Patch Tuesday — May 2024

2024-05-14 · 1498 CVEs

CVEs published or modified the week of 2024-05-14, partitioned by vendor.

Microsoft (114 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33868Critical9.82024-05-14An issue was discovered in linqi before 1.4.0.1 on Windows.
CVE-2024-33863Critical9.82024-05-14An issue was discovered in linqi before 1.4.0.1 on Windows.
CVE-2023-45217High8.82024-05-16Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-42773High8.82024-05-16Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-38581High8.82024-05-16Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-30040High8.8KEV2024-05-14Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2024-30017High8.82024-05-14Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-30010High8.82024-05-14Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-30009High8.82024-05-14Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30007High8.82024-05-14Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-30006High8.82024-05-14Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-30020High8.12024-05-14Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2023-46691High7.92024-05-16Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-30060High7.82024-05-16Azure Monitor Agent Elevation of Privilege Vulnerability
CVE-2024-30314High7.82024-05-16Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker.
CVE-2024-30292High7.82024-05-16Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30291High7.82024-05-16Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30290High7.82024-05-16Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30289High7.82024-05-16Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30288High7.82024-05-16Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30297High7.82024-05-16Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30296High7.82024-05-16Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30295High7.82024-05-16Animate versions 24.0.2, 23.0.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30294High7.82024-05-16Animate versions 24.0.2, 23.0.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30293High7.82024-05-16Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30282High7.82024-05-16Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30275High7.82024-05-16Adobe Aero Desktop versions 23.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-20792High7.82024-05-16Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-20791High7.82024-05-16Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
CVE-2024-34100High7.82024-05-15Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-34099High7.82024-05-15Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-34098High7.82024-05-15Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-34097High7.82024-05-15Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-34096High7.82024-05-15Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-34095High7.82024-05-15Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-34094High7.82024-05-15Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30310High7.82024-05-15Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30284High7.82024-05-15Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30051High7.8KEV2024-05-14Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-30049High7.82024-05-14Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2024-30042High7.82024-05-14Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-30038High7.82024-05-14Win32k Elevation of Privilege Vulnerability
CVE-2024-30035High7.82024-05-14Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-30032High7.82024-05-14Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-30031High7.82024-05-14Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2024-30030High7.82024-05-14Win32k Elevation of Privilege Vulnerability
CVE-2024-30028High7.82024-05-14Win32k Elevation of Privilege Vulnerability
CVE-2024-30027High7.82024-05-14NTFS Elevation of Privilege Vulnerability
CVE-2024-30025High7.82024-05-14Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-30018High7.82024-05-14Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-29996High7.82024-05-14Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-29994High7.82024-05-14Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
CVE-2024-26238High7.82024-05-14Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability
CVE-2024-4712High7.82024-05-14An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the image-handler process, which can incorrectly create files that don’t exist whe…
CVE-2024-3037High7.82024-05-14An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled.
CVE-2024-30048High7.62024-05-14Dynamics 365 Customer Insights Spoofing Vulnerability
CVE-2024-30047High7.62024-05-14Dynamics 365 Customer Insights Spoofing Vulnerability
CVE-2024-30029High7.52024-05-14Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30024High7.52024-05-14Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30023High7.52024-05-14Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30022High7.52024-05-14Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30015High7.52024-05-14Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30014High7.52024-05-14Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-33865High7.52024-05-14An issue was discovered in linqi before 1.4.0.1 on Windows.
CVE-2024-0097High7.52024-05-14NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes.
CVE-2024-0096High7.52024-05-14NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow.
CVE-2024-30044High7.22024-05-14Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-22268High7.12024-05-14VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerabilit…
CVE-2024-30033High7.02024-05-14Windows Search Service Elevation of Privilege Vulnerability
CVE-2024-20391Medium6.82024-05-15A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of…
CVE-2024-30021Medium6.82024-05-14Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30012Medium6.82024-05-14Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30005Medium6.82024-05-14Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30004Medium6.82024-05-14Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30003Medium6.82024-05-14Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30002Medium6.82024-05-14Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30001Medium6.82024-05-14Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30000Medium6.82024-05-14Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-29999Medium6.82024-05-14Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-29998Medium6.82024-05-14Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-29997Medium6.82024-05-14Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-23583Medium6.72024-05-17An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems.
CVE-2023-45736Medium6.72024-05-16Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-30054Medium6.52024-05-14Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
CVE-2024-30053Medium6.52024-05-14Azure Migrate Cross-Site Scripting Vulnerability
CVE-2024-30043Medium6.52024-05-14Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2024-30036Medium6.52024-05-14Windows Deployment Services Information Disclosure Vulnerability
CVE-2024-30019Medium6.52024-05-14DHCP Server Service Denial of Service Vulnerability
CVE-2024-30011Medium6.52024-05-14Windows Hyper-V Denial of Service Vulnerability
CVE-2024-30045Medium6.32024-05-14.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-30059Medium6.12024-05-14Microsoft Intune for Android Mobile Application Management Tampering Vulnerability
CVE-2024-30046Medium5.92024-05-14Visual Studio Denial of Service Vulnerability
CVE-2024-33864Medium5.92024-05-14An issue was discovered in linqi before 1.4.0.1 on Windows.
CVE-2023-45315Medium5.52024-05-16Improper initialization in some Intel(R) Power Gadget software for Windwos all versions may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-30287Medium5.52024-05-16Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-30286Medium5.52024-05-16Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-30283Medium5.52024-05-16Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-30298Medium5.52024-05-16Animate versions 24.0.2, 23.0.5 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20793Medium5.52024-05-16Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-34101Medium5.52024-05-15Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-30312Medium5.52024-05-15Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-30311Medium5.52024-05-15Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-30039Medium5.52024-05-14Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-30037Medium5.52024-05-14Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-30034Medium5.52024-05-14Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVE-2024-30016Medium5.52024-05-14Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2024-30008Medium5.52024-05-14Windows DWM Core Library Information Disclosure Vulnerability
CVE-2024-33866Medium5.52024-05-14An issue was discovered in linqi before 1.4.0.1 on Windows.
CVE-2024-0098Medium5.52024-05-14NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user can cause a clear-text transmission of sensitive information issue by data sniffing.
CVE-2024-30050Medium5.42024-05-14Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2024-30041Medium5.42024-05-14Microsoft Bing Search Spoofing Vulnerability
CVE-2024-30055Medium5.42024-05-14Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2023-41234Medium5.02024-05-16NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-33867Medium4.82024-05-14An issue was discovered in linqi before 1.4.0.1 on Windows.

Other vendors (1384 CVEs across 459 vendors)

N/a · 166 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22476Critical10.02024-05-16Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.
CVE-2024-34919Critical9.82024-05-17An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2023-48643Critical9.82024-05-16Shrubbery tac_plus 2.x, 3.x.
CVE-2024-33485Critical9.82024-05-14SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php component
CVE-2024-34256Critical9.82024-05-14OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function.
CVE-2024-32353Critical9.82024-05-14TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.
CVE-2024-35099Critical9.82024-05-14TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.
CVE-2024-34945Critical9.82024-05-14Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPW parameter at ip/goform/WizardHandle.
CVE-2024-34943Critical9.82024-05-14Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting.
CVE-2024-34213Critical9.82024-05-14TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function.
CVE-2024-34209Critical9.82024-05-14TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function.
CVE-2024-34204Critical9.82024-05-14TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter.
CVE-2024-31810Critical9.82024-05-14TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
CVE-2024-30802Critical9.82024-05-14An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component.
CVE-2024-28285Critical9.82024-05-14A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges.
CVE-2024-27280Critical9.82024-05-14A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4.
CVE-2022-32504Critical9.82024-05-14An issue was discovered on certain Nuki Home Solutions devices.
CVE-2024-34226Critical9.42024-05-14SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters.
CVE-2024-35049Critical9.12024-05-14SurveyKing v1.3.1 was discovered to keep users' sessions active after logout.
CVE-2024-26517Critical9.12024-05-14SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component.
CVE-2024-34058High8.82024-05-17The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail message).
CVE-2024-35102High8.82024-05-15Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv-m8105) 8.6.2-1 allows a remote attacker to escalate privileges via a crafted script.
CVE-2024-32352High8.82024-05-14TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary.
CVE-2024-32351High8.82024-05-14TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mru" parameter in the "cstecgi.cgi" binary.
CVE-2024-32350High8.82024-05-14TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecPsk" parameter in the "cstecgi.cgi" binary.
CVE-2024-35050High8.82024-05-14An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin.
CVE-2024-34944High8.82024-05-14Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient.
CVE-2024-34942High8.82024-05-14Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/exeCommand.
CVE-2024-34921High8.82024-05-14TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function.
CVE-2024-34310High8.82024-05-14Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter.
CVE-2024-34308High8.82024-05-14TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.
CVE-2024-34221High8.82024-05-14Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation.
CVE-2024-34211High8.82024-05-14TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVE-2024-34207High8.82024-05-14TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function.
CVE-2024-34200High8.82024-05-14TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function.
CVE-2024-34196High8.82024-05-14Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow.
CVE-2022-32509High8.82024-05-14An issue was discovered on certain Nuki Home Solutions devices.
CVE-2022-32507High8.82024-05-14An issue was discovered on certain Nuki Home Solutions devices.
CVE-2024-34219High8.62024-05-14TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet.
CVE-2024-34199High8.62024-05-14TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line.
CVE-2023-26566High8.62024-05-14Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface (ARI), which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sen…
CVE-2024-35204High8.42024-05-14Veritas System Recovery before 23.3_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks.
CVE-2023-38654High8.22024-05-16Improper input validation for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-34974High8.22024-05-14Tenda AC18 v15.03.05.19 is vulnerable to Buffer Overflow in the formSetPPTPServer function via the endIp parameter.
CVE-2024-32355High8.02024-05-14TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function.
CVE-2024-21813High7.92024-05-16Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21864High7.82024-05-16Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access.
CVE-2024-31556High7.82024-05-14An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function.
CVE-2024-35205High7.82024-05-14The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal.
CVE-2024-31771High7.82024-05-14Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file
CVE-2024-29513High7.82024-05-14An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to an improper DACL being applied…
CVE-2024-22774High7.82024-05-14An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component.
CVE-2024-34217High7.72024-05-14TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function.
CVE-2023-41092High7.62024-05-16Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access.
CVE-2022-32503High7.62024-05-14An issue was discovered on certain Nuki Home Solutions devices.
CVE-2024-24981High7.52024-05-16Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-23980High7.52024-05-16Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-23487High7.52024-05-16Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-22382High7.52024-05-16Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-21823High7.52024-05-16Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access
CVE-2023-40297High7.52024-05-15Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component.
CVE-2024-34459High7.52024-05-14An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7.
CVE-2024-34220High7.52024-05-14Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.
CVE-2024-33818High7.52024-05-14Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR) via the userID parameter.
CVE-2024-30172High7.52024-05-14An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78.
CVE-2024-29857High7.52024-05-14An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1.
CVE-2022-32508High7.52024-05-14An issue was discovered on certain Nuki Home Solutions devices.
CVE-2023-52424High7.42024-05-17The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop.
CVE-2024-27353High7.42024-05-15A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to es…
CVE-2024-35313High7.32024-05-17In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length of 3 (with full vanguards), aka TROVE-2024-004.
CVE-2024-34224High7.32024-05-14Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname…
CVE-2024-34215High7.32024-05-14TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function.
CVE-2024-34212High7.32024-05-14TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function.
CVE-2024-34210High7.32024-05-14TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter.
CVE-2024-34205High7.32024-05-14TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function.
CVE-2024-34201High7.32024-05-14TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function.
CVE-2024-31954High7.32024-05-14An issue was discovered in the installer in Samsung Portable SSD for T5 1.6.10 on Windows.
CVE-2023-46870High7.32024-05-14extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAPI/*.py in Nordic Semiconductor nRF Sniffer for Bluetooth LE 3.0.0, 3.1.0, 4.0.0, 4.1.0, and 4.1.1 have set incorrect file permission, which allows attackers to do code e…
CVE-2024-22095High7.22024-05-16Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2023-28402High7.22024-05-16Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-27504High7.22024-05-16Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-28132High7.22024-05-14The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user.
CVE-2024-34338High7.22024-05-14Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute.
CVE-2024-33250High7.22024-05-14An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268(Leo) and SRS/4.0.195(Leo) allows a remote attacker to execute arbitrary code via a crafted request.
CVE-2024-25743High7.12024-05-15In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications.
CVE-2024-34231High7.12024-05-14A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter.
CVE-2022-32510High7.12024-05-14An issue was discovered on certain Nuki Home Solutions devices.
CVE-2022-32505High7.12024-05-14An issue was discovered on certain Nuki Home Solutions devices.
CVE-2022-37410High7.02024-05-16Improper access control for some Intel(R) Thunderbolt driver software before version 89 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-22379Medium6.72024-05-16Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21843Medium6.72024-05-16Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21841Medium6.72024-05-16Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21828Medium6.72024-05-16Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21818Medium6.72024-05-16Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21774Medium6.72024-05-16Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-43751Medium6.72024-05-16Uncontrolled search path in Intel(R) Graphics Command Center Service bundled in some Intel(R) Graphics Windows DCH driver software before versions 31.0.101.3790/31.0.101.2114 may allow an authenticated user to potentially enable escalation…
CVE-2023-42668Medium6.72024-05-16Incorrect default permissions in some onboard video driver software before version 1.14 for Intel(R) Server Boards based on Intel(R) 62X Chipset may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-42433Medium6.72024-05-16Incorrect default permissions in some Endurance Gaming Mode software installers before version 1.3.937.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-40155Medium6.72024-05-16Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-39929Medium6.72024-05-16Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-27282Medium6.62024-05-14An issue was discovered in Ruby 3.x through 3.3.0.
CVE-2024-25742Medium6.52024-05-17In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler.
CVE-2024-22015Medium6.52024-05-16Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local access.
CVE-2024-28087Medium6.52024-05-15In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability.
CVE-2024-34946Medium6.52024-05-14Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient.
CVE-2024-34206Medium6.52024-05-14TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter.
CVE-2024-34202Medium6.52024-05-14TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function.
CVE-2023-29881Medium6.52024-05-14phpok 6.4.003 is vulnerable to SQL injection in the function index_f() in phpok64/framework/api/call_control.php.
CVE-2022-32506Medium6.42024-05-14An issue was discovered on certain Nuki Home Solutions devices.
CVE-2024-31974Medium6.32024-05-17The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent.
CVE-2022-32502Medium6.32024-05-14An issue was discovered on certain Nuki Home Solutions devices.
CVE-2024-35312Medium6.22024-05-17In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 (with lite vanguards), aka TROVE-2024-003.
CVE-2024-31803Medium6.22024-05-14Buffer Overflow vulnerability in emp-ot v.0.2.4 allows a remote attacker to execute arbitrary code via the FerretCOT<T>::read_pre_data128_from_file function.
CVE-2023-28383Medium6.12024-05-16Improper conditions check in some Intel(R) BIOS PPAM firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-34582Medium6.12024-05-16Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi userid_change XSS within the Forgot Password feature.
CVE-2024-26367Medium6.12024-05-14Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firmware 8.6.5, XPS-EDGE-* Build 1467, evEDGE-EO-* Build 0029, MMA10G-* Build 0498, 570IPG-X19-10G Build 0691 allows a remote attacker to execute arbitrary code via a crafte…
CVE-2024-34230Medium6.12024-05-14A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter.
CVE-2024-34225Medium6.12024-05-14Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters.
CVE-2024-28277Medium6.12024-05-14In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= parameter, enabling Stored Cross-Site Scripting (XSS) attacks.
CVE-2024-28276Medium6.12024-05-14Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=.
CVE-2024-25662Medium6.12024-05-14Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting (XSS) for malicious URLs.
CVE-2024-24157Medium6.12024-05-14Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vulnerable to Cross Site Scripting (XSS) via board.py.
CVE-2023-47165Medium6.02024-05-16Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local access.
CVE-2024-32354Medium6.02024-05-14TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.
CVE-2024-32349Medium6.02024-05-14TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary.
CVE-2024-34273Medium5.92024-05-16njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method.
CVE-2024-34222Medium5.92024-05-14Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter.
CVE-2024-30171Medium5.92024-05-14An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78.
CVE-2023-22662Medium5.82024-05-16Improper input validation of EpsdSrMgmtConfig in UEFI firmware for some Intel(R) Server Board S2600BP products may allow a privileged user to potentially enable denial of service via local access.
CVE-2023-49614Medium5.72024-05-16Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information disclosure.
CVE-2024-35110Medium5.52024-05-17A reflected XSS vulnerability has been found in YzmCMS 7.1.
CVE-2023-47859Medium5.52024-05-16Improper access control for some Intel(R) Wireless Bluetooth products for Windows before version 23.20 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-30801Medium5.52024-05-14SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component.
CVE-2024-34913Medium5.42024-05-15An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.
CVE-2024-27593Medium5.42024-05-15A stored cross-site scripting (XSS) vulnerability in the Filter function of Eramba Version 3.22.3 Community Edition allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the filter name…
CVE-2023-24204Medium5.42024-05-14SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php.
CVE-2023-24203Medium5.42024-05-14Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query parameter(s).
CVE-2024-34243Medium5.42024-05-14Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter.
CVE-2024-34899Medium5.42024-05-14WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).
CVE-2024-34914Medium5.32024-05-14php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value.
CVE-2024-34241Medium4.82024-05-17A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications.
CVE-2024-33433Medium4.82024-05-14Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page.
CVE-2024-21792Medium4.72024-05-16Time-of-check Time-of-use race condition in Intel(R) Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-47210Medium4.72024-05-16Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-46103Medium4.72024-05-16Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-43487Medium4.72024-05-16Improper access control in some Intel(R) CST before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-33819Medium4.62024-05-14Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Save Query function.
CVE-2024-27281Medium4.52024-05-14An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0.
CVE-2024-22390Medium4.42024-05-16Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of service.
CVE-2023-45845Medium4.42024-05-16Improper conditions check for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.20 may allow a privileged user to potentially enable denial of service via local access.
CVE-2023-41082Medium4.42024-05-16Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-39433Medium4.42024-05-16Improper access control for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-40536Medium4.32024-05-16Race condition for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-38417Medium4.32024-05-16Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-35048Medium4.32024-05-14An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password.
CVE-2024-34223Medium4.32024-05-14Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket.
CVE-2024-28759Medium4.32024-05-14A crafted network packet may cause a buffer overrun in Wind River VxWorks 7 through 23.09.
CVE-2023-47282Low3.92024-05-16Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-22656Low3.92024-05-16Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34218Low3.82024-05-14TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter.
CVE-2024-34203Low3.82024-05-14TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function.
CVE-2023-48727Low3.32024-05-16NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2024-4317Low3.12024-05-14Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users.
CVE-2024-22384Low2.82024-05-16Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-45733Low2.82024-05-16Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access.
CVE-2023-43745Low2.82024-05-16Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local access.

