). |
CVE-2023-46280 | Medium | 6.5 | — | 2024-05-14 | A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16… |
CVE-2024-33497 | Medium | 6.3 | — | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver… |
CVE-2024-33496 | Medium | 6.3 | — | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver… |
CVE-2024-30208 | Medium | 6.3 | — | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver… |
CVE-2024-33498 | Medium | 5.3 | — | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver… |
CVE-2024-31486 | Medium | 5.3 | — | 2024-05-14 | A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). |
CVE-2024-27947 | Medium | 5.3 | — | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). |
CVE-2024-33583 | Low | 3.3 | — | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver… |
CVE-2024-32637 | Low | 3.3 | — | 2024-05-14 | A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions… |
Apple · 36 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22267 | Critical | 9.3 | — | 2024-05-14 | VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX… |
CVE-2023-46689 | High | 8.8 | — | 2024-05-16 | Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-40070 | High | 8.8 | — | 2024-05-16 | Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-27813 | High | 8.6 | — | 2024-05-14 | The issue was addressed with improved checks. |
CVE-2024-27843 | High | 7.8 | — | 2024-05-14 | A logic issue was addressed with improved checks. |
CVE-2024-27842 | High | 7.8 | — | 2024-05-14 | The issue was addressed with improved checks. |
CVE-2024-27829 | High | 7.8 | — | 2024-05-14 | The issue was addressed with improved memory handling. |
CVE-2024-27824 | High | 7.8 | — | 2024-05-14 | This issue was addressed by removing the vulnerable code. |
CVE-2024-27822 | High | 7.8 | — | 2024-05-14 | A logic issue was addressed with improved restrictions. |
CVE-2024-27818 | High | 7.8 | — | 2024-05-14 | The issue was addressed with improved memory handling. |
CVE-2024-27798 | High | 7.8 | — | 2024-05-14 | An authorization issue was addressed with improved state management. |
CVE-2024-27796 | High | 7.8 | — | 2024-05-14 | The issue was addressed with improved checks. |
CVE-2024-27793 | High | 7.8 | — | 2024-05-14 | The issue was addressed with improved checks. |
CVE-2024-22270 | High | 7.1 | — | 2024-05-14 | VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged i… |
CVE-2024-22269 | High | 7.1 | — | 2024-05-14 | VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hyp… |
CVE-2024-27825 | High | 7.1 | — | 2024-05-14 | A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. |
CVE-2024-31953 | Medium | 6.7 | — | 2024-05-14 | An issue was discovered in Samsung Magician 8.0.0 on macOS. |
CVE-2024-31952 | Medium | 6.7 | — | 2024-05-14 | An issue was discovered in Samsung Magician 8.0.0 on macOS. |
CVE-2024-27852 | Medium | 6.5 | — | 2024-05-14 | A privacy issue was addressed with improved client ID handling for alternative app marketplaces. |
CVE-2023-45846 | Medium | 5.5 | — | 2024-05-16 | Incomplete cleanup in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2024-27847 | Medium | 5.5 | — | 2024-05-14 | This issue was addressed with improved checks. |
CVE-2024-27841 | Medium | 5.5 | — | 2024-05-14 | The issue was addressed with improved memory handling. |
CVE-2024-27834 | Medium | 5.5 | — | 2024-05-14 | The issue was addressed with improved checks. |
CVE-2024-27827 | Medium | 5.5 | — | 2024-05-14 | This issue was addressed through improved state management. |
CVE-2024-27816 | Medium | 5.5 | — | 2024-05-14 | A logic issue was addressed with improved checks. |
CVE-2024-27810 | Medium | 5.5 | — | 2024-05-14 | A path handling issue was addressed with improved validation. |
CVE-2024-27804 | Medium | 5.5 | — | 2024-05-14 | The issue was addressed with improved memory handling. |
CVE-2024-27789 | Medium | 5.5 | — | 2024-05-14 | A logic issue was addressed with improved checks. |
CVE-2024-23236 | Medium | 5.5 | — | 2024-05-14 | A correctness issue was addressed with improved checks. |
CVE-2024-23229 | Medium | 5.5 | — | 2024-05-14 | This issue was addressed with improved redaction of sensitive information. |
CVE-2024-27821 | Medium | 4.7 | — | 2024-05-14 | A path handling issue was addressed with improved validation. |
CVE-2023-38420 | Low | 3.8 | — | 2024-05-16 | Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access. |
CVE-2024-27839 | Low | 3.3 | — | 2024-05-14 | A privacy issue was addressed by moving sensitive data to a more secure location. |
CVE-2024-27837 | Low | 3.3 | — | 2024-05-14 | A downgrade issue was addressed with additional code-signing restrictions. |
CVE-2024-27835 | Low | 2.4 | — | 2024-05-14 | This issue was addressed through improved state management. |
CVE-2024-27803 | Low | 2.4 | — | 2024-05-14 | A permissions issue was addressed with improved validation. |
Hdfgroup · 34 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33874 | Critical | 9.8 | — | 2024-05-14 | HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c. |
CVE-2024-32621 | Critical | 9.8 | — | 2024-05-14 | HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called from H5VL__native_blob_get in H5VLnative_blob.c), resulting in the corruption of the instruction pointer. |
CVE-2024-32615 | Critical | 9.8 | — | 2024-05-14 | HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer. |
CVE-2024-32611 | Critical | 9.8 | — | 2024-05-14 | HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c. |
CVE-2024-29164 | Critical | 9.8 | — | 2024-05-14 | HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
CVE-2024-29159 | Critical | 9.8 | — | 2024-05-14 | HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
CVE-2024-29157 | Critical | 9.8 | — | 2024-05-14 | HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
CVE-2024-32622 | Critical | 9.1 | — | 2024-05-14 | HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c). |
CVE-2024-33877 | High | 8.8 | — | 2024-05-14 | HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c. |
CVE-2024-33873 | High | 8.8 | — | 2024-05-14 | HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c. |
CVE-2024-32623 | High | 8.8 | — | 2024-05-14 | HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c). |
CVE-2024-32617 | High | 8.8 | — | 2024-05-14 | HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called from H5G__ent_to_link in H5Glink.c). |
CVE-2024-32614 | High | 8.8 | — | 2024-05-14 | HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c. |
CVE-2024-32605 | High | 8.8 | — | 2024-05-14 | HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c). |
CVE-2024-29161 | High | 8.8 | — | 2024-05-14 | HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
CVE-2024-32609 | High | 7.5 | — | 2024-05-14 | HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c. |
CVE-2024-32624 | High | 7.4 | — | 2024-05-14 | HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c), resulting in the corruption of the instruction pointer. |
CVE-2024-32620 | High | 7.4 | — | 2024-05-14 | HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer. |
CVE-2024-32619 | High | 7.4 | — | 2024-05-14 | HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer. |
CVE-2024-32618 | High | 7.4 | — | 2024-05-14 | HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c, resulting in the corruption of the instruction pointer. |
CVE-2024-32616 | High | 7.4 | — | 2024-05-14 | HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5Odtype.c. |
CVE-2024-32613 | High | 7.4 | — | 2024-05-14 | HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612. |
CVE-2024-32612 | High | 7.4 | — | 2024-05-14 | HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLcache.c, resulting in the corruption of the instruction pointer, a different vulnerability than CVE-2024-32613. |
CVE-2024-29165 | High | 7.4 | — | 2024-05-14 | HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
CVE-2024-29163 | High | 7.4 | — | 2024-05-14 | HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
CVE-2024-29162 | High | 7.4 | — | 2024-05-14 | HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial of service or potential code execution. |
CVE-2024-29160 | High | 7.4 | — | 2024-05-14 | HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
CVE-2024-29158 | High | 7.4 | — | 2024-05-14 | HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
CVE-2024-33876 | Medium | 5.7 | — | 2024-05-14 | HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c. |
CVE-2024-33875 | Medium | 5.7 | — | 2024-05-14 | HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer. |
CVE-2024-32610 | Medium | 5.7 | — | 2024-05-14 | HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer. |
CVE-2024-32607 | Medium | 5.7 | — | 2024-05-14 | HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the instruction pointer. |
CVE-2024-32606 | Medium | 5.7 | — | 2024-05-14 | HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h5tools_str_sprint in tools/lib/h5tools_str.c (called from h5tools_dump_simple_data in tools/lib/h5tools_dump.c). |
CVE-2024-29166 | Medium | 5.7 | — | 2024-05-14 | HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
Intel · 26 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-24460 | High | 8.2 | — | 2024-05-16 | Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-45745 | High | 7.9 | — | 2024-05-16 | Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2023-43748 | High | 7.8 | — | 2024-05-16 | Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-43629 | High | 7.8 | — | 2024-05-16 | Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-1598 | High | 7.5 | — | 2024-05-14 | Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567. |
CVE-2024-0762 | High | 7.5 | — | 2024-05-14 | Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for I… |
CVE-2023-40071 | High | 7.3 | — | 2024-05-16 | Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2022-37341 | High | 7.2 | — | 2024-05-16 | Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2024-21862 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21861 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21837 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21835 | Medium | 6.7 | — | 2024-05-16 | Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21831 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21814 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21809 | Medium | 6.7 | — | 2024-05-16 | Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21788 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21777 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2024-21772 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-45743 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path in some Intel(R) DSA software uninstallers before version 23.4.39.10 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-45320 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-41961 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path in some Intel(R) GPA software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-35192 | Medium | 6.7 | — | 2024-05-16 | Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-47855 | Medium | 6.0 | — | 2024-05-16 | Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2023-48368 | Medium | 5.9 | — | 2024-05-16 | Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2023-45221 | Medium | 4.8 | — | 2024-05-16 | Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2023-47169 | Low | 3.3 | — | 2024-05-16 | Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. |
Arubanetworks · 18 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31473 | Critical | 9.8 | — | 2024-05-14 | There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management proto… |
CVE-2024-31472 | Critical | 9.8 | — | 2024-05-14 | There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protoc… |
CVE-2024-31471 | Critical | 9.8 | — | 2024-05-14 | There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management… |
CVE-2024-31470 | Critical | 9.8 | — | 2024-05-14 | There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Acce… |
CVE-2024-31469 | Critical | 9.8 | — | 2024-05-14 | There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management… |
CVE-2024-31468 | Critical | 9.8 | — | 2024-05-14 | There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management… |
CVE-2024-31467 | Critical | 9.8 | — | 2024-05-14 | There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port… |
CVE-2024-31466 | Critical | 9.8 | — | 2024-05-14 | There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port… |
CVE-2024-31475 | High | 8.2 | — | 2024-05-14 | There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). |
CVE-2024-31474 | High | 8.2 | — | 2024-05-14 | There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). |
CVE-2024-31477 | High | 7.2 | — | 2024-05-14 | Multiple authenticated command injection vulnerabilities exist in the command line interface. |
CVE-2024-31476 | High | 7.2 | — | 2024-05-14 | Multiple authenticated command injection vulnerabilities exist in the command line interface. |
CVE-2024-31482 | Medium | 5.3 | — | 2024-05-14 | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. |
CVE-2024-31481 | Medium | 5.3 | — | 2024-05-14 | Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. |
CVE-2024-31480 | Medium | 5.3 | — | 2024-05-14 | Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. |
CVE-2024-31479 | Medium | 5.3 | — | 2024-05-14 | Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. |
CVE-2024-31478 | Medium | 5.3 | — | 2024-05-14 | Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. |
CVE-2024-31483 | Medium | 4.9 | — | 2024-05-14 | An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. |
Huawei · 16 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32997 | High | 8.4 | — | 2024-05-14 | Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-32992 | High | 7.5 | — | 2024-05-14 | Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-32991 | High | 7.5 | — | 2024-05-14 | Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2023-52719 | High | 7.1 | — | 2024-05-14 | Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
CVE-2024-32999 | Medium | 6.8 | — | 2024-05-14 | Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-4046 | Medium | 6.4 | — | 2024-05-14 | Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-32996 | Medium | 6.2 | — | 2024-05-14 | Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-32995 | Medium | 6.2 | — | 2024-05-14 | Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2023-52721 | Medium | 6.2 | — | 2024-05-14 | The WindowManager module has a vulnerability in permission control. |
CVE-2024-32990 | Medium | 6.1 | — | 2024-05-14 | Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-32998 | Medium | 5.9 | — | 2024-05-14 | NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-32993 | Medium | 5.6 | — | 2024-05-14 | Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2023-52384 | Medium | 4.7 | — | 2024-05-14 | Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2023-52383 | Medium | 4.7 | — | 2024-05-14 | Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2023-52720 | Medium | 4.1 | — | 2024-05-14 | Race condition vulnerability in the soundtrigger module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-32989 | Low | 3.3 | — | 2024-05-14 | Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect availability. |
Oretnom23 · 15 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4927 | High | 7.3 | — | 2024-05-16 | A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. |
CVE-2024-5069 | Medium | 6.3 | — | 2024-05-17 | A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Mens Salon Management System 1.0. |
CVE-2024-4933 | Medium | 6.3 | — | 2024-05-16 | A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. |
CVE-2024-4932 | Medium | 6.3 | — | 2024-05-16 | A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0. |
CVE-2024-4931 | Medium | 6.3 | — | 2024-05-16 | A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0. |
CVE-2024-4930 | Medium | 6.3 | — | 2024-05-16 | A vulnerability classified as critical was found in SourceCodester Simple Online Bidding System 1.0. |
CVE-2024-4928 | Medium | 6.3 | — | 2024-05-16 | A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. |
CVE-2024-4926 | Medium | 6.3 | — | 2024-05-16 | A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. |
CVE-2024-4925 | Medium | 6.3 | — | 2024-05-16 | A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0 and classified as critical. |
CVE-2024-4921 | Medium | 6.3 | — | 2024-05-16 | A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. |
CVE-2024-4820 | Medium | 6.3 | — | 2024-05-14 | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. |
CVE-2024-4798 | Medium | 6.3 | — | 2024-05-14 | A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. |
CVE-2024-5045 | Medium | 5.3 | — | 2024-05-17 | A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. |
CVE-2024-4929 | Medium | 4.3 | — | 2024-05-16 | A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. |
CVE-2024-4922 | Low | 3.5 | — | 2024-05-16 | A vulnerability, which was classified as problematic, was found in SourceCodester Simple Image Stack Website 1.0. |
Cyberpower · 14 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34025 | Critical | 9.8 | — | 2024-05-15 | CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. |
CVE-2024-33625 | Critical | 9.8 | — | 2024-05-15 | CyberPower PowerPanel business application code contains a hard-coded JWT signing key. |
CVE-2024-32053 | Critical | 9.8 | — | 2024-05-15 | Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. |
CVE-2024-32047 | Critical | 9.8 | — | 2024-05-15 | Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. |
CVE-2024-32735 | Critical | 9.8 | — | 2024-05-14 | An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application… |
