Patch Tuesday — June 2024
2024-06-11 · 959 CVEs
CVEs published or modified the week of 2024-06-11, partitioned by vendor.
Microsoft (66 CVEs)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30080 | Critical | 9.8 | — | 2024-06-11 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
CVE-2024-0095 | Critical | 9.0 | — | 2024-06-13 | NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. |
CVE-2024-35249 | High | 8.8 | — | 2024-06-11 | Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability |
CVE-2024-30103 | High | 8.8 | — | 2024-06-11 | Microsoft Outlook Remote Code Execution Vulnerability |
CVE-2024-30097 | High | 8.8 | — | 2024-06-11 | Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability |
CVE-2024-30078 | High | 8.8 | — | 2024-06-11 | Windows Wi-Fi Driver Remote Code Execution Vulnerability |
CVE-2024-30068 | High | 8.8 | — | 2024-06-11 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-30064 | High | 8.8 | — | 2024-06-11 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-37325 | High | 8.1 | — | 2024-06-11 | Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability |
CVE-2024-30077 | High | 8.0 | — | 2024-06-11 | Windows OLE Remote Code Execution Vulnerability |
CVE-2024-30075 | High | 8.0 | — | 2024-06-11 | Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability |
CVE-2024-30074 | High | 8.0 | — | 2024-06-11 | Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability |
CVE-2024-0091 | High | 7.8 | — | 2024-06-13 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. |
CVE-2024-0090 | High | 7.8 | — | 2024-06-13 | NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. |
CVE-2024-0089 | High | 7.8 | — | 2024-06-13 | NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. |
CVE-2024-20753 | High | 7.8 | — | 2024-06-13 | Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. |
CVE-2024-35250 | High | 7.8 | KEV | 2024-06-11 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
CVE-2024-30104 | High | 7.8 | — | 2024-06-11 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2024-30100 | High | 7.8 | — | 2024-06-11 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
CVE-2024-30095 | High | 7.8 | — | 2024-06-11 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-30094 | High | 7.8 | — | 2024-06-11 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-30091 | High | 7.8 | — | 2024-06-11 | Win32k Elevation of Privilege Vulnerability |
CVE-2024-30089 | High | 7.8 | — | 2024-06-11 | Microsoft Streaming Service Elevation of Privilege Vulnerability |
CVE-2024-30087 | High | 7.8 | — | 2024-06-11 | Win32k Elevation of Privilege Vulnerability |
CVE-2024-30086 | High | 7.8 | — | 2024-06-11 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
CVE-2024-30085 | High | 7.8 | — | 2024-06-11 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
CVE-2024-30082 | High | 7.8 | — | 2024-06-11 | Win32k Elevation of Privilege Vulnerability |
CVE-2024-30072 | High | 7.8 | — | 2024-06-11 | Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability |
CVE-2024-30062 | High | 7.8 | — | 2024-06-11 | Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability |
CVE-2024-36358 | High | 7.8 | — | 2024-06-10 | A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to exe… |
CVE-2024-32849 | High | 7.8 | — | 2024-06-10 | Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. |
CVE-2024-30472 | High | 7.5 | — | 2024-06-13 | Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. |
CVE-2024-35252 | High | 7.5 | — | 2024-06-11 | Azure Storage Movement Client Library Denial of Service Vulnerability |
CVE-2024-30101 | High | 7.5 | — | 2024-06-11 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2024-30083 | High | 7.5 | — | 2024-06-11 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
CVE-2024-30070 | High | 7.5 | — | 2024-06-11 | DHCP Server Service Denial of Service Vulnerability |
CVE-2024-35248 | High | 7.3 | — | 2024-06-11 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability |
CVE-2024-30102 | High | 7.3 | — | 2024-06-11 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2024-30093 | High | 7.3 | — | 2024-06-11 | Windows Storage Elevation of Privilege Vulnerability |
CVE-2024-35254 | High | 7.1 | — | 2024-06-11 | Azure Monitor Agent Elevation of Privilege Vulnerability |
CVE-2024-35265 | High | 7.0 | — | 2024-06-11 | Windows Perception Service Elevation of Privilege Vulnerability |
CVE-2024-30099 | High | 7.0 | — | 2024-06-11 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-30090 | High | 7.0 | — | 2024-06-11 | Microsoft Streaming Service Elevation of Privilege Vulnerability |
CVE-2024-30088 | High | 7.0 | KEV | 2024-06-11 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-30084 | High | 7.0 | — | 2024-06-11 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
CVE-2024-5102 | High | 7.0 | — | 2024-06-10 | A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (set… |
CVE-2024-30076 | Medium | 6.8 | — | 2024-06-11 | Windows Container Manager Service Elevation of Privilege Vulnerability |
CVE-2024-30063 | Medium | 6.7 | — | 2024-06-11 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability |
CVE-2024-29060 | Medium | 6.7 | — | 2024-06-11 | Visual Studio Elevation of Privilege Vulnerability |
CVE-2024-5692 | Medium | 6.5 | — | 2024-06-11 | On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. |
CVE-2024-0085 | Medium | 6.3 | — | 2024-06-13 | NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. |
CVE-2024-37304 | Medium | 6.1 | — | 2024-06-12 | NuGet Gallery is a package repository that powers nuget.org. |
CVE-2024-35263 | Medium | 5.7 | — | 2024-06-11 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability |
CVE-2024-0092 | Medium | 5.5 | — | 2024-06-13 | NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service. |
CVE-2024-35255 | Medium | 5.5 | — | 2024-06-11 | Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability |
CVE-2024-30096 | Medium | 5.5 | — | 2024-06-11 | Windows Cryptographic Services Information Disclosure Vulnerability |
CVE-2024-30067 | Medium | 5.5 | — | 2024-06-11 | Winlogon Elevation of Privilege Vulnerability |
CVE-2024-30066 | Medium | 5.5 | — | 2024-06-11 | Winlogon Elevation of Privilege Vulnerability |
CVE-2024-30065 | Medium | 5.5 | — | 2024-06-11 | Windows Themes Denial of Service Vulnerability |
CVE-2024-0103 | Medium | 5.4 | — | 2024-06-13 | NVIDIA Triton Inference Server for Linux contains a vulnerability where a user may cause an incorrect Initialization of resource by network issue. |
CVE-2024-30058 | Medium | 5.4 | — | 2024-06-13 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
CVE-2024-30057 | Medium | 5.4 | — | 2024-06-13 | Microsoft Edge for iOS Spoofing Vulnerability |
CVE-2024-30069 | Medium | 4.7 | — | 2024-06-11 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
CVE-2024-30052 | Medium | 4.7 | — | 2024-06-11 | Visual Studio Remote Code Execution Vulnerability |
CVE-2024-35253 | Medium | 4.4 | — | 2024-06-11 | Microsoft Azure File Sync Elevation of Privilege Vulnerability |
CVE-2024-38083 | Medium | 4.3 | — | 2024-06-13 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Other vendors (893 CVEs across 294 vendors)
Adobe · 164 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30299 | Critical | 10.0 | — | 2024-06-13 | Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. |
CVE-2024-30300 | Critical | 9.8 | — | 2024-06-13 | Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Information Exposure vulnerability (CWE-200) that could lead to privilege escalation. |
CVE-2024-34102 | Critical | 9.8 | KEV | 2024-06-13 | Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. |
CVE-2024-34108 | Critical | 9.1 | — | 2024-06-13 | Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-34104 | High | 8.2 | — | 2024-06-13 | Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-34103 | High | 8.1 | — | 2024-06-13 | Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. |
CVE-2024-34115 | High | 7.8 | — | 2024-06-13 | Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-34129 | High | 7.5 | — | 2024-06-13 | Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. |
CVE-2024-34112 | High | 7.5 | — | 2024-06-13 | ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. |
CVE-2024-26029 | High | 7.5 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. |
CVE-2024-34110 | High | 7.2 | — | 2024-06-13 | Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. |
CVE-2024-34109 | High | 7.2 | — | 2024-06-13 | Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-34116 | High | 7.1 | — | 2024-06-13 | Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. |
CVE-2024-34111 | Medium | 6.5 | — | 2024-06-13 | Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. |
CVE-2024-34130 | Medium | 5.5 | — | 2024-06-13 | Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-34113 | Medium | 5.5 | — | 2024-06-13 | ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. |
CVE-2024-30278 | Medium | 5.5 | — | 2024-06-13 | Media Encoder versions 23.6.5, 24.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-30285 | Medium | 5.5 | — | 2024-06-13 | Audition versions 24.2, 23.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service condition. |
CVE-2024-30276 | Medium | 5.5 | — | 2024-06-13 | Audition versions 24.2, 23.6.4 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-36239 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36238 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36236 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36235 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36234 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36233 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36232 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36231 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36230 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36229 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36228 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36227 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36225 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36224 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36222 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36221 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36220 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36219 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36218 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36217 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36216 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36215 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36214 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36213 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36212 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36211 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36210 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36209 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36208 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36207 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36206 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36205 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36204 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36203 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36202 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36201 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36200 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36199 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36198 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36197 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36196 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36195 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36194 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36193 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36192 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36191 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36190 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36189 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36188 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36187 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36186 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36185 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36184 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36183 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36182 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36181 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36180 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36179 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36178 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36177 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36176 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36175 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36174 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36173 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36172 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36171 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36170 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36169 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36168 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36167 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36166 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36165 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36164 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36163 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36162 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36161 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36160 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36159 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36158 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36157 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36156 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36155 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36154 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36153 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36152 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36151 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-36150 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36149 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36148 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36147 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36146 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36144 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36143 