Linux · 94 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0087Critical9.02024-05-14NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file.
CVE-2024-35814High8.82024-05-17In the Linux kernel, the following vulnerability has been resolved: swiotlb: Fix double-allocation of slots due to broken alignment handling Commit bbb73a103fbb ("swiotlb: fix a braino in the alignment check fix"), which was a fix for co…
CVE-2024-27407High8.42024-05-17In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mi_enum_attr()
CVE-2024-35856High7.82024-05-17In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hci_devcd_append() would free the skb on error so the caller don't have to free it again otherwise it woul…
CVE-2024-35855High7.82024-05-17In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules an…
CVE-2023-52688High7.82024-05-17In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix the error handler of rfkill config When the core rfkill config throws error, it should free the allocated resources.
CVE-2023-52667High7.82024-05-17In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a potential double-free in fs_any_create_groups When kcalloc() for ft->g succeeds but kvzalloc() for in fails, fs_any_create_groups() will free ft->g.
CVE-2023-52664High7.82024-05-17In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on s…
CVE-2024-35792High7.82024-05-17In the Linux kernel, the following vulnerability has been resolved: crypto: rk3288 - Fix use after free in unprepare The unprepare call must be carried out before the finalize call as the latter can free the request.
CVE-2024-27433High7.82024-05-17In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() 'clk_data' is allocated with mtk_devm_alloc_clk_data().
CVE-2024-27394High7.42024-05-14In the Linux kernel, the following vulnerability has been resolved: tcp: Fix Use-After-Free in tcp_ao_connect_init Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of tcp_ao_connect_init, is not part of the RCU r…
CVE-2023-52697High7.12024-05-17In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL sof_sdw_rt_sdca_jack_exit() are used by different codecs, and some of them use the same dai name.
CVE-2023-52682High7.12024-05-17In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait on block writeback for post_read case If inode is compressed, but not encrypted, it missed to call f2fs_wait_on_block_writeback() to wait for GCed page…
CVE-2024-27397High7.02024-05-14In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area.
CVE-2024-35843Medium6.82024-05-17In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Use device rbtree in iopf reporting path The existing I/O page fault handler currently locates the PCI device by calling pci_get_domain_bus_and_slot().
CVE-2024-0100Medium6.52024-05-14NVIDIA Triton Inference Server for Linux contains a vulnerability in the tracing API, where a user can corrupt system files.
CVE-2024-27402Medium5.82024-05-17In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skb_queue_empty() use The receive queues are protected by their respective spin-lock, not the socket lock.
CVE-2024-35859Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: block: fix module reference leakage from bdev_open_by_dev error path At the time bdev_may_open() is called, module reference is grabbed already, hence module reference s…
CVE-2024-35858Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix memory leak when bringing down interface When bringing down the TX rings we flush the rings but forget to reclaimed the flushed packets.
CVE-2024-35852Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work The rehash delayed work is rescheduled with a delay if the number of credits at end of the work is n…
CVE-2024-35851Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev suspend Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev…
CVE-2024-35850Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev po…
CVE-2024-35846Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker.
CVE-2024-35844Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix reserve_cblocks counting error when out of space When a file only needs one direct_node, performing the following operations will cause the file to b…
CVE-2024-35842Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Add NULL check for normal_link string It's not granted that all entries of struct sof_conn_stream declare a `normal_link` (a non-SOF, direct…
CVE-2024-35841Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: net: tls, fix WARNIING in __sk_msg_free A splice with MSG_SPLICE_PAGES will cause tls code to use the tls_sw_sendmsg_splice path in the TLS sendmsg code to move the user…
CVE-2024-35840Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none) that may contain garbage unless O…
CVE-2024-35839Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: replace physindev with physinif in nf_bridge_info An skb can be added to a neigh->arp_queue while waiting for an arp reply.
CVE-2023-52698Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: calipso: fix memory leak in netlbl_calipso_add_pass() If IPv6 support is disabled at boot (ipv6.disable=1), the calipso_init() -> netlbl_calipso_ops_register() function…
CVE-2023-52695Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check writeback connectors in create_validate_stream_for_sink [WHY & HOW] This is to check connector type to avoid unhandled null pointer for writeback…
CVE-2023-52692Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() scarlett2_usb_set_config() calls scarlett2_usb_get() but was not checking the result.
CVE-2023-52689Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing mutex lock around get meter levels As scarlett2_meter_ctl_get() uses meter_level_map[], the data_mutex should be locked while accessing it.
CVE-2023-52687Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel - Add error handling for dma_map_sg() calls Macro dma_map_sg() may return 0 on error.
CVE-2023-52684Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: qseecom: fix memory leaks in error paths Fix instances of returning error codes directly instead of jumping to the relevant labels where memory allocated…
CVE-2023-52681Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: efivarfs: Free s_fs_info on unmount Now that we allocate a s_fs_info struct on fs context creation, we should ensure that we free it again when the superblock goes away.
CVE-2023-52680Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to *_ctl_get() The *_ctl_get() functions which call scarlett2_update_*() were not checking the return value.
CVE-2023-52678Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c Before using list_first_entry, make sure to check that list is not empty, if li…
CVE-2023-52677Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: riscv: Check if the code to patch lies in the exit section Otherwise we fall through to vmalloc_to_page() which panics since the address does not lie in the vmalloc regi…
CVE-2023-52676Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32…
CVE-2023-52675Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.
CVE-2023-52674Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() Ensure the value passed to scarlett2_mixer_ctl_put() is between 0 and SCARLETT2_MIXER_MAX_VALUE so we don't att…
CVE-2024-35838Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential sta-link leak When a station is allocated, links are added but not set to valid yet (e.g.
CVE-2024-35836Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed (other kernel module instance of the same PCI d…
CVE-2024-35834Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: xsk: recycle buffer in case Rx queue was full Add missing xsk_buff_free() call when __xsk_rcv_zc() failed to produce descriptor to XSK Rx queue.
CVE-2024-35832Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit bch_fs::snapshots is allocated by kvzalloc in __snapshot_t_mut.
CVE-2024-35831Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: io_uring: Fix release of pinned pages when __io_uaddr_map fails Looking at the error path of __io_uaddr_map, if we fail after pinning the pages for any reasons, ret will…
CVE-2024-35827Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() The "controllen" variable is type size_t (unsigned long).
CVE-2024-35826Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: block: Fix page refcounts for unaligned buffers in __bio_release_pages() Fix an incorrect number of pages being released for buffers that do not start at the beginning o…
CVE-2024-35824Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume When not configured for wakeup lis3lv02d_i2c_suspend() will call lis3lv02d_poweroff() e…
CVE-2024-35818Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: LoongArch: Define the __io_aw() hook as mmiowb() Commit fb24ea52f78e0d595852e ("drivers: Remove explicit invocations of mmiowb()") remove all mmiowb() in drivers, but it…
CVE-2024-35817Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Otherwise after the GTT bo is released, the GTT and gart space is freed but amdgpu_ttm_backend_unbind will not clear…
CVE-2024-35816Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: prevent leak of left-over IRQ on unbind Commit 5a95f1ded28691e6 ("firewire: ohci: use devres for requested IRQ") also removed the call to free_irq() in p…
CVE-2024-35810Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix the lifetime of the bo cursor memory The cleanup can be dispatched while the atomic update is still active, which means that the memory acquired in the a…
CVE-2024-35808Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call md_reap_sync_thread() directly Currently md_reap_sync_thread() is called from raid_message() directly without holding 'reconfig_mutex', this is de…
CVE-2024-35804Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Mark target gfn of emulated atomic instruction as dirty When emulating an atomic access on behalf of the guest, mark the target gfn dirty if the CMPXCHG by KVM…
CVE-2024-35803Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub wa…
CVE-2024-35801Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Commit 672365477ae8 ("x86/fpu: Update XFD state where required") and commit 8bf26758ca96 ("x86/fpu: Add XFD state to fp…
CVE-2024-35800Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel Check if get_next_variable() is actually valid pointer before calling it.
CVE-2024-35799Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent crash when disable stream [Why] Disabling stream encoder invokes a function that no longer exists.
CVE-2024-35797Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix two shmem bugs When cachestat on shmem races with swapping and invalidation, there are two possible bugs: 1) A swapin error can have resulted in a po…
CVE-2024-35795Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu…
CVE-2023-52673Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a debugfs null pointer error [WHY & HOW] Check whether get_subvp_en() callback exists before calling it.
CVE-2023-52671Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 [Why] Under some circumstances, disabling an OPTC and attempting to reclaim its OPP(s) for a different O…
CVE-2023-52668Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix lock ordering in btrfs_zone_activate() The btrfs CI reported a lockdep warning as follows by running generic generic/129.
CVE-2023-52663Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() Driver uses kasprintf() to initialize fw_{code,data}_bin members of struct acp_dev_data, but kfree() is never call…
CVE-2023-52662Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node When ida_alloc_max fails, resources allocated before should be freed, including *res allocated by kmalloc and ttm_res…
CVE-2023-52661Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() If clk_get_sys(..., "pll_d2_out0") fails, the clk_get_sys() call must be undone.
CVE-2024-35794Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen sync_thread during suspend 1) commit f52f5c71f3d4 ("md: fix stopping sync thread") remove MD_RECOVERY_FROZEN from __md_stop_writes() and doesn'…
CVE-2024-35793Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: debugfs: fix wait/cancellation handling during remove Ben Greear further reports deadlocks during concurrent debugfs remove while files are being accessed, even though t…
CVE-2024-35790Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace befo…
CVE-2024-35787Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix incorrect usage for sb_index Commit d7038f951828 ("md-bitmap: don't use ->index for pages backing the bitmap file") removed page->index from bitmap cod…
CVE-2024-35786Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf If VM_BIND is enabled on the client the legacy submission ioctl can't be used, however if a client tries…
CVE-2024-35784Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdep splat with fiemap and pagefaulting with my new…
CVE-2024-27435Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while…
CVE-2024-27434Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash.
CVE-2024-27432Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix PPE hanging issue A patch to resolve an issue was found in MediaTek's GPL-licensed SDK: In the mtk_ppe_stop() function, the PPE scan mode…
CVE-2023-52660Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ handling due to shared interrupts The driver requests the interrupts as IRQF_SHARED, so the interrupt handlers can be called at any time.
CVE-2023-52659Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type On 64-bit platforms, the pfn_to_kaddr() macro requires that the input value is 64 bits in order to ens…
CVE-2024-27418Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: net: mctp: take ownership of skb in mctp_local_output Currently, mctp_local_output only takes ownership of skb on success, and we may leak an skb if mctp_local_output fa…
CVE-2024-27411Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: keep DMA buffers required for suspend/resume Nouveau deallocates a few buffers post GPU init which are required for GPU suspend/resume to function correctly.
CVE-2024-27409Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup The Linked list element and pointer are not stored in the same memory as the HDM…
CVE-2024-27406Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: lib/Kconfig.debug: TEST_IOV_ITER depends on MMU Trying to run the iov_iter unit test on a nommu system such as the qemu kc705-nommu emulation results in a crash.
CVE-2024-27403Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_flow_offload: reset dst in route object after setting up flow dst is transferred to the flow object, route object does not own it anymore.
CVE-2023-52658Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b.
CVE-2023-52657Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd/pm: resolve reboot exception for si oland" This reverts commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86.
CVE-2024-27393Medium5.52024-05-14In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to…
CVE-2024-0088Medium5.52024-05-14NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an improper memory access issue by a network API.
CVE-2023-52655Medium5.52024-05-14In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: check packet for fixup for true limit If a device sends a packet that is inbetween 0 and sizeof(u64) the value passed to skb_trim() as length will wrap arou…
CVE-2024-35857Medium5.32024-05-17In the Linux kernel, the following vulnerability has been resolved: icmp: prevent possible NULL dereferences from icmp_build_probe() First problem is a double call to __in_dev_get_rcu(), because the second one could return NULL.
CVE-2024-35798Medium4.72024-05-17In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race in read_extent_buffer_pages() There are reports from tree-checker that detects corrupted nodes, without any obvious pattern so possibly an overwrite in m…
CVE-2024-27415Medium4.72024-05-17In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, wh…
CVE-2024-27408Medium4.72024-05-17In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup The Linked list element and pointer are not stored in the same memory as the eDM…
CVE-2024-27404Medium4.72024-05-17In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data races on remote_id Similar to the previous patch, address the data race on remote_id, adding the suitable ONCE annotations.
CVE-2023-52654Medium4.72024-05-14In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly ri…