CVE-2024-33615 | High | 8.8 | — | 2024-05-15 | A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote c… |
CVE-2024-31856 | High | 8.8 | — | 2024-05-15 | An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. |
CVE-2024-31410 | High | 7.7 | — | 2024-05-15 | The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. |
CVE-2024-32739 | High | 7.5 | — | 2024-05-14 | A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_verbose" function within MCUDBHelper. |
CVE-2024-32738 | High | 7.5 | — | 2024-05-14 | A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within MCUDBHelper. |
CVE-2024-32737 | High | 7.5 | — | 2024-05-14 | A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function within MCUDBHelper. |
CVE-2024-32736 | High | 7.5 | — | 2024-05-14 | A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_utask_verbose" function within MCUDBHelper. |
CVE-2024-31409 | Medium | 6.5 | — | 2024-05-15 | Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any device. |
CVE-2024-32042 | Medium | 4.9 | — | 2024-05-15 | The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered. |
Ibm · 14 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47709 | Critical | 9.1 | — | 2024-05-14 | IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. |
CVE-2024-27260 | High | 8.4 | — | 2024-05-16 | IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. |
CVE-2023-47712 | High | 7.8 | — | 2024-05-14 | IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. |
CVE-2024-27269 | Medium | 6.8 | — | 2024-05-14 | IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. |
CVE-2023-43040 | Medium | 6.5 | — | 2024-05-14 | IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. |
CVE-2024-22345 | Medium | 6.2 | — | 2024-05-14 | IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
CVE-2024-22344 | Medium | 6.1 | — | 2024-05-14 | IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. |
CVE-2023-38264 | Medium | 5.9 | — | 2024-05-14 | The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef an… |
CVE-2024-28781 | Medium | 5.4 | — | 2024-05-14 | IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. |
CVE-2024-28761 | Medium | 5.4 | — | 2024-05-14 | IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. |
CVE-2023-47717 | Medium | 4.4 | — | 2024-05-16 | IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. |
CVE-2024-28760 | Medium | 4.3 | — | 2024-05-14 | IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. |
CVE-2024-22343 | Medium | 4.0 | — | 2024-05-14 | IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. |
CVE-2023-47711 | Low | 2.7 | — | 2024-05-14 | IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. |
Fedoraproject · 13 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4947 | Critical | 9.6 | KEV | 2024-05-15 | Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
CVE-2024-4671 | Critical | 9.6 | KEV | 2024-05-14 | Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
CVE-2024-4761 | High | 8.8 | KEV | 2024-05-14 | Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
CVE-2024-31142 | High | 7.5 | — | 2024-05-16 | Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. |
CVE-2023-46842 | Medium | 6.5 | — | 2024-05-16 | Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. |
CVE-2024-4950 | Medium | 6.5 | — | 2024-05-15 | Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. |
CVE-2024-4949 | Medium | 6.5 | — | 2024-05-15 | Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2024-4948 | Medium | 6.5 | — | 2024-05-15 | Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2024-4854 | Medium | 6.4 | — | 2024-05-14 | MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file |
CVE-2024-27400 | Medium | 5.5 | — | 2024-05-14 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 This reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap. |
CVE-2024-32020 | Low | 3.9 | — | 2024-05-14 | Git is a revision control system. |
CVE-2024-4855 | Low | 3.6 | — | 2024-05-14 | Use after free issue in editcap could cause denial of service via crafted capture file |
CVE-2024-4853 | Low | 3.6 | — | 2024-05-14 | Memory handling issue in editcap could cause denial of service via crafted capture file |
Cacti · 12 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-29895 | Critical | 10.0 | — | 2024-05-14 | Cacti provides an operational monitoring and fault management framework. |
CVE-2024-34340 | Critical | 9.1 | — | 2024-05-14 | Cacti provides an operational monitoring and fault management framework. |
CVE-2024-25641 | Critical | 9.1 | — | 2024-05-14 | Cacti provides an operational monitoring and fault management framework. |
CVE-2024-31445 | High | 8.8 | — | 2024-05-14 | Cacti provides an operational monitoring and fault management framework. |
CVE-2024-31459 | High | 8.0 | — | 2024-05-14 | Cacti provides an operational monitoring and fault management framework. |
CVE-2024-27082 | High | 7.6 | — | 2024-05-14 | Cacti provides an operational monitoring and fault management framework. |
CVE-2024-31460 | Medium | 6.5 | — | 2024-05-14 | Cacti provides an operational monitoring and fault management framework. |
CVE-2024-30268 | Medium | 6.1 | — | 2024-05-14 | Cacti provides an operational monitoring and fault management framework. |
CVE-2024-31443 | Medium | 5.7 | — | 2024-05-14 | Cacti provides an operational monitoring and fault management framework. |
CVE-2024-29894 | Medium | 5.4 | — | 2024-05-14 | Cacti provides an operational monitoring and fault management framework. |
CVE-2024-31458 | Medium | 4.6 | — | 2024-05-14 | Cacti provides an operational monitoring and fault management framework. |
CVE-2024-31444 | Medium | 4.6 | — | 2024-05-14 | Cacti provides an operational monitoring and fault management framework. |
Fortinet · 11 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31491 | High | 8.8 | — | 2024-05-14 | A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests. |
CVE-2024-23105 | High | 7.5 | — | 2024-05-14 | A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets. |
CVE-2023-46714 | High | 7.2 | — | 2024-05-14 | A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via… |
CVE-2023-40720 | High | 7.1 | — | 2024-05-14 | An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP… |
CVE-2024-31488 | Medium | 6.8 | — | 2024-05-14 | An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may a… |
CVE-2023-45583 | Medium | 6.7 | — | 2024-05-14 | A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0.0 through 6.0.16, FortiPAM 1.1.0… |
CVE-2023-36640 | Medium | 6.7 | — | 2024-05-14 | A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0.0 through 6.0.16, FortiPAM 1.1.0… |
CVE-2023-44247 | Medium | 6.6 | — | 2024-05-14 | A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 6.4 all versions may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests. |
CVE-2023-50180 | Medium | 5.5 | — | 2024-05-14 | An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below m… |
CVE-2024-26007 | Medium | 5.3 | — | 2024-05-14 | An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests. |
CVE-2023-45586 | Medium | 5.0 | — | 2024-05-14 | An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 thr… |
Kashipara · 11 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4905 | Medium | 6.3 | — | 2024-05-15 | A vulnerability classified as critical has been found in Kashipara College Management System 1.0. |
CVE-2024-4808 | Medium | 6.3 | — | 2024-05-14 | A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. |
CVE-2024-4807 | Medium | 6.3 | — | 2024-05-14 | A vulnerability, which was classified as critical, has been found in Kashipara College Management System 1.0. |
CVE-2024-4806 | Medium | 6.3 | — | 2024-05-14 | A vulnerability classified as critical was found in Kashipara College Management System 1.0. |
CVE-2024-4805 | Medium | 6.3 | — | 2024-05-14 | A vulnerability classified as critical has been found in Kashipara College Management System 1.0. |
CVE-2024-4804 | Medium | 6.3 | — | 2024-05-14 | A vulnerability was found in Kashipara College Management System 1.0. |
CVE-2024-4803 | Medium | 6.3 | — | 2024-05-14 | A vulnerability was found in Kashipara College Management System 1.0. |
CVE-2024-4802 | Medium | 6.3 | — | 2024-05-14 | A vulnerability was found in Kashipara College Management System 1.0. |
CVE-2024-4801 | Medium | 6.3 | — | 2024-05-14 | A vulnerability was found in Kashipara College Management System 1.0 and classified as critical. |
CVE-2024-4800 | Medium | 6.3 | — | 2024-05-14 | A vulnerability has been found in Kashipara College Management System 1.0 and classified as critical. |
CVE-2024-4799 | Medium | 6.3 | — | 2024-05-14 | A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. |
Mozilla · 11 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4778 | Critical | 9.8 | — | 2024-05-14 | Memory safety bugs present in Firefox 125. |
CVE-2024-4764 | Critical | 9.8 | — | 2024-05-14 | Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. |
CVE-2024-4770 | High | 8.8 | — | 2024-05-14 | When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. |
CVE-2024-4771 | High | 8.6 | — | 2024-05-14 | A memory allocation check was missing which would lead to a use-after-free if the allocation failed. |
CVE-2024-4776 | High | 8.2 | — | 2024-05-14 | A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. |
CVE-2024-4765 | High | 8.1 | — | 2024-05-14 | Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. |
CVE-2024-4773 | High | 7.5 | — | 2024-05-14 | When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. |
CVE-2024-4774 | Medium | 6.5 | — | 2024-05-14 | The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. |
CVE-2024-4775 | Medium | 5.9 | — | 2024-05-14 | An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. |
CVE-2024-4772 | Medium | 5.9 | — | 2024-05-14 | An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. |
CVE-2024-5022 | Medium | 4.4 | — | 2024-05-17 | The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS < 126. |
Sap_se · 11 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33006 | Critical | 9.6 | — | 2024-05-14 | An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system. |
CVE-2024-32730 | Medium | 6.5 | — | 2024-05-14 | SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
CVE-2024-33002 | Medium | 6.1 | — | 2024-05-14 | Document Service handler (obsolete) in Data Provisioning Service does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability with low impact on Confidentiality and Integrity of the application. |
CVE-2024-32733 | Medium | 6.1 | — | 2024-05-14 | Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. |
CVE-2024-32731 | Medium | 5.5 | — | 2024-05-14 | SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
CVE-2024-33008 | Medium | 4.9 | — | 2024-05-14 | SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. |
CVE-2024-4139 | Medium | 4.3 | — | 2024-05-14 | Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
CVE-2024-4138 | Medium | 4.3 | — | 2024-05-14 | Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
CVE-2024-33009 | Medium | 4.2 | — | 2024-05-14 | SAP Global Label Management is vulnerable to SQL injection. |
CVE-2024-33007 | Low | 3.5 | — | 2024-05-14 | PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. |
CVE-2024-33000 | Low | 3.5 | — | 2024-05-14 | SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges. |
Cisco · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-20389 | High | 7.8 | — | 2024-05-16 | A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. |
CVE-2024-20326 | High | 7.8 | — | 2024-05-16 | A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. |
CVE-2024-20366 | High | 7.8 | — | 2024-05-15 | A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected dev… |
CVE-2024-20392 | Medium | 6.1 | — | 2024-05-15 | A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. |
CVE-2024-20258 | Medium | 6.1 | — | 2024-05-15 | A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the… |
CVE-2024-20394 | Medium | 5.5 | — | 2024-05-15 | A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the inability to handle unexpe… |
CVE-2024-20383 | Medium | 4.8 | — | 2024-05-15 | A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerab… |
CVE-2024-20257 | Medium | 4.8 | — | 2024-05-15 | A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.r This vulnerability is… |
CVE-2024-20256 | Medium | 4.8 | — | 2024-05-15 | A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the in… |
CVE-2024-20369 | Medium | 4.7 | — | 2024-05-15 | A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to impr… |
Wbsairback · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3788 | Medium | 6.6 | — | 2024-05-14 | Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through License (/admin/CDPUsers). |
CVE-2024-3787 | Medium | 6.6 | — | 2024-05-14 | Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 disks (/admin/DeviceS3). |
CVE-2024-3789 | Medium | 6.5 | — | 2024-05-14 | Uncontrolled resource consumption vulnerability in White Bear Solutions WBSAirback, version 21.02.04. |
CVE-2024-3796 | Medium | 4.8 | — | 2024-05-14 | Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupSchedule, description field. |
CVE-2024-3795 | Medium | 4.8 | — | 2024-05-14 | Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupTemplate, name / description fields. |
CVE-2024-3794 | Medium | 4.8 | — | 2024-05-14 | Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/AdvancedSystem, description field, all parameters. |
CVE-2024-3793 | Medium | 4.8 | — | 2024-05-14 | Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/CloudAccounts, account name / user password / server fields, all parameters. |
CVE-2024-3792 | Medium | 4.8 | — | 2024-05-14 | Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/DeviceReplication, execution range field, all parameters. |
CVE-2024-3791 | Medium | 4.8 | — | 2024-05-14 | Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. |
CVE-2024-3790 | Medium | 4.8 | — | 2024-05-14 | Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters. |
Ge Healthcare · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27107 | Critical | 9.6 | — | 2024-05-14 | Weak account password in GE HealthCare EchoPAC products |
CVE-2024-27110 | High | 8.4 | — | 2024-05-14 | Elevation of privilege vulnerability in GE HealthCare EchoPAC products |
CVE-2024-1628 | High | 8.4 | — | 2024-05-14 | OS command injection vulnerabilities in GE HealthCare ultrasound devices |
CVE-2024-1630 | High | 7.7 | — | 2024-05-14 | Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component |
CVE-2024-27109 | High | 7.6 | — | 2024-05-14 | Insufficiently protected credentials in GE HealthCare EchoPAC products |
CVE-2024-1486 | High | 7.4 | — | 2024-05-14 | Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices |
CVE-2024-27108 | Medium | 6.8 | — | 2024-05-14 | Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products |
CVE-2024-1629 | Medium | 6.2 | — | 2024-05-14 | Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component |
CVE-2024-27106 | Medium | 5.7 | — | 2024-05-14 | Vulnerable data in transit in GE HealthCare EchoPAC products |
Idccms · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35108 | High | 8.8 | — | 2024-05-15 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN. |
CVE-2024-35010 | High | 8.8 | — | 2024-05-14 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6. |
CVE-2024-35009 | High | 8.8 | — | 2024-05-14 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6. |
CVE-2024-34958 | Medium | 6.5 | — | 2024-05-16 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add |
CVE-2024-35109 | Medium | 6.5 | — | 2024-05-15 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close. |
CVE-2024-35012 | Medium | 6.3 | — | 2024-05-14 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close. |
CVE-2024-34957 | Medium | 5.4 | — | 2024-05-16 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet. |
CVE-2024-35011 | Medium | 5.4 | — | 2024-05-14 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close. |
CVE-2024-35039 | Low | 3.8 | — | 2024-05-16 | idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area. |
Microfocus · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3968 | High | 7.8 | — | 2024-05-15 | Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task. |
CVE-2024-3486 | High | 7.8 | — | 2024-05-15 | XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. |
CVE-2024-3483 | High | 7.8 | — | 2024-05-15 | Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues. |
CVE-2024-3967 | High | 7.6 | — | 2024-05-15 | Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization. |
CVE-2024-3484 | Medium | 5.7 | — | 2024-05-15 | Path Traversal found in OpenText™ iManager 3.2.6.0200. |
CVE-2024-3488 | Medium | 5.6 | — | 2024-05-15 | File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication. |
CVE-2024-3970 | Medium | 5.3 | — | 2024-05-15 | Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. |
CVE-2024-3485 | Medium | 5.3 | — | 2024-05-15 | Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. |
CVE-2024-3487 | Low | 3.5 | — | 2024-05-15 | Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication. |
Lollms · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4326 | Critical | 9.8 | — | 2024-05-16 | A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. |
CVE-2024-2358 | Critical | 9.8 | — | 2024-05-16 | A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. |
CVE-2024-2361 | Critical | 9.6 | — | 2024-05-16 | A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. |
CVE-2024-2366 | Critical | 9.0 | — | 2024-05-16 | A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding functionality in lollms_core/lollms/server/endpoints/lollms_binding_infos.py of the latest version. |