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36142 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36141 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-34120 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-34119 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26123 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26121 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26117 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26116 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26115 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26114 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26113 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26111 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26110 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26095 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26093 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26092 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26091 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26090 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26089 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26088 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26086 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26085 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26083 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26082 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26081 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26078 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26077 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26075 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26074 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26072 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26071 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26070 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26068 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26066 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26060 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26058 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26057 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26055 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26054 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26053 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26039 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26037 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-26036 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-20784 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-20769 | Medium | 5.4 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-34107 | Medium | 5.3 | — | 2024-06-13 | Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. |
CVE-2024-34106 | Medium | 5.3 | — | 2024-06-13 | Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. |
CVE-2024-34105 | Medium | 4.8 | — | 2024-06-13 | Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-26049 | Medium | 4.8 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-36226 | Low | 3.5 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. |
CVE-2024-26127 | Low | 3.5 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. |
CVE-2024-26126 | Low | 3.5 | — | 2024-06-13 | Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. |
N/a · 51 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33374 | Critical | 9.8 | — | 2024-06-14 | Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication. |
CVE-2024-37637 | Critical | 9.8 | — | 2024-06-14 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg. |
CVE-2024-31777 | Critical | 9.8 | — | 2024-06-13 | File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint. |
CVE-2024-37635 | Critical | 9.8 | — | 2024-06-13 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg |
CVE-2024-37634 | Critical | 9.8 | — | 2024-06-13 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg. |
CVE-2024-37632 | Critical | 9.8 | — | 2024-06-13 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth . |
CVE-2024-34539 | Critical | 9.4 | — | 2024-06-14 | Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. |
CVE-2024-37642 | Critical | 9.1 | — | 2024-06-14 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck . |
CVE-2024-36840 | Critical | 9.1 | — | 2024-06-12 | SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section para… |
CVE-2024-34405 | Critical | 9.1 | — | 2024-06-11 | Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app. |
CVE-2024-32167 | Critical | 9.1 | — | 2024-06-10 | Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files. |
CVE-2024-31611 | Critical | 9.1 | — | 2024-06-10 | SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. |
CVE-2024-36597 | High | 8.8 | — | 2024-06-14 | Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php. |
CVE-2024-37645 | High | 8.8 | — | 2024-06-14 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog . |
CVE-2024-37643 | High | 8.8 | — | 2024-06-14 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth . |
CVE-2024-37641 | High | 8.8 | — | 2024-06-14 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule |
CVE-2024-37644 | High | 8.8 | — | 2024-06-14 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. |
CVE-2024-37640 | High | 8.8 | — | 2024-06-14 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg. |
CVE-2024-37639 | High | 8.8 | — | 2024-06-14 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules. |
CVE-2024-37633 | High | 8.8 | — | 2024-06-13 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg |
CVE-2024-37631 | High | 8.8 | — | 2024-06-13 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule. |
CVE-2024-36586 | High | 8.8 | — | 2024-06-13 | An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary. |
CVE-2024-37665 | High | 8.8 | — | 2024-06-12 | An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request. |
CVE-2024-36528 | High | 8.8 | — | 2024-06-10 | nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php. |
CVE-2024-32504 | High | 8.4 | — | 2024-06-13 | An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. |
CVE-2024-31956 | High | 8.4 | — | 2024-06-13 | An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. |
CVE-2024-36598 | High | 8.1 | — | 2024-06-14 | An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file. |
CVE-2024-36587 | High | 7.8 | — | 2024-06-13 | Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy. |
CVE-2024-34332 | High | 7.8 | — | 2024-06-10 | An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API. |
CVE-2024-26507 | High | 7.8 | — | 2024-06-10 | An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmB… |
CVE-2024-36760 | High | 7.5 | — | 2024-06-13 | A stack overflow vulnerability was found in version 1.18.0 of rhai. |
CVE-2024-36856 | High | 7.5 | — | 2024-06-12 | RMQTT Broker 0.4.0 is vulnerable to Denial of Service (DoS) due to improper session resource management. |
CVE-2024-36650 | High | 7.5 | — | 2024-06-11 | TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is not checked. |
CVE-2024-37393 | High | 7.5 | — | 2024-06-10 | Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. |
CVE-2024-37880 | High | 7.5 | — | 2024-06-10 | The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. |
CVE-2024-36588 | Medium | 6.5 | — | 2024-06-13 | An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP request. |
CVE-2024-36523 | Medium | 6.5 | — | 2024-06-12 | An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. |
CVE-2024-26330 | Medium | 6.5 | — | 2024-06-11 | An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. |
CVE-2024-35474 | Medium | 6.5 | — | 2024-06-10 | A Directory Traversal vulnerability in iceice666 ResourcePack Server before v1.0.8 allows a remote attacker to disclose files on the server, via setPath in ResourcePackFileServer.kt. |
CVE-2024-36691 | Medium | 6.3 | — | 2024-06-12 | Insecure permissions in the AdminController.AjaxSave() method of PPGo_Jobs v2.8.0 allows authenticated attackers to arbitrarily modify users' account information. |
CVE-2024-37629 | Medium | 6.1 | — | 2024-06-12 | SummerNote v0.9.1 is vulnerable to Cross Site Scripting (XSS) via the Code View Function. |
CVE-2024-37878 | Medium | 6.1 | — | 2024-06-12 | Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes parameters input from external sources |
CVE-2024-36531 | Medium | 5.7 | — | 2024-06-10 | nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component. |
CVE-2024-37877 | Medium | 5.5 | — | 2024-06-13 | UERANSIM before 3.2.6 allows out-of-bounds read when a RLS packet is sent to gNodeB with malformed PDU length. |
CVE-2024-33253 | Medium | 5.4 | — | 2024-06-13 | Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editin… |
CVE-2024-34406 | Medium | 5.3 | — | 2024-06-11 | Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep link. |
CVE-2023-52890 | Medium | 4.5 | — | 2024-06-13 | NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. |
CVE-2024-36589 | Medium | 4.3 | — | 2024-06-13 | An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4 to ba9fd and DecentralizeJustice/anonBackend commit 57837 to cd815 was discovered to store credentials in plaintext. |
CVE-2024-33850 | Medium | 4.3 | — | 2024-06-10 | Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. |
CVE-2023-49559 | Low | 3.7 | — | 2024-06-12 | An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function. |
CVE-2024-5851 | Low | 3.5 | — | 2024-06-11 | A vulnerability classified as problematic has been found in playSMS up to 1.4.7. |
Google · 45 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32913 | Critical | 9.8 | — | 2024-06-13 | In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. |
CVE-2024-32911 | Critical | 9.8 | — | 2024-06-13 | There is a possible escalation of privilege due to improperly used crypto. |
CVE-2024-32905 | Critical | 9.8 | — | 2024-06-13 | In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. |
CVE-2024-29786 | Critical | 9.8 | — | 2024-06-13 | In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. |
CVE-2024-32925 | High | 8.8 | — | 2024-06-13 | In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. |
CVE-2024-32929 | High | 8.1 | — | 2024-06-13 | In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. |
CVE-2024-32919 | High | 7.8 | — | 2024-06-13 | In lwis_add_completion_fence of lwis_fence.c, there is a possible escalation of privilege due to type confusion. |
CVE-2024-32909 | High | 7.8 | — | 2024-06-13 | In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow. |
CVE-2024-32908 | High | 7.8 | — | 2024-06-13 | In sec_media_protect of media.c, there is a possible permission bypass due to a race condition. |
CVE-2024-32907 | High | 7.8 | — | 2024-06-13 | In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation. |
CVE-2024-32906 | High | 7.8 | — | 2024-06-13 | In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. |
CVE-2024-32903 | High | 7.8 | — | 2024-06-13 | In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. |
CVE-2024-32901 | High | 7.8 | — | 2024-06-13 | In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. |
CVE-2024-32900 | High | 7.8 | — | 2024-06-13 | In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. |
CVE-2024-32896 | High | 7.8 | KEV | 2024-06-13 | there is a possible way to bypass due to a logic error in the code. |
CVE-2024-32895 | High | 7.8 | — | 2024-06-13 | In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. |
CVE-2024-32892 | High | 7.8 | — | 2024-06-13 | In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. |
CVE-2024-29787 | High | 7.8 | — | 2024-06-13 | In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free. |
CVE-2024-29784 | High | 7.8 | — | 2024-06-13 | In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. |
CVE-2024-32924 | High | 7.5 | — | 2024-06-13 | In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a logic error in the code. |
CVE-2024-32902 | High | 7.5 | — | 2024-06-13 | Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet) |
CVE-2024-32894 | High | 7.5 | — | 2024-06-13 | In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check. |
CVE-2024-29781 | High | 7.5 | — | 2024-06-13 | In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. |
CVE-2024-32922 | High | 7.4 | — | 2024-06-13 | In gpu_pm_power_on_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a logic error in the code. |
CVE-2024-32921 | High | 7.4 | — | 2024-06-13 | In lwis_initialize_transaction_fences of lwis_fence.c, there is a possible out of bounds write due to a missing bounds check. |
CVE-2024-32920 | High | 7.1 | — | 2024-06-13 | In set_secure_reg of sac_handler.c, there is a possible out of bounds read due to a missing bounds check. |
CVE-2024-32917 | High | 7.1 | — | 2024-06-13 | In pl330_dma_from_peri_start() of fp_spi_dma.c, there is a possible out of bounds write due to a missing bounds check. |
CVE-2024-32899 | High | 7.0 | — | 2024-06-13 | In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. |
CVE-2024-32891 | High | 7.0 | — | 2024-06-13 | In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition. |
CVE-2024-32918 | Medium | 6.1 | — | 2024-06-13 | Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key Exchange initialization steps |
CVE-2024-32916 | Medium | 5.9 | — | 2024-06-13 | In fvp_freq_histogram_init of fvp.c, there is a possible Information Disclosure due to uninitialized data. |
CVE-2024-32897 | Medium | 5.9 | — | 2024-06-13 | In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. |
CVE-2024-32930 | Medium | 5.5 | — | 2024-06-13 | In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitialized data. |
CVE-2024-32926 | Medium | 5.5 | — | 2024-06-13 | there is a possible information disclosure due to side channel information disclosure. |
CVE-2024-32914 | Medium | 5.5 | — | 2024-06-13 | In tpu_get_int_state of tpu.c, there is a possible information disclosure due to uninitialized data. |
CVE-2024-32912 | Medium | 5.5 | — | 2024-06-13 | there is a possible persistent Denial of Service due to test/debugging code left in a production build. |
CVE-2024-32910 | Medium | 5.5 | — | 2024-06-13 | In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. |
CVE-2024-32893 | Medium | 5.5 | — | 2024-06-13 | In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. |
CVE-2024-29785 | Medium | 5.5 | — | 2024-06-13 | In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. |
CVE-2024-29780 | Medium | 5.5 | — | 2024-06-13 | In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. |
CVE-2024-32904 | Medium | 4.7 | — | 2024-06-13 | In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. |
CVE-2024-32898 | Medium | 4.7 | — | 2024-06-13 | In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. |
CVE-2024-29778 | Medium | 4.7 | — | 2024-06-13 | In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. |