Debian · 64 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35845Critical9.12024-05-17In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is terminated correctly before using it.
CVE-2024-35854High8.82024-05-17In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of availa…
CVE-2024-4777High8.82024-05-14Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10.
CVE-2024-4367High8.82024-05-14A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context.
CVE-2024-32004High8.12024-05-14Git is a revision control system.
CVE-2024-35847High7.82024-05-17In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Prevent double free on error The error handling path in its_vpe_irq_domain_alloc() causes a double free when its_vpe_init() fails after successfully…
CVE-2023-52691High7.82024-05-17In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a double-free in si_dpm_init When the allocation of adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails, amdgpu_free_extended_power_table is…
CVE-2023-52679High7.82024-05-17In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to…
CVE-2023-52669High7.82024-05-17In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr code will always read a whole block, even if there isn't a whole block of…
CVE-2024-35791High7.82024-05-17In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Do the cache flush of converted pages in svm_register_enc_region() before dropping kvm->loc…
CVE-2024-35789High7.82024-05-17In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a…
CVE-2024-27398High7.82024-05-14In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be schedule…
CVE-2024-27396High7.82024-05-14In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critica…
CVE-2024-27395High7.82024-05-14In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the R…
CVE-2023-52696High7.52024-05-17In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_powercap_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.
CVE-2024-27405High7.52024-05-17In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, t…
CVE-2024-32465High7.32024-05-14Git is a revision control system.
CVE-2024-35849High7.12024-05-17In the Linux kernel, the following vulnerability has been resolved: btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Syzbot reported the following information leak for in btrfs_ioctl_logical_to_ino(): BUG: KMSAN: kernel-inf…
CVE-2024-35785High7.12024-05-17In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix kernel panic caused by incorrect error handling The error path while failing to register devices on the TEE bus has a bug leading to kernel panic as foll…
CVE-2024-27401High7.12024-05-14In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the user_length provided.
CVE-2024-3044Medium6.52024-05-14Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic.
CVE-2024-35853Medium6.42024-05-17In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another.
CVE-2024-4768Medium6.12024-05-14A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions.
CVE-2024-4769Medium5.92024-05-14When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses.
CVE-2023-52694Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function With tpd12s015_remove() marked with __exit this function is discarded when the driver is compiled…
CVE-2023-52693Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: ACPI: video: check for error while searching for backlight device parent If acpi_get_parent() called in acpi_video_dev_register_backlight() fails, for example, because a…
CVE-2023-52690Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check to scom_debug_init_one() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.
CVE-2023-52686Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_event_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.
CVE-2023-52683Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT: Avoid u32 multiplication overflow In lpit_update_residency() there is a possibility of overflow in multiplication, if tsc_khz is large enough (> UINT_MAX/100…
CVE-2024-35837Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel using kexec which results in kernel panic.
CVE-2024-35833Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dma_alloc_coherent() is undone neither in the remove function, nor in the error handling pat…
CVE-2024-35830Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2 async device, thus allowin…
CVE-2024-35829Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix a memleak in lima_heap_alloc When lima_vm_map_bo fails, the resources need to be deallocated, or there will be memleaks.
CVE-2024-35828Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmd…
CVE-2024-35825Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX set to 65536, it has been observed that we rece…
CVE-2024-35822Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from mass storage function, WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget…
CVE-2024-35821Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: ubifs: Set page uptodate in the correct place Page cache reads are lockless, so setting the freshly allocated page uptodate before we've overwritten it with the data it'…
CVE-2024-35819Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlock for cgr_lock smp_call_function always runs its callback in hard IRQ context, even on PREEMPT_RT, where spinlocks can sleep.
CVE-2024-35815Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct…
CVE-2024-35813Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access Commit 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") assigns prev_idata = idatas[i - 1], but doesn't check…
CVE-2024-35811Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach This is the candidate patch of CVE-2023-47233 : https://nvd.nist.gov/vuln/detail/CVE-2023-47233 In brcm8…
CVE-2024-35807Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size.
CVE-2024-35806Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Always disable interrupts when taking cgr_lock smp_call_function_single disables IRQs when executing the callback.
CVE-2024-35805Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: dm snapshot: fix lockup in dm_exception_table_exit There was reported lockup when we exit a snapshot with many exceptions.
CVE-2024-35796Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called…
CVE-2023-52672Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: pipe: wakeup wr_wait after setting max_usage Commit c73be61cede5 ("pipe: Add general notification queue support") a regression was introduced that would lock up resized…
CVE-2023-52670Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driver_override when rpmsg_remove() Free driver_override when rpmsg_remove(), otherwise the following memory leak will occur: unreferenced object 0x…
CVE-2024-27436Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found.
CVE-2024-27431Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdp_rxq_info struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdp_rxq_in…
CVE-2024-27417Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID value but no IFA_ADDRESS and IFA_LOCAL attr…
CVE-2024-27416Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST If we received HCI_EV_IO_CAPA_REQUEST while HCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume th…
CVE-2024-27414Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back In the commit d73ef2d69c0d ("rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length"), an adjustm…
CVE-2024-27413Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: d…
CVE-2024-27412Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx-i2c: Do not free non existing IRQ The bq27xxx i2c-client may not have an IRQ, in which case client->irq will be 0.
CVE-2024-27410Medium5.52024-05-17In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as chan…
CVE-2024-27399Medium5.52024-05-14In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and l2cap_chan_del().
CVE-2023-52656Medium5.52024-05-14In the Linux kernel, the following vulnerability has been resolved: io_uring: drop any code related to SCM_RIGHTS This is dead code after we dropped support for passing io_uring fds over SCM_RIGHTS, get rid of it.
CVE-2024-35835Medium5.32024-05-17In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a double-free in arfs_create_groups When `in` allocated by kvzalloc fails, arfs_create_groups will free ft->g and return an error.
CVE-2024-35823Medium5.32024-05-17In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corruption when deleting characters This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 ("vt: fix memory overlapp…
CVE-2024-35848Medium4.72024-05-17In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn d…
CVE-2024-35809Medium4.72024-05-17In the Linux kernel, the following vulnerability has been resolved: PCI/PM: Drain runtime-idle callbacks before driver removal A race condition between the .runtime_idle() callback and the .remove() callback in the rtsx_pcr PCI driver le…
CVE-2024-27419Medium4.72024-05-17In the Linux kernel, the following vulnerability has been resolved: netrom: Fix data-races around sysctl_net_busy_read We need to protect the reader reading the sysctl value because the value can be changed concurrently.
CVE-2024-4767Medium4.32024-05-14If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed.
CVE-2024-32021Low3.92024-05-14Git is a revision control system.

Campcodes · 62 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4919Medium6.32024-05-16A vulnerability was found in Campcodes Online Examination System 1.0.
CVE-2024-4918Medium6.32024-05-15A vulnerability was found in Campcodes Online Examination System 1.0.
CVE-2024-4917Medium6.32024-05-15A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical.
CVE-2024-4916Medium6.32024-05-15A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical.
CVE-2024-4915Medium6.32024-05-15A vulnerability, which was classified as critical, was found in Campcodes Online Examination System 1.0.
CVE-2024-4914Medium6.32024-05-15A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0.
CVE-2024-4913Medium6.32024-05-15A vulnerability classified as critical was found in Campcodes Online Examination System 1.0.
CVE-2024-4912Medium6.32024-05-15A vulnerability classified as critical has been found in Campcodes Online Examination System 1.0.
CVE-2024-4911Medium6.32024-05-15A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4910Medium6.32024-05-15A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4909Medium6.32024-05-15A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4908Medium6.32024-05-15A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical.
CVE-2024-4907Medium6.32024-05-15A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical.
CVE-2024-4906Medium6.32024-05-15A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4817Medium6.32024-05-14A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical.
CVE-2024-4796Medium6.32024-05-14A vulnerability was found in Campcodes Online Laundry Management System 1.0.
CVE-2024-4795Medium6.32024-05-14A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as critical.
CVE-2024-4794Medium6.32024-05-14A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical.
CVE-2024-4793Medium6.32024-05-14A vulnerability, which was classified as critical, was found in Campcodes Online Laundry Management System 1.0.
CVE-2024-4792Medium6.32024-05-14A vulnerability, which was classified as critical, has been found in Campcodes Online Laundry Management System 1.0.
CVE-2024-4818Medium5.32024-05-14A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic.
CVE-2024-4681Medium4.72024-05-14A vulnerability, which was classified as critical, was found in Campcodes Legal Case Management System 1.0.
CVE-2024-4819Medium4.32024-05-14A vulnerability was found in Campcodes Online Laundry Management System 1.0.
CVE-2024-4797Low3.52024-05-14A vulnerability was found in Campcodes Online Laundry Management System 1.0.
CVE-2024-4738Low3.52024-05-14A vulnerability was found in Campcodes Legal Case Management System 1.0.
CVE-2024-4737Low3.52024-05-14A vulnerability was found in Campcodes Legal Case Management System 1.0.
CVE-2024-4736Low3.52024-05-14A vulnerability was found in Campcodes Legal Case Management System 1.0 and classified as problematic.
CVE-2024-4735Low3.52024-05-14A vulnerability has been found in Campcodes Legal Case Management System 1.0 and classified as problematic.
CVE-2024-4732Low3.52024-05-14A vulnerability, which was classified as problematic, has been found in Campcodes Legal Case Management System 1.0.
CVE-2024-4731Low3.52024-05-14A vulnerability classified as problematic was found in Campcodes Legal Case Management System 1.0.
CVE-2024-4730Low3.52024-05-14A vulnerability classified as problematic has been found in Campcodes Legal Case Management System 1.0.
CVE-2024-4729Low3.52024-05-14A vulnerability was found in Campcodes Legal Case Management System 1.0.
CVE-2024-4728Low3.52024-05-14A vulnerability was found in Campcodes Legal Case Management System 1.0.
CVE-2024-4727Low3.52024-05-14A vulnerability was found in Campcodes Legal Case Management System 1.0.
CVE-2024-4726Low3.52024-05-14A vulnerability was found in Campcodes Legal Case Management System 1.0 and classified as problematic.
CVE-2024-4725Low3.52024-05-14A vulnerability has been found in Campcodes Legal Case Management System 1.0 and classified as problematic.
CVE-2024-4724Low3.52024-05-14A vulnerability, which was classified as problematic, was found in Campcodes Legal Case Management System 1.0.
CVE-2024-4723Low3.52024-05-14A vulnerability, which was classified as problematic, has been found in Campcodes Legal Case Management System 1.0.
CVE-2024-4722Low3.52024-05-14A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4721Low3.52024-05-14A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4720Low3.52024-05-14A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4719Low3.52024-05-14A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4718Low3.52024-05-14A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4717Low3.52024-05-14A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic.
CVE-2024-4716Low3.52024-05-14A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic.
CVE-2024-4715Low3.52024-05-14A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4714Low3.52024-05-14A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4713Low3.52024-05-14A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4688Low3.52024-05-14A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4687Low3.52024-05-14A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4686Low3.52024-05-14A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4685Low3.52024-05-14A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4684Low3.52024-05-14A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4683Low3.52024-05-14A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic.
CVE-2024-4682Low3.52024-05-14A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic.
CVE-2024-4678Low3.52024-05-14A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4677Low3.52024-05-14A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4676Low3.52024-05-14A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic.
CVE-2024-4675Low3.52024-05-14A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic.
CVE-2024-4674Low3.52024-05-14A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4673Low3.52024-05-14A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0.
CVE-2024-4672Low3.52024-05-14A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0.

Siemens · 55 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32741Critical10.02024-05-14A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0).
CVE-2024-30207Critical10.02024-05-14A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver…
CVE-2024-32740Critical9.82024-05-14A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0).
CVE-2024-27939Critical9.82024-05-14A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5).
CVE-2024-30209Critical9.62024-05-14A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver…
CVE-2024-33499Critical9.12024-05-14A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver…
CVE-2024-30206High8.82024-05-14A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver…
CVE-2024-27941High8.82024-05-14A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5).
CVE-2024-27940High8.82024-05-14A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5).
CVE-2024-34773High7.82024-05-14A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2).
CVE-2024-34772High7.82024-05-14A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 4).
CVE-2024-34771High7.82024-05-14A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2).
CVE-2024-34086High7.82024-05-14A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions…
CVE-2024-34085High7.82024-05-14A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions…
CVE-2024-33577High7.82024-05-14A vulnerability has been identified in Simcenter Femap (All versions < V2406).
CVE-2024-33493High7.82024-05-14A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5).
CVE-2024-33492High7.82024-05-14A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5).
CVE-2024-33491High7.82024-05-14A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5).
CVE-2024-33490High7.82024-05-14A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5).
CVE-2024-33489High7.82024-05-14A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5).
CVE-2024-32639High7.82024-05-14A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0011).
CVE-2024-32636High7.82024-05-14A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions…
CVE-2024-32635High7.82024-05-14A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions…
CVE-2024-32066High7.82024-05-14A vulnerability has been identified in Simcenter Femap (All versions < V2406).
CVE-2024-32065High7.82024-05-14A vulnerability has been identified in Simcenter Femap (All versions < V2406).
CVE-2024-32064High7.82024-05-14A vulnerability has been identified in Simcenter Femap (All versions < V2406).
CVE-2024-32063High7.82024-05-14A vulnerability has been identified in Simcenter Femap (All versions < V2406).
CVE-2024-32062High7.82024-05-14A vulnerability has been identified in Simcenter Femap (All versions < V2406).
CVE-2024-32061High7.82024-05-14A vulnerability has been identified in Simcenter Femap (All versions < V2406).
CVE-2024-32060High7.82024-05-14A vulnerability has been identified in Simcenter Femap (All versions < V2406).
CVE-2024-32059High7.82024-05-14A vulnerability has been identified in Simcenter Femap (All versions < V2406).
CVE-2024-32058High7.82024-05-14A vulnerability has been identified in Simcenter Femap (All versions < V2406).
CVE-2024-32057High7.82024-05-14A vulnerability has been identified in Simcenter Femap (All versions < V2406).
CVE-2024-32055High7.82024-05-14A vulnerability has been identified in Simcenter Femap (All versions < V2406).
CVE-2024-31980High7.82024-05-14A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.210), Parasolid V36.1 (All versions < V36.1.185).
CVE-2024-31484High7.82024-05-14A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30), CPCX26 Central Processing/Communication (All versions < V06.02), ETA4 Et…
CVE-2024-32742High7.62024-05-14A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0).
CVE-2024-27942High7.52024-05-14A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5).
CVE-2024-31485High7.22024-05-14A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0).
CVE-2024-27945High7.22024-05-14A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5).
CVE-2024-27944High7.22024-05-14A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5).
CVE-2024-27943High7.22024-05-14A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5).
CVE-2024-33647Medium6.52024-05-14A vulnerability has been identified in Polarion ALM (All versions < V2404.0).
CVE-2024-33495Medium6.52024-05-14A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver…
CVE-2024-33494Medium6.52024-05-14A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver…
CVE-2024-27946Medium6.52024-05-14A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5).
CVE-2023-46280Medium6.52024-05-14A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16…
CVE-2024-33497Medium6.32024-05-14A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver…
CVE-2024-33496Medium6.32024-05-14A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver…
CVE-2024-30208Medium6.32024-05-14A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver…
CVE-2024-33498Medium5.32024-05-14A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver…
CVE-2024-31486Medium5.32024-05-14A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30).
CVE-2024-27947Medium5.32024-05-14A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5).
CVE-2024-33583Low3.32024-05-14A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All ver…
CVE-2024-32637Low3.32024-05-14A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions…