CVE-2024-3435 | High | 8.4 | — | 2024-05-16 | A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. |
CVE-2024-3126 | High | 8.4 | — | 2024-05-16 | A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifically within the 'lollms_xtts.py' script. |
CVE-2024-4322 | High | 7.5 | — | 2024-05-16 | A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. |
CVE-2024-2299 | Medium | 6.1 | — | 2024-05-14 | A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality. |
Code-projects · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34955 | Critical | 9.8 | — | 2024-05-15 | Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter. |
CVE-2024-5048 | Medium | 6.3 | — | 2024-05-17 | A vulnerability classified as critical was found in code-projects Budget Management 1.0. |
CVE-2024-4973 | Medium | 6.3 | — | 2024-05-16 | A vulnerability classified as critical was found in code-projects Simple Chat System 1.0. |
CVE-2024-4972 | Medium | 6.3 | — | 2024-05-16 | A vulnerability classified as critical has been found in code-projects Simple Chat System 1.0. |
CVE-2024-34954 | Medium | 6.1 | — | 2024-05-15 | Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter. |
CVE-2024-4975 | Low | 3.5 | — | 2024-05-16 | A vulnerability, which was classified as problematic, has been found in code-projects Simple Chat System 1.0. |
CVE-2024-4974 | Low | 3.5 | — | 2024-05-16 | A vulnerability, which was classified as problematic, was found in code-projects Simple Chat System 1.0. |
D-link · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4965 | Medium | 6.3 | — | 2024-05-16 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. |
CVE-2024-4964 | Medium | 6.3 | — | 2024-05-16 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. |
CVE-2024-4963 | Medium | 6.3 | — | 2024-05-16 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. |
CVE-2024-4962 | Medium | 6.3 | — | 2024-05-16 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000-40 V31R02B1413C. |
CVE-2024-4961 | Medium | 6.3 | — | 2024-05-16 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-7000-40 V31R02B1413C. |
CVE-2024-4960 | Medium | 6.3 | — | 2024-05-16 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000-40 V31R02B1413C. |
CVE-2024-4699 | Medium | 6.3 | — | 2024-05-14 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230922. |
Dell · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22429 | High | 7.5 | — | 2024-05-17 | Dell BIOS contains an Improper Input Validation vulnerability. |
CVE-2024-25967 | Medium | 6.7 | — | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. |
CVE-2024-25970 | Medium | 6.5 | — | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerability. |
CVE-2024-25969 | Medium | 6.2 | — | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability. |
CVE-2024-25965 | Medium | 6.1 | — | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. |
CVE-2024-25968 | Medium | 5.9 | — | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. |
CVE-2024-25966 | Medium | 5.3 | — | 2024-05-14 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. |
Progress · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4202 | High | 7.7 | — | 2024-05-15 | In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. |
CVE-2024-4200 | High | 7.7 | — | 2024-05-15 | In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. |
CVE-2024-3892 | High | 7.2 | — | 2024-05-15 | A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. |
CVE-2024-4357 | Medium | 6.5 | — | 2024-05-15 | An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. |
CVE-2024-4562 | Medium | 5.4 | — | 2024-05-14 | In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Due to the lack of proper authorization, any authenticated user can access the HTT… |
CVE-2024-4837 | Medium | 5.3 | — | 2024-05-15 | In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability. |
CVE-2024-4561 | Medium | 4.2 | — | 2024-05-14 | In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server. |
Wpdeveloper · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41955 | High | 8.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.This issue affects Essential Addons for Elementor: from n/a through 5.8.8. |
CVE-2024-32717 | Medium | 6.5 | — | 2024-05-14 | Missing Authorization vulnerability in WPDeveloper SchedulePress.This issue affects SchedulePress: from n/a through 5.0.8. |
CVE-2024-4624 | Medium | 6.4 | — | 2024-05-14 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugins for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_ext_toc_title_tag’ parameter in versions up to, and includ… |
CVE-2024-4449 | Medium | 6.4 | — | 2024-05-14 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content… |
CVE-2024-4448 | Medium | 6.4 | — | 2024-05-14 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color Header', 'Event Calendar', & 'Advanced Data… |
CVE-2024-4316 | Medium | 6.4 | — | 2024-05-14 | The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versi… |
CVE-2024-4275 | Medium | 6.4 | — | 2024-05-14 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Interactive Circle widget in all versions up to, and inc… |
Brainstorm Force · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51398 | High | 8.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14. |
CVE-2023-50890 | High | 8.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20. |
CVE-2024-3828 | High | 8.8 | — | 2024-05-14 | The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. |
CVE-2024-4838 | High | 7.5 | — | 2024-05-16 | The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode. |
CVE-2023-46205 | High | 7.1 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Ultimate Addons for WPBakery Page… |
CVE-2023-51401 | Medium | 6.3 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from… |
Gitlab · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2651 | Medium | 6.5 | — | 2024-05-14 | An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. |
CVE-2024-2454 | Medium | 6.5 | — | 2024-05-14 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. |
CVE-2023-6688 | Medium | 6.5 | — | 2024-05-14 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. |
CVE-2023-6682 | Medium | 6.5 | — | 2024-05-14 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. |
CVE-2024-4597 | Medium | 5.7 | — | 2024-05-14 | An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. |
CVE-2024-4539 | Medium | 4.3 | — | 2024-05-14 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could le… |
Themeum · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4223 | Critical | 9.8 | — | 2024-05-16 | The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. |
CVE-2024-4352 | High | 8.8 | — | 2024-05-16 | The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. |
CVE-2024-4351 | High | 8.8 | — | 2024-05-16 | The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. |
CVE-2024-4318 | High | 8.8 | — | 2024-05-16 | The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient prepara… |
CVE-2024-4222 | High | 7.3 | — | 2024-05-16 | The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. |
CVE-2024-4279 | Medium | 6.5 | — | 2024-05-16 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to… |
Thimpress · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4434 | Critical | 9.8 | — | 2024-05-14 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack… |
CVE-2024-4397 | High | 8.8 | — | 2024-05-14 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. |
CVE-2024-34415 | Medium | 6.5 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Thim Elementor Kit allows Stored XSS.This issue affects Thim Elementor Kit: from n/a through 1.1.8. |
CVE-2024-4329 | Medium | 6.4 | — | 2024-05-14 | The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. |
CVE-2024-4277 | Medium | 6.4 | — | 2024-05-14 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escapin… |
CVE-2024-4444 | Medium | 5.3 | — | 2024-05-14 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. |
Adobe · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30307 | High | 7.8 | — | 2024-05-16 | Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30274 | High | 7.8 | — | 2024-05-16 | Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-30309 | Medium | 5.5 | — | 2024-05-16 | Substance3D - Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-30308 | Medium | 5.5 | — | 2024-05-16 | Substance3D - Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-30281 | Medium | 5.5 | — | 2024-05-16 | Substance3D - Designer versions 13.1.1 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
Dlink · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34950 | High | 7.5 | — | 2024-05-14 | D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module. |
CVE-2024-33774 | Medium | 6.5 | — | 2024-05-14 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage." |
CVE-2024-33773 | Medium | 6.5 | — | 2024-05-14 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanGuestSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage." |
CVE-2024-33771 | Medium | 6.5 | — | 2024-05-14 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage." |
CVE-2024-33772 | Medium | 5.7 | — | 2024-05-14 | A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "curTime." |
Phoenix Contact · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28137 | High | 7.8 | — | 2024-05-14 | A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability. |
CVE-2024-28136 | High | 7.8 | — | 2024-05-14 | A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service. |
CVE-2024-28133 | High | 7.8 | — | 2024-05-14 | A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges. |
CVE-2024-28134 | High | 7.0 | — | 2024-05-14 | An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. |
CVE-2024-28135 | Medium | 5.0 | — | 2024-05-14 | A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. |
Red Hat · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3727 | High | 8.3 | — | 2024-05-14 | A flaw was found in the github.com/containers/image library. |
CVE-2024-4871 | Medium | 6.8 | — | 2024-05-14 | A vulnerability was found in Satellite. |
CVE-2024-5042 | Medium | 6.6 | — | 2024-05-17 | A flaw was found in the Submariner project. |
CVE-2024-4840 | Medium | 5.5 | — | 2024-05-14 | An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. |
CVE-2024-4693 | Medium | 5.5 | — | 2024-05-14 | A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). |
Brainstormforce · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4634 | Medium | 6.4 | — | 2024-05-16 | The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escapi… |
CVE-2024-4630 | Medium | 6.4 | — | 2024-05-14 | The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 4.2.0 due to insufficient in… |
CVE-2024-2619 | Medium | 5.0 | — | 2024-05-16 | The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. |
CVE-2024-1467 | Medium | 4.3 | — | 2024-05-14 | The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). |
Jetbrains · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35299 | Medium | 5.9 | — | 2024-05-16 | In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation |
CVE-2024-35301 | Medium | 5.5 | — | 2024-05-16 | In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token |
CVE-2024-35302 | Medium | 5.4 | — | 2024-05-16 | In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible |
CVE-2024-35300 | Low | 3.5 | — | 2024-05-16 | In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible |
Kadencewp · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4208 | Medium | 6.4 | — | 2024-05-15 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to in… |
CVE-2024-4481 | Medium | 6.4 | — | 2024-05-14 | The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitizatio… |
CVE-2024-4209 | Medium | 6.4 | — | 2024-05-14 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitizatio… |
CVE-2024-3189 | Medium | 5.4 | — | 2024-05-15 | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advance… |
Mndpsingh287 · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3643 | High | 8.8 | — | 2024-05-16 | The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack |
CVE-2024-3642 | Medium | 6.9 | — | 2024-05-16 | The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack |
CVE-2024-3641 | Medium | 6.1 | — | 2024-05-16 | The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins |
CVE-2024-3644 | Medium | 4.8 | — | 2024-05-16 | The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili… |
Nozomi Networks · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5938 | High | 8.0 | — | 2024-05-15 | Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. |
CVE-2023-5936 | High | 7.8 | — | 2024-05-15 | On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges. |
CVE-2023-5935 | High | 7.4 | — | 2024-05-15 | When configuring Arc (e.g. |
CVE-2023-5937 | Low | 3.8 | — | 2024-05-15 | On Windows systems, the Arc configuration files resulted to be world-readable. |
P-themes · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3806 | Critical | 9.8 | — | 2024-05-14 | The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. |
CVE-2024-3809 | High | 8.8 | — | 2024-05-14 | The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshow_type' post meta. |
CVE-2024-3808 | High | 8.8 | — | 2024-05-14 | The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'porto_portfolios' shortcode 'portfolio_layout' attribute. |
CVE-2024-3807 | High | 8.8 | — | 2024-05-14 | The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'porto_page_header_shortcode_type', 'slideshow_type' and 'post_layout' post meta. |
Phpgurukul · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5065 | High | 7.3 | — | 2024-05-17 | A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. |
CVE-2024-5064 | High | 7.3 | — | 2024-05-17 | A vulnerability was found in PHPGurukul Online Course Registration System 3.1. |
CVE-2024-5063 | High | 7.3 | — | 2024-05-17 | A vulnerability was found in PHPGurukul Online Course Registration System 3.1. |
CVE-2024-5066 | Medium | 6.3 | — | 2024-05-17 | A vulnerability classified as critical was found in PHPGurukul Online Course Registration System 3.1. |
Ruijie · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4816 | Medium | 6.3 | — | 2024-05-14 | A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240506. |
CVE-2024-4815 | Medium | 6.3 | — | 2024-05-14 | A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240506. |
CVE-2024-4814 | Medium | 6.3 | — | 2024-05-14 | A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240506. |
CVE-2024-4813 | Medium | 6.3 | — | 2024-05-14 | A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240506. |
Tenable · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3292 | High | 8.2 | — | 2024-05-17 | A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. |
CVE-2024-3290 | High | 8.2 | — | 2024-05-17 | A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host |
CVE-2024-3291 | High | 7.8 | — | 2024-05-17 | When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. |
CVE-2024-3289 | High | 7.8 | — | 2024-05-17 | When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. |
Typo3 · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34357 | Medium | 5.4 | — | 2024-05-14 | TYPO3 is an enterprise content management system. |
CVE-2024-34356 | Medium | 5.4 | — | 2024-05-14 | TYPO3 is an enterprise content management system. |
CVE-2024-34358 | Medium | 5.3 | — | 2024-05-14 | TYPO3 is an enterprise content management system. |
CVE-2024-34355 | Low | 3.5 | — | 2024-05-14 | TYPO3 is an enterprise content management system. |
Ansanwan · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4992 | Critical | 9.8 | — | 2024-05-16 | Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php parameter in nim. |
CVE-2024-4991 | Critical | 9.8 | — | 2024-05-16 | Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php parameter in nama_lengkap. |
CVE-2024-4993 | Medium | 6.3 | — | 2024-05-16 | Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php query parameter. |
Arox · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4824 | Critical | 9.8 | — | 2024-05-14 | Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. |
CVE-2024-4823 | Medium | 6.5 | — | 2024-05-14 | Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/office_admin/' in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and dc2. |
CVE-2024-4822 | Medium | 6.5 | — | 2024-05-14 | Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. |
Averta · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-39163 | High | 8.6 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Shop allows PHP Local File Inclusion.This issue affects Phlox Shop: from n/a through 2.0.0. |
CVE-2023-38399 | High | 8.6 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Portfolio allows PHP Local File Inclusion.This issue affects Phlox Portfolio: from n/a through 2.3.1. |
CVE-2023-37888 | High | 7.6 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Ph… |
Cemi Tomasz Pawełek · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4423 | High | 7.2 | — | 2024-05-14 | The access control in CemiPark software does not properly validate user-entered data, which allows the authentication bypass. |
CVE-2024-4424 | Medium | 6.1 | — | 2024-05-14 | The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting (XSS) attack. |
CVE-2024-4425 | Medium | 5.4 | — | 2024-05-14 | The access control in CemiPark software stores integration (e.g. |
Codepeople · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32720 | Medium | 5.3 | — | 2024-05-17 | Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Appointment Hour Booking allows Removing Important Client Functionality.This issue affects Appointment Hour Booking: from n/a through 1.4.56. |
CVE-2024-24874 | Medium | 5.3 | — | 2024-05-17 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CodePeople CP Polls allows Code Injection.This issue affects CP Polls: from n/a through 1.0.71. |