CVE-2024-32915 | Medium | 4.3 | — | 2024-06-13 | In CellInfoListParserV2::FillCellInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. |
CVE-2024-32923 | Medium | 4.0 | — | 2024-06-13 | there is a possible cellular denial of service due to a logic error in the code. |
Toshiba Tec Corporation · 43 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27174 | Critical | 9.8 | — | 2024-06-14 | Remote Command program allows an attacker to get Remote Code Execution. |
CVE-2024-27173 | Critical | 9.8 | — | 2024-06-14 | Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute… |
CVE-2024-27172 | Critical | 9.8 | — | 2024-06-14 | Remote Command program allows an attacker to get Remote Code Execution. |
CVE-2024-27145 | Critical | 9.8 | — | 2024-06-14 | The Toshiba printers provide several ways to upload files using the admin web interface. |
CVE-2024-27144 | Critical | 9.8 | — | 2024-06-14 | The Toshiba printers provide several ways to upload files using the web interface without authentication. |
CVE-2024-27143 | Critical | 9.8 | — | 2024-06-14 | Toshiba printers use SNMP for configuration. |
CVE-2024-3497 | High | 8.8 | — | 2024-06-14 | Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. |
CVE-2024-3496 | High | 8.8 | — | 2024-06-14 | Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. |
CVE-2024-27169 | High | 8.4 | — | 2024-06-14 | Toshiba printers provides API without authentication for internal access. |
CVE-2024-3498 | High | 7.8 | — | 2024-06-14 | Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. |
CVE-2024-27165 | High | 7.8 | — | 2024-06-14 | Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. |
CVE-2024-27155 | High | 7.7 | — | 2024-06-14 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. |
CVE-2024-27171 | High | 7.4 | — | 2024-06-14 | A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. |
CVE-2024-27170 | High | 7.4 | — | 2024-06-14 | It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. |
CVE-2024-27167 | High | 7.4 | — | 2024-06-14 | Toshiba printers use Sendmail to send emails to recipients. |
CVE-2024-27166 | High | 7.4 | — | 2024-06-14 | Coredump binaries in Toshiba printers have incorrect permissions. |
CVE-2024-27158 | High | 7.4 | — | 2024-06-14 | All the Toshiba printers share the same hardcoded root password. |
CVE-2024-27153 | High | 7.4 | — | 2024-06-14 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. |
CVE-2024-27152 | High | 7.4 | — | 2024-06-14 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. |
CVE-2024-27151 | High | 7.4 | — | 2024-06-14 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. |
CVE-2024-27150 | High | 7.4 | — | 2024-06-14 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. |
CVE-2024-27149 | High | 7.4 | — | 2024-06-14 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. |
CVE-2024-27148 | High | 7.4 | — | 2024-06-14 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. |
CVE-2024-27147 | High | 7.4 | — | 2024-06-14 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. |
CVE-2024-27178 | High | 7.2 | — | 2024-06-14 | An attacker can get Remote Code Execution by overwriting files. |
CVE-2024-27177 | High | 7.2 | — | 2024-06-14 | An attacker can get Remote Code Execution by overwriting files. |
CVE-2024-27176 | High | 7.2 | — | 2024-06-14 | An attacker can get Remote Code Execution by overwriting files. |
CVE-2024-27168 | High | 7.1 | — | 2024-06-14 | It appears that some hardcoded keys are used for authentication to internal API. |
CVE-2024-27164 | High | 7.1 | — | 2024-06-14 | Toshiba printers contain hardcoded credentials. |
CVE-2024-27157 | Medium | 6.8 | — | 2024-06-14 | The sessions are stored in clear-text logs. |
CVE-2024-27156 | Medium | 6.8 | — | 2024-06-14 | The session cookies, used for authentication, are stored in clear-text logs. |
CVE-2024-27180 | Medium | 6.7 | — | 2024-06-14 | An attacker with admin access can install rogue applications. |
CVE-2024-27146 | Medium | 6.7 | — | 2024-06-14 | The Toshiba printers do not implement privileges separation. |
CVE-2024-27163 | Medium | 6.5 | — | 2024-06-14 | Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. |
CVE-2024-27161 | Medium | 6.2 | — | 2024-06-14 | all the Toshiba printers have programs containing a hardcoded key used to encrypt files. |
CVE-2024-27160 | Medium | 6.2 | — | 2024-06-14 | All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. |
CVE-2024-27159 | Medium | 6.2 | — | 2024-06-14 | All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. |
CVE-2024-27154 | Medium | 6.2 | — | 2024-06-14 | Passwords are stored in clear-text logs. |
CVE-2024-27162 | Medium | 6.1 | — | 2024-06-14 | Toshiba printers provide a web interface that will load the JavaScript file. |
CVE-2024-27142 | Medium | 5.9 | — | 2024-06-14 | Toshiba printers use XML communication for the API endpoint provided by the printer. |
CVE-2024-27141 | Medium | 5.9 | — | 2024-06-14 | Toshiba printers use XML communication for the API endpoint provided by the printer. |
CVE-2024-27179 | Medium | 4.7 | — | 2024-06-14 | Admin cookies are written in clear-text in logs. |
CVE-2024-27175 | Medium | 4.4 | — | 2024-06-14 | Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. |
Apple · 42 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-27855 | High | 8.8 | — | 2024-06-10 | The issue was addressed with improved checks. |
CVE-2024-27851 | High | 8.8 | — | 2024-06-10 | The issue was addressed with improved bounds checks. |
CVE-2024-27833 | High | 8.8 | — | 2024-06-10 | An integer overflow was addressed with improved input validation. |
CVE-2024-27820 | High | 8.8 | — | 2024-06-10 | The issue was addressed with improved memory handling. |
CVE-2024-27808 | High | 8.8 | — | 2024-06-10 | The issue was addressed with improved memory handling. |
CVE-2024-23299 | High | 8.6 | — | 2024-06-10 | The issue was addressed with improved checks. |
CVE-2024-27857 | High | 7.8 | — | 2024-06-10 | An out-of-bounds access issue was addressed with improved bounds checking. |
CVE-2024-27848 | High | 7.8 | — | 2024-06-10 | This issue was addressed with improved permissions checking. |
CVE-2024-27836 | High | 7.8 | — | 2024-06-10 | The issue was addressed with improved checks. |
CVE-2024-27832 | High | 7.8 | — | 2024-06-10 | The issue was addressed with improved checks. |
CVE-2024-27831 | High | 7.8 | — | 2024-06-10 | An out-of-bounds write issue was addressed with improved input validation. |
CVE-2024-27828 | High | 7.8 | — | 2024-06-10 | The issue was addressed with improved memory handling. |
CVE-2024-27817 | High | 7.8 | — | 2024-06-10 | The issue was addressed with improved checks. |
CVE-2024-27815 | High | 7.8 | — | 2024-06-10 | An out-of-bounds write issue was addressed with improved input validation. |
CVE-2024-27811 | High | 7.8 | — | 2024-06-10 | The issue was addressed with improved checks. |
CVE-2024-27802 | High | 7.8 | — | 2024-06-10 | An out-of-bounds read was addressed with improved input validation. |
CVE-2024-27801 | High | 7.8 | — | 2024-06-10 | The issue was addressed with improved checks. |
CVE-2022-48683 | High | 7.8 | — | 2024-06-10 | An access issue was addressed with additional sandbox restrictions. |
CVE-2022-32897 | High | 7.8 | — | 2024-06-10 | A memory corruption issue was addressed with improved validation. |
CVE-2022-48578 | High | 7.1 | — | 2024-06-10 | An out-of-bounds read was addressed with improved bounds checking. |
CVE-2024-27850 | Medium | 6.5 | — | 2024-06-10 | This issue was addressed with improvements to the noise injection algorithm. |
CVE-2024-27838 | Medium | 6.5 | — | 2024-06-10 | The issue was addressed by adding additional logic. |
CVE-2024-27830 | Medium | 6.5 | — | 2024-06-10 | This issue was addressed through improved state management. |
CVE-2024-27812 | Medium | 6.5 | — | 2024-06-10 | A logic issue was addressed with improved file handling. |
CVE-2024-27800 | Medium | 6.5 | — | 2024-06-10 | This issue was addressed by removing the vulnerable code. |
CVE-2024-27885 | Medium | 6.3 | — | 2024-06-10 | This issue was addressed with improved validation of symlinks. |
CVE-2024-27840 | Medium | 6.3 | — | 2024-06-10 | The issue was addressed with improved memory handling. |
CVE-2024-27844 | Medium | 5.5 | — | 2024-06-10 | The issue was addressed with improved checks. |
CVE-2024-27806 | Medium | 5.5 | — | 2024-06-10 | This issue was addressed with improved environment sanitization. |
CVE-2024-27805 | Medium | 5.5 | — | 2024-06-10 | An issue was addressed with improved validation of environment variables. |
CVE-2024-23282 | Medium | 5.5 | — | 2024-06-10 | The issue was addressed with improved checks. |
CVE-2024-27792 | Medium | 5.5 | — | 2024-06-10 | This issue was addressed by adding an additional prompt for user consent. |
CVE-2023-40389 | Medium | 5.5 | — | 2024-06-10 | The issue was addressed with improved restriction of data container access. |
CVE-2022-32933 | Medium | 5.3 | — | 2024-06-10 | An information disclosure issue was addressed by removing the vulnerable code. |
CVE-2024-23251 | Medium | 4.6 | — | 2024-06-10 | An authentication issue was addressed with improved state management. |
CVE-2024-27807 | Medium | 4.3 | — | 2024-06-10 | The issue was addressed with improved checks. |
CVE-2024-37885 | Low | 3.8 | — | 2024-06-14 | The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. |
CVE-2024-36287 | Low | 3.8 | — | 2024-06-14 | Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. |
CVE-2024-27845 | Low | 3.3 | — | 2024-06-10 | A privacy issue was addressed with improved handling of temporary files. |
CVE-2024-27799 | Low | 3.3 | — | 2024-06-10 | This issue was addressed with additional entitlement checks. |
CVE-2024-27819 | Low | 2.4 | — | 2024-06-10 | The issue was addressed by restricting options offered on a locked device. |
CVE-2024-27814 | Low | 2.4 | — | 2024-06-10 | This issue was addressed through improved state management. |
Fedoraproject · 18 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5847 | High | 8.8 | — | 2024-06-11 | Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
CVE-2024-5846 | High | 8.8 | — | 2024-06-11 | Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
CVE-2024-5845 | High | 8.8 | — | 2024-06-11 | Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
CVE-2024-5844 | High | 8.8 | — | 2024-06-11 | Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2024-5842 | High | 8.8 | — | 2024-06-11 | Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. |
CVE-2024-5841 | High | 8.8 | — | 2024-06-11 | Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2024-5838 | High | 8.8 | — | 2024-06-11 | Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. |
CVE-2024-5837 | High | 8.8 | — | 2024-06-11 | Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
CVE-2024-5836 | High | 8.8 | — | 2024-06-11 | Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. |
CVE-2024-5835 | High | 8.8 | — | 2024-06-11 | Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. |
CVE-2024-5834 | High | 8.8 | — | 2024-06-11 | Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. |
CVE-2024-5833 | High | 8.8 | — | 2024-06-11 | Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
CVE-2024-5832 | High | 8.8 | — | 2024-06-11 | Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2024-5831 | High | 8.8 | — | 2024-06-11 | Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2024-5830 | High | 8.8 | — | 2024-06-11 | Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
CVE-2024-5843 | Medium | 6.5 | — | 2024-06-11 | Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. |
CVE-2024-5840 | Medium | 6.5 | — | 2024-06-11 | Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. |
CVE-2024-5839 | Medium | 6.5 | — | 2024-06-11 | Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Dell · 17 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-25949 | High | 8.8 | — | 2024-06-12 | Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. |
CVE-2024-28964 | High | 7.8 | — | 2024-06-12 | Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. |
CVE-2024-37131 | High | 7.5 | — | 2024-06-13 | SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. |
CVE-2024-32860 | High | 7.5 | — | 2024-06-13 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. |
CVE-2024-32859 | High | 7.5 | — | 2024-06-13 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. |
CVE-2024-32858 | High | 7.5 | — | 2024-06-13 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. |
CVE-2024-37130 | High | 7.3 | — | 2024-06-11 | Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. |
CVE-2024-0160 | Medium | 6.8 | — | 2024-06-12 | Dell Client Platform contains an incorrect authorization vulnerability. |
CVE-2024-29169 | Medium | 5.4 | — | 2024-06-13 | Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. |
CVE-2024-29168 | Medium | 5.4 | — | 2024-06-13 | Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. |
CVE-2024-28968 | Medium | 5.4 | — | 2024-06-13 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). |
CVE-2024-28967 | Medium | 5.4 | — | 2024-06-13 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). |
CVE-2024-28966 | Medium | 5.4 | — | 2024-06-13 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). |
CVE-2024-28965 | Medium | 5.4 | — | 2024-06-13 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). |
CVE-2024-32856 | Medium | 5.1 | — | 2024-06-13 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. |
CVE-2024-28970 | Medium | 4.7 | — | 2024-06-12 | Dell Client BIOS contains an Out-of-bounds Write vulnerability. |
CVE-2024-28969 | Medium | 4.3 | — | 2024-06-13 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). |
Mozilla · 15 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5701 | Critical | 9.8 | — | 2024-06-11 | Memory safety bugs present in Firefox 126. |
CVE-2024-5699 | Critical | 9.8 | — | 2024-06-11 | In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. |
CVE-2024-5695 | Critical | 9.8 | — | 2024-06-11 | If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. |
CVE-2024-5688 | High | 8.1 | — | 2024-06-11 | If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. |
CVE-2024-5702 | High | 7.5 | — | 2024-06-11 | Memory corruption in the networking stack could have led to a potentially exploitable crash. |
CVE-2024-5694 | High | 7.5 | — | 2024-06-11 | An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. |
CVE-2024-5700 | High | 7.0 | — | 2024-06-11 | Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. |
CVE-2024-38312 | Medium | 6.5 | — | 2024-06-13 | When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127. |
CVE-2024-5698 | Medium | 6.1 | — | 2024-06-11 | By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. |
CVE-2024-5693 | Medium | 6.1 | — | 2024-06-11 | Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. |