Apple · 36 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22267Critical9.32024-05-14VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX…
CVE-2023-46689High8.82024-05-16Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-40070High8.82024-05-16Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-27813High8.62024-05-14The issue was addressed with improved checks.
CVE-2024-27843High7.82024-05-14A logic issue was addressed with improved checks.
CVE-2024-27842High7.82024-05-14The issue was addressed with improved checks.
CVE-2024-27829High7.82024-05-14The issue was addressed with improved memory handling.
CVE-2024-27824High7.82024-05-14This issue was addressed by removing the vulnerable code.
CVE-2024-27822High7.82024-05-14A logic issue was addressed with improved restrictions.
CVE-2024-27818High7.82024-05-14The issue was addressed with improved memory handling.
CVE-2024-27798High7.82024-05-14An authorization issue was addressed with improved state management.
CVE-2024-27796High7.82024-05-14The issue was addressed with improved checks.
CVE-2024-27793High7.82024-05-14The issue was addressed with improved checks.
CVE-2024-22270High7.12024-05-14VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged i…
CVE-2024-22269High7.12024-05-14VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hyp…
CVE-2024-27825High7.12024-05-14A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.
CVE-2024-31953Medium6.72024-05-14An issue was discovered in Samsung Magician 8.0.0 on macOS.
CVE-2024-31952Medium6.72024-05-14An issue was discovered in Samsung Magician 8.0.0 on macOS.
CVE-2024-27852Medium6.52024-05-14A privacy issue was addressed with improved client ID handling for alternative app marketplaces.
CVE-2023-45846Medium5.52024-05-16Incomplete cleanup in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-27847Medium5.52024-05-14This issue was addressed with improved checks.
CVE-2024-27841Medium5.52024-05-14The issue was addressed with improved memory handling.
CVE-2024-27834Medium5.52024-05-14The issue was addressed with improved checks.
CVE-2024-27827Medium5.52024-05-14This issue was addressed through improved state management.
CVE-2024-27816Medium5.52024-05-14A logic issue was addressed with improved checks.
CVE-2024-27810Medium5.52024-05-14A path handling issue was addressed with improved validation.
CVE-2024-27804Medium5.52024-05-14The issue was addressed with improved memory handling.
CVE-2024-27789Medium5.52024-05-14A logic issue was addressed with improved checks.
CVE-2024-23236Medium5.52024-05-14A correctness issue was addressed with improved checks.
CVE-2024-23229Medium5.52024-05-14This issue was addressed with improved redaction of sensitive information.
CVE-2024-27821Medium4.72024-05-14A path handling issue was addressed with improved validation.
CVE-2023-38420Low3.82024-05-16Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2024-27839Low3.32024-05-14A privacy issue was addressed by moving sensitive data to a more secure location.
CVE-2024-27837Low3.32024-05-14A downgrade issue was addressed with additional code-signing restrictions.
CVE-2024-27835Low2.42024-05-14This issue was addressed through improved state management.
CVE-2024-27803Low2.42024-05-14A permissions issue was addressed with improved validation.

Hdfgroup · 34 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33874Critical9.82024-05-14HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.
CVE-2024-32621Critical9.82024-05-14HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called from H5VL__native_blob_get in H5VLnative_blob.c), resulting in the corruption of the instruction pointer.
CVE-2024-32615Critical9.82024-05-14HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer.
CVE-2024-32611Critical9.82024-05-14HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c.
CVE-2024-29164Critical9.82024-05-14HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2024-29159Critical9.82024-05-14HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2024-29157Critical9.82024-05-14HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2024-32622Critical9.12024-05-14HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c).
CVE-2024-33877High8.82024-05-14HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c.
CVE-2024-33873High8.82024-05-14HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.
CVE-2024-32623High8.82024-05-14HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c).
CVE-2024-32617High8.82024-05-14HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called from H5G__ent_to_link in H5Glink.c).
CVE-2024-32614High8.82024-05-14HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.
CVE-2024-32605High8.82024-05-14HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c).
CVE-2024-29161High8.82024-05-14HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2024-32609High7.52024-05-14HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c.
CVE-2024-32624High7.42024-05-14HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c), resulting in the corruption of the instruction pointer.
CVE-2024-32620High7.42024-05-14HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer.
CVE-2024-32619High7.42024-05-14HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer.
CVE-2024-32618High7.42024-05-14HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c, resulting in the corruption of the instruction pointer.
CVE-2024-32616High7.42024-05-14HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5Odtype.c.
CVE-2024-32613High7.42024-05-14HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612.
CVE-2024-32612High7.42024-05-14HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLcache.c, resulting in the corruption of the instruction pointer, a different vulnerability than CVE-2024-32613.
CVE-2024-29165High7.42024-05-14HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2024-29163High7.42024-05-14HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2024-29162High7.42024-05-14HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial of service or potential code execution.
CVE-2024-29160High7.42024-05-14HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2024-29158High7.42024-05-14HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2024-33876Medium5.72024-05-14HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c.
CVE-2024-33875Medium5.72024-05-14HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer.
CVE-2024-32610Medium5.72024-05-14HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer.
CVE-2024-32607Medium5.72024-05-14HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the instruction pointer.
CVE-2024-32606Medium5.72024-05-14HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h5tools_str_sprint in tools/lib/h5tools_str.c (called from h5tools_dump_simple_data in tools/lib/h5tools_dump.c).
CVE-2024-29166Medium5.72024-05-14HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

Intel · 26 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-24460High8.22024-05-16Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-45745High7.92024-05-16Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-43748High7.82024-05-16Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-43629High7.82024-05-16Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-1598High7.52024-05-14Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.
CVE-2024-0762High7.52024-05-14Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for I…
CVE-2023-40071High7.32024-05-16Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-37341High7.22024-05-16Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-21862Medium6.72024-05-16Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21861Medium6.72024-05-16Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21837Medium6.72024-05-16Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21835Medium6.72024-05-16Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21831Medium6.72024-05-16Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21814Medium6.72024-05-16Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21809Medium6.72024-05-16Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21788Medium6.72024-05-16Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21777Medium6.72024-05-16Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21772Medium6.72024-05-16Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-45743Medium6.72024-05-16Uncontrolled search path in some Intel(R) DSA software uninstallers before version 23.4.39.10 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-45320Medium6.72024-05-16Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-41961Medium6.72024-05-16Uncontrolled search path in some Intel(R) GPA software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-35192Medium6.72024-05-16Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-47855Medium6.02024-05-16Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-48368Medium5.92024-05-16Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-45221Medium4.82024-05-16Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-47169Low3.32024-05-16Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.

Arubanetworks · 18 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31473Critical9.82024-05-14There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management proto…
CVE-2024-31472Critical9.82024-05-14There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protoc…
CVE-2024-31471Critical9.82024-05-14There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management…
CVE-2024-31470Critical9.82024-05-14There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Acce…
CVE-2024-31469Critical9.82024-05-14There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management…
CVE-2024-31468Critical9.82024-05-14There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management…
CVE-2024-31467Critical9.82024-05-14There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port…
CVE-2024-31466Critical9.82024-05-14There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port…
CVE-2024-31475High8.22024-05-14There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol).
CVE-2024-31474High8.22024-05-14There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol).
CVE-2024-31477High7.22024-05-14Multiple authenticated command injection vulnerabilities exist in the command line interface.
CVE-2024-31476High7.22024-05-14Multiple authenticated command injection vulnerabilities exist in the command line interface.
CVE-2024-31482Medium5.32024-05-14An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol.
CVE-2024-31481Medium5.32024-05-14Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol.
CVE-2024-31480Medium5.32024-05-14Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol.
CVE-2024-31479Medium5.32024-05-14Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol.
CVE-2024-31478Medium5.32024-05-14Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol.
CVE-2024-31483Medium4.92024-05-14An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol.

Huawei · 16 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32997High8.42024-05-14Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32992High7.52024-05-14Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32991High7.52024-05-14Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52719High7.12024-05-14Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-32999Medium6.82024-05-14Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-4046Medium6.42024-05-14Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32996Medium6.22024-05-14Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32995Medium6.22024-05-14Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52721Medium6.22024-05-14The WindowManager module has a vulnerability in permission control.
CVE-2024-32990Medium6.12024-05-14Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32998Medium5.92024-05-14NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32993Medium5.62024-05-14Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52384Medium4.72024-05-14Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52383Medium4.72024-05-14Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52720Medium4.12024-05-14Race condition vulnerability in the soundtrigger module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32989Low3.32024-05-14Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect availability.

Oretnom23 · 15 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4927High7.32024-05-16A vulnerability was found in SourceCodester Simple Online Bidding System 1.0.
CVE-2024-5069Medium6.32024-05-17A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Mens Salon Management System 1.0.
CVE-2024-4933Medium6.32024-05-16A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical.
CVE-2024-4932Medium6.32024-05-16A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0.
CVE-2024-4931Medium6.32024-05-16A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0.
CVE-2024-4930Medium6.32024-05-16A vulnerability classified as critical was found in SourceCodester Simple Online Bidding System 1.0.
CVE-2024-4928Medium6.32024-05-16A vulnerability was found in SourceCodester Simple Online Bidding System 1.0.
CVE-2024-4926Medium6.32024-05-16A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0.
CVE-2024-4925Medium6.32024-05-16A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0 and classified as critical.
CVE-2024-4921Medium6.32024-05-16A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0.
CVE-2024-4820Medium6.32024-05-14A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0.
CVE-2024-4798Medium6.32024-05-14A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0.
CVE-2024-5045Medium5.32024-05-17A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0.
CVE-2024-4929Medium4.32024-05-16A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0.
CVE-2024-4922Low3.52024-05-16A vulnerability, which was classified as problematic, was found in SourceCodester Simple Image Stack Website 1.0.

Cyberpower · 14 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34025Critical9.82024-05-15CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials.
CVE-2024-33625Critical9.82024-05-15CyberPower PowerPanel business application code contains a hard-coded JWT signing key.
CVE-2024-32053Critical9.82024-05-15Hard-coded credentials are used by the  CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud.
CVE-2024-32047Critical9.82024-05-15Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code.
CVE-2024-32735Critical9.82024-05-14An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application…
CVE-2024-33615High8.82024-05-15A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote c…
CVE-2024-31856High8.82024-05-15An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices.
CVE-2024-31410High7.72024-05-15The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key.
CVE-2024-32739High7.52024-05-14A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_verbose" function within MCUDBHelper.
CVE-2024-32738High7.52024-05-14A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within MCUDBHelper.
CVE-2024-32737High7.52024-05-14A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function within MCUDBHelper.
CVE-2024-32736High7.52024-05-14A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_utask_verbose" function within MCUDBHelper.
CVE-2024-31409Medium6.52024-05-15Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any device.
CVE-2024-32042Medium4.92024-05-15The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered.

Ibm · 14 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47709Critical9.12024-05-14IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
CVE-2024-27260High8.42024-05-16IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands.
CVE-2023-47712High7.82024-05-14IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control.
CVE-2024-27269Medium6.82024-05-14IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants.
CVE-2023-43040Medium6.52024-05-14IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access.
CVE-2024-22345Medium6.22024-05-14IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CVE-2024-22344Medium6.12024-05-14IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection.
CVE-2023-38264Medium5.92024-05-14The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef an…
CVE-2024-28781Medium5.42024-05-14IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting.
CVE-2024-28761Medium5.42024-05-14IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection.
CVE-2023-47717Medium4.42024-05-16IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service.
CVE-2024-28760Medium4.32024-05-14IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation.
CVE-2024-22343Medium4.02024-05-14IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system.
CVE-2023-47711Low2.72024-05-14IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service.

Fedoraproject · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4947Critical9.6KEV2024-05-15Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2024-4671Critical9.6KEV2024-05-14Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2024-4761High8.8KEV2024-05-14Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
CVE-2024-31142High7.52024-05-16Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used.
CVE-2023-46842Medium6.52024-05-16Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes.
CVE-2024-4950Medium6.52024-05-15Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
CVE-2024-4949Medium6.52024-05-15Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2024-4948Medium6.52024-05-15Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2024-4854Medium6.42024-05-14MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file
CVE-2024-27400Medium5.52024-05-14In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 This reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap.
CVE-2024-32020Low3.92024-05-14Git is a revision control system.
CVE-2024-4855Low3.62024-05-14Use after free issue in editcap could cause denial of service via crafted capture file
CVE-2024-4853Low3.62024-05-14Memory handling issue in editcap could cause denial of service via crafted capture file

Cacti · 12 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-29895Critical10.02024-05-14Cacti provides an operational monitoring and fault management framework.
CVE-2024-34340Critical9.12024-05-14Cacti provides an operational monitoring and fault management framework.
CVE-2024-25641Critical9.12024-05-14Cacti provides an operational monitoring and fault management framework.
CVE-2024-31445High8.82024-05-14Cacti provides an operational monitoring and fault management framework.
CVE-2024-31459High8.02024-05-14Cacti provides an operational monitoring and fault management framework.
CVE-2024-27082High7.62024-05-14Cacti provides an operational monitoring and fault management framework.
CVE-2024-31460Medium6.52024-05-14Cacti provides an operational monitoring and fault management framework.
CVE-2024-30268Medium6.12024-05-14Cacti provides an operational monitoring and fault management framework.
CVE-2024-31443Medium5.72024-05-14Cacti provides an operational monitoring and fault management framework.
CVE-2024-29894Medium5.42024-05-14Cacti provides an operational monitoring and fault management framework.
CVE-2024-31458Medium4.62024-05-14Cacti provides an operational monitoring and fault management framework.
CVE-2024-31444Medium4.62024-05-14Cacti provides an operational monitoring and fault management framework.

Fortinet · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31491High8.82024-05-14A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests.
CVE-2024-23105High7.52024-05-14A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.
CVE-2023-46714High7.22024-05-14A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via…
CVE-2023-40720High7.12024-05-14An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP…
CVE-2024-31488Medium6.82024-05-14An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may a…
CVE-2023-45583Medium6.72024-05-14A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0.0 through 6.0.16, FortiPAM 1.1.0…
CVE-2023-36640Medium6.72024-05-14A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0.0 through 6.0.16, FortiPAM 1.1.0…
CVE-2023-44247Medium6.62024-05-14A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 6.4 all versions may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.
CVE-2023-50180Medium5.52024-05-14An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below m…
CVE-2024-26007Medium5.32024-05-14An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests.
CVE-2023-45586Medium5.02024-05-14An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 thr…

Kashipara · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4905Medium6.32024-05-15A vulnerability classified as critical has been found in Kashipara College Management System 1.0.
CVE-2024-4808Medium6.32024-05-14A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0.
CVE-2024-4807Medium6.32024-05-14A vulnerability, which was classified as critical, has been found in Kashipara College Management System 1.0.
CVE-2024-4806Medium6.32024-05-14A vulnerability classified as critical was found in Kashipara College Management System 1.0.
CVE-2024-4805Medium6.32024-05-14A vulnerability classified as critical has been found in Kashipara College Management System 1.0.
CVE-2024-4804Medium6.32024-05-14A vulnerability was found in Kashipara College Management System 1.0.
CVE-2024-4803Medium6.32024-05-14A vulnerability was found in Kashipara College Management System 1.0.
CVE-2024-4802Medium6.32024-05-14A vulnerability was found in Kashipara College Management System 1.0.
CVE-2024-4801Medium6.32024-05-14A vulnerability was found in Kashipara College Management System 1.0 and classified as critical.
CVE-2024-4800Medium6.32024-05-14A vulnerability has been found in Kashipara College Management System 1.0 and classified as critical.
CVE-2024-4799Medium6.32024-05-14A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0.