CVE-2024-24873 | Medium | 5.3 | — | 2024-05-17 | : Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71. |
Crm Perks · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34756 | Medium | 4.3 | — | 2024-05-17 | Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 HubSpot.This issue affects Integration for Contact Form 7 HubSpot: from n/a through 1.3.1. |
CVE-2024-34755 | Medium | 4.3 | — | 2024-05-17 | Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through 1.3.9. |
CVE-2024-34817 | Medium | 4.3 | — | 2024-05-14 | Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: fr… |
Dachande663 · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3630 | Medium | 5.4 | — | 2024-05-15 | The HL Twitter WordPress plugin through 2014.1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili… |
CVE-2024-3631 | Medium | 4.3 | — | 2024-05-15 | The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack |
CVE-2024-3629 | Low | 2.4 | — | 2024-05-15 | The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
Dedecms · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34245 | Medium | 6.5 | — | 2024-05-14 | An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php. |
CVE-2024-34959 | Medium | 5.5 | — | 2024-05-17 | DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php. |
CVE-2024-4790 | Medium | 4.3 | — | 2024-05-14 | A vulnerability classified as problematic has been found in DedeCMS 5.7.114. |
Devitemsllc · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3990 | Medium | 6.4 | — | 2024-05-14 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip & Popover Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output es… |
CVE-2024-3989 | Medium | 6.4 | — | 2024-05-14 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and ou… |
CVE-2023-6327 | Medium | 5.3 | — | 2024-05-14 | The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. |
Digisol · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2257 | Critical | 9.1 | — | 2024-05-14 | This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to improper implementation of password policies. |
CVE-2024-4231 | Medium | 4.6 | — | 2024-05-14 | This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to presence of root terminal access on a serial interface without proper access control. |
CVE-2024-4232 | Medium | 4.1 | — | 2024-05-14 | This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ database. |
Goprayer · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3406 | High | 8.8 | — | 2024-05-15 | The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
CVE-2024-3405 | High | 7.6 | — | 2024-05-15 | The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
CVE-2024-3407 | Medium | 5.3 | — | 2024-05-15 | The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks |
Kioware · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3459 | High | 8.4 | — | 2024-05-14 | KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. |
CVE-2024-3460 | High | 7.4 | — | 2024-05-14 | In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. |
CVE-2024-3461 | Medium | 6.2 | — | 2024-05-14 | KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number. |
Mantisbt · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34077 | High | 7.3 | — | 2024-05-14 | MantisBT (Mantis Bug Tracker) is an open source issue tracker. |
CVE-2024-34081 | Medium | 6.6 | — | 2024-05-14 | MantisBT (Mantis Bug Tracker) is an open source issue tracker. |
CVE-2024-34080 | Medium | 5.3 | — | 2024-05-14 | MantisBT (Mantis Bug Tracker) is an open source issue tracker. |
Mranderson · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3824 | Medium | 5.5 | — | 2024-05-15 | The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack |
CVE-2024-3822 | Medium | 4.8 | — | 2024-05-15 | The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as… |
CVE-2024-3823 | Low | 2.4 | — | 2024-05-15 | The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via… |
Nocodb · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49781 | High | 7.3 | — | 2024-05-14 | NocoDB is software for building databases as spreadsheets. |
CVE-2023-50718 | Medium | 6.5 | — | 2024-05-14 | NocoDB is software for building databases as spreadsheets. |
CVE-2023-50717 | Medium | 5.7 | — | 2024-05-14 | NocoDB is software for building databases as spreadsheets. |
Posimyth · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47178 | High | 8.6 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: fro… |
CVE-2024-2785 | Medium | 6.4 | — | 2024-05-14 | The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supp… |
CVE-2024-0445 | Medium | 6.4 | — | 2024-05-14 | The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's element attributes in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. |
Sailpoint · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3319 | Critical | 9.1 | — | 2024-05-15 | An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which co… |
CVE-2024-3317 | Medium | 6.5 | — | 2024-05-15 | An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants. |
CVE-2024-3318 | Medium | 4.2 | — | 2024-05-15 | A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the u… |
Sap · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28165 | High | 8.1 | — | 2024-05-14 | SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application |
CVE-2024-34687 | Medium | 6.5 | — | 2024-05-14 | SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-33004 | Medium | 4.3 | — | 2024-05-14 | SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. |
Simple-membership-plugin · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41956 | High | 8.8 | — | 2024-05-17 | Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4. |
CVE-2023-41957 | High | 8.6 | — | 2024-05-17 | Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4. |
CVE-2024-4383 | Medium | 6.4 | — | 2024-05-14 | The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization an… |
Unitecms · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3055 | High | 8.8 | — | 2024-05-14 | The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.102 due to insufficient escaping on the… |
CVE-2024-2662 | High | 7.2 | — | 2024-05-14 | The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. |
CVE-2024-3547 | Medium | 6.1 | — | 2024-05-14 | The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google_connect_error' parameter in all versions up to, and including, 1.5.102 due to insuf… |
Unknown · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2441 | High | 8.1 | — | 2024-05-14 | The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel… |
CVE-2024-2749 | Medium | 5.9 | — | 2024-05-14 | The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthoriz… |
CVE-2024-3239 | Medium | 5.4 | — | 2024-05-14 | The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users wit… |
8theme · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33552 | Critical | 9.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8. |
CVE-2024-33556 | High | 8.2 | — | 2024-05-17 | Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8. |
Abb · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1913 | High | 7.6 | — | 2024-05-14 | An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code. The vulnerability could potentially be exploited to perform unauthorized actio… |
CVE-2024-1914 | Medium | 6.5 | — | 2024-05-14 | An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. |
Andy_moyle · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31281 | Medium | 6.3 | — | 2024-05-17 | Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.6. |
CVE-2024-34828 | Medium | 4.3 | — | 2024-05-14 | Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.32. |
Apache · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34365 | Critical | 9.1 | — | 2024-05-14 | ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave. |
CVE-2024-32077 | Medium | 5.4 | — | 2024-05-14 | Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue. |
Aresit · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4445 | Medium | 6.5 | — | 2024-05-14 | The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. |
CVE-2023-6812 | Medium | 4.3 | — | 2024-05-14 | The WP Compress – Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. |
Artbees · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32110 | High | 7.6 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in artbees JupiterX allows PHP Local File Inclusion.This issue affects JupiterX: from n/a through 3.0.0. |
CVE-2024-30509 | Medium | 6.5 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Artbees SellKit allows Relative Path Traversal.This issue affects SellKit: from n/a through 1.8.1. |
Automattic · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4392 | Medium | 6.4 | — | 2024-05-14 | The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpvideo shortcode in all versions up to, and including, 13.3.1 due to insufficient input sanitization and… |
CVE-2024-34549 | Medium | 5.3 | — | 2024-05-14 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.2.2. |
Bdthemes · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4339 | Medium | 6.4 | — | 2024-05-14 | The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to in… |
CVE-2024-4606 | Medium | 5.4 | — | 2024-05-14 | Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.3. |
Beaverbuilder · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4430 | Medium | 6.4 | — | 2024-05-14 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the photo widget crop attribute in all versions up to, and including, 2.8.1.2 due to insufficient input sanitization and outp… |
CVE-2024-3923 | Medium | 6.4 | — | 2024-05-14 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_target parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output esc… |
Boldgrid · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24869 | High | 7.5 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8. |
CVE-2024-4400 | Medium | 6.4 | — | 2024-05-16 | The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization… |
Bozdoz · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3940 | High | 8.8 | — | 2024-05-14 | The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
CVE-2024-3941 | Medium | 4.7 | — | 2024-05-14 | The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. |
Carazo · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4734 | Medium | 4.4 | — | 2024-05-15 | The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. |
CVE-2024-4656 | Medium | 4.4 | — | 2024-05-15 | The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. |
Claris · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27790 | High | 7.5 | — | 2024-05-14 | Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. |
CVE-2023-42955 | Medium | 4.9 | — | 2024-05-14 | Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. |
Codezips · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5049 | Medium | 6.3 | — | 2024-05-17 | A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. |
CVE-2024-4923 | Medium | 6.3 | — | 2024-05-16 | A vulnerability has been found in Codezips E-Commerce Site 1.0 and classified as critical. |
Creativethemes · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4487 | Medium | 6.4 | — | 2024-05-14 | The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. |
CVE-2024-4158 | Medium | 6.4 | — | 2024-05-14 | The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. |
Crocoblock · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48757 | High | 8.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4. |
CVE-2023-37866 | High | 7.2 | — | 2024-05-17 | Improper Privilege Management vulnerability in Crocoblock JetFormBuilder allows Privilege Escalation.This issue affects JetFormBuilder: from n/a through 3.0.8. |
Directus · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34709 | Medium | 5.4 | — | 2024-05-14 | Directus is a real-time API and App dashboard for managing SQL database content. |
CVE-2024-34708 | Medium | 4.9 | — | 2024-05-14 | Directus is a real-time API and App dashboard for managing SQL database content. |
Dmitry V. (Ceo Of "Ukr Solution") · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34556 | Medium | 5.3 | — | 2024-05-14 | Insertion of Sensitive Information Into Sent Data vulnerability in Dmitry V. |
CVE-2024-34557 | Medium | 4.3 | — | 2024-05-14 | Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. |
Easy Digital Downloads · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32100 | Medium | 5.3 | — | 2024-05-14 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. |
CVE-2024-31113 | Medium | 4.3 | — | 2024-05-14 | Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. |
Elementor · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24934 | High | 8.5 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a t… |
CVE-2024-4107 | Medium | 6.4 | — | 2024-05-14 | The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization… |
Emlog · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5043 | Medium | 4.7 | — | 2024-05-17 | A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. |
CVE-2024-5044 | Low | 3.7 | — | 2024-05-17 | A vulnerability was found in Emlog Pro 2.3.4. |
Envothemes · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35167 | Medium | 6.5 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets… |
CVE-2024-4385 | Medium | 6.4 | — | 2024-05-16 | The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. |
Eprosima · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30259 | High | 8.2 | — | 2024-05-14 | FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). |
CVE-2024-30258 | High | 8.2 | — | 2024-05-14 | FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). |
Favethemes · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-26540 | Critical | 9.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. |
CVE-2023-26009 | Critical | 9.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in Favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3. |
Freescout · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34697 | High | 7.6 | — | 2024-05-14 | FreeScout is a free, self-hosted help desk and shared mailbox. |
CVE-2024-34698 | Medium | 4.6 | — | 2024-05-14 | FreeScout is a free, self-hosted help desk and shared mailbox. |
Giuliopanda · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4104 | Medium | 6.1 | — | 2024-05-14 | The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dbp_id' parameter in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escapin… |
CVE-2024-4103 | Medium | 4.3 | — | 2024-05-14 | The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0. |
Google · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7258 | Medium | 4.8 | — | 2024-05-15 | A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox. |
CVE-2024-4766 | Medium | 4.3 | — | 2024-05-14 | Different techniques existed to obscure the fullscreen notification in Firefox for Android. |
Hcl Software · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23576 | High | 7.1 | — | 2024-05-14 | Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. |
CVE-2023-37526 | Medium | 6.5 | — | 2024-05-14 | HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. |
Imartinez · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3403 | High | 7.5 | — | 2024-05-16 | imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. |
CVE-2024-3851 | Medium | 5.4 | — | 2024-05-16 | A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. |
Insyde · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25079 | High | 7.4 | — | 2024-05-15 | A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating pr… |
CVE-2024-25078 | High | 7.4 | — | 2024-05-15 | A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and k… |
Ithemelandco · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4204 | Medium | 4.3 | — | 2024-05-16 | The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. |
CVE-2024-4199 | Medium | 4.3 | — | 2024-05-15 | The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. |
Ivanweb · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3580 | Medium | 6.1 | — | 2024-05-17 | The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability… |
CVE-2024-3231 | Medium | 6.1 | — | 2024-05-17 | The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins. |
Jonschlinkert · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4068 | High | 7.5 | — | 2024-05-14 | The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. |
CVE-2024-4067 | Medium | 5.3 | — | 2024-05-14 | The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). |
Kognetiks · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32700 | Critical | 10.0 | — | 2024-05-14 | Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0. |
CVE-2024-4560 | Critical | 9.8 | — | 2024-05-14 | The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function in all versions up to, and including, 1.9.9. |
Leevio · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4391 | Medium | 6.4 | — | 2024-05-16 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping… |
CVE-2024-4478 | Medium | 6.4 | — | 2024-05-16 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on us… |
Lfprojects · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3848 | High | 7.5 | — | 2024-05-16 | A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. |
CVE-2024-4263 | Medium | 5.4 | — | 2024-05-16 | A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. |
Litonice13 · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3134 | Medium | 6.4 | — | 2024-05-16 | The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all versions up to, and including, 2.0.6.0… |