CVE-2024-5687 | Medium | 5.3 | — | 2024-06-11 | If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. |
CVE-2024-5691 | Medium | 4.7 | — | 2024-06-11 | By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. |
CVE-2024-38313 | Medium | 4.3 | — | 2024-06-13 | In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127. |
CVE-2024-5697 | Medium | 4.3 | — | 2024-06-11 | A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. |
CVE-2024-5689 | Medium | 4.3 | — | 2024-06-11 | In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. |
Salesagility · 14 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36412 | Critical | 10.0 | — | 2024-06-10 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. |
CVE-2024-36411 | Critical | 9.6 | — | 2024-06-10 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. |
CVE-2024-36410 | Critical | 9.6 | — | 2024-06-10 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. |
CVE-2024-36409 | Critical | 9.6 | — | 2024-06-10 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. |
CVE-2024-36408 | Critical | 9.6 | — | 2024-06-10 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. |
CVE-2024-36415 | Critical | 9.1 | — | 2024-06-10 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. |
CVE-2024-36413 | High | 8.9 | — | 2024-06-10 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. |
CVE-2024-36416 | High | 8.6 | — | 2024-06-10 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. |
CVE-2024-36418 | High | 8.5 | — | 2024-06-10 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. |
CVE-2024-36414 | High | 7.7 | — | 2024-06-10 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. |
CVE-2024-36417 | Medium | 5.7 | — | 2024-06-10 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. |
CVE-2024-36406 | Medium | 5.4 | — | 2024-06-10 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. |
CVE-2024-36419 | Medium | 4.3 | — | 2024-06-10 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. |
CVE-2024-36407 | Low | 3.7 | — | 2024-06-10 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. |
Schneider Electric · 13 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37036 | Critical | 9.8 | — | 2024-06-12 | CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set. |
CVE-2024-37037 | High | 8.1 | — | 2024-06-12 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality w… |
CVE-2024-2747 | High | 7.8 | — | 2024-06-12 | CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine. |
CVE-2024-0865 | High | 7.8 | — | 2024-06-12 | CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. |
CVE-2024-37038 | High | 7.5 | — | 2024-06-12 | CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests. |
CVE-2024-5313 | Medium | 6.5 | — | 2024-06-12 | CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. |
CVE-2024-5056 | Medium | 6.5 | — | 2024-06-12 | CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the fil… |
CVE-2024-5558 | Medium | 6.4 | — | 2024-06-12 | CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account. |
CVE-2024-5559 | Medium | 6.1 | — | 2024-06-12 | CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the fro… |
CVE-2024-37039 | Medium | 5.9 | — | 2024-06-12 | CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request. |
CVE-2024-37040 | Medium | 5.4 | — | 2024-06-12 | CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request. |
CVE-2024-5560 | Medium | 5.3 | — | 2024-06-12 | CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request. |
CVE-2024-5557 | Medium | 4.5 | — | 2024-06-12 | CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs. |
Siemens · 13 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36266 | Critical | 9.3 | — | 2024-06-11 | A vulnerability has been identified in PowerSys (All versions < V3.11). |
CVE-2024-35292 | High | 8.2 | — | 2024-06-11 | A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions)… |
CVE-2024-35303 | High | 7.8 | — | 2024-06-11 | A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). |
CVE-2024-35207 | High | 7.8 | — | 2024-06-11 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). |
CVE-2024-35206 | High | 7.7 | — | 2024-06-11 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). |
CVE-2024-35208 | Medium | 6.3 | — | 2024-06-11 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). |
CVE-2024-35212 | Medium | 6.2 | — | 2024-06-11 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). |
CVE-2024-35209 | Medium | 6.2 | — | 2024-06-11 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). |
CVE-2024-33500 | Medium | 5.9 | — | 2024-06-11 | A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0), Mendix Applications using Mendix 10 (V10.6) (All versions < V10.6.9), Mendix Applications using Mendix 9 (All versions >= V9.3.0 < V9.24… |
CVE-2024-35211 | Medium | 5.5 | — | 2024-06-11 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). |
CVE-2024-35210 | Medium | 5.1 | — | 2024-06-11 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). |
CVE-2023-50763 | Medium | 4.9 | — | 2024-06-11 | A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIPL… |
CVE-2023-38533 | Low | 3.3 | — | 2024-06-11 | A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). |
Nextcloud · 11 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37882 | High | 8.1 | — | 2024-06-14 | Nextcloud Server is a self hosted personal cloud system. |
CVE-2024-37313 | High | 7.3 | — | 2024-06-14 | Nextcloud server is a self hosted personal cloud system. |
CVE-2024-37312 | Medium | 6.3 | — | 2024-06-14 | user_oidc app is an OpenID Connect user backend for Nextcloud. |
CVE-2024-37886 | Medium | 5.4 | — | 2024-06-14 | user_oidc app is an OpenID Connect user backend for Nextcloud. |
CVE-2024-37317 | Medium | 4.6 | — | 2024-06-14 | The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. |
CVE-2024-37316 | Medium | 4.6 | — | 2024-06-14 | Nextcloud Calendar is a calendar app for Nextcloud. |
CVE-2024-37883 | Medium | 4.3 | — | 2024-06-14 | Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. |
CVE-2024-37887 | Low | 3.5 | — | 2024-06-14 | Nextcloud Server is a self hosted personal cloud system. |
CVE-2024-37884 | Low | 3.5 | — | 2024-06-14 | Nextcloud Server is a self hosted personal cloud system. |
CVE-2024-37315 | Low | 3.5 | — | 2024-06-14 | Nextcloud Server is a self hosted personal cloud system. |
CVE-2024-37314 | Low | 3.5 | — | 2024-06-14 | Nextcloud Photos is a photo management app. |
Hitachi Energy · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2013 | Critical | 10.0 | — | 2024-06-11 | An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface. |
CVE-2024-2012 | Critical | 9.1 | — | 2024-06-11 | vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause… |
CVE-2024-2011 | High | 8.6 | — | 2024-06-11 | A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit sec… |
CVE-2024-28020 | High | 8.0 | — | 2024-06-11 | A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. |
CVE-2024-28021 | High | 7.4 | — | 2024-06-11 | A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. |
CVE-2024-28022 | Medium | 6.5 | — | 2024-06-11 | A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the sam… |
CVE-2024-28023 | Medium | 5.7 | — | 2024-06-11 | A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary cod… |
CVE-2024-28024 | Medium | 4.1 | — | 2024-06-11 | A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. |
CVE-2024-2462 | — | — | — | 2024-06-11 | Allow attackers to intercept or falsify data exchanges between the client and the server |
CVE-2024-2461 | — | — | — | 2024-06-11 | If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible |
Sap · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34688 | High | 7.5 | — | 2024-06-11 | Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. |
CVE-2024-34691 | Medium | 6.5 | — | 2024-06-11 | Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
CVE-2024-34683 | Medium | 6.5 | — | 2024-06-11 | An authenticated attacker can upload malicious file to SAP Document Builder service. |
CVE-2024-33001 | Medium | 6.5 | — | 2024-06-11 | SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. |
CVE-2024-34686 | Medium | 6.1 | — | 2024-06-11 | Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. |
CVE-2024-37176 | Medium | 5.5 | — | 2024-06-11 | SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. |
CVE-2024-34690 | Medium | 5.4 | — | 2024-06-11 | SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. |
CVE-2024-28164 | Medium | 5.3 | — | 2024-06-11 | SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application. |
CVE-2024-34684 | Low | 3.7 | — | 2024-06-11 | On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. |
Trendmicro · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37289 | High | 7.8 | — | 2024-06-10 | An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the… |
CVE-2024-36305 | High | 7.8 | — | 2024-06-10 | A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code o… |
CVE-2024-36304 | High | 7.8 | — | 2024-06-10 | A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability… |
CVE-2024-36303 | High | 7.8 | — | 2024-06-10 | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privilege… |
CVE-2024-36302 | High | 7.8 | — | 2024-06-10 | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privilege… |
CVE-2024-36306 | Medium | 6.1 | — | 2024-06-10 | A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must fir… |
CVE-2024-36359 | Medium | 5.4 | — | 2024-06-10 | A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the abil… |
CVE-2024-36473 | Medium | 5.3 | — | 2024-06-10 | Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges. |
CVE-2024-36307 | Medium | 4.7 | — | 2024-06-10 | A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must firs… |
Asus · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3912 | Critical | 9.8 | — | 2024-06-14 | Certain models of ASUS routers have an arbitrary firmware upload vulnerability. |
CVE-2024-3080 | Critical | 9.8 | — | 2024-06-14 | Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device. |
CVE-2024-31163 | High | 7.2 | — | 2024-06-14 | ASUS Download Master has a buffer overflow vulnerability. |
CVE-2024-31162 | High | 7.2 | — | 2024-06-14 | The specific function parameter of ASUS Download Master does not properly filter user input. |
CVE-2024-31161 | High | 7.2 | — | 2024-06-14 | The upload functionality of ASUS Download Master does not properly filter user input. |
CVE-2024-3079 | High | 7.2 | — | 2024-06-14 | Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device. |
CVE-2024-31160 | Medium | 4.8 | — | 2024-06-14 | The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. |
CVE-2024-31159 | Medium | 4.8 | — | 2024-06-14 | The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. |
Cybozu · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31401 | Critical | 9.0 | — | 2024-06-11 | Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product. |
CVE-2024-31399 | Medium | 6.5 | — | 2024-06-11 | Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. |
CVE-2024-31400 | Medium | 6.5 | — | 2024-06-11 | Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. |
CVE-2024-31403 | Medium | 5.4 | — | 2024-06-11 | Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo. |
CVE-2024-31397 | Medium | 4.9 | — | 2024-06-11 | Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. |
CVE-2024-31402 | Medium | 4.3 | — | 2024-06-11 | Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos. |
CVE-2024-31398 | Medium | 4.3 | — | 2024-06-11 | Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. |
CVE-2024-31404 | Medium | 4.3 | — | 2024-06-11 | Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler. |
Fortinet · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23110 | High | 7.8 | — | 2024-06-11 | A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker to execute unauthorized code or commands… |
CVE-2024-26010 | High | 7.5 | — | 2024-06-11 | A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7… |
CVE-2024-23111 | Medium | 6.8 | — | 2024-06-11 | An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions… |
CVE-2023-46720 | Medium | 6.7 | — | 2024-06-11 | A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthori… |
CVE-2023-23775 | Medium | 6.5 | — | 2024-06-11 | Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR 7.2.0 and before 7.0.3 may allow an authenticated attacker to execute unauthorized code or commands via speci… |
CVE-2024-31495 | Medium | 4.3 | — | 2024-06-11 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download… |
CVE-2024-21754 | Low | 1.8 | — | 2024-06-11 | A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions… |
Huawei · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36502 | High | 7.9 | — | 2024-06-14 | Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-36500 | High | 7.8 | — | 2024-06-14 | Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
CVE-2024-36503 | High | 7.3 | — | 2024-06-14 | Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-36499 | Medium | 6.8 | — | 2024-06-14 | Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
CVE-2024-5465 | Medium | 5.9 | — | 2024-06-14 | Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-36501 | Medium | 5.6 | — | 2024-06-14 | Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity. |
CVE-2024-5464 | Medium | 4.0 | — | 2024-06-14 | Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
Deep Sea Electronics · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5950 | High | 8.8 | — | 2024-06-13 | Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. |
CVE-2024-5948 | High | 8.8 | — | 2024-06-13 | Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. |
CVE-2024-5952 | Medium | 6.5 | — | 2024-06-13 | Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability. |
CVE-2024-5951 | Medium | 6.5 | — | 2024-06-13 | Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability. |
CVE-2024-5949 | Medium | 6.5 | — | 2024-06-13 | Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability. |
CVE-2024-5947 | Medium | 6.5 | — | 2024-06-13 | Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. |
Oretnom23 · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5976 | High | 7.3 | — | 2024-06-13 | A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. |
CVE-2024-5896 | High | 7.3 | — | 2024-06-12 | A vulnerability, which was classified as critical, was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. |
CVE-2024-5894 | High | 7.3 | — | 2024-06-12 | A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. |
CVE-2024-5895 | Medium | 6.3 | — | 2024-06-12 | A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. |
CVE-2024-5893 | Medium | 6.3 | — | 2024-06-12 | A vulnerability classified as critical has been found in SourceCodester Cab Management System 1.0. |
CVE-2024-5897 | Medium | 4.3 | — | 2024-06-12 | A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. |