Mozilla · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4778Critical9.82024-05-14Memory safety bugs present in Firefox 125.
CVE-2024-4764Critical9.82024-05-14Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free.
CVE-2024-4770High8.82024-05-14When saving a page to PDF, certain font styles could have led to a potential use-after-free crash.
CVE-2024-4771High8.62024-05-14A memory allocation check was missing which would lead to a use-after-free if the allocation failed.
CVE-2024-4776High8.22024-05-14A file dialog shown while in full-screen mode could have resulted in the window remaining disabled.
CVE-2024-4765High8.12024-05-14Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest.
CVE-2024-4773High7.52024-05-14When a network error occurred during page load, the prior content could have remained in view with a blank URL bar.
CVE-2024-4774Medium6.52024-05-14The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members.
CVE-2024-4775Medium5.92024-05-14An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior.
CVE-2024-4772Medium5.92024-05-14An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values.
CVE-2024-5022Medium4.42024-05-17The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS < 126.

Sap_se · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33006Critical9.62024-05-14An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system.
CVE-2024-32730Medium6.52024-05-14SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2024-33002Medium6.12024-05-14Document Service handler (obsolete) in Data Provisioning Service does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability with low impact on Confidentiality and Integrity of the application.
CVE-2024-32733Medium6.12024-05-14Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page.
CVE-2024-32731Medium5.52024-05-14SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2024-33008Medium4.92024-05-14SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD.
CVE-2024-4139Medium4.32024-05-14Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2024-4138Medium4.32024-05-14Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2024-33009Medium4.22024-05-14SAP Global Label Management is vulnerable to SQL injection.
CVE-2024-33007Low3.52024-05-14PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default.
CVE-2024-33000Low3.52024-05-14SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges.

Cisco · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-20389High7.82024-05-16A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.
CVE-2024-20326High7.82024-05-16A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.
CVE-2024-20366High7.82024-05-15A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected dev…
CVE-2024-20392Medium6.12024-05-15A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack.
CVE-2024-20258Medium6.12024-05-15A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the…
CVE-2024-20394Medium5.52024-05-15A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the inability to handle unexpe…
CVE-2024-20383Medium4.82024-05-15A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerab…
CVE-2024-20257Medium4.82024-05-15A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.r This vulnerability is…
CVE-2024-20256Medium4.82024-05-15A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the in…
CVE-2024-20369Medium4.72024-05-15A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to impr…

Wbsairback · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3788Medium6.62024-05-14Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through License (/admin/CDPUsers).
CVE-2024-3787Medium6.62024-05-14Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 disks (/admin/DeviceS3).
CVE-2024-3789Medium6.52024-05-14Uncontrolled resource consumption vulnerability in White Bear Solutions WBSAirback, version 21.02.04.
CVE-2024-3796Medium4.82024-05-14Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupSchedule, description field.
CVE-2024-3795Medium4.82024-05-14Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupTemplate, name / description fields.
CVE-2024-3794Medium4.82024-05-14Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/AdvancedSystem, description field, all parameters.
CVE-2024-3793Medium4.82024-05-14Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/CloudAccounts, account name / user password / server fields, all parameters.
CVE-2024-3792Medium4.82024-05-14Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/DeviceReplication, execution range field, all parameters.
CVE-2024-3791Medium4.82024-05-14Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters.
CVE-2024-3790Medium4.82024-05-14Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters.

Ge Healthcare · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27107Critical9.62024-05-14Weak account password in GE HealthCare EchoPAC products
CVE-2024-27110High8.42024-05-14Elevation of privilege vulnerability in GE HealthCare EchoPAC products
CVE-2024-1628High8.42024-05-14OS command injection vulnerabilities in GE HealthCare ultrasound devices
CVE-2024-1630High7.72024-05-14Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component
CVE-2024-27109High7.62024-05-14Insufficiently protected credentials in GE HealthCare EchoPAC products
CVE-2024-1486High7.42024-05-14Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
CVE-2024-27108Medium6.82024-05-14Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products
CVE-2024-1629Medium6.22024-05-14Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component
CVE-2024-27106Medium5.72024-05-14Vulnerable data in transit in GE HealthCare EchoPAC products

Idccms · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35108High8.82024-05-15idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.
CVE-2024-35010High8.82024-05-14idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6.
CVE-2024-35009High8.82024-05-14idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.
CVE-2024-34958Medium6.52024-05-16idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add
CVE-2024-35109Medium6.52024-05-15idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.
CVE-2024-35012Medium6.32024-05-14idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.
CVE-2024-34957Medium5.42024-05-16idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.
CVE-2024-35011Medium5.42024-05-14idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.
CVE-2024-35039Low3.82024-05-16idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.

Microfocus · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3968High7.82024-05-15Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.
CVE-2024-3486High7.82024-05-15XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200.
CVE-2024-3483High7.82024-05-15Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.
CVE-2024-3967High7.62024-05-15Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.
CVE-2024-3484Medium5.72024-05-15Path Traversal found in OpenText™ iManager 3.2.6.0200.
CVE-2024-3488Medium5.62024-05-15File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.
CVE-2024-3970Medium5.32024-05-15Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200.
CVE-2024-3485Medium5.32024-05-15Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200.
CVE-2024-3487Low3.52024-05-15Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication.

Lollms · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4326Critical9.82024-05-16A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code.
CVE-2024-2358Critical9.82024-05-16A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code.
CVE-2024-2361Critical9.62024-05-16A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input.
CVE-2024-2366Critical9.02024-05-16A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding functionality in lollms_core/lollms/server/endpoints/lollms_binding_infos.py of the latest version.
CVE-2024-3435High8.42024-05-16A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5.
CVE-2024-3126High8.42024-05-16A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifically within the 'lollms_xtts.py' script.
CVE-2024-4322High7.52024-05-16A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint.
CVE-2024-2299Medium6.12024-05-14A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality.

Code-projects · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34955Critical9.82024-05-15Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter.
CVE-2024-5048Medium6.32024-05-17A vulnerability classified as critical was found in code-projects Budget Management 1.0.
CVE-2024-4973Medium6.32024-05-16A vulnerability classified as critical was found in code-projects Simple Chat System 1.0.
CVE-2024-4972Medium6.32024-05-16A vulnerability classified as critical has been found in code-projects Simple Chat System 1.0.
CVE-2024-34954Medium6.12024-05-15Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter.
CVE-2024-4975Low3.52024-05-16A vulnerability, which was classified as problematic, has been found in code-projects Simple Chat System 1.0.
CVE-2024-4974Low3.52024-05-16A vulnerability, which was classified as problematic, was found in code-projects Simple Chat System 1.0.
CVESeverityCVSSKEVPublishedSummary
CVE-2024-4965Medium6.32024-05-16** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical.
CVE-2024-4964Medium6.32024-05-16** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical.
CVE-2024-4963Medium6.32024-05-16** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C.
CVE-2024-4962Medium6.32024-05-16** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000-40 V31R02B1413C.
CVE-2024-4961Medium6.32024-05-16** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-7000-40 V31R02B1413C.
CVE-2024-4960Medium6.32024-05-16** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000-40 V31R02B1413C.
CVE-2024-4699Medium6.32024-05-14** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230922.

Dell · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22429High7.52024-05-17Dell BIOS contains an Improper Input Validation vulnerability.
CVE-2024-25967Medium6.72024-05-14Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability.
CVE-2024-25970Medium6.52024-05-14Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerability.
CVE-2024-25969Medium6.22024-05-14Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability.
CVE-2024-25965Medium6.12024-05-14Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability.
CVE-2024-25968Medium5.92024-05-14Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability.
CVE-2024-25966Medium5.32024-05-14Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability.

Progress · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4202High7.72024-05-15In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.
CVE-2024-4200High7.72024-05-15In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
CVE-2024-3892High7.22024-05-15A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514.
CVE-2024-4357Medium6.52024-05-15An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing.
CVE-2024-4562Medium5.42024-05-14In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality.  Due to the lack of proper authorization, any authenticated user can access the HTT…
CVE-2024-4837Medium5.32024-05-15In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability.
CVE-2024-4561Medium4.22024-05-14In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server.

Wpdeveloper · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41955High8.82024-05-17Improper Privilege Management vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.This issue affects Essential Addons for Elementor: from n/a through 5.8.8.
CVE-2024-32717Medium6.52024-05-14Missing Authorization vulnerability in WPDeveloper SchedulePress.This issue affects SchedulePress: from n/a through 5.0.8.
CVE-2024-4624Medium6.42024-05-14The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugins for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_ext_toc_title_tag’ parameter in versions up to, and includ…
CVE-2024-4449Medium6.42024-05-14The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content…
CVE-2024-4448Medium6.42024-05-14The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color Header', 'Event Calendar', & 'Advanced Data…
CVE-2024-4316Medium6.42024-05-14The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versi…
CVE-2024-4275Medium6.42024-05-14The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Interactive Circle widget in all versions up to, and inc…

Brainstorm Force · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51398High8.82024-05-17Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14.
CVE-2023-50890High8.82024-05-17Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20.
CVE-2024-3828High8.82024-05-14The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5.
CVE-2024-4838High7.52024-05-16The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode.
CVE-2023-46205High7.12024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Ultimate Addons for WPBakery Page…
CVE-2023-51401Medium6.32024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from…

Gitlab · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2651Medium6.52024-05-14An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2.
CVE-2024-2454Medium6.52024-05-14An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2.
CVE-2023-6688Medium6.52024-05-14An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2.
CVE-2023-6682Medium6.52024-05-14An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2.
CVE-2024-4597Medium5.72024-05-14An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2.
CVE-2024-4539Medium4.32024-05-14An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could le…

Themeum · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4223Critical9.82024-05-16The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0.
CVE-2024-4352High8.82024-05-16The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function.
CVE-2024-4351High8.82024-05-16The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0.
CVE-2024-4318High8.82024-05-16The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient prepara…
CVE-2024-4222High7.32024-05-16The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0.
CVE-2024-4279Medium6.52024-05-16The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to…

Thimpress · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4434Critical9.82024-05-14The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack…
CVE-2024-4397High8.82024-05-14The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5.
CVE-2024-34415Medium6.52024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Thim Elementor Kit allows Stored XSS.This issue affects Thim Elementor Kit: from n/a through 1.1.8.
CVE-2024-4329Medium6.42024-05-14The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping.
CVE-2024-4277Medium6.42024-05-14The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escapin…
CVE-2024-4444Medium5.32024-05-14The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5.

Adobe · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30307High7.82024-05-16Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30274High7.82024-05-16Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-30309Medium5.52024-05-16Substance3D - Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-30308Medium5.52024-05-16Substance3D - Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-30281Medium5.52024-05-16Substance3D - Designer versions 13.1.1 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVESeverityCVSSKEVPublishedSummary
CVE-2024-34950High7.52024-05-14D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module.
CVE-2024-33774Medium6.52024-05-14A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage."
CVE-2024-33773Medium6.52024-05-14A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanGuestSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage."
CVE-2024-33771Medium6.52024-05-14A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage."
CVE-2024-33772Medium5.72024-05-14A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "curTime."

Phoenix Contact · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28137High7.82024-05-14A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability.
CVE-2024-28136High7.82024-05-14A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service.
CVE-2024-28133High7.82024-05-14A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges.
CVE-2024-28134High7.02024-05-14An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information.
CVE-2024-28135Medium5.02024-05-14A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation.

Red Hat · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3727High8.32024-05-14A flaw was found in the github.com/containers/image library.
CVE-2024-4871Medium6.82024-05-14A vulnerability was found in Satellite.
CVE-2024-5042Medium6.62024-05-17A flaw was found in the Submariner project.
CVE-2024-4840Medium5.52024-05-14An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment.
CVE-2024-4693Medium5.52024-05-14A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c).

Brainstormforce · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4634Medium6.42024-05-16The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escapi…
CVE-2024-4630Medium6.42024-05-14The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 4.2.0 due to insufficient in…
CVE-2024-2619Medium5.02024-05-16The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping.
CVE-2024-1467Medium4.32024-05-14The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request().

Jetbrains · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35299Medium5.92024-05-16In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
CVE-2024-35301Medium5.52024-05-16In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
CVE-2024-35302Medium5.42024-05-16In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible
CVE-2024-35300Low3.52024-05-16In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible

Kadencewp · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4208Medium6.42024-05-15The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to in…
CVE-2024-4481Medium6.42024-05-14The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitizatio…
CVE-2024-4209Medium6.42024-05-14The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitizatio…
CVE-2024-3189Medium5.42024-05-15The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advance…

Mndpsingh287 · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3643High8.82024-05-16The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack
CVE-2024-3642Medium6.92024-05-16The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack
CVE-2024-3641Medium6.12024-05-16The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins
CVE-2024-3644Medium4.82024-05-16The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili…

Nozomi Networks · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5938High8.02024-05-15Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks.
CVE-2023-5936High7.82024-05-15On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges.
CVE-2023-5935High7.42024-05-15When configuring Arc (e.g.
CVE-2023-5937Low3.82024-05-15On Windows systems, the Arc configuration files resulted to be world-readable.

P-themes · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3806Critical9.82024-05-14The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function.
CVE-2024-3809High8.82024-05-14The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshow_type' post meta.
CVE-2024-3808High8.82024-05-14The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'porto_portfolios' shortcode 'portfolio_layout' attribute.
CVE-2024-3807High8.82024-05-14The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'porto_page_header_shortcode_type', 'slideshow_type' and 'post_layout' post meta.

Phpgurukul · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5065High7.32024-05-17A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1.
CVE-2024-5064High7.32024-05-17A vulnerability was found in PHPGurukul Online Course Registration System 3.1.
CVE-2024-5063High7.32024-05-17A vulnerability was found in PHPGurukul Online Course Registration System 3.1.
CVE-2024-5066Medium6.32024-05-17A vulnerability classified as critical was found in PHPGurukul Online Course Registration System 3.1.

Ruijie · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4816Medium6.32024-05-14A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240506.
CVE-2024-4815Medium6.32024-05-14A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240506.
CVE-2024-4814Medium6.32024-05-14A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240506.
CVE-2024-4813Medium6.32024-05-14A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240506.

Tenable · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3292High8.22024-05-17A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host.
CVE-2024-3290High8.22024-05-17A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host
CVE-2024-3291High7.82024-05-17When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories.
CVE-2024-3289High7.82024-05-17When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories.

Typo3 · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34357Medium5.42024-05-14TYPO3 is an enterprise content management system.
CVE-2024-34356Medium5.42024-05-14TYPO3 is an enterprise content management system.
CVE-2024-34358Medium5.32024-05-14TYPO3 is an enterprise content management system.
CVE-2024-34355Low3.52024-05-14TYPO3 is an enterprise content management system.

Ansanwan · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4992Critical9.82024-05-16Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php parameter in nim.
CVE-2024-4991Critical9.82024-05-16Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php parameter in nama_lengkap.
CVE-2024-4993Medium6.32024-05-16Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php query parameter.

Arox · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4824Critical9.82024-05-14Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc.
CVE-2024-4823Medium6.52024-05-14Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/office_admin/' in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and dc2.
CVE-2024-4822Medium6.52024-05-14Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'.

Averta · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-39163High8.62024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Shop allows PHP Local File Inclusion.This issue affects Phlox Shop: from n/a through 2.0.0.
CVE-2023-38399High8.62024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Portfolio allows PHP Local File Inclusion.This issue affects Phlox Portfolio: from n/a through 2.3.1.
CVE-2023-37888High7.62024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Ph…

Cemi Tomasz Pawełek · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4423High7.22024-05-14The access control in CemiPark software does not properly validate user-entered data, which allows the authentication bypass.
CVE-2024-4424Medium6.12024-05-14The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting (XSS) attack.
CVE-2024-4425Medium5.42024-05-14The access control in CemiPark software stores integration (e.g.