CVE-2024-4580 | Medium | 6.4 | — | 2024-05-16 | The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0.6.0 due to insuffi… |
Mayurik · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5051 | Medium | 6.3 | — | 2024-05-17 | A vulnerability has been found in SourceCodester Gas Agency Management System 1.0 and classified as critical. |
CVE-2024-4945 | Medium | 4.3 | — | 2024-05-16 | A vulnerability was found in SourceCodester Best Courier Management System 1.0. |
Metagauss · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-33321 | Medium | 5.3 | — | 2024-05-17 | Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6. |
CVE-2024-32774 | Medium | 4.3 | — | 2024-05-17 | Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.This issue affects ProfileGrid : from n/a through 5.8.2. |
Monetizemore · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2290 | High | 7.2 | — | 2024-05-14 | The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the 'placement_slug' parameter. |
CVE-2024-3952 | Medium | 6.4 | — | 2024-05-14 | The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Ad widget in all versions up to, and including, 1.52.1 due to insufficient input sanitization and output escaping on… |
Mongodb · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3372 | High | 7.5 | — | 2024-05-14 | Improper validation of certain metadata input may result in the server not correctly serialising BSON. |
CVE-2024-3374 | Medium | 5.3 | — | 2024-05-14 | An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. |
Netflix · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4701 | Critical | 9.9 | — | 2024-05-14 | A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18 |
CVE-2024-5023 | — | — | — | 2024-05-16 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0. |
Owletcare · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6324 | High | 8.1 | — | 2024-05-15 | ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity |
CVE-2023-6323 | Medium | 4.3 | — | 2024-05-15 | ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server. |
Pluginus · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32680 | High | 8.8 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malici… |
CVE-2024-34434 | Medium | 6.5 | — | 2024-05-17 | Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.2. |
Prestashop · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34716 | Critical | 9.6 | — | 2024-05-14 | PrestaShop is an open source e-commerce web application. |
CVE-2024-34717 | Medium | 5.3 | — | 2024-05-14 | PrestaShop is an open source e-commerce web application. |
Proofpoint · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3676 | High | 7.5 | — | 2024-05-14 | The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption… |
CVE-2024-0862 | Medium | 5.0 | — | 2024-05-14 | The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network ad… |
Rankmath · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4617 | Medium | 6.4 | — | 2024-05-16 | The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. |
CVE-2024-4335 | Medium | 6.4 | — | 2024-05-14 | The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textAlign’ parameter in versions up to, and including, 1.0.217 due to insufficient input sanitization and output escaping. |
Redbitcz · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1229 | Medium | 5.3 | — | 2024-05-14 | The SimpleShop plugin for WordPress is vulnerable to unauthorized disconnection from SimpleShop due to a missing capability check on the maybe_disconnect_simpleshop function in all versions up to, and including, 2.10.2. |
CVE-2024-1230 | Medium | 4.3 | — | 2024-05-14 | The SimpleShop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.0. |
Rems · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4967 | Medium | 6.3 | — | 2024-05-16 | A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. |
CVE-2024-4968 | Low | 3.5 | — | 2024-05-16 | A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. |
Rockwell Automation · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4609 | Critical | 9.8 | — | 2024-05-16 | A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials wer… |
CVE-2024-3640 | — | — | — | 2024-05-16 | An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. |
Royal-elementor-addons · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3887 | Medium | 5.4 | — | 2024-05-16 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping… |
CVE-2024-32786 | Medium | 5.3 | — | 2024-05-17 | Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through 1.3.93. |
Samsung Open Source · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32672 | Medium | 5.3 | — | 2024-05-14 | A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input. |
CVE-2024-32669 | Medium | 5.3 | — | 2024-05-14 | Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. |
Shaonsina · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4373 | Medium | 6.4 | — | 2024-05-15 | The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer… |
CVE-2024-4333 | Medium | 6.4 | — | 2024-05-14 | The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in version… |
Shortpixel · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35172 | Medium | 4.4 | — | 2024-05-14 | Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.3. |
CVE-2024-4689 | Medium | 4.3 | — | 2024-05-14 | Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.3. |
Sizam Design · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31231 | Critical | 9.0 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1. |
CVE-2024-31232 | High | 8.0 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1. |
Skt Themes · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34445 | Medium | 6.5 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 1.8. |
CVE-2024-34436 | Medium | 6.5 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 1.8. |
Smartypantsplugins · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3749 | Medium | 6.5 | — | 2024-05-15 | The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user |
CVE-2024-3748 | Medium | 6.5 | — | 2024-05-15 | The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user |
Solarwinds · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28075 | Critical | 9.0 | — | 2024-05-14 | The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. |
CVE-2024-23473 | High | 8.6 | — | 2024-05-14 | The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. |
Stalwartlabs · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35187 | Critical | 9.1 | — | 2024-05-16 | Stalwart Mail Server is an open-source mail server. |
CVE-2024-35179 | Medium | 6.8 | — | 2024-05-15 | Stalwart Mail Server is an open-source mail server. |
Stylemixthemes · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-37385 | High | 7.3 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through 6.5.6. |
CVE-2024-4789 | Medium | 6.4 | — | 2024-05-17 | Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the send_demo_webhook() function. |
Supsystic · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-46197 | Medium | 5.3 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19. |
CVE-2024-32790 | Medium | 4.3 | — | 2024-05-17 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Supsystic Pricing Table by Supsystic allows Code Injection.This issue affects Pricing Table by Supsystic: from n/a through 1.9.12. |
Swift Ideas · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3916 | Medium | 6.4 | — | 2024-05-14 | The Swift Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 2.7.31 due to insufficient input sanitization and output escaping on user su… |
CVE-2024-3915 | Medium | 5.3 | — | 2024-05-14 | The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sf_edit_directory_item() function in all versions up to, and including, 2.7.31. |
Themeisle · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3750 | High | 8.8 | — | 2024-05-16 | The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and inclu… |
CVE-2024-4635 | Medium | 6.4 | — | 2024-05-16 | The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_mime_type’ function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping. |
Themelooks · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3831 | Medium | 6.4 | — | 2024-05-14 | The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and outp… |
CVE-2024-3680 | Medium | 6.4 | — | 2024-05-14 | The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input san… |
Themify · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-46145 | High | 8.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5. |
CVE-2024-4567 | Medium | 6.4 | — | 2024-05-14 | The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on us… |
Trellix · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4844 | High | 7.5 | — | 2024-05-16 | Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing… |
CVE-2024-4843 | Medium | 4.3 | — | 2024-05-16 | ePO doesn't allow a regular privileged user to delete tasks or assignments. |
Vercel · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34351 | High | 7.5 | — | 2024-05-14 | Next.js is a React framework that can provide building blocks to create web applications. |
CVE-2024-34350 | High | 7.5 | — | 2024-05-14 | Next.js is a React framework that can provide building blocks to create web applications. |
Visualmodo · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34757 | Medium | 6.5 | — | 2024-05-17 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualmodo Borderless borderless allows DOM-Based XSS.This issue affects Borderless: from n/a through <= 1.7.3. |
CVE-2024-4666 | Medium | 6.4 | — | 2024-05-14 | The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient inpu… |
Webtoffee · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51546 | High | 7.2 | — | 2024-05-17 | Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and… |
CVE-2024-34751 | Medium | 4.4 | — | 2024-05-16 | Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.9. |
Wp Automatic · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27954 | Critical | 9.3 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0. |
CVE-2024-27955 | High | 8.8 | — | 2024-05-17 | Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0. |
Wpkube · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4144 | Medium | 6.5 | — | 2024-05-14 | The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. |
CVE-2024-4150 | Medium | 6.1 | — | 2024-05-14 | The Simple Basic Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘scf_email’ parameter in versions up to, and including, 20221201 due to insufficient input sanitization and output escaping. |
Wpmu Dev · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25595 | Medium | 5.3 | — | 2024-05-17 | Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1. |
CVE-2022-44581 | Medium | 5.0 | — | 2024-05-17 | Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. |
Yoast · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4984 | Medium | 6.4 | — | 2024-05-16 | The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. |
CVE-2024-4041 | Medium | 6.1 | — | 2024-05-14 | The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. |
Zoom · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27244 | Medium | 6.7 | — | 2024-05-15 | Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access. |
CVE-2024-27243 | Medium | 6.5 | — | 2024-05-15 | Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access. |
10web · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34437 | Medium | 5.9 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.24. |
1panel-dev · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34352 | Medium | 6.5 | — | 2024-05-14 | 1Panel is an open source Linux server operation and maintenance management panel. |
Aa-team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33549 | High | 8.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10. |
Abdul Hakeem · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51479 | High | 8.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. |
Abetlen · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34359 | Critical | 9.6 | — | 2024-05-14 | llama-cpp-python is the Python bindings for llama.cpp. |
Academy Lms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35171 | Medium | 5.3 | — | 2024-05-14 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25. |
Adam Dehaven · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33951 | Medium | 6.5 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam DeHaven Perfect Pullquotes allows Stored XSS.This issue affects Perfect Pullquotes: from n/a through 1.7.5. |
Agentejo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4825 | Critical | 9.8 | — | 2024-05-14 | A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. |
Aidin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34749 | Medium | 6.1 | — | 2024-05-14 | Phormer prior to version 3.35 contains a cross-site scripting vulnerability. |
Aleksei Polechin (Alek´) · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33950 | Medium | 5.9 | — | 2024-05-14 | Administrator Cross Site Scripting (XSS) in Archives Calendar Widget <= 1.0.15 versions. |
Alexacrm · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34550 | Medium | 5.3 | — | 2024-05-14 | Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17. |
All_bootstrap_blocks · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35169 | Medium | 5.9 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in all_bootstrap_blocks All Bootstrap Blocks all-bootstrap-blocks.This issue affects All Bootstrap Blocks: from n/a through <= 1.3.15. |
Alpitronic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4622 | — | — | — | 2024-05-15 | If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. |
Alttextai · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4847 | High | 8.8 | — | 2024-05-15 | The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to generic SQL Injection via the ‘last_post_id’ parameter in all versions up to, and including, 1.4.9 due to insufficient… |
Ant Media · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3462 | Medium | 5.4 | — | 2024-05-14 | Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2… |
Apache Friends · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5055 | High | 7.5 | — | 2024-05-17 | Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. |
Apppresser · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32776 | Medium | 6.5 | — | 2024-05-14 | Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. |
Appscreo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31300 | High | 8.5 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appscreo Easy Social Share Buttons allows PHP Local File Inclusion.This issue affects Easy Social Share Buttons: from n/a through 9.4. |
Argoproj · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32476 | Medium | 6.5 | — | 2024-05-14 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. |
Asaancart · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4826 | Critical | 9.8 | — | 2024-05-16 | SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. |
Asterisk · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35190 | Medium | 5.8 | — | 2024-05-17 | Asterisk is an open source private branch exchange and telephony toolkit. |
Astoundify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32511 | Critical | 9.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through 1.5.6. |
Atanas Yonkov · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33954 | Medium | 6.5 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atanas Yonkov Pliska allows Stored XSS.This issue affects Pliska: from n/a through 0.3.5. |
Athemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4473 | Medium | 6.4 | — | 2024-05-14 | The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied… |
Avimegladon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4546 | Medium | 6.4 | — | 2024-05-16 | The Custom Post Type Attachment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pdf_attachment' shortcode in all versions up to, and including, 3.4.5 due to insufficient input sanitization and output esc… |
Aws · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32888 | Critical | 10.0 | — | 2024-05-15 | The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. |
B&r Industrial Automation · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2637 | High | 7.2 | — | 2024-05-14 | An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automatio… |
Bellard · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33263 | Medium | 4.0 | — | 2024-05-14 | QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c. |
Benaceur-php · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3634 | Medium | 4.8 | — | 2024-05-15 | The month name translation benaceur WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter… |
Benoti · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34426 | Medium | 5.9 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benoti Brozzme Scroll Top allows Stored XSS.This issue affects Brozzme Scroll Top: from n/a through 1.8.5. |
Bestwebsoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31295 | Medium | 5.3 | — | 2024-05-17 | Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft allows Functionality Bypass.This issue affects Captcha by BestWebSoft: from n/a through 5.2.0. |
Betteraddons · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34432 | Medium | 6.5 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BetterAddons Better Elementor Addons better-elementor-addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a throu… |
Bill Minozzi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4214 | Low | 2.7 | — | 2024-05-17 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Bill Minozzi Car Dealer allows Code Injection.This issue affects Car Dealer: from n/a through 4.15. |