Apache · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36265 | Critical | 9.8 | — | 2024-06-12 | ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. |
CVE-2024-36264 | Critical | 9.8 | — | 2024-06-12 | ** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. |
CVE-2024-36263 | High | 8.1 | — | 2024-06-12 | ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. |
CVE-2024-36471 | High | 7.5 | — | 2024-06-10 | Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. |
CVE-2024-25142 | Medium | 5.5 | — | 2024-06-14 | Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive da… |
Gitlab · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1963 | Medium | 6.5 | — | 2024-06-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. |
CVE-2024-1736 | Medium | 6.5 | — | 2024-06-12 | An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. |
CVE-2024-1495 | Medium | 6.5 | — | 2024-06-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. |
CVE-2024-4201 | Medium | 4.4 | — | 2024-06-12 | A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. |
CVE-2024-5469 | Low | 3.1 | — | 2024-06-14 | DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. |
Ibm · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31881 | Medium | 6.5 | — | 2024-06-12 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. |
CVE-2023-29267 | Medium | 5.3 | — | 2024-06-12 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authentic… |
CVE-2024-28762 | Medium | 5.3 | — | 2024-06-12 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. |
CVE-2024-25052 | Medium | 4.4 | — | 2024-06-13 | IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. |
CVE-2024-22333 | Low | 3.3 | — | 2024-06-13 | IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. |
Palo Alto Networks · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5908 | High | 7.5 | — | 2024-06-12 | A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. |
CVE-2024-5907 | High | 7.0 | — | 2024-06-12 | A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. |
CVE-2024-5909 | Medium | 5.5 | — | 2024-06-12 | A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. |
CVE-2024-5906 | Medium | 4.8 | — | 2024-06-12 | A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Pris… |
CVE-2024-5905 | Medium | 4.4 | — | 2024-06-12 | A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. |
Woo · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51495 | Medium | 6.5 | — | 2024-06-14 | Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. |
CVE-2023-51497 | Medium | 5.4 | — | 2024-06-14 | Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9. |
CVE-2023-51496 | Medium | 5.3 | — | 2024-06-14 | Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. |
CVE-2023-51498 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through 2.8.3. |
CVE-2023-52186 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2. |
A Wp Life · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35722 | Medium | 4.3 | — | 2024-06-10 | Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through 1.4.0. |
CVE-2024-35721 | Medium | 4.3 | — | 2024-06-10 | Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1… |
CVE-2024-35720 | Medium | 4.3 | — | 2024-06-10 | Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7. |
CVE-2024-35717 | Medium | 4.3 | — | 2024-06-10 | Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through 1.3… |
Artica · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35307 | Critical | 9.8 | — | 2024-06-10 | Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777. |
CVE-2024-35306 | Critical | 9.8 | — | 2024-06-10 | OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777. |
CVE-2024-35305 | Critical | 9.8 | — | 2024-06-10 | Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777. |
CVE-2024-35304 | Critical | 9.8 | — | 2024-06-10 | System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777. |
Debian · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5696 | High | 8.6 | — | 2024-06-11 | By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. |
CVE-2024-36971 | High | 7.8 | KEV | 2024-06-10 | In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. |
CVE-2024-35235 | Medium | 4.4 | — | 2024-06-11 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. |
CVE-2024-5690 | Medium | 4.3 | — | 2024-06-11 | By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. |
Elastic · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23445 | Medium | 6.5 | — | 2024-06-12 | It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body restricts search for a g… |
CVE-2024-23442 | Medium | 6.1 | — | 2024-06-14 | An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. |
CVE-2024-37280 | Medium | 4.9 | — | 2024-06-13 | A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. |
CVE-2024-37279 | Medium | 4.3 | — | 2024-06-13 | A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries. |
Hiroaki-miyashita · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0627 | Medium | 6.4 | — | 2024-06-11 | The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on… |
CVE-2023-6745 | Medium | 6.4 | — | 2024-06-11 | The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user sup… |
CVE-2024-0653 | Medium | 4.4 | — | 2024-06-11 | The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. |
CVE-2023-6748 | Medium | 4.3 | — | 2024-06-11 | The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. |
Itsourcecode · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37831 | Critical | 9.8 | — | 2024-06-14 | Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter. |
CVE-2024-37849 | Critical | 9.8 | — | 2024-06-13 | A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter. |
CVE-2024-5984 | High | 7.3 | — | 2024-06-14 | A vulnerability was found in itsourcecode Online Bookstore 1.0. |
CVE-2024-5983 | High | 7.3 | — | 2024-06-14 | A vulnerability was found in itsourcecode Online Bookstore 1.0. |
Motorola Solutions · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38285 | — | — | — | 2024-06-13 | Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools. |
CVE-2024-38284 | — | — | — | 2024-06-13 | Transmitted data is logged between the device and the backend service. |
CVE-2024-38283 | — | — | — | 2024-06-13 | Sensitive customer information is stored in the device without encryption. |
CVE-2024-38282 | — | — | — | 2024-06-13 | Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system. |
Rockwell Automation · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37369 | High | 8.8 | — | 2024-06-14 | A privilege escalation vulnerability exists in the affected product. |
CVE-2024-37368 | High | 7.5 | — | 2024-06-14 | A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. |
CVE-2024-37367 | High | 7.5 | — | 2024-06-14 | A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. |
CVE-2024-5659 | Medium | 6.5 | — | 2024-06-14 | Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). |
Aimeos · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37295 | High | 7.2 | — | 2024-06-11 | Aimeos is an Open Source e-commerce framework for online shops. |
CVE-2024-37294 | Medium | 5.5 | — | 2024-06-11 | Aimeos is an Open Source e-commerce framework for online shops. |
CVE-2024-37296 | Medium | 5.3 | — | 2024-06-11 | The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. |
Alcasar · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38295 | Critical | 9.8 | — | 2024-06-13 | ALCASAR before 3.6.1 allows still_connected.php remote code execution. |
CVE-2024-38294 | Critical | 9.8 | — | 2024-06-13 | ALCASAR before 3.6.1 allows email_registration_back.php remote code execution. |
CVE-2024-38293 | Critical | 9.6 | — | 2024-06-13 | ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php. |
Canonical · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0084 | High | 7.8 | — | 2024-06-13 | NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. |
CVE-2024-0093 | Medium | 6.5 | — | 2024-06-13 | NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. |
CVE-2024-0086 | Medium | 5.5 | — | 2024-06-13 | NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. |
Codename065 · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2098 | High | 7.5 | — | 2024-06-13 | The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. |
CVE-2024-5266 | Medium | 6.4 | — | 2024-06-12 | The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due t… |
CVE-2024-1766 | Medium | 4.4 | — | 2024-06-12 | The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. |
Fuji Electric · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37029 | High | 7.8 | — | 2024-06-13 | Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. |
CVE-2024-37022 | High | 7.8 | — | 2024-06-13 | Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code. |
CVE-2024-5597 | High | 7.8 | — | 2024-06-10 | Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution. |
Jan Syski · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1659 | Critical | 9.8 | — | 2024-06-12 | Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10. |
CVE-2024-1577 | Critical | 9.8 | — | 2024-06-12 | Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP soft… |
CVE-2024-1576 | Critical | 9.8 | — | 2024-06-12 | SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software… |
Lb-link · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33375 | Critical | 9.8 | — | 2024-06-14 | LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware. |
CVE-2024-33377 | High | 8.1 | — | 2024-06-14 | LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. |
CVE-2024-33373 | Medium | 6.3 | — | 2024-06-14 | An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. |
Moderncampus · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-35859 | Medium | 6.1 | — | 2024-06-13 | A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters. |
CVE-2023-35860 | Medium | 5.3 | — | 2024-06-13 | A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php. |
CVE-2023-35858 | Medium | 5.3 | — | 2024-06-13 | XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 allow a remote, unauthenticated attacker to obtain application information. |
Motorola · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38281 | Critical | 9.8 | — | 2024-06-13 | An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device. |
CVE-2024-38280 | Medium | 4.6 | — | 2024-06-13 | An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text. |
CVE-2024-38279 | Medium | 4.6 | — | 2024-06-13 | The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. |
Premio · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2024 | High | 8.8 | — | 2024-06-14 | The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. |
CVE-2024-4149 | Medium | 4.8 | — | 2024-06-13 | The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users… |
CVE-2024-2023 | Medium | 4.3 | — | 2024-06-14 | The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. |
Red Hat · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3183 | High | 8.1 | — | 2024-06-12 | A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. |
CVE-2023-4727 | High | 7.5 | — | 2024-06-11 | A flaw was found in dogtag-pki and pki-core. |
CVE-2024-5891 | Medium | 4.2 | — | 2024-06-12 | A vulnerability was found in Quay. |
Strapi · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34065 | High | 7.1 | — | 2024-06-12 | Strapi is an open-source content management system. |
CVE-2024-31217 | Medium | 5.3 | — | 2024-06-12 | Strapi is an open-source content management system. |
CVE-2024-29181 | Low | 2.3 | — | 2024-06-12 | Strapi is an open-source content management system. |
Trellix · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5671 | Critical | 9.8 | — | 2024-06-14 | Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager. |
CVE-2024-5731 | Medium | 6.8 | — | 2024-06-14 | A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information. |
CVE-2024-4176 | Medium | 4.1 | — | 2024-06-13 | An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. |
Wedevs · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34822 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2. |
CVE-2024-34442 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in weDevs weDocs.This issue affects weDocs: from n/a through 2.1.4. |
CVE-2023-52217 | Medium | 4.3 | — | 2024-06-11 | Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. |
Andrewabarber · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3978 | Medium | 5.4 | — | 2024-06-14 | The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor… |
CVE-2024-3977 | Medium | 4.8 | — | 2024-06-14 | The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html… |
Angeljudesuarez · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5981 | Medium | 6.3 | — | 2024-06-14 | A vulnerability was found in itsourcecode Online House Rental System 1.0. |
CVE-2024-5898 | Medium | 6.3 | — | 2024-06-12 | A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. |
Aveva · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3467 | High | 7.8 | — | 2024-06-12 | There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by… |
CVE-2024-3468 | — | — | — | 2024-06-12 | There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content… |
Beyondtrust · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5813 | Medium | 5.9 | — | 2024-06-11 | A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response. |
CVE-2024-5812 | Low | 3.3 | — | 2024-06-11 | A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request. |
Codexpert · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4371 | Critical | 9.0 | — | 2024-06-13 | The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted inp… |
CVE-2024-4564 | Medium | 6.4 | — | 2024-06-12 | The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets… |
Composer · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35242 | High | 8.8 | — | 2024-06-10 | Composer is a dependency manager for PHP. |
CVE-2024-35241 | High | 8.8 | — | 2024-06-10 | Composer is a dependency manager for PHP. |
Comtrend · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5785 | High | 8.0 | — | 2024-06-10 | Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. |
CVE-2024-5786 | Medium | 6.5 | — | 2024-06-10 | Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. |
Cvat · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37306 | High | 7.1 | — | 2024-06-13 | Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. |
CVE-2024-37164 | High | 7.1 | — | 2024-06-13 | Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. |
Davidjmiller · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3972 | Medium | 4.3 | — | 2024-06-14 | The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack |
CVE-2024-3971 | Medium | 4.3 | — | 2024-06-14 | The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack |
Fooplugins · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2122 | Medium | 6.4 | — | 2024-06-14 | The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output e… |