Codepeople · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32720Medium5.32024-05-17Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Appointment Hour Booking allows Removing Important Client Functionality.This issue affects Appointment Hour Booking: from n/a through 1.4.56.
CVE-2024-24874Medium5.32024-05-17Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CodePeople CP Polls allows Code Injection.This issue affects CP Polls: from n/a through 1.0.71.
CVE-2024-24873Medium5.32024-05-17: Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71.

Crm Perks · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34756Medium4.32024-05-17Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 HubSpot.This issue affects Integration for Contact Form 7 HubSpot: from n/a through 1.3.1.
CVE-2024-34755Medium4.32024-05-17Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through 1.3.9.
CVE-2024-34817Medium4.32024-05-14Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: fr…

Dachande663 · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3630Medium5.42024-05-15The HL Twitter WordPress plugin through 2014.1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili…
CVE-2024-3631Medium4.32024-05-15The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack
CVE-2024-3629Low2.42024-05-15The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Dedecms · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34245Medium6.52024-05-14An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php.
CVE-2024-34959Medium5.52024-05-17DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php.
CVE-2024-4790Medium4.32024-05-14A vulnerability classified as problematic has been found in DedeCMS 5.7.114.

Devitemsllc · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3990Medium6.42024-05-14The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip & Popover Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output es…
CVE-2024-3989Medium6.42024-05-14The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and ou…
CVE-2023-6327Medium5.32024-05-14The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7.

Digisol · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2257Critical9.12024-05-14This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to improper implementation of password policies.
CVE-2024-4231Medium4.62024-05-14This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to presence of root terminal access on a serial interface without proper access control.
CVE-2024-4232Medium4.12024-05-14This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ database.

Goprayer · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3406High8.82024-05-15The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-3405High7.62024-05-15The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-3407Medium5.32024-05-15The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Kioware · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3459High8.42024-05-14KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer.
CVE-2024-3460High7.42024-05-14In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs.
CVE-2024-3461Medium6.22024-05-14KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.

Mantisbt · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34077High7.32024-05-14MantisBT (Mantis Bug Tracker) is an open source issue tracker.
CVE-2024-34081Medium6.62024-05-14MantisBT (Mantis Bug Tracker) is an open source issue tracker.
CVE-2024-34080Medium5.32024-05-14MantisBT (Mantis Bug Tracker) is an open source issue tracker.

Mranderson · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3824Medium5.52024-05-15The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
CVE-2024-3822Medium4.82024-05-15The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as…
CVE-2024-3823Low2.42024-05-15The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via…

Nocodb · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49781High7.32024-05-14NocoDB is software for building databases as spreadsheets.
CVE-2023-50718Medium6.52024-05-14NocoDB is software for building databases as spreadsheets.
CVE-2023-50717Medium5.72024-05-14NocoDB is software for building databases as spreadsheets.

Posimyth · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47178High8.62024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: fro…
CVE-2024-2785Medium6.42024-05-14The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supp…
CVE-2024-0445Medium6.42024-05-14The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's element attributes in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping.

Sailpoint · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3319Critical9.12024-05-15An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which co…
CVE-2024-3317Medium6.52024-05-15An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants.
CVE-2024-3318Medium4.22024-05-15A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the u…

Sap · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28165High8.12024-05-14SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application
CVE-2024-34687Medium6.52024-05-14SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2024-33004Medium4.32024-05-14SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out.

Simple-membership-plugin · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41956High8.82024-05-17Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4.
CVE-2023-41957High8.62024-05-17Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4.
CVE-2024-4383Medium6.42024-05-14The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization an…

Unitecms · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3055High8.82024-05-14The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.102 due to insufficient escaping on the…
CVE-2024-2662High7.22024-05-14The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102.
CVE-2024-3547Medium6.12024-05-14The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google_connect_error' parameter in all versions up to, and including, 1.5.102 due to insuf…

Unknown · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2441High8.12024-05-14The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel…
CVE-2024-2749Medium5.92024-05-14The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthoriz…
CVE-2024-3239Medium5.42024-05-14The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users wit…

8theme · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33552Critical9.82024-05-17Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8.
CVE-2024-33556High8.22024-05-17Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8.

Abb · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1913High7.62024-05-14An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code.  The vulnerability could potentially be exploited to perform unauthorized actio…
CVE-2024-1914Medium6.52024-05-14An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible.

Andy_moyle · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31281Medium6.32024-05-17Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.6.
CVE-2024-34828Medium4.32024-05-14Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.32.

Apache · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34365Critical9.12024-05-14** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave.
CVE-2024-32077Medium5.42024-05-14Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.  Users are recommended to upgrade to version 2.9.1, which fixes this issue.

Aresit · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4445Medium6.52024-05-14The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01.
CVE-2023-6812Medium4.32024-05-14The WP Compress – Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01.

Artbees · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32110High7.62024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in artbees JupiterX allows PHP Local File Inclusion.This issue affects JupiterX: from n/a through 3.0.0.
CVE-2024-30509Medium6.52024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Artbees SellKit allows Relative Path Traversal.This issue affects SellKit: from n/a through 1.8.1.

Automattic · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4392Medium6.42024-05-14The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpvideo shortcode in all versions up to, and including, 13.3.1 due to insufficient input sanitization and…
CVE-2024-34549Medium5.32024-05-14Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.2.2.

Bdthemes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4339Medium6.42024-05-14The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to in…
CVE-2024-4606Medium5.42024-05-14Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.3.

Beaverbuilder · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4430Medium6.42024-05-14The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the photo widget crop attribute in all versions up to, and including, 2.8.1.2 due to insufficient input sanitization and outp…
CVE-2024-3923Medium6.42024-05-14The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_target parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output esc…

Boldgrid · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24869High7.52024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8.
CVE-2024-4400Medium6.42024-05-16The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization…

Bozdoz · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3940High8.82024-05-14The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-3941Medium4.72024-05-14The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.

Carazo · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4734Medium4.42024-05-15The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping.
CVE-2024-4656Medium4.42024-05-15The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping.

Claris · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27790High7.52024-05-14Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server.
CVE-2023-42955Medium4.92024-05-14Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role.

Codezips · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5049Medium6.32024-05-17A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0.
CVE-2024-4923Medium6.32024-05-16A vulnerability has been found in Codezips E-Commerce Site 1.0 and classified as critical.

Creativethemes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4487Medium6.42024-05-14The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping.
CVE-2024-4158Medium6.42024-05-14The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping.

Crocoblock · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48757High8.82024-05-17Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4.
CVE-2023-37866High7.22024-05-17Improper Privilege Management vulnerability in Crocoblock JetFormBuilder allows Privilege Escalation.This issue affects JetFormBuilder: from n/a through 3.0.8.

Directus · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34709Medium5.42024-05-14Directus is a real-time API and App dashboard for managing SQL database content.
CVE-2024-34708Medium4.92024-05-14Directus is a real-time API and App dashboard for managing SQL database content.

Dmitry V. (Ceo Of "Ukr Solution") · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34556Medium5.32024-05-14Insertion of Sensitive Information Into Sent Data vulnerability in Dmitry V.
CVE-2024-34557Medium4.32024-05-14Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V.

Easy Digital Downloads · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32100Medium5.32024-05-14Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.
CVE-2024-31113Medium4.32024-05-14Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.

Elementor · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24934High8.52024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a t…
CVE-2024-4107Medium6.42024-05-14The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization…

Emlog · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5043Medium4.72024-05-17A vulnerability was found in Emlog Pro 2.3.4 and classified as critical.
CVE-2024-5044Low3.72024-05-17A vulnerability was found in Emlog Pro 2.3.4.

Envothemes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35167Medium6.52024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets…
CVE-2024-4385Medium6.42024-05-16The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping.

Eprosima · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30259High8.22024-05-14FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group).
CVE-2024-30258High8.22024-05-14FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group).

Favethemes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-26540Critical9.82024-05-17Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1.
CVE-2023-26009Critical9.82024-05-17Improper Privilege Management vulnerability in Favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3.

Freescout · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34697High7.62024-05-14FreeScout is a free, self-hosted help desk and shared mailbox.
CVE-2024-34698Medium4.62024-05-14FreeScout is a free, self-hosted help desk and shared mailbox.

Giuliopanda · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4104Medium6.12024-05-14The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dbp_id' parameter in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escapin…
CVE-2024-4103Medium4.32024-05-14The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0.

Google · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7258Medium4.82024-05-15A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox.
CVE-2024-4766Medium4.32024-05-14Different techniques existed to obscure the fullscreen notification in Firefox for Android.

Hcl Software · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23576High7.12024-05-14Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.
CVE-2023-37526Medium6.52024-05-14HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability.

Imartinez · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3403High7.52024-05-16imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem.
CVE-2024-3851Medium5.42024-05-16A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads.

Insyde · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25079High7.42024-05-15A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating pr…
CVE-2024-25078High7.42024-05-15A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and k…

Ithemelandco · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4204Medium4.32024-05-16The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3.
CVE-2024-4199Medium4.32024-05-15The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3.

Ivanweb · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3580Medium6.12024-05-17The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability…
CVE-2024-3231Medium6.12024-05-17The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.

Jonschlinkert · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4068High7.52024-05-14The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion.
CVE-2024-4067Medium5.32024-05-14The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS).

Kognetiks · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32700Critical10.02024-05-14Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0.
CVE-2024-4560Critical9.82024-05-14The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function in all versions up to, and including, 1.9.9.

Leevio · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4391Medium6.42024-05-16The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping…
CVE-2024-4478Medium6.42024-05-16The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on us…

Lfprojects · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3848High7.52024-05-16A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909.
CVE-2024-4263Medium5.42024-05-16A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts.

Litonice13 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3134Medium6.42024-05-16The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all versions up to, and including, 2.0.6.0…
CVE-2024-4580Medium6.42024-05-16The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0.6.0 due to insuffi…

Mayurik · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5051Medium6.32024-05-17A vulnerability has been found in SourceCodester Gas Agency Management System 1.0 and classified as critical.
CVE-2024-4945Medium4.32024-05-16A vulnerability was found in SourceCodester Best Courier Management System 1.0.

Metagauss · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-33321Medium5.32024-05-17Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6.
CVE-2024-32774Medium4.32024-05-17Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.This issue affects ProfileGrid : from n/a through 5.8.2.

Monetizemore · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2290High7.22024-05-14The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the 'placement_slug' parameter.
CVE-2024-3952Medium6.42024-05-14The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Ad widget in all versions up to, and including, 1.52.1 due to insufficient input sanitization and output escaping on…

Mongodb · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3372High7.52024-05-14Improper validation of certain metadata input may result in the server not correctly serialising BSON.
CVE-2024-3374Medium5.32024-05-14An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes.

Netflix · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4701Critical9.92024-05-14A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18
CVE-2024-50232024-05-16Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0.

Owletcare · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6324High8.12024-05-15ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity
CVE-2023-6323Medium4.32024-05-15ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server.

Pluginus · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32680High8.82024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malici…
CVE-2024-34434Medium6.52024-05-17Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.2.

Prestashop · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34716Critical9.62024-05-14PrestaShop is an open source e-commerce web application.
CVE-2024-34717Medium5.32024-05-14PrestaShop is an open source e-commerce web application.

Proofpoint · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3676High7.52024-05-14The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption…
CVE-2024-0862Medium5.02024-05-14The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network ad…

Rankmath · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4617Medium6.42024-05-16The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping.
CVE-2024-4335Medium6.42024-05-14The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textAlign’ parameter in versions up to, and including, 1.0.217 due to insufficient input sanitization and output escaping.

Redbitcz · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1229Medium5.32024-05-14The SimpleShop plugin for WordPress is vulnerable to unauthorized disconnection from SimpleShop due to a missing capability check on the maybe_disconnect_simpleshop function in all versions up to, and including, 2.10.2.
CVE-2024-1230Medium4.32024-05-14The SimpleShop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.0.

Rems · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4967Medium6.32024-05-16A vulnerability was found in SourceCodester Interactive Map with Marker 1.0.
CVE-2024-4968Low3.52024-05-16A vulnerability was found in SourceCodester Interactive Map with Marker 1.0.

Rockwell Automation · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4609Critical9.82024-05-16A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials wer…
CVE-2024-36402024-05-16An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited.

Royal-elementor-addons · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3887Medium5.42024-05-16The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping…
CVE-2024-32786Medium5.32024-05-17Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through 1.3.93.

Samsung Open Source · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32672Medium5.32024-05-14A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input.
CVE-2024-32669Medium5.32024-05-14Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers.

Shaonsina · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4373Medium6.42024-05-15The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer…
CVE-2024-4333Medium6.42024-05-14The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in version…

Shortpixel · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35172Medium4.42024-05-14Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.3.
CVE-2024-4689Medium4.32024-05-14Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.3.

Sizam Design · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31231Critical9.02024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1.
CVE-2024-31232High8.02024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1.

Skt Themes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34445Medium6.52024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 1.8.
CVE-2024-34436Medium6.52024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 1.8.

Smartypantsplugins · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3749Medium6.52024-05-15The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user
CVE-2024-3748Medium6.52024-05-15The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user

Solarwinds · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28075Critical9.02024-05-14The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability.
CVE-2024-23473High8.62024-05-14The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability.

Stalwartlabs · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35187Critical9.12024-05-16Stalwart Mail Server is an open-source mail server.
CVE-2024-35179Medium6.82024-05-15Stalwart Mail Server is an open-source mail server.

Stylemixthemes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-37385High7.32024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through 6.5.6.
CVE-2024-4789Medium6.42024-05-17Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the send_demo_webhook() function.

Supsystic · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-46197Medium5.32024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19.
CVE-2024-32790Medium4.32024-05-17Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Supsystic Pricing Table by Supsystic allows Code Injection.This issue affects Pricing Table by Supsystic: from n/a through 1.9.12.

Swift Ideas · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3916Medium6.42024-05-14The Swift Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 2.7.31 due to insufficient input sanitization and output escaping on user su…
CVE-2024-3915Medium5.32024-05-14The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sf_edit_directory_item() function in all versions up to, and including, 2.7.31.

Themeisle · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3750High8.82024-05-16The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and inclu…
CVE-2024-4635Medium6.42024-05-16The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_mime_type’ function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping.

Themelooks · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3831Medium6.42024-05-14The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and outp…
CVE-2024-3680Medium6.42024-05-14The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input san…

Themify · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-46145High8.82024-05-17Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5.
CVE-2024-4567Medium6.42024-05-14The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on us…

Trellix · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4844High7.52024-05-16Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing…
CVE-2024-4843Medium4.32024-05-16ePO doesn't allow a regular privileged user to delete tasks or assignments.

Vercel · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34351High7.52024-05-14Next.js is a React framework that can provide building blocks to create web applications.
CVE-2024-34350High7.52024-05-14Next.js is a React framework that can provide building blocks to create web applications.

Visualmodo · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34757Medium6.52024-05-17Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualmodo Borderless borderless allows DOM-Based XSS.This issue affects Borderless: from n/a through <= 1.7.3.
CVE-2024-4666Medium6.42024-05-14The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient inpu…

Webtoffee · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51546High7.22024-05-17Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and…
CVE-2024-34751Medium4.42024-05-16Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.9.

Wp Automatic · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27954Critical9.32024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.
CVE-2024-27955High8.82024-05-17Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0.

Wpkube · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4144Medium6.52024-05-14The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502.
CVE-2024-4150Medium6.12024-05-14The Simple Basic Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘scf_email’ parameter in versions up to, and including, 20221201 due to insufficient input sanitization and output escaping.

Wpmu Dev · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25595Medium5.32024-05-17Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1.
CVE-2022-44581Medium5.02024-05-17Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2.