Blakeblackshear · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32874 | Medium | 6.8 | — | 2024-05-14 | Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. |
Blocksera · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1166 | Medium | 6.4 | — | 2024-05-14 | The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hover Effects Widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and… |
Booking Ultra Pro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32960 | High | 8.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12. |
Bootstrapped Ventures · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34441 | Medium | 6.5 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bootstrapped Ventures Easy Affiliate Links allows Stored XSS.This issue affects Easy Affiliate Links: from n/a through 3.7.2. |
Bplugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4398 | Medium | 6.4 | — | 2024-05-14 | The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and o… |
Br-automation · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2021-22280 | High | 7.2 | — | 2024-05-14 | Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product. |
Breakdance · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4605 | High | 8.8 | — | 2024-05-14 | The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. |
Brizy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34814 | Medium | 5.4 | — | 2024-05-14 | Cross-Site Request Forgery (CSRF) vulnerability in Unyson Unyson unyson.This issue affects Unyson: from n/a through <= 2.7.29. |
Buddypress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3974 | Medium | 6.4 | — | 2024-05-14 | The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. |
Byzoro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4904 | Medium | 6.3 | — | 2024-05-15 | A vulnerability was found in Byzoro Smart S200 Management Platform up to 20240507. |
Carmelo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28279 | High | 7.3 | — | 2024-05-14 | Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=. |
Cea-hpc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34713 | Low | 3.5 | — | 2024-05-14 | sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. |
Cerberus Ftp Enterprise · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5052 | High | 7.5 | — | 2024-05-17 | Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. |
Cloudwise · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34905 | High | 7.5 | — | 2024-05-16 | FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. |
Codebard · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34807 | Medium | 4.3 | — | 2024-05-17 | Cross-Site Request Forgery (CSRF) vulnerability in CodeBard Fast Custom Social Share by CodeBard fast-custom-social-share-by-codebard.This issue affects Fast Custom Social Share by CodeBard: from n/a through <= 1.1.2. |
Codename065 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33938 | Medium | 6.5 | — | 2024-05-14 | Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).This issue affects Sliding Widgets: from n/a through 1.5.0. |
Coderevolution · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31290 | Critical | 9.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1. |
Contemporary Control System · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4791 | High | 7.5 | — | 2024-05-14 | A vulnerability classified as critical was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. |
Copymatic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31351 | Critical | 10.0 | — | 2024-05-17 | Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6. |
Cozmoslabs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31341 | Medium | 5.3 | — | 2024-05-17 | Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows Functionality Bypass.This issue affects Profile Builder: from n/a through 3.11.2. |
Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34827 | Medium | 4.3 | — | 2024-05-14 | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban TranslatePress.This issue affects TranslatePress: from n/a through 2.7.5. |
Creative Motion · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34806 | Medium | 4.3 | — | 2024-05-17 | Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1. |
Criticalmoments · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34354 | Medium | 6.5 | — | 2024-05-14 | CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. |
Croixhaug · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4288 | Medium | 6.4 | — | 2024-05-16 | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input… |
Crushftp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22910 | Medium | 6.1 | — | 2024-05-14 | Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10.5.5 allows an attacker to execute arbitrary code via a crafted payload. |
Custom_field_suite_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3068 | Medium | 4.4 | — | 2024-05-14 | The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfs[fields][*][name]' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. |
Cyclonedx · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34345 | High | 8.1 | — | 2024-05-14 | The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. |
Daext · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4312 | Medium | 4.3 | — | 2024-05-14 | The Soccer Engine – Soccer Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. |
Darren Cooney · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33569 | High | 7.2 | — | 2024-05-17 | Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0. |
Dassault Systèmes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5597 | Medium | 5.4 | — | 2024-05-17 | A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code. |
Dataease · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31441 | High | 7.5 | — | 2024-05-14 | DataEase is an open source data visualization analysis tool. |
Davidanderson · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4193 | Medium | 6.4 | — | 2024-05-14 | The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user… |
Detheme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34575 | Medium | 6.5 | — | 2024-05-17 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.2. |
Devolutions · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5072 | Medium | 6.5 | — | 2024-05-17 | Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted requ… |
Digiwin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4893 | Critical | 9.8 | — | 2024-05-15 | DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands. |
Divspot · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34439 | Medium | 4.3 | — | 2024-05-14 | Cross-Site Request Forgery (CSRF) vulnerability in divSpot DS Site Message.This issue affects DS Site Message: from n/a through 1.14.4. |
Donbermoy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4946 | Medium | 6.3 | — | 2024-05-16 | A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. |
Dootask · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34906 | Medium | 5.4 | — | 2024-05-15 | An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file. |
Dotcamp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3241 | Medium | 5.4 | — | 2024-05-14 | The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to p… |
Dotmesh-io · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-26312 | High | 8.1 | — | 2024-05-14 | Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. |
Elegant Themes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4490 | Medium | 6.4 | — | 2024-05-14 | The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient input san… |
Enterprisedb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4545 | High | 7.7 | — | 2024-05-14 | All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. |
Eric Alli · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33942 | Medium | 4.3 | — | 2024-05-14 | Missing Authorization vulnerability in Eric Alli Google Typography.This issue affects Google Typography: from n/a through 1.1.2. |
Es · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-26306 | Medium | 5.9 | — | 2024-05-14 | iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. |
Espressif · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33454 | Medium | 6.5 | — | 2024-05-14 | Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the Bluetooth stack component. |
Everpress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32523 | High | 8.1 | — | 2024-05-17 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.6. |
Exclusiveaddons · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4618 | Medium | 6.4 | — | 2024-05-15 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on use… |
Extend Themes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34809 | Medium | 4.3 | — | 2024-05-17 | Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21. |
Extremenetworks · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-18305 | High | 8.0 | — | 2024-05-14 | Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges. |
Felix Moira · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32800 | Medium | 6.5 | — | 2024-05-17 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Felix Moira Popup More Popups allows Stored XSS.This issue affects Popup More Popups: from n/a through 2.3.1. |
Filipe Seabra · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22139 | Low | 3.7 | — | 2024-05-17 | Authentication Bypass by Spoofing vulnerability in Filipe Seabra WordPress Manutenção allows Functionality Bypass.This issue affects WordPress Manutenção: from n/a through 1.0.6. |
Flothemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35174 | Medium | 5.3 | — | 2024-05-17 | Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42. |
Fluxcd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31216 | Medium | 5.1 | — | 2024-05-15 | The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. |
Fmeaddons · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-45070 | Medium | 5.3 | — | 2024-05-17 | Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3. |
Frappe · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34074 | Medium | 6.1 | — | 2024-05-14 | Frappe is a full-stack web application framework. |
Froxlor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34070 | Critical | 9.6 | — | 2024-05-14 | Froxlor is open source server administration software. |
Gaizhenbiao · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4321 | High | 7.5 | — | 2024-05-16 | A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. |
German Mesky · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23872 | Medium | 4.9 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in German Mesky GMAce allows Path Traversal.This issue affects GMAce: from n/a through 1.5.2. |
Getgrav · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34082 | High | 8.5 | — | 2024-05-15 | Grav is a file-based Web platform. |
Getshortcodes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3548 | Medium | 6.1 | — | 2024-05-15 | The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privi… |
Ghost Foundation · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34559 | High | 7.5 | — | 2024-05-14 | Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0. |
Ghozylab, Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34567 | Medium | 6.5 | — | 2024-05-17 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. |
Git · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32002 | Critical | 9.0 | — | 2024-05-14 | Git is a revision control system. |
Givewp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41665 | High | 8.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0. |
Glowlogix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51483 | Critical | 9.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1. |
Gocd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28866 | Low | 3.1 | — | 2024-05-14 | GoCD is a continuous delivery server. |
Guido · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30540 | Medium | 5.3 | — | 2024-05-17 | Guessable CAPTCHA vulnerability in Guido VS Contact Form allows Functionality Bypass.This issue affects VS Contact Form: from n/a through 14.7. |
Gutenify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35165 | Medium | 5.3 | — | 2024-05-14 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gutenify.This issue affects Gutenify: from n/a through 1.4.0. |
Gvectors · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47868 | High | 7.3 | — | 2024-05-17 | Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3. |
Gztimewalker · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34699 | Medium | 6.5 | — | 2024-05-14 | GZ::CTF is a capture the flag platform. |
Hamid Alinia · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32507 | High | 8.8 | — | 2024-05-17 | Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.7.16. |
Harknell · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34428 | Medium | 5.9 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harknell AWSOM News Announcement allows Stored XSS.This issue affects AWSOM News Announcement: from n/a through 1.6.0. |
Hasthemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-37999 | Critical | 9.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0. |
Helderk · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32708 | Low | 3.7 | — | 2024-05-17 | Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode allows Functionality Bypass.This issue affects Maintenance Mode: from n/a through 3.0.1. |
Hidden Depth · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35170 | Medium | 5.9 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidden Depth Sticky banner allows Stored XSS.This issue affects Sticky banner: from n/a through 1.2.0. |
Highfivery Llc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32521 | Medium | 5.3 | — | 2024-05-17 | Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through 5.5.6. |
Hoppscotch · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34714 | High | 7.6 | — | 2024-05-14 | The Hoppscotch Browser Extension is a browser extension for Hoppscotch, a community-driven end-to-end open-source API development ecosystem. |
Hp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27460 | Medium | 6.7 | — | 2024-05-14 | A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below. |
Htmly · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34191 | Medium | 6.5 | — | 2024-05-14 | htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. |
Huseyin Berberoglu · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34427 | Medium | 4.3 | — | 2024-05-14 | Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Favorite Posts.This issue affects WP Favorite Posts: from n/a through 1.6.8. |
Icegram · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4010 | High | 8.8 | — | 2024-05-15 | The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to… |
Ieplexus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34424 | Medium | 5.9 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iePlexus Featured Content Gallery allows Stored XSS.This issue affects Featured Content Gallery: from n/a through 3.2.0. |
Imagely · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2744 | Medium | 4.3 | — | 2024-05-17 | The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed |
Imran Sayed · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-34186 | Medium | 5.3 | — | 2024-05-17 | Missing Authorization vulnerability in Imran Sayed Headless CMS.This issue affects Headless CMS: from n/a through 2.0.3. |
Instawp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22145 | High | 8.8 | — | 2024-05-17 | Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8. |
Ioss · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51476 | Critical | 9.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0. |
Iqonicdesign · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4574 | Medium | 6.4 | — | 2024-05-14 | The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping on use… |
Itpison · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4894 | Medium | 5.3 | — | 2024-05-15 | ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. |
J.n. Breetvelt A.k.a. Opajaap · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31377 | Critical | 10.0 | — | 2024-05-14 | Unrestricted Upload of File with Dangerous Type vulnerability in J.N. |
Jetmonsters · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4413 | Critical | 9.8 | — | 2024-05-14 | The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input. |
Jfrog · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2248 | Medium | 6.4 | — | 2024-05-15 | A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user… |
Joblib_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34997 | High | 7.5 | — | 2024-05-17 | joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). |
Joomsky · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-25444 | Critical | 9.1 | — | 2024-05-17 | Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2… |
Jordy Meow · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34440 | Critical | 9.1 | — | 2024-05-14 | Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63. |
Joseph C Dolson · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23988 | High | 7.5 | — | 2024-05-17 | Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through 1.9.11. |
Jottlieb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3070 | Critical | 9.8 | — | 2024-05-14 | The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. |