CVE-2024-2762 | Medium | 5.4 | — | 2024-06-13 | The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low… |
Funnelkit · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51671 | Medium | 5.4 | — | 2024-06-12 | Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. |
CVE-2023-51670 | Medium | 4.3 | — | 2024-06-12 | Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. |
Gnu · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36600 | High | 8.4 | — | 2024-06-14 | Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. |
CVE-2024-5742 | Medium | 6.7 | — | 2024-06-12 | A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. |
Goprayer · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4480 | Medium | 6.1 | — | 2024-06-14 | The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
CVE-2024-4751 | Medium | 4.3 | — | 2024-06-14 | The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
Harbor · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22244 | Medium | 4.3 | — | 2024-06-10 | Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site. |
CVE-2024-22261 | Low | 2.7 | — | 2024-06-11 | SQL-Injection in Harbor allows priviledge users to leak the task IDs |
Hcl Software · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-30119 | Low | 3.7 | — | 2024-06-14 | HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. |
CVE-2024-30120 | Low | 2.9 | — | 2024-06-14 | HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web application. |
Hp · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-37020 | Medium | 6.8 | — | 2024-06-10 | Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. |
CVE-2022-37019 | Medium | 6.8 | — | 2024-06-10 | Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. |
Liveboxcloud · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-45168 | Medium | 6.5 | — | 2024-06-10 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. |
CVE-2022-45176 | Medium | 5.4 | — | 2024-06-10 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. |
Microdicom · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33606 | High | 8.8 | — | 2024-06-11 | An attacker could retrieve sensitive files (medical images) as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. |
CVE-2024-28877 | High | 8.8 | — | 2024-06-11 | MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. |
Nvidia · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0099 | High | 7.8 | — | 2024-06-13 | NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. |
CVE-2024-0094 | Medium | 5.5 | — | 2024-06-13 | NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where an untrusted guest VM can cause improper control of the interaction frequency in the host. |
Parisneo · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4315 | Critical | 9.1 | — | 2024-06-12 | parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. |
CVE-2024-4328 | High | 8.1 | — | 2024-06-10 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. |
Projectcaruso · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3966 | Medium | 6.1 | — | 2024-06-14 | The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin |
CVE-2024-3965 | Medium | 5.4 | — | 2024-06-14 | The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
Saleswonder Team: Tobias · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34826 | Medium | 6.3 | — | 2024-06-11 | Missing Authorization vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler.This issue affects CF7 WOW Styler: from n/a through <= 1.6.4. |
CVE-2024-34763 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in Saleswonder Team: Tobias Builder for WooCommerce reviews shortcodes – ReviewShort woo-product-reviews-shortcode.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a th… |
Sap_se · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37177 | High | 8.1 | — | 2024-06-11 | SAP Financial Consolidation allows data to enter a Web application through an untrusted source. |
CVE-2024-37178 | Medium | 5.0 | — | 2024-06-11 | SAP Financial Consolidation does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
Softlab · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52177 | Medium | 5.4 | — | 2024-06-12 | Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3. |
CVE-2024-34753 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. |
Tenable · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5759 | Medium | 5.4 | — | 2024-06-12 | An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges |
CVE-2024-1891 | Low | 3.5 | — | 2024-06-12 | A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page. |
Unknown · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4145 | High | 7.2 | — | 2024-06-13 | The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network). |
CVE-2024-3993 | Medium | 4.6 | — | 2024-06-14 | The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack |
Verint · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36396 | High | 8.8 | — | 2024-06-13 | Verint - CWE-434: Unrestricted Upload of File with Dangerous Type |
CVE-2024-36395 | Medium | 6.1 | — | 2024-06-13 | Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
Vsourz1td · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4319 | Medium | 5.3 | — | 2024-06-11 | The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. |
CVE-2024-3723 | Medium | 5.3 | — | 2024-06-11 | The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. |
Wpdeveloper · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1565 | Medium | 6.4 | — | 2024-06-13 | The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, a… |
CVE-2024-5189 | Medium | 6.4 | — | 2024-06-11 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.2… |
Wpengine Inc · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34762 | Critical | 9.9 | — | 2024-06-10 | Vulnerability discovered by executing a planned security audit. |
CVE-2024-34761 | High | 8.5 | — | 2024-06-10 | Vulnerability discovered by executing a planned security audit. |
Wpmanageninja · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23504 | Medium | 5.3 | — | 2024-06-14 | Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.5. |
CVE-2024-23503 | Medium | 4.3 | — | 2024-06-11 | Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.6. |
Wpmet · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4404 | High | 8.5 | — | 2024-06-14 | The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. |
CVE-2024-34758 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.6.4. |
10web · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35628 | Medium | 4.3 | — | 2024-06-11 | Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25. |
Acronis · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34012 | Medium | 4.4 | — | 2024-06-14 | Local privilege escalation due to insecure folder permissions. |
Actpro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35727 | Medium | 4.3 | — | 2024-06-10 | Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6. |
Acurax · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35749 | Low | 3.7 | — | 2024-06-10 | Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through 2.6. |
Addonmaster · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24704 | Medium | 5.4 | — | 2024-06-11 | Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3. |
Adenion · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3549 | Critical | 9.9 | — | 2024-06-11 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied param… |
Adfinis · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37301 | High | 7.2 | — | 2024-06-11 | Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. |
Aegon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36599 | Medium | 6.1 | — | 2024-06-14 | A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php. |
Afzal Multani · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-38395 | Medium | 5.4 | — | 2024-06-12 | Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through 1.0.1. |
Amazon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37293 | High | 7.5 | — | 2024-06-11 | The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. |
Anders Norén · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35685 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in Anders Norén Radcliffe 2.This issue affects Radcliffe 2: from n/a through 2.0.17. |
Andibauer · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4270 | Medium | 5.4 | — | 2024-06-14 | The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. |
Andrew · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35723 | Medium | 4.3 | — | 2024-06-10 | Missing Authorization vulnerability in Andrew Dashboard To-Do List dashboard-to-do-list.This issue affects Dashboard To-Do List: from n/a through <= 1.2.0. |
Anssi Laitila · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34821 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in Anssi Laitila Contact List contact-list.This issue affects Contact List: from n/a through <= 2.9.87. |
Arraytics · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1094 | High | 7.3 | — | 2024-06-14 | The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in a… |
Asghar Hatampoor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35746 | Critical | 10.0 | — | 2024-06-10 | Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2. |
Aspose.cloud Marketplace · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32146 | Medium | 4.3 | — | 2024-06-11 | Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through 6.3.1. |
Avirtum · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4744 | Medium | 5.3 | — | 2024-06-10 | Missing Authorization vulnerability in Avirtum iPages Flipbook.This issue affects iPages Flipbook: from n/a through 1.5.1. |
Awesome Support Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35741 | Medium | 4.3 | — | 2024-06-10 | Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7. |
Awesomesupport · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51537 | Medium | 5.3 | — | 2024-06-12 | Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.5. |
Badhonrocks · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5892 | Medium | 6.4 | — | 2024-06-12 | The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sa… |
Bastianon Massimo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-44234 | Medium | 4.3 | — | 2024-06-12 | Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through 1.7.08. |
Bbs E-theme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-36504 | Medium | 6.5 | — | 2024-06-14 | Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through 2.4.5. |
Bdthemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3925 | Medium | 6.4 | — | 2024-06-12 | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, an… |
Blackberry · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35213 | Critical | 9.0 | — | 2024-06-11 | An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing pro… |
Bosa Themes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35724 | Medium | 4.3 | — | 2024-06-10 | Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through 1.0.12. |
Bosscms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31613 | Medium | 5.4 | — | 2024-06-10 | BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code." |
Boxystudio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37308 | Medium | 5.4 | — | 2024-06-13 | The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `_recipe_settings[post_title]` parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output… |
Brainstorm Force · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51376 | Medium | 4.3 | — | 2024-06-14 | Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34. |
Brainstormforce · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5757 | Medium | 6.4 | — | 2024-06-13 | The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input san… |
Brett Shumaker · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51526 | Medium | 4.3 | — | 2024-06-12 | Missing Authorization vulnerability in Brett Shumaker Simple Staff List.This issue affects Simple Staff List: from n/a through 2.2.4. |
Broadcom · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36459 | — | — | — | 2024-06-14 | A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. |
Bryan Lee · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-36694 | Medium | 6.3 | — | 2024-06-14 | Missing Authorization vulnerability in Bryan Lee Kingkong Board.This issue affects Kingkong Board: from n/a through 2.1.0.2. |
Buddypress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4892 | Medium | 6.4 | — | 2024-06-12 | The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ parameter in versions up to, and including, 12.4.1 due to insufficient input sanitization and output escaping. |
Buildapp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7264 | High | 8.1 | — | 2024-06-11 | The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.22. |
Bulkgate · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51679 | Medium | 5.4 | — | 2024-06-12 | Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin for WooCommerce.This issue affects BulkGate SMS Plugin for WooCommerce: from n/a through 3.0.2. |
Businessdirectoryplugin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51516 | Medium | 5.4 | — | 2024-06-14 | Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9. |
Buy Me A Coffee · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-25030 | Medium | 4.3 | — | 2024-06-12 | Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7. |
Canto · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4936 | Critical | 9.8 | — | 2024-06-14 | The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. |
Checkmk · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28833 | Medium | 5.9 | — | 2024-06-10 | Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. |
Churchcrm · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36647 | Medium | 5.4 | — | 2024-06-13 | A stored cross-site scripting (XSS) vulnerability in Church CRM v5.8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Family Name parameter under the Register a New Family page. |
Cilium · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37307 | High | 7.9 | — | 2024-06-13 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. |
Citrix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5661 | Medium | 6.0 | — | 2024-06-13 | An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive. |
Cloud Foundry · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22279 | Medium | 5.9 | — | 2024-06-10 | Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale. |
Code Parrots · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35742 | Medium | 5.3 | — | 2024-06-10 | Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0. |