Yoast · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4984Medium6.42024-05-16The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping.
CVE-2024-4041Medium6.12024-05-14The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping.

Zoom · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27244Medium6.72024-05-15Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2024-27243Medium6.52024-05-15Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access.

10web · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34437Medium5.92024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.24.

1panel-dev · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34352Medium6.52024-05-141Panel is an open source Linux server operation and maintenance management panel.

Aa-team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33549High8.82024-05-17Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10.

Abdul Hakeem · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51479High8.82024-05-17Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.

Abetlen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34359Critical9.62024-05-14llama-cpp-python is the Python bindings for llama.cpp.

Academy Lms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35171Medium5.32024-05-14Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25.

Adam Dehaven · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33951Medium6.52024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam DeHaven Perfect Pullquotes allows Stored XSS.This issue affects Perfect Pullquotes: from n/a through 1.7.5.

Agentejo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4825Critical9.82024-05-14A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request.

Aidin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34749Medium6.12024-05-14Phormer prior to version 3.35 contains a cross-site scripting vulnerability.

Aleksei Polechin (Alek´) · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33950Medium5.92024-05-14Administrator Cross Site Scripting (XSS) in Archives Calendar Widget <= 1.0.15 versions.

Alexacrm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34550Medium5.32024-05-14Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17.

All_bootstrap_blocks · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35169Medium5.92024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in all_bootstrap_blocks All Bootstrap Blocks all-bootstrap-blocks.This issue affects All Bootstrap Blocks: from n/a through <= 1.3.15.

Alpitronic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-46222024-05-15If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication.

Alttextai · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4847High8.82024-05-15The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to generic SQL Injection via the ‘last_post_id’ parameter in all versions up to, and including, 1.4.9 due to insufficient…

Ant Media · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3462Medium5.42024-05-14Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users.  All versions up to 2…

Apache Friends · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5055High7.52024-05-17Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier.

Apppresser · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32776Medium6.52024-05-14Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.

Appscreo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31300High8.52024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appscreo Easy Social Share Buttons allows PHP Local File Inclusion.This issue affects Easy Social Share Buttons: from n/a through 9.4.

Argoproj · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32476Medium6.52024-05-14Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

Asaancart · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4826Critical9.82024-05-16SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9.

Asterisk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35190Medium5.82024-05-17Asterisk is an open source private branch exchange and telephony toolkit.

Astoundify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32511Critical9.82024-05-17Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through 1.5.6.

Atanas Yonkov · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33954Medium6.52024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atanas Yonkov Pliska allows Stored XSS.This issue affects Pliska: from n/a through 0.3.5.

Athemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4473Medium6.42024-05-14The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied…

Avimegladon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4546Medium6.42024-05-16The Custom Post Type Attachment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pdf_attachment' shortcode in all versions up to, and including, 3.4.5 due to insufficient input sanitization and output esc…

Aws · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32888Critical10.02024-05-15The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions.

B&r Industrial Automation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2637High7.22024-05-14An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automatio…

Bellard · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33263Medium4.02024-05-14QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c.

Benaceur-php · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3634Medium4.82024-05-15The month name translation benaceur WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter…

Benoti · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34426Medium5.92024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benoti Brozzme Scroll Top allows Stored XSS.This issue affects Brozzme Scroll Top: from n/a through 1.8.5.

Bestwebsoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31295Medium5.32024-05-17Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft allows Functionality Bypass.This issue affects Captcha by BestWebSoft: from n/a through 5.2.0.

Betteraddons · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34432Medium6.52024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BetterAddons Better Elementor Addons better-elementor-addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a throu…

Bill Minozzi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4214Low2.72024-05-17Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Bill Minozzi Car Dealer allows Code Injection.This issue affects Car Dealer: from n/a through 4.15.

Blakeblackshear · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32874Medium6.82024-05-14Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras.

Blocksera · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1166Medium6.42024-05-14The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hover Effects Widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and…

Booking Ultra Pro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32960High8.82024-05-17Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12.

Bootstrapped Ventures · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34441Medium6.52024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bootstrapped Ventures Easy Affiliate Links allows Stored XSS.This issue affects Easy Affiliate Links: from n/a through 3.7.2.

Bplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4398Medium6.42024-05-14The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and o…

Br-automation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2021-22280High7.22024-05-14Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product.

Breakdance · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4605High8.82024-05-14The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data.

Brizy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34814Medium5.42024-05-14Cross-Site Request Forgery (CSRF) vulnerability in Unyson Unyson unyson.This issue affects Unyson: from n/a through <= 2.7.29.

Buddypress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3974Medium6.42024-05-14The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping.

Byzoro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4904Medium6.32024-05-15A vulnerability was found in Byzoro Smart S200 Management Platform up to 20240507.

Carmelo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28279High7.32024-05-14Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=.

Cea-hpc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34713Low3.52024-05-14sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH.

Cerberus Ftp Enterprise · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5052High7.52024-05-17Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration.

Cloudwise · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34905High7.52024-05-16FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page.

Codebard · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34807Medium4.32024-05-17Cross-Site Request Forgery (CSRF) vulnerability in CodeBard Fast Custom Social Share by CodeBard fast-custom-social-share-by-codebard.This issue affects Fast Custom Social Share by CodeBard: from n/a through <= 1.1.2.

Codename065 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33938Medium6.52024-05-14Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).This issue affects Sliding Widgets: from n/a through 1.5.0.

Coderevolution · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31290Critical9.82024-05-17Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1.

Contemporary Control System · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4791High7.52024-05-14A vulnerability classified as critical was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2.

Copymatic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31351Critical10.02024-05-17Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6.

Cozmoslabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31341Medium5.32024-05-17Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows Functionality Bypass.This issue affects Profile Builder: from n/a through 3.11.2.

Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34827Medium4.32024-05-14Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban TranslatePress.This issue affects TranslatePress: from n/a through 2.7.5.

Creative Motion · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34806Medium4.32024-05-17Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1.

Criticalmoments · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34354Medium6.52024-05-14CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase.

Croixhaug · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4288Medium6.42024-05-16The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input…

Crushftp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22910Medium6.12024-05-14Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10.5.5 allows an attacker to execute arbitrary code via a crafted payload.

Custom_field_suite_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3068Medium4.42024-05-14The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfs[fields][*][name]' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping.

Cyclonedx · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34345High8.12024-05-14The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript.

Daext · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4312Medium4.32024-05-14The Soccer Engine – Soccer Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.

Darren Cooney · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33569High7.22024-05-17Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0.

Dassault Systèmes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5597Medium5.42024-05-17A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code.

Dataease · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31441High7.52024-05-14DataEase is an open source data visualization analysis tool.

Davidanderson · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4193Medium6.42024-05-14The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user…

Detheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34575Medium6.52024-05-17Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.2.

Devolutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5072Medium6.52024-05-17Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted requ…

Digiwin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4893Critical9.82024-05-15DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands.

Divspot · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34439Medium4.32024-05-14Cross-Site Request Forgery (CSRF) vulnerability in divSpot DS Site Message.This issue affects DS Site Message: from n/a through 1.14.4.

Donbermoy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4946Medium6.32024-05-16A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0.

Dootask · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34906Medium5.42024-05-15An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file.

Dotcamp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3241Medium5.42024-05-14The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to p…

Dotmesh-io · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2020-26312High8.12024-05-14Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states.

Elegant Themes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4490Medium6.42024-05-14The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient input san…

Enterprisedb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4545High7.72024-05-14All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files.

Eric Alli · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33942Medium4.32024-05-14Missing Authorization vulnerability in Eric Alli Google Typography.This issue affects Google Typography: from n/a through 1.1.2.

Es · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-26306Medium5.92024-05-14iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations.

Espressif · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33454Medium6.52024-05-14Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the Bluetooth stack component.

Everpress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32523High8.12024-05-17Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.6.

Exclusiveaddons · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4618Medium6.42024-05-15The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on use…

Extend Themes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34809Medium4.32024-05-17Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21.

Extremenetworks · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2020-18305High8.02024-05-14Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.

Felix Moira · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32800Medium6.52024-05-17Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Felix Moira Popup More Popups allows Stored XSS.This issue affects Popup More Popups: from n/a through 2.3.1.

Filipe Seabra · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22139Low3.72024-05-17Authentication Bypass by Spoofing vulnerability in Filipe Seabra WordPress Manutenção allows Functionality Bypass.This issue affects WordPress Manutenção: from n/a through 1.0.6.

Flothemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35174Medium5.32024-05-17Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42.

Fluxcd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31216Medium5.12024-05-15The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets.

Fmeaddons · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-45070Medium5.32024-05-17Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3.

Frappe · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34074Medium6.12024-05-14Frappe is a full-stack web application framework.

Froxlor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34070Critical9.62024-05-14Froxlor is open source server administration software.

Gaizhenbiao · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4321High7.52024-05-16A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history.

German Mesky · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23872Medium4.92024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in German Mesky GMAce allows Path Traversal.This issue affects GMAce: from n/a through 1.5.2.

Getgrav · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34082High8.52024-05-15Grav is a file-based Web platform.

Getshortcodes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3548Medium6.12024-05-15The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privi…

Ghost Foundation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34559High7.52024-05-14Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0.

Ghozylab, Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34567Medium6.52024-05-17Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc.

Git · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32002Critical9.02024-05-14Git is a revision control system.

Givewp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41665High8.82024-05-17Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0.

Glowlogix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51483Critical9.82024-05-17Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1.

Gocd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28866Low3.12024-05-14GoCD is a continuous delivery server.

Guido · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30540Medium5.32024-05-17Guessable CAPTCHA vulnerability in Guido VS Contact Form allows Functionality Bypass.This issue affects VS Contact Form: from n/a through 14.7.

Gutenify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35165Medium5.32024-05-14Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gutenify.This issue affects Gutenify: from n/a through 1.4.0.

Gvectors · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47868High7.32024-05-17Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3.

Gztimewalker · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34699Medium6.52024-05-14GZ::CTF is a capture the flag platform.

Hamid Alinia · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32507High8.82024-05-17Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.7.16.

Harknell · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34428Medium5.92024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harknell AWSOM News Announcement allows Stored XSS.This issue affects AWSOM News Announcement: from n/a through 1.6.0.

Hasthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-37999Critical9.82024-05-17Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0.

Helderk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32708Low3.72024-05-17Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode allows Functionality Bypass.This issue affects Maintenance Mode: from n/a through 3.0.1.

Hidden Depth · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35170Medium5.92024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidden Depth Sticky banner allows Stored XSS.This issue affects Sticky banner: from n/a through 1.2.0.

Highfivery Llc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32521Medium5.32024-05-17Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through 5.5.6.

Hoppscotch · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34714High7.62024-05-14The Hoppscotch Browser Extension is a browser extension for Hoppscotch, a community-driven end-to-end open-source API development ecosystem.

Hp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27460Medium6.72024-05-14A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below.

Htmly · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34191Medium6.52024-05-14htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php.

Huseyin Berberoglu · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34427Medium4.32024-05-14Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Favorite Posts.This issue affects WP Favorite Posts: from n/a through 1.6.8.

Icegram · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4010High8.82024-05-15The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to…

Ieplexus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34424Medium5.92024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iePlexus Featured Content Gallery allows Stored XSS.This issue affects Featured Content Gallery: from n/a through 3.2.0.

Imagely · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2744Medium4.32024-05-17The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Imran Sayed · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-34186Medium5.32024-05-17Missing Authorization vulnerability in Imran Sayed Headless CMS.This issue affects Headless CMS: from n/a through 2.0.3.

Instawp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22145High8.82024-05-17Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8.

Ioss · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51476Critical9.82024-05-17Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0.

Iqonicdesign · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4574Medium6.42024-05-14The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping on use…

Itpison · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4894Medium5.32024-05-15ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks.

J.n. Breetvelt A.k.a. Opajaap · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31377Critical10.02024-05-14Unrestricted Upload of File with Dangerous Type vulnerability in J.N.

Jetmonsters · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4413Critical9.82024-05-14The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input.

Jfrog · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2248Medium6.42024-05-15A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user…

Joblib_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34997High7.52024-05-17joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array().

Joomsky · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-25444Critical9.12024-05-17Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2…

Jordy Meow · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34440Critical9.12024-05-14Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63.

Joseph C Dolson · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23988High7.52024-05-17Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through 1.9.11.

Jottlieb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3070Critical9.82024-05-14The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie.

Jr King/eran Schoellhorn · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33550High8.82024-05-17Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0.

Jumpdemand Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32809Critical10.02024-05-17Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc.

Justin Silver · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-45652Medium6.52024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Justin Silver Remote Content Shortcode allows PHP Local File Inclusion.This issue affects Remote Content Shortcode: from n/a through 1.5.

Justin Tadlock · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33952Medium6.52024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Unique allows Stored XSS.This issue affects Unique: from n/a through 0.3.0.

Kabir-m-alhasan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5047High7.32024-05-17A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0.

Kiboko Labs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34823Medium4.32024-05-14Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter.This issue affects Arigato Autoresponder and Newsletter: from n/a through 2.7.2.3.

Kraftplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4702Medium6.42024-05-15The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attr…

Kubernetes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3744Medium6.52024-05-15A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens.

Kykms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34909Medium5.42024-05-15An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.

Lenderd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-45368High7.72024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75.

Lenovo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3286High7.52024-05-16A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request.

Levelfourstorefront · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4213Medium5.32024-05-14The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality.

Ligowave · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-49992024-05-16A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6…

Lionscripts · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30479Medium5.32024-05-17Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows Functionality Bypass.This issue affects IP Blocker Lite: from n/a through 11.1.1.

Lizardbyte · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31226Medium4.92024-05-16Sunshine is a self-hosted game stream host for Moonlight.

Llamaindex · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4181High8.82024-05-16A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs).

Lobehub · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32964Critical9.02024-05-14Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system.

Lws · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32297Critical9.02024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LWS LWS Affiliation allows PHP Local File Inclusion.This issue affects LWS Affiliation: from n/a through 2.2.6.

Lylme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34982Critical9.82024-05-17An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.

Mainwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23645Critical9.92024-05-17Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2.

Masteriyo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24882Critical9.82024-05-17Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2.

Matrix-org · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34353Medium5.52024-05-14The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust.

Matt Van Andel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33953Medium6.52024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt van Andel Adventure Journal allows Stored XSS.This issue affects Adventure Journal: from n/a through 1.7.2.

Matter-labs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34704Medium5.92024-05-14era-compiler-solidity is the ZKsync compiler for Solidity.

Metaphorcreations · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3954High8.82024-05-14The Ditty plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.1.38 via deserialization of untrusted input when adding a new ditty.

Microchip · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4760Medium6.32024-05-16A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is s…

Mihdan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4411Medium6.42024-05-14The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.6.5.1 due to insufficient input sanitization and output escaping on user…

Miniorange · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47683High8.02024-05-17Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter…

Miraheze · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34701Medium5.92024-05-14CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis.

Mmond · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3582Medium4.82024-05-14The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

Nalam-1 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2923Medium6.42024-05-14The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text effect widget in all versions up to, an…

Nathan Vonnahme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34419Medium5.92024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nathan Vonnahme Configure Login Timeout allows Stored XSS.This issue affects Configure Login Timeout: from n/a through 1.0.

Nautobot · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34707High7.52024-05-14Nautobot is a Network Source of Truth and Network Automation Platform.

Nec Platforms, Ltd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3016Critical9.12024-05-14NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated user.

Ni · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4044High7.82024-05-14A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution.