Jr King/eran Schoellhorn · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33550 | High | 8.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0. |
Jumpdemand Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32809 | Critical | 10.0 | — | 2024-05-17 | Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. |
Justin Silver · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-45652 | Medium | 6.5 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Justin Silver Remote Content Shortcode allows PHP Local File Inclusion.This issue affects Remote Content Shortcode: from n/a through 1.5. |
Justin Tadlock · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33952 | Medium | 6.5 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Unique allows Stored XSS.This issue affects Unique: from n/a through 0.3.0. |
Kabir-m-alhasan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5047 | High | 7.3 | — | 2024-05-17 | A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. |
Kiboko Labs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34823 | Medium | 4.3 | — | 2024-05-14 | Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter.This issue affects Arigato Autoresponder and Newsletter: from n/a through 2.7.2.3. |
Kraftplugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4702 | Medium | 6.4 | — | 2024-05-15 | The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attr… |
Kubernetes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3744 | Medium | 6.5 | — | 2024-05-15 | A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. |
Kykms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34909 | Medium | 5.4 | — | 2024-05-15 | An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. |
Lenderd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-45368 | High | 7.7 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75. |
Lenovo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3286 | High | 7.5 | — | 2024-05-16 | A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request. |
Levelfourstorefront · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4213 | Medium | 5.3 | — | 2024-05-14 | The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. |
Ligowave · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4999 | — | — | — | 2024-05-16 | A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6… |
Lionscripts · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30479 | Medium | 5.3 | — | 2024-05-17 | Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows Functionality Bypass.This issue affects IP Blocker Lite: from n/a through 11.1.1. |
Lizardbyte · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31226 | Medium | 4.9 | — | 2024-05-16 | Sunshine is a self-hosted game stream host for Moonlight. |
Llamaindex · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4181 | High | 8.8 | — | 2024-05-16 | A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). |
Lobehub · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32964 | Critical | 9.0 | — | 2024-05-14 | Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. |
Lws · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32297 | Critical | 9.0 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LWS LWS Affiliation allows PHP Local File Inclusion.This issue affects LWS Affiliation: from n/a through 2.2.6. |
Lylme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34982 | Critical | 9.8 | — | 2024-05-17 | An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file. |
Mainwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23645 | Critical | 9.9 | — | 2024-05-17 | Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2. |
Masteriyo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24882 | Critical | 9.8 | — | 2024-05-17 | Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2. |
Matrix-org · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34353 | Medium | 5.5 | — | 2024-05-14 | The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. |
Matt Van Andel · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33953 | Medium | 6.5 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt van Andel Adventure Journal allows Stored XSS.This issue affects Adventure Journal: from n/a through 1.7.2. |
Matter-labs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34704 | Medium | 5.9 | — | 2024-05-14 | era-compiler-solidity is the ZKsync compiler for Solidity. |
Metaphorcreations · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3954 | High | 8.8 | — | 2024-05-14 | The Ditty plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.1.38 via deserialization of untrusted input when adding a new ditty. |
Microchip · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4760 | Medium | 6.3 | — | 2024-05-16 | A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is s… |
Mihdan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4411 | Medium | 6.4 | — | 2024-05-14 | The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.6.5.1 due to insufficient input sanitization and output escaping on user… |
Miniorange · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47683 | High | 8.0 | — | 2024-05-17 | Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter… |
Miraheze · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34701 | Medium | 5.9 | — | 2024-05-14 | CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. |
Mmond · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3582 | Medium | 4.8 | — | 2024-05-14 | The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack |
Nalam-1 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2923 | Medium | 6.4 | — | 2024-05-14 | The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text effect widget in all versions up to, an… |
Nathan Vonnahme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34419 | Medium | 5.9 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nathan Vonnahme Configure Login Timeout allows Stored XSS.This issue affects Configure Login Timeout: from n/a through 1.0. |
Nautobot · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34707 | High | 7.5 | — | 2024-05-14 | Nautobot is a Network Source of Truth and Network Automation Platform. |
Nec Platforms, Ltd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3016 | Critical | 9.1 | — | 2024-05-14 | NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated user. |
Ni · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4044 | High | 7.8 | — | 2024-05-14 | A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. |
Nikhil-bhalerao · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4809 | Medium | 6.3 | — | 2024-05-14 | A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. |
Ninja Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35166 | Medium | 5.3 | — | 2024-05-14 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird.This issue affects Filebird: from n/a through 5.6.3. |
Nko · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4363 | Medium | 6.4 | — | 2024-05-15 | The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output e… |
Nota-info · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-26526 | High | 7.7 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1. |
Npgsql · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32655 | High | 8.1 | — | 2024-05-14 | Npgsql is the .NET data provider for PostgreSQL. |
Ocdi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34433 | Medium | 4.4 | — | 2024-05-14 | Deserialization of Untrusted Data vulnerability in OCDI One Click Demo Import.This issue affects One Click Demo Import: from n/a through 3.2.0. |
Oceanicjs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34712 | Medium | 6.5 | — | 2024-05-14 | Oceanic is a NodeJS library for interfacing with Discord. |
Oceanwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23700 | High | 7.6 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1. |
Octo-sts · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34079 | Low | 3.7 | — | 2024-05-14 | octo-sts is a GitHub App that acts like a Security Token Service (STS) for the Github API. |
Octoprint · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32977 | High | 7.1 | — | 2024-05-14 | OctoPrint provides a web interface for controlling consumer 3D printers. |
Openssl · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4603 | Medium | 5.3 | — | 2024-05-16 | Issue summary: Checking excessively long DSA keys or parameters may be very slow. |
Opentext · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2021-22508 | High | 7.2 | — | 2024-05-17 | A potential vulnerability has been identified for OpenText Operations Bridge Reporter. |
Optimole · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4636 | Medium | 6.4 | — | 2024-05-15 | The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient in… |
Orchestrated · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34429 | Medium | 5.9 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data allows Stored XSS.This issue affects Corona Virus (COVID-19) Banner & Live Data… |
Owlet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6321 | High | 7.2 | — | 2024-05-15 | A command injection vulnerability exists in the IOCTL that manages OTA updates. |
Paperless-ngx · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35184 | Medium | 5.5 | — | 2024-05-15 | Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. |
Parisneo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4078 | Critical | 9.8 | — | 2024-05-16 | A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. |
Pdfcrowd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5971 | Medium | 4.8 | — | 2024-05-14 | The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltere… |
Pencidesign · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3551 | Critical | 9.8 | — | 2024-05-17 | The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. |
Phil Baylog · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34425 | Medium | 5.9 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Baylog QuickieBar allows Stored XSS.This issue affects QuickieBar: from n/a through 1.8.4. |
Phoenix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-35841 | High | 7.8 | — | 2024-05-14 | Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0. |
Phpbits · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34423 | Medium | 5.9 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpbits Forty Four – 404 Plugin for WordPress allows Stored XSS.This issue affects Forty Four – 404 Plugin for WordPress: from n/a throug… |
Pippin Williamson · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30480 | Low | 3.7 | — | 2024-05-17 | Authentication Bypass by Spoofing vulnerability in Pippin Williamson CGC Maintenance Mode allows Functionality Bypass.This issue affects CGC Maintenance Mode: from n/a through 1.2. |
Plainware · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4733 | High | 7.5 | — | 2024-05-16 | The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the `hc3_session`-cookie in versions up to, and including, 4.9.57. |
Pluginops · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34752 | High | 7.1 | — | 2024-05-17 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.8. |
Plugins360 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4670 | High | 8.8 | — | 2024-05-15 | The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. |
Podlove · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32712 | High | 7.5 | — | 2024-05-14 | Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14. |
Powerdns · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25581 | High | 7.5 | — | 2024-05-14 | When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXF… |
Powerfulwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51481 | Critical | 9.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0. |
Prasunsen · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4314 | Medium | 4.3 | — | 2024-05-14 | The Hostel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5.3. |
Premmerce · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27971 | High | 8.3 | — | 2024-05-17 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce woo-permalink-manager.This issue affects Premmerce Permalink Man… |
Profilepress Membership Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41954 | High | 8.6 | — | 2024-05-17 | Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1. |
Propluginslab · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4038 | Medium | 6.5 | — | 2024-05-14 | The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1. |
Propovoice · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4747 | High | 7.1 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Propovoice Propovoice CRM allows Stored XSS.This issue affects Propovoice CRM: from n/a through 1.7.6.2. |
Pt-guy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4446 | Medium | 6.4 | — | 2024-05-14 | The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagingType’ parameter in all versions up to, and inclu… |
Puneeth Reddy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3579 | Medium | 6.1 | — | 2024-05-14 | Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS). |
Pure-chat · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3595 | Medium | 6.4 | — | 2024-05-14 | The Pure Chat – Live Chat Plugin & More! |
Qode Interactive · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47679 | Medium | 6.4 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through 1.6.3. |
Quanticalabs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32692 | High | 8.2 | — | 2024-05-17 | Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a throug… |
Qube One Ltd. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23990 | High | 7.6 | — | 2024-05-17 | Improper Privilege Management vulnerability in Qube One Ltd. |
Radiustheme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34812 | Medium | 5.3 | — | 2024-05-14 | Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 2.1.8. |
Rafflepress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32827 | Medium | 5.3 | — | 2024-05-17 | Authentication Bypass by Spoofing vulnerability in RafflePress Giveaways and Contests allows Functionality Bypass.This issue affects Giveaways and Contests: from n/a through 1.12.7. |
Rank Math · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23888 | High | 7.6 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through 1.0.107.2. |
Rashed Latif · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34430 | Medium | 5.9 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rashed Latif TT Custom Post Type Creator allows Stored XSS.This issue affects TT Custom Post Type Creator: from n/a through 1.0. |
Ravanh · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4441 | High | 8.1 | — | 2024-05-14 | The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the 'feed' parameter. |
Razormist · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4920 | High | 7.3 | — | 2024-05-16 | A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. |
Rebelcode · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4860 | Medium | 5.4 | — | 2024-05-14 | The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the 'notice_id' GET parameter. |
Repute Infosystems · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51356 | High | 8.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10. |
Reviewx · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3609 | Medium | 4.3 | — | 2024-05-16 | The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and inclu… |
Revmakx · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34816 | Medium | 5.4 | — | 2024-05-14 | Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8. |
Roku · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6322 | High | 7.2 | — | 2024-05-15 | A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. |
Room 34 Creative Services, Llc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-46784 | High | 8.2 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Requ… |
Roxnor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21746 | Medium | 5.3 | — | 2024-05-17 | Authentication Bypass by Spoofing vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Identity Spoofing.This issue affects Wp Ultimate Review: from n/a through <= 2.3.6. |
Ruby · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35176 | Medium | 5.3 | — | 2024-05-16 | REXML is an XML toolkit for Ruby. |
Saadiqbal · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0437 | Medium | 4.3 | — | 2024-05-15 | The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. |
Saasproject Booking Package · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-37389 | High | 8.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in SAASPROJECT Booking Package Booking Package allows Privilege Escalation.This issue affects Booking Package: from n/a through 1.5.98. |
Sakuraisayeki · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34695 | Medium | 6.3 | — | 2024-05-14 | WOWS Karma is a reputation system for Wargaming's World of Warships. |
Saleswonder Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51424 | Critical | 9.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0. |
Salon Booking System · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48319 | Medium | 6.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in Salon Booking System Salon booking system allows Privilege Escalation.This issue affects Salon booking system: from n/a through 8.6. |
Samuel Marshall · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34808 | Medium | 4.3 | — | 2024-05-16 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.2.0. |