Code4recovery · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22296 | Medium | 4.3 | — | 2024-06-10 | Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.28. |
Codecabin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5994 | Medium | 6.4 | — | 2024-06-14 | The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. |
Codepeople · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35735 | Medium | 5.3 | — | 2024-06-10 | Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11. |
Consensu.io · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48280 | High | 7.5 | — | 2024-06-12 | Missing Authorization vulnerability in Consensu.IO Consensu.Io.This issue affects Consensu.Io: from n/a through 1.0.1. |
Contact_form_builder_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35747 | Medium | 5.3 | — | 2024-06-10 | Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7. |
Contrid · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5543 | High | 8.1 | — | 2024-06-12 | The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient p… |
Copymatic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35716 | Medium | 6.5 | — | 2024-06-11 | Missing Authorization vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.9. |
Crafthemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34800 | High | 7.6 | — | 2024-06-10 | Missing Authorization vulnerability in Crafthemes Crafthemes Demo Import crafthemes-demo-import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crafthemes Demo Import: from n/a through <= 3.3. |
Crate · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37309 | Medium | 5.3 | — | 2024-06-13 | CrateDB is a distributed SQL database. |
Custom_field_suite_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3559 | Medium | 6.4 | — | 2024-06-12 | The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. |
Deepak Anand · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-37394 | Medium | 5.3 | — | 2024-06-14 | Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 2.3.0. |
Devitemsllc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5530 | Medium | 6.4 | — | 2024-06-11 | The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget i… |
Dgwyer · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6492 | Medium | 4.3 | — | 2024-06-14 | The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. |
Discourse · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35168 | Medium | 4.3 | — | 2024-06-11 | Missing Authorization vulnerability in Discourse WP Discourse.This issue affects WP Discourse: from n/a through 2.5.1. |
Dlink · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37630 | High | 8.8 | — | 2024-06-13 | D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root. |
Dokan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3922 | Critical | 10.0 | — | 2024-06-13 | The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the e… |
Dreryk · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3699 | Critical | 9.8 | — | 2024-06-10 | Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. |
Dropbox · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5924 | High | 8.8 | — | 2024-06-13 | Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. |
Elecom Co.,ltd. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36103 | Medium | 6.8 | — | 2024-06-12 | OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially cra… |
Elementor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-33922 | Medium | 4.3 | — | 2024-06-11 | Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2. |
Elespare · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4615 | Medium | 6.4 | — | 2024-06-13 | The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. |
Emlog · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-31612 | Medium | 6.5 | — | 2024-06-10 | Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information. |
Estomed · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3700 | Critical | 9.8 | — | 2024-06-10 | Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. |
Eurosoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1228 | Critical | 9.8 | — | 2024-06-10 | Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. |
Expresstech · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51507 | Medium | 5.3 | — | 2024-06-14 | Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16. |
Fastly · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34768 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25. |
Fat Rat · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-35045 | Medium | 4.3 | — | 2024-06-14 | Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through 2.6.7. |
Freeipa · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2698 | High | 8.8 | — | 2024-06-12 | A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. |
Fsas Technologies Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36454 | Medium | 5.3 | — | 2024-06-12 | Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series V01L07NF0201 and earlier. |
Futuriowp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5646 | Medium | 6.4 | — | 2024-06-11 | The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization an… |
Gabriel Somoza / Joseph Fitzgibbons · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35745 | High | 7.5 | — | 2024-06-10 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: fr… |
Gangesh Matta · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-40603 | Medium | 5.3 | — | 2024-06-12 | Missing Authorization vulnerability in Gangesh Matta Simple Org Chart.This issue affects Simple Org Chart: from n/a through 2.3.4. |
Gfx-rs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36761 | Critical | 9.8 | — | 2024-06-12 | naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs. |
Gpriday · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5090 | Medium | 6.4 | — | 2024-06-11 | The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping… |
Grpc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37168 | Medium | 5.3 | — | 2024-06-10 | @grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. |
Guangdong Baolun Electronics · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6003 | High | 7.3 | — | 2024-06-14 | A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. |
Gurgunday · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37166 | High | 8.9 | — | 2024-06-10 | ghtml is software that uses tagged templates for template engine functionality. |
Hahncreativegroup · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35663 | Medium | 5.4 | — | 2024-06-11 | Missing Authorization vulnerability in HahnCreativeGroup WP Translate.This issue affects WP Translate: from n/a through 5.3.0. |
Happyforms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23521 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10. |
Hardik Chavada · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-40672 | Medium | 5.4 | — | 2024-06-12 | Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through 2.1. |
Hashicorp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5798 | Low | 2.6 | — | 2024-06-12 | Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. |
Heateor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4924 | Medium | 6.1 | — | 2024-06-12 | The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html… |
Hewlett Packard Enterprise (Hpe) · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22441 | Critical | 9.8 | — | 2024-06-13 | HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass. |
Himalaya Saxena · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-40209 | Medium | 6.5 | — | 2024-06-12 | Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0. |
Hp Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2300 | Medium | 6.2 | — | 2024-06-12 | HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. |
Ibericode · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51682 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9. |
Icegram · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4845 | High | 8.8 | — | 2024-06-12 | The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient pr… |
Ideabox · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5787 | Medium | 6.4 | — | 2024-06-13 | The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and includ… |
If So Plugin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34820 | Medium | 6.5 | — | 2024-06-11 | Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1. |
Instawp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4898 | Critical | 9.8 | — | 2024-06-12 | The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. |
Itssglobal · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22855 | Medium | 5.4 | — | 2024-06-12 | A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. |
Jasonraimondi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37169 | Medium | 5.3 | — | 2024-06-10 | @jmondi/url-to-png is a self-hosted URL to PNG utility. |
Javier Carazo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34815 | Medium | 5.4 | — | 2024-06-11 | Missing Authorization vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.5. |
Jetbrains · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37051 | Critical | 9.3 | — | 2024-06-10 | GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3… |
Jordy Meow · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35712 | Medium | 4.9 | — | 2024-06-10 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5. |
Joshua_vandercar · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3992 | Medium | 4.8 | — | 2024-06-14 | The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disa… |
Jupyter · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35225 | Critical | 9.6 | — | 2024-06-11 | Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. |
Jupyterhub · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37300 | High | 8.1 | — | 2024-06-12 | OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. |
Kadencewp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4863 | Medium | 6.4 | — | 2024-06-14 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanit… |
Keisuke Nakayama · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36360 | Critical | 9.8 | — | 2024-06-11 | OS command injection vulnerability exists in awkblog v0.0.1 (commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552) and earlier. |
Kubernetes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5154 | High | 8.1 | — | 2024-06-12 | A flaw was found in cri-o. |
La-studio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35725 | Medium | 4.3 | — | 2024-06-10 | Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.6. |
Labschool · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4005 | Medium | 4.8 | — | 2024-06-14 | The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i… |
Ladela · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5584 | Medium | 6.4 | — | 2024-06-11 | The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization… |
Langflow · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37014 | Critical | 9.8 | — | 2024-06-10 | Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. |
Latepoint · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2472 | Critical | 9.1 | — | 2024-06-14 | The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. |
Leap13 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5553 | Medium | 4.4 | — | 2024-06-12 | The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. |
Lenovo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4696 | High | 7.5 | — | 2024-06-13 | A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited. |
Lim Kai Yang · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47845 | Medium | 4.3 | — | 2024-06-12 | Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai Yang Grab & Save.This issue affects Grab & Save: from n/a through 1.0.4. |
Linecorp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5739 | Medium | 6.1 | — | 2024-06-12 | The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. |
Linksys · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36821 | Medium | 6.8 | — | 2024-06-11 | Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. |
Linux · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36972 | High | 7.5 | — | 2024-06-10 | In the Linux kernel, the following vulnerability has been resolved: af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. |
Lnbits · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34694 | High | 8.1 | — | 2024-06-14 | LNbits is a Lightning wallet and accounts system. |
Lollms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4403 | High | 8.8 | — | 2024-06-10 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. |
Mailerlite · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52227 | Medium | 4.3 | — | 2024-06-11 | Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8. |
Mandrill · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47828 | Medium | 4.3 | — | 2024-06-12 | Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33. |
Mattermost · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37182 | Medium | 4.7 | — | 2024-06-14 | Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI s… |
Matthias Pfefferle & Automattic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52199 | Medium | 6.5 | — | 2024-06-11 | Missing Authorization vulnerability in Matthias Pfefferle & Automattic ActivityPub.This issue affects ActivityPub: from n/a through 1.0.5. |
Maxime Schoeni · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-36695 | Medium | 5.4 | — | 2024-06-14 | Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through 2.9. |
Mayurik · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5985 | Medium | 6.3 | — | 2024-06-14 | A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. |
Mcnardelli · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5577 | Critical | 9.8 | — | 2024-06-14 | The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. |
Melapress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35650 | Medium | 4.9 | — | 2024-06-10 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security melapress-login-security.This issue affects MelaPress Login Security: from n/a thro… |
Metagauss · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52117 | Medium | 4.3 | — | 2024-06-12 | Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6. |
Metersphere · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37161 | Medium | 4.0 | — | 2024-06-11 | MeterSphere is an open source continuous testing platform. |
Mgt-commerce · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24320 | High | 8.8 | — | 2024-06-14 | Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function. |