Nikhil-bhalerao · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4809Medium6.32024-05-14A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical.

Ninja Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35166Medium5.32024-05-14Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird.This issue affects Filebird: from n/a through 5.6.3.

Nko · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4363Medium6.42024-05-15The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output e…

Nota-info · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-26526High7.72024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1.

Npgsql · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32655High8.12024-05-14Npgsql is the .NET data provider for PostgreSQL.

Ocdi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34433Medium4.42024-05-14Deserialization of Untrusted Data vulnerability in OCDI One Click Demo Import.This issue affects One Click Demo Import: from n/a through 3.2.0.

Oceanicjs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34712Medium6.52024-05-14Oceanic is a NodeJS library for interfacing with Discord.

Oceanwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23700High7.62024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1.

Octo-sts · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34079Low3.72024-05-14octo-sts is a GitHub App that acts like a Security Token Service (STS) for the Github API.

Octoprint · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32977High7.12024-05-14OctoPrint provides a web interface for controlling consumer 3D printers.

Openssl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4603Medium5.32024-05-16Issue summary: Checking excessively long DSA keys or parameters may be very slow.

Opentext · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2021-22508High7.22024-05-17A potential vulnerability has been identified for OpenText Operations Bridge Reporter.

Optimole · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4636Medium6.42024-05-15The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient in…

Orchestrated · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34429Medium5.92024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data allows Stored XSS.This issue affects Corona Virus (COVID-19) Banner & Live Data…

Owlet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6321High7.22024-05-15A command injection vulnerability exists in the IOCTL that manages OTA updates.

Paperless-ngx · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35184Medium5.52024-05-15Paperless-ngx is a document management system that transforms physical documents into a searchable online archive.

Parisneo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4078Critical9.82024-05-16A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input.

Pdfcrowd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5971Medium4.82024-05-14The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltere…

Pencidesign · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3551Critical9.82024-05-17The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter.

Phil Baylog · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34425Medium5.92024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Baylog QuickieBar allows Stored XSS.This issue affects QuickieBar: from n/a through 1.8.4.

Phoenix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-35841High7.82024-05-14Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.

Phpbits · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34423Medium5.92024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpbits Forty Four – 404 Plugin for WordPress allows Stored XSS.This issue affects Forty Four – 404 Plugin for WordPress: from n/a throug…

Pippin Williamson · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30480Low3.72024-05-17Authentication Bypass by Spoofing vulnerability in Pippin Williamson CGC Maintenance Mode allows Functionality Bypass.This issue affects CGC Maintenance Mode: from n/a through 1.2.

Plainware · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4733High7.52024-05-16The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the `hc3_session`-cookie in versions up to, and including, 4.9.57.

Pluginops · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34752High7.12024-05-17Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.8.

Plugins360 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4670High8.82024-05-15The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode.

Podlove · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32712High7.52024-05-14Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14.

Powerdns · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25581High7.52024-05-14When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXF…

Powerfulwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51481Critical9.82024-05-17Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0.

Prasunsen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4314Medium4.32024-05-14The Hostel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5.3.

Premmerce · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27971High8.32024-05-17Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce woo-permalink-manager.This issue affects Premmerce Permalink Man…

Profilepress Membership Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41954High8.62024-05-17Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.

Propluginslab · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4038Medium6.52024-05-14The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1.

Propovoice · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4747High7.12024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Propovoice Propovoice CRM allows Stored XSS.This issue affects Propovoice CRM: from n/a through 1.7.6.2.

Pt-guy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4446Medium6.42024-05-14The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagingType’ parameter in all versions up to, and inclu…

Puneeth Reddy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3579Medium6.12024-05-14Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS).

Pure-chat · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3595Medium6.42024-05-14The Pure Chat – Live Chat Plugin & More!

Qode Interactive · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47679Medium6.42024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through 1.6.3.

Quanticalabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32692High8.22024-05-17Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a throug…

Qube One Ltd. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23990High7.62024-05-17Improper Privilege Management vulnerability in Qube One Ltd.

Radiustheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34812Medium5.32024-05-14Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 2.1.8.

Rafflepress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32827Medium5.32024-05-17Authentication Bypass by Spoofing vulnerability in RafflePress Giveaways and Contests allows Functionality Bypass.This issue affects Giveaways and Contests: from n/a through 1.12.7.

Rank Math · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-23888High7.62024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through 1.0.107.2.

Rashed Latif · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34430Medium5.92024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rashed Latif TT Custom Post Type Creator allows Stored XSS.This issue affects TT Custom Post Type Creator: from n/a through 1.0.

Ravanh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4441High8.12024-05-14The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the 'feed' parameter.

Razormist · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4920High7.32024-05-16A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0.

Rebelcode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4860Medium5.42024-05-14The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the  'notice_id'  GET parameter.

Repute Infosystems · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51356High8.82024-05-17Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.

Reviewx · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3609Medium4.32024-05-16The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and inclu…

Revmakx · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34816Medium5.42024-05-14Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8.

Roku · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6322High7.22024-05-15A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859.

Room 34 Creative Services, Llc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-46784High8.22024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Requ…

Roxnor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21746Medium5.32024-05-17Authentication Bypass by Spoofing vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Identity Spoofing.This issue affects Wp Ultimate Review: from n/a through <= 2.3.6.

Ruby · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35176Medium5.32024-05-16REXML is an XML toolkit for Ruby.

Saadiqbal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0437Medium4.32024-05-15The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API.

Saasproject Booking Package · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-37389High8.82024-05-17Improper Privilege Management vulnerability in SAASPROJECT Booking Package Booking Package allows Privilege Escalation.This issue affects Booking Package: from n/a through 1.5.98.

Sakuraisayeki · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34695Medium6.32024-05-14WOWS Karma is a reputation system for Wargaming's World of Warships.

Saleswonder Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51424Critical9.82024-05-17Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0.

Salon Booking System · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48319Medium6.82024-05-17Improper Privilege Management vulnerability in Salon Booking System Salon booking system allows Privilege Escalation.This issue affects Salon booking system: from n/a through 8.6.

Samuel Marshall · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34808Medium4.32024-05-16Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.2.0.

Sbouey · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4417Medium4.42024-05-14The Falang multilanguage for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.49 due to insufficient input sanitization and output escaping.

Sc0ttkclark · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3956Medium5.42024-05-14The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pod Form widget in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on…

Sinamjackson · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4966High7.32024-05-16A vulnerability was found in SourceCodester SchoolWebTech 1.0.

Sirv · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32959High8.82024-05-17Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2.

Smartypants · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1693Medium4.32024-05-14The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70.

Snow Software Ab · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4129High8.82024-05-14Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows a networked attacker to perform an Authentication Bypass if Active Directory Authentication is enabled.This issue affects Snow License Manager…

Solidus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4859Medium5.72024-05-14Solidus <= 4.3.4 is affected by a Stored Cross-Site Scripting vulnerability in the order tracking URL.

Sonatype · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4956High7.52024-05-16Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files.

Sourcecodester · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5046High7.32024-05-17A vulnerability was found in SourceCodester Online Examination System 1.0.

Spacemeshos · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34360High8.22024-05-14go-spacemesh is a Go implementation of the Spacemesh protocol full node.

Sparkle Wp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32129Medium4.32024-05-17Missing Authorization vulnerability in Sparkle WP Editorialmag editorialmag.This issue affects Editorialmag: from n/a through 1.1.9.

Spoonthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49753High7.52024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spoonthemes Adifier System allows PHP Local File Inclusion.This issue affects Adifier System: from n/a before 3.1.4.

Squelch · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4463Medium4.32024-05-14The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.7.

Stacklok · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35185Medium5.32024-05-16Minder is a software supply chain security platform.

Stefano Lissa & The Newsletter Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30522Medium5.32024-05-17Authentication Bypass by Spoofing vulnerability in Stefano Lissa & The Newsletter Team Newsletter allows Functionality Bypass.This issue affects Newsletter: from n/a through 8.2.0.

Stellar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32985Medium5.92024-05-14Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network.

Strategy11 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23522Medium5.32024-05-17Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7.

Strongswan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-4967High7.72024-05-14strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297).

Subnet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28042High8.42024-05-15SUBNET Solutions Inc.

Swiftideas · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2697Medium6.52024-05-17The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored…

Swte · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3722Medium5.42024-05-14The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18.

Sylius · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34349Medium4.82024-05-14Sylius is an open source eCommerce platform.

Synaptics · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5447Medium5.52024-05-14Missing lock check in SynHsaService may create a use-after-free condition which causes abnormal termination of the service, resulting in denial of service for the Synaptics Hardware Support App.

Talspotim · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34420Medium5.92024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in talspotim Comments Evolved for WordPress allows Stored XSS.This issue affects Comments Evolved for WordPress: from n/a through 1.6.3.

Tech9logy Creators · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34418Medium5.92024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tech9logy Creators WPCS ( WordPress Custom Search ) allows Stored XSS.This issue affects WPCS ( WordPress Custom Search ): from n/a throu…

Technologicx · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3903High7.12024-05-14The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via…

Teplitsa Of Social Technologies · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-33327High8.82024-05-14Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2.

Tg123 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35175Medium5.32024-05-14sshpiper is a reverse proxy for sshd.

The Events Calendar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24715Medium6.52024-05-17Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0.

Theme Freesia · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33955Medium6.52024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Freesia Empire allows Stored XSS.This issue affects Freesia Empire: from n/a through 1.4.1.

Themekraft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32830High8.62024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8.

Themelocation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33956Medium4.32024-05-14Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0.

Themeqx · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3590Medium6.12024-05-14The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers

Thomas Scholl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34411Critical9.92024-05-14Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.This issue affects canvasio3D Light: from n/a through 2.5.0.

Thrive Themes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47782High8.82024-05-17Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0.

Tibco · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3182Medium6.52024-05-15Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service (EMS) password to be exposed outside of the…

Tigroumeow · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4386Medium6.42024-05-14The Gallery Block (Meow Gallery) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data_atts’ parameter in versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping.

Timber Team & Contributors · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-29800High8.02024-05-14Deserialization of Untrusted Data vulnerability in Timber Team & Contributors Timber.This issue affects Timber: from n/a through 1.23.0.

Tips And Tricks Hq · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30527High7.52024-05-17Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a…

Toidicode.com (Thanhtaivtt) · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34417Medium5.92024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Toidicode.Com (thanhtaivtt) Viet Nam Affiliate allows Stored XSS.This issue affects Viet Nam Affiliate: from n/a through 1.0.0.

Tongda · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4903Medium6.32024-05-15A vulnerability was found in Tongda OA 2017.

Trinhtuantai · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34422Medium5.92024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in trinhtuantai Viet Affiliate Link allows Stored XSS.This issue affects Viet Affiliate Link: from n/a through 1.2.

Ukrsolution · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33567Critical9.82024-05-17Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.

Unattributed · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34416Critical9.12024-05-14Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through 2.1.

Uniform Server Zero · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5052Medium6.32024-05-14vulnerability in Uniform Server Zero, version 10.2.5, consisting of an XSS through the /us_extra/phpinfo.php page.

Upwerd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2846Medium4.42024-05-14The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping.

Urban Base · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34555Critical10.02024-05-14Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3.

Valiano · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-33310Medium6.02024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59.

Valtimo-platform · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34706Critical9.82024-05-14Valtimo is an open source business process and case management platform.

Veeam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-29212Critical9.92024-05-14Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (…

Veronalabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34811Medium5.92024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.5.1.

Videousermanuals · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4280Medium5.32024-05-14The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3.

Villatheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4039Medium6.52024-05-14The The Orders Tracking for WooCommerce plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.10.

Vova Anokhin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-25050High7.12024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6.

W3eden · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32131Medium5.32024-05-17Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc.

Wangshen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5050Medium6.32024-05-17A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516.

Warfare Plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34825Medium4.32024-05-14Cross-Site Request Forgery (CSRF) vulnerability in Warfare Plugins Social Warfare.This issue affects Social Warfare: from n/a through 4.4.5.1.

Watchguard · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1417High7.82024-05-16Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint…

Watchtowerhq · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-25701Critical9.82024-05-17Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16.

Web-settler · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-24379Medium6.82024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Web-Settler Landing Page Builder – Free Landing Page Templates allows Path Traversal.This issue affects Landing Page Builder – Free Landing Pag…

Webinarpress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34818High7.12024-05-14Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress.This issue affects WebinarPress: from n/a through 1.33.17.

Webtechideas · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33917Medium5.32024-05-17Authentication Bypass by Spoofing vulnerability in webtechideas WTI Like Post allows Functionality Bypass.This issue affects WTI Like Post: from n/a through 1.4.6.

Webvitaly · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34805Medium6.52024-05-16Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0.

Webwizards · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22157Critical9.82024-05-17Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15.

Wedevs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47682High7.22024-05-17Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5.

Weforms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32512Medium5.32024-05-17Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20.

Wholesale · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30542Critical9.82024-05-17Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2.

Wolfi-dev · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35183Medium4.42024-05-15wolfictl is a command line tool for working with Wolfi.

Woo Product Importer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32724High7.52024-05-14Missing Authorization vulnerability in Woo product importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1.

Woocommerce · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-35881High7.62024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WooCommerce WooCommerce One Page Checkout allows PHP Local File Inclusion.This issue affects WooCommerce One Page Checkout: from n/a through 2…

Wordplus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32802Medium5.32024-05-17Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32.

Wp Club Manager · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32719Medium5.32024-05-14Missing Authorization vulnerability in WP Club Manager WP Club Manager wp-club-manager.This issue affects WP Club Manager: from n/a through <= 2.2.11.

Wp Happy Coders · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25906Medium4.32024-05-17Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through 1.2.2.

Wp Hive · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-44478High7.12024-05-17Cross-Site Request Forgery (CSRF) vulnerability in WP Hive Events Rich Snippets for Google allows Exploitation of Trusted Credentials.This issue affects Events Rich Snippets for Google: from n/a through 1.8.

Wp Sharks · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31237High7.52024-05-17Improper Privilege Management vulnerability in WP Sharks s2Member Pro allows Privilege Escalation.This issue affects s2Member Pro: from n/a through 240315.

Wp-etracker · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34431High7.12024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-etracker WP etracker allows Reflected XSS.This issue affects WP etracker: from n/a through 1.0.2.

Wpblockart · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34760Medium6.52024-05-16Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPBlockart Magazine Blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through 1.3.6.

Wpcustomify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33644Critical9.92024-05-17Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9.

Wpfactory · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34370High7.22024-05-17Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9.

Wpjoli · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4082Medium4.32024-05-14The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2.

Wpmet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32685Medium5.32024-05-17Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.2.5.

Wpsurface · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34421Medium6.52024-05-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsurface BlogLentor allows Stored XSS.This issue affects BlogLentor: from n/a through 1.0.8.

Wpvivid · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41243High8.82024-05-17Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90.

Wpzoom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4370Medium6.42024-05-15The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization an…

Xpdf · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4976Medium5.52024-05-15Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.

Xpro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4440Medium6.42024-05-14The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output es…

Xtemos · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-32244Critical9.82024-05-17Improper Privilege Management vulnerability in xtemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36.

Yarpp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-45374High7.72024-05-17Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4.

Yithemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0870Medium5.32024-05-14The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_mail_status' and 'save_email_settings' functions in all versions up to, and including, 4…

Yms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3263Critical9.82024-05-14YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm.

Zabbix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22120Critical9.12024-05-17Zabbix server can perform command execution for configured scripts.

Zte · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22064High8.32024-05-14ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over…