Sbouey · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4417 | Medium | 4.4 | — | 2024-05-14 | The Falang multilanguage for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.49 due to insufficient input sanitization and output escaping. |
Sc0ttkclark · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3956 | Medium | 5.4 | — | 2024-05-14 | The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pod Form widget in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on… |
Sinamjackson · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4966 | High | 7.3 | — | 2024-05-16 | A vulnerability was found in SourceCodester SchoolWebTech 1.0. |
Sirv · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32959 | High | 8.8 | — | 2024-05-17 | Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2. |
Smartypants · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1693 | Medium | 4.3 | — | 2024-05-14 | The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. |
Snow Software Ab · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4129 | High | 8.8 | — | 2024-05-14 | Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows a networked attacker to perform an Authentication Bypass if Active Directory Authentication is enabled.This issue affects Snow License Manager… |
Solidus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4859 | Medium | 5.7 | — | 2024-05-14 | Solidus <= 4.3.4 is affected by a Stored Cross-Site Scripting vulnerability in the order tracking URL. |
Sonatype · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4956 | High | 7.5 | — | 2024-05-16 | Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. |
Sourcecodester · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5046 | High | 7.3 | — | 2024-05-17 | A vulnerability was found in SourceCodester Online Examination System 1.0. |
Spacemeshos · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34360 | High | 8.2 | — | 2024-05-14 | go-spacemesh is a Go implementation of the Spacemesh protocol full node. |
Sparkle Wp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32129 | Medium | 4.3 | — | 2024-05-17 | Missing Authorization vulnerability in Sparkle WP Editorialmag editorialmag.This issue affects Editorialmag: from n/a through 1.1.9. |
Spoonthemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49753 | High | 7.5 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spoonthemes Adifier System allows PHP Local File Inclusion.This issue affects Adifier System: from n/a before 3.1.4. |
Squelch · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4463 | Medium | 4.3 | — | 2024-05-14 | The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.7. |
Stacklok · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35185 | Medium | 5.3 | — | 2024-05-16 | Minder is a software supply chain security platform. |
Stefano Lissa & The Newsletter Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30522 | Medium | 5.3 | — | 2024-05-17 | Authentication Bypass by Spoofing vulnerability in Stefano Lissa & The Newsletter Team Newsletter allows Functionality Bypass.This issue affects Newsletter: from n/a through 8.2.0. |
Stellar · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32985 | Medium | 5.9 | — | 2024-05-14 | Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. |
Strategy11 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23522 | Medium | 5.3 | — | 2024-05-17 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7. |
Strongswan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-4967 | High | 7.7 | — | 2024-05-14 | strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). |
Subnet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28042 | High | 8.4 | — | 2024-05-15 | SUBNET Solutions Inc. |
Swiftideas · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2697 | Medium | 6.5 | — | 2024-05-17 | The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored… |
Swte · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3722 | Medium | 5.4 | — | 2024-05-14 | The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18. |
Sylius · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34349 | Medium | 4.8 | — | 2024-05-14 | Sylius is an open source eCommerce platform. |
Synaptics · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5447 | Medium | 5.5 | — | 2024-05-14 | Missing lock check in SynHsaService may create a use-after-free condition which causes abnormal termination of the service, resulting in denial of service for the Synaptics Hardware Support App. |
Talspotim · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34420 | Medium | 5.9 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in talspotim Comments Evolved for WordPress allows Stored XSS.This issue affects Comments Evolved for WordPress: from n/a through 1.6.3. |
Tech9logy Creators · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34418 | Medium | 5.9 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tech9logy Creators WPCS ( WordPress Custom Search ) allows Stored XSS.This issue affects WPCS ( WordPress Custom Search ): from n/a throu… |
Technologicx · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3903 | High | 7.1 | — | 2024-05-14 | The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via… |
Teplitsa Of Social Technologies · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-33327 | High | 8.8 | — | 2024-05-14 | Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2. |
Tg123 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35175 | Medium | 5.3 | — | 2024-05-14 | sshpiper is a reverse proxy for sshd. |
The Events Calendar · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24715 | Medium | 6.5 | — | 2024-05-17 | Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0. |
Theme Freesia · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33955 | Medium | 6.5 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Freesia Empire allows Stored XSS.This issue affects Freesia Empire: from n/a through 1.4.1. |
Themekraft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32830 | High | 8.6 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8. |
Themelocation · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33956 | Medium | 4.3 | — | 2024-05-14 | Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0. |
Themeqx · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3590 | Medium | 6.1 | — | 2024-05-14 | The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers |
Thomas Scholl · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34411 | Critical | 9.9 | — | 2024-05-14 | Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.This issue affects canvasio3D Light: from n/a through 2.5.0. |
Thrive Themes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47782 | High | 8.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0. |
Tibco · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3182 | Medium | 6.5 | — | 2024-05-15 | Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service (EMS) password to be exposed outside of the… |
Tigroumeow · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4386 | Medium | 6.4 | — | 2024-05-14 | The Gallery Block (Meow Gallery) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data_atts’ parameter in versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. |
Timber Team & Contributors · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-29800 | High | 8.0 | — | 2024-05-14 | Deserialization of Untrusted Data vulnerability in Timber Team & Contributors Timber.This issue affects Timber: from n/a through 1.23.0. |
Tips And Tricks Hq · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30527 | High | 7.5 | — | 2024-05-17 | Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a… |
Toidicode.com (Thanhtaivtt) · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34417 | Medium | 5.9 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Toidicode.Com (thanhtaivtt) Viet Nam Affiliate allows Stored XSS.This issue affects Viet Nam Affiliate: from n/a through 1.0.0. |
Tongda · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4903 | Medium | 6.3 | — | 2024-05-15 | A vulnerability was found in Tongda OA 2017. |
Trinhtuantai · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34422 | Medium | 5.9 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in trinhtuantai Viet Affiliate Link allows Stored XSS.This issue affects Viet Affiliate Link: from n/a through 1.2. |
Ukrsolution · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33567 | Critical | 9.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. |
Unattributed · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34416 | Critical | 9.1 | — | 2024-05-14 | Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through 2.1. |
Uniform Server Zero · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5052 | Medium | 6.3 | — | 2024-05-14 | vulnerability in Uniform Server Zero, version 10.2.5, consisting of an XSS through the /us_extra/phpinfo.php page. |
Upwerd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2846 | Medium | 4.4 | — | 2024-05-14 | The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. |
Urban Base · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34555 | Critical | 10.0 | — | 2024-05-14 | Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3. |
Valiano · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-33310 | Medium | 6.0 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59. |
Valtimo-platform · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34706 | Critical | 9.8 | — | 2024-05-14 | Valtimo is an open source business process and case management platform. |
Veeam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-29212 | Critical | 9.9 | — | 2024-05-14 | Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (… |
Veronalabs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34811 | Medium | 5.9 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.5.1. |
Videousermanuals · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4280 | Medium | 5.3 | — | 2024-05-14 | The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3. |
Villatheme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4039 | Medium | 6.5 | — | 2024-05-14 | The The Orders Tracking for WooCommerce plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.10. |
Vova Anokhin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-25050 | High | 7.1 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6. |
W3eden · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32131 | Medium | 5.3 | — | 2024-05-17 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. |
Wangshen · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5050 | Medium | 6.3 | — | 2024-05-17 | A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. |
Warfare Plugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34825 | Medium | 4.3 | — | 2024-05-14 | Cross-Site Request Forgery (CSRF) vulnerability in Warfare Plugins Social Warfare.This issue affects Social Warfare: from n/a through 4.4.5.1. |
Watchguard · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1417 | High | 7.8 | — | 2024-05-16 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint… |
Watchtowerhq · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-25701 | Critical | 9.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16. |
Web-settler · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-24379 | Medium | 6.8 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Web-Settler Landing Page Builder – Free Landing Page Templates allows Path Traversal.This issue affects Landing Page Builder – Free Landing Pag… |
Webinarpress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34818 | High | 7.1 | — | 2024-05-14 | Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress.This issue affects WebinarPress: from n/a through 1.33.17. |
Webtechideas · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33917 | Medium | 5.3 | — | 2024-05-17 | Authentication Bypass by Spoofing vulnerability in webtechideas WTI Like Post allows Functionality Bypass.This issue affects WTI Like Post: from n/a through 1.4.6. |
Webvitaly · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34805 | Medium | 6.5 | — | 2024-05-16 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0. |
Webwizards · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22157 | Critical | 9.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15. |
Wedevs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47682 | High | 7.2 | — | 2024-05-17 | Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5. |
Weforms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32512 | Medium | 5.3 | — | 2024-05-17 | Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20. |
Wholesale · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30542 | Critical | 9.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2. |
Wolfi-dev · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35183 | Medium | 4.4 | — | 2024-05-15 | wolfictl is a command line tool for working with Wolfi. |
Woo Product Importer · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32724 | High | 7.5 | — | 2024-05-14 | Missing Authorization vulnerability in Woo product importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1. |
Woocommerce · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-35881 | High | 7.6 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WooCommerce WooCommerce One Page Checkout allows PHP Local File Inclusion.This issue affects WooCommerce One Page Checkout: from n/a through 2… |
Wordplus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32802 | Medium | 5.3 | — | 2024-05-17 | Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32. |
Wp Club Manager · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32719 | Medium | 5.3 | — | 2024-05-14 | Missing Authorization vulnerability in WP Club Manager WP Club Manager wp-club-manager.This issue affects WP Club Manager: from n/a through <= 2.2.11. |
Wp Happy Coders · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25906 | Medium | 4.3 | — | 2024-05-17 | Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through 1.2.2. |
Wp Hive · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-44478 | High | 7.1 | — | 2024-05-17 | Cross-Site Request Forgery (CSRF) vulnerability in WP Hive Events Rich Snippets for Google allows Exploitation of Trusted Credentials.This issue affects Events Rich Snippets for Google: from n/a through 1.8. |
Wp Sharks · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31237 | High | 7.5 | — | 2024-05-17 | Improper Privilege Management vulnerability in WP Sharks s2Member Pro allows Privilege Escalation.This issue affects s2Member Pro: from n/a through 240315. |
Wp-etracker · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34431 | High | 7.1 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-etracker WP etracker allows Reflected XSS.This issue affects WP etracker: from n/a through 1.0.2. |
Wpblockart · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34760 | Medium | 6.5 | — | 2024-05-16 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPBlockart Magazine Blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through 1.3.6. |
Wpcustomify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33644 | Critical | 9.9 | — | 2024-05-17 | Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9. |
Wpfactory · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34370 | High | 7.2 | — | 2024-05-17 | Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9. |
Wpjoli · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4082 | Medium | 4.3 | — | 2024-05-14 | The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. |
Wpmet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32685 | Medium | 5.3 | — | 2024-05-17 | Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.2.5. |
Wpsurface · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34421 | Medium | 6.5 | — | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsurface BlogLentor allows Stored XSS.This issue affects BlogLentor: from n/a through 1.0.8. |
Wpvivid · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41243 | High | 8.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90. |
Wpzoom · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4370 | Medium | 6.4 | — | 2024-05-15 | The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization an… |
Xpdf · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4976 | Medium | 5.5 | — | 2024-05-15 | Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference. |
Xpro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4440 | Medium | 6.4 | — | 2024-05-14 | The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output es… |
Xtemos · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32244 | Critical | 9.8 | — | 2024-05-17 | Improper Privilege Management vulnerability in xtemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36. |
Yarpp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-45374 | High | 7.7 | — | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4. |
Yithemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0870 | Medium | 5.3 | — | 2024-05-14 | The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_mail_status' and 'save_email_settings' functions in all versions up to, and including, 4… |
Yms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3263 | Critical | 9.8 | — | 2024-05-14 | YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. |
Zabbix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22120 | Critical | 9.1 | — | 2024-05-17 | Zabbix server can perform command execution for configured scripts. |
Zte · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22064 | High | 8.3 | — | 2024-05-14 | ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over… |