Minoji · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35671 | Medium | 4.3 | — | 2024-06-11 | Missing Authorization vulnerability in Minoji MJ Update History.This issue affects MJ Update History: from n/a through 1.0.4. |
Minthcm · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36656 | Medium | 6.1 | — | 2024-06-14 | In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting (XSS) attack. |
Mintplex-labs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5211 | High | 7.2 | — | 2024-06-12 | A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. |
Mlewand · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37888 | Medium | 6.1 | — | 2024-06-14 | The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. |
Mnbaa · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3754 | Medium | 4.7 | — | 2024-06-14 | The Alemha watermarker WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capa… |
Monoprice · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24051 | Medium | 5.5 | — | 2024-06-12 | Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode… |
Moreconvert · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34819 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in Moreconvert Team MC Woocommerce Wishlist smart-wishlist-for-more-convert.This issue affects MC Woocommerce Wishlist: from n/a through <= 1.7.2. |
Moreconvert Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34813 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in Moreconvert Team MC Woocommerce Wishlist smart-wishlist-for-more-convert.This issue affects MC Woocommerce Wishlist: from n/a through <= 1.7.8. |
Multivendorx · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-24703 | High | 8.6 | — | 2024-06-11 | Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.0.25. |
Mz-automation · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36702 | High | 7.4 | — | 2024-06-11 | libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c. |
Namithjawahar · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35665 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in namithjawahar Insert Post Ads.This issue affects Insert Post Ads: from n/a through 1.3.2. |
Navneil Naicker · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23518 | Medium | 4.3 | — | 2024-06-11 | Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6. |
Nervythemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-29174 | Medium | 6.5 | — | 2024-06-14 | Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through 3.0. |
Netapp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21988 | Medium | 5.3 | — | 2024-06-14 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation. |
Netgsm · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4746 | Medium | 4.3 | — | 2024-06-10 | Missing Authorization vulnerability in netgsm Netgsm netgsm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netgsm: from n/a through <= 2.9.32. |
Netiq · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-11843 | Medium | 6.5 | — | 2024-06-11 | This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before |
Netweblogic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3492 | Medium | 6.4 | — | 2024-06-12 | The Events Manager – Calendar, Bookings, Tickets, and more! |
Newsletter · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5674 | Medium | 6.5 | — | 2024-06-12 | The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. |
Nicheaddons · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4669 | Medium | 6.4 | — | 2024-06-11 | The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization… |
Oceanwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5531 | Medium | 6.4 | — | 2024-06-11 | The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. |
Ontraport · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23524 | Medium | 5.3 | — | 2024-06-10 | Missing Authorization vulnerability in ONTRAPORT Inc. |
Open-quantum-safe · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36405 | Medium | 5.9 | — | 2024-06-10 | liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. |
Opentext · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4190 | High | 8.1 | — | 2024-06-11 | Stored Cross-Site Scripting (XSS) vulnerabilities have been identified in OpenText ArcSight Logger. |
Ovic_importer_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35754 | High | 7.5 | — | 2024-06-10 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ovic Team Ovic Importer allows Path Traversal.This issue affects Ovic Importer: from n/a through 1.6.3. |
Plugin-planet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0979 | Medium | 6.1 | — | 2024-06-13 | The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. |
Podlove · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32143 | Medium | 4.3 | — | 2024-06-11 | Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0. |
Post Smtp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52233 | High | 8.6 | — | 2024-06-11 | Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6. |
Pressified · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-35040 | Medium | 5.3 | — | 2024-06-14 | Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6. |
Rabbitloader · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21751 | Medium | 5.4 | — | 2024-06-10 | Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13. |
Rafflepress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4745 | Medium | 4.3 | — | 2024-06-10 | Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.4. |
Ravidhu Dissanayake · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35744 | High | 8.6 | — | 2024-06-10 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through 1.0.0. |
Ravster · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5155 | Medium | 6.1 | — | 2024-06-14 | The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack |
Repute Infosystems · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34799 | Medium | 6.5 | — | 2024-06-11 | Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82. |
Reputeinfosystems · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0427 | Medium | 6.3 | — | 2024-06-12 | The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions. |
Revolut · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52224 | Medium | 4.3 | — | 2024-06-11 | Missing Authorization vulnerability in Revolut Revolut Gateway for WooCommerce.This issue affects Revolut Gateway for WooCommerce: from n/a through 4.9.7. |
Roxnor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4266 | Medium | 5.3 | — | 2024-06-11 | The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. |
Salephpscripts · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3552 | Critical | 9.8 | — | 2024-06-13 | The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques li… |
Salesforce · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32148 | Medium | 4.3 | — | 2024-06-11 | Missing Authorization vulnerability in Salesforce Pardot.This issue affects Pardot: from n/a through 2.1.0. |
Sc_filechecker_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35743 | High | 8.6 | — | 2024-06-10 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through 0.6. |
Smallweigit · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5829 | Low | 3.5 | — | 2024-06-11 | A vulnerability classified as problematic was found in smallweigit Avue up to 3.4.4. |
Smub · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3073 | Low | 2.7 | — | 2024-06-13 | The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. |
Snipe · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5685 | High | 7.6 | — | 2024-06-14 | Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1. |
Soar Cloud · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5995 | High | 8.8 | — | 2024-06-14 | The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. |
Soliloquy Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51519 | Medium | 4.3 | — | 2024-06-11 | Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through 2.7.2. |
Stylemix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5468 | Medium | 6.5 | — | 2024-06-12 | The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3… |
Stylemixthemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35677 | Critical | 9.0 | — | 2024-06-10 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through 2.3.12. |
Svgator · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4271 | Medium | 4.6 | — | 2024-06-14 | The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. |
Tabrisrp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2473 | Medium | 5.3 | — | 2024-06-11 | The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. |
Tagembed · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34804 | Medium | 5.4 | — | 2024-06-11 | Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8. |
Technovama · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51680 | Medium | 4.3 | — | 2024-06-12 | Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through 2.0.1. |
Teplitsa Of Social Technologies · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35683 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.1. |
Termly · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35692 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2. |
Theluckywp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2218 | Medium | 4.6 | — | 2024-06-14 | The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_ht… |
Themeboy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-34824 | Medium | 4.3 | — | 2024-06-11 | Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20. |
Themehigh · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35658 | High | 8.6 | — | 2024-06-10 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor f… |
Themeisle · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35728 | Medium | 5.3 | — | 2024-06-10 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20. |
Themekraft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35726 | Medium | 4.3 | — | 2024-06-10 | Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.19. |
Themeum · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-25799 | High | 8.3 | — | 2024-06-11 | Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8. |
Themify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3032 | Medium | 6.1 | — | 2024-06-13 | Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue |
Tibco · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-4576 | Medium | 5.3 | — | 2024-06-13 | The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information. |
Tickera · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35729 | Medium | 5.3 | — | 2024-06-10 | Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.2.6. |
Tms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22298 | Medium | 5.3 | — | 2024-06-10 | Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98. |
Treyww · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37889 | Medium | 6.5 | — | 2024-06-14 | MyFinances is a web application for managing finances. |
Tri · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1295 | Medium | 6.5 | — | 2024-06-14 | The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. |
Trol Intermedia Sp. Z O.o. Sp. K. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5961 | — | — | — | 2024-06-14 | Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run… |
Unattributed · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51413 | Medium | 5.3 | — | 2024-06-12 | Missing Authorization vulnerability in Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.29. |
Uniview · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-3850 | Medium | 5.4 | — | 2024-06-10 | Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). |
Vark · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41240 | Medium | 5.3 | — | 2024-06-12 | Missing Authorization vulnerability in Vark Pricing Deals for WooCommerce.This issue affects Pricing Deals for WooCommerce: from n/a through 2.0.3.2. |
Vberkel · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0892 | Medium | 4.3 | — | 2024-06-14 | The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. |
Veeam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-29855 | Critical | 9.0 | — | 2024-06-11 | Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator |
Webcodingplace · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52179 | Medium | 5.4 | — | 2024-06-11 | Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through 2.5. |
Webtechstreet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-2092 | Medium | 5.4 | — | 2024-06-12 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user… |
Webtoffee · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52183 | Medium | 5.4 | — | 2024-06-11 | Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.3. |
Weforms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51524 | Medium | 4.3 | — | 2024-06-12 | Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18. |
Welcart · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32144 | Medium | 5.4 | — | 2024-06-11 | Missing Authorization vulnerability in Welcart Inc. |
Woocommerce · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37297 | Medium | 5.4 | — | 2024-06-12 | WooCommerce is an open-source e-commerce platform built on WordPress. |
Wp Easycart · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35667 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19. |
Wp Onlinesupport, Essential Plugin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48273 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Preloader for Website.This issue affects Preloader for Website: from n/a through 1.2.2. |
Wp-staging · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5551 | High | 7.5 | — | 2024-06-14 | The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. |
Wpbakery · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5265 | Medium | 6.4 | — | 2024-06-13 | The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vc_single_image shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and… |
Wpeverest · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51377 | Medium | 5.3 | — | 2024-06-14 | Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through 2.0.3. |
Writersystem · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51523 | Medium | 4.3 | — | 2024-06-14 | Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through 0.3.0.7. |
Yithemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35680 | Medium | 5.3 | — | 2024-06-10 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through… |
Yoast · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-28775 | Medium | 5.3 | — | 2024-06-11 | Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4. |