Patch Tuesday — August 2024

2024-08-13 · 862 CVEs

CVEs published or modified the week of 2024-08-13, partitioned by vendor.

Microsoft (131 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38199Critical9.82024-08-13Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVE-2024-38140Critical9.82024-08-13Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
CVE-2024-38063Critical9.82024-08-13Windows TCP/IP Remote Code Execution Vulnerability
CVE-2024-38108Critical9.32024-08-13Azure Stack Hub Spoofing Vulnerability
CVE-2024-38160Critical9.12024-08-13Windows Network Virtualization Remote Code Execution Vulnerability
CVE-2024-38159Critical9.12024-08-13Windows Network Virtualization Remote Code Execution Vulnerability
CVE-2024-38109Critical9.12024-08-13An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
CVE-2024-38189High8.8KEV2024-08-13Microsoft Project Remote Code Execution Vulnerability
CVE-2024-38180High8.82024-08-13Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2024-38154High8.82024-08-13Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38144High8.82024-08-13Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2024-38131High8.82024-08-13Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
CVE-2024-38130High8.82024-08-13Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38128High8.82024-08-13Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38121High8.82024-08-13Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38120High8.82024-08-13Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38116High8.82024-08-13Windows IP Routing Management Snapin Remote Code Execution Vulnerability
CVE-2024-38115High8.82024-08-13Windows IP Routing Management Snapin Remote Code Execution Vulnerability
CVE-2024-38114High8.82024-08-13Windows IP Routing Management Snapin Remote Code Execution Vulnerability
CVE-2024-38218High8.42024-08-12Microsoft Edge (HTML-based) Memory Corruption Vulnerability
CVE-2024-38211High8.22024-08-13Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-29995High8.12024-08-13Windows Kerberos Elevation of Privilege Vulnerability
CVE-2024-7263High7.82024-08-15Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.
CVE-2024-7262High7.8KEV2024-08-15Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.
CVE-2024-41856High7.82024-08-14Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-41853High7.82024-08-14InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-41852High7.82024-08-14InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-41851High7.82024-08-14InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-41850High7.82024-08-14InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-41840High7.82024-08-14Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-41831High7.82024-08-14Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-41830High7.82024-08-14Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-39426High7.82024-08-14Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory st…
CVE-2024-39424High7.82024-08-14Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-39423High7.82024-08-14Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-39422High7.82024-08-14Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-39394High7.82024-08-14InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-39393High7.82024-08-14InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
CVE-2024-39391High7.82024-08-14InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-39390High7.82024-08-14InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-39389High7.82024-08-14InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-39388High7.82024-08-14Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-39386High7.82024-08-14Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-39383High7.82024-08-14Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-34133High7.82024-08-14Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-34117High7.82024-08-14Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-41858High7.82024-08-14InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-38163High7.82024-08-14Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-38215High7.82024-08-13Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2024-38196High7.82024-08-13Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-38195High7.82024-08-13Azure CycleCloud Remote Code Execution Vulnerability
CVE-2024-38193High7.8KEV2024-08-13Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2024-38191High7.82024-08-13Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVE-2024-38187High7.82024-08-13Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-38186High7.82024-08-13Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-38185High7.82024-08-13Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-38184High7.82024-08-13Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-38177High7.82024-08-13Windows App Installer Spoofing Vulnerability
CVE-2024-38172High7.82024-08-13Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-38171High7.82024-08-13Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2024-38169High7.82024-08-13Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2024-38162High7.82024-08-13Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2024-38153High7.82024-08-13Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-38152High7.82024-08-13Windows OLE Remote Code Execution Vulnerability
CVE-2024-38150High7.82024-08-13Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-38147High7.82024-08-13Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-38142High7.82024-08-13Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-38141High7.82024-08-13Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2024-38135High7.82024-08-13Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVE-2024-38134High7.82024-08-13Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2024-38133High7.82024-08-13Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-38127High7.82024-08-13Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2024-38125High7.82024-08-13Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2024-38117High7.82024-08-13NTFS Elevation of Privilege Vulnerability
CVE-2024-38107High7.8KEV2024-08-13Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
CVE-2024-38098High7.82024-08-13Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2024-38084High7.82024-08-13Microsoft OfficePlus Elevation of Privilege Vulnerability
CVE-2024-43373High7.72024-08-15webcrack is a tool for reverse engineering javascript.
CVE-2024-38198High7.52024-08-13Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2024-38178High7.5KEV2024-08-13Scripting Engine Memory Corruption Vulnerability
CVE-2024-38168High7.52024-08-13.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-38148High7.52024-08-13Windows Secure Channel Denial of Service Vulnerability
CVE-2024-38146High7.52024-08-13Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
CVE-2024-38145High7.52024-08-13Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
CVE-2024-38138High7.52024-08-13Windows Deployment Services Remote Code Execution Vulnerability
CVE-2024-38132High7.52024-08-13Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-38126High7.52024-08-13Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-37968High7.52024-08-13Windows DNS Spoofing Vulnerability
CVE-2024-38170High7.12024-08-13Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-39425High7.02024-08-14Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation.
CVE-2024-39420High7.02024-08-14Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could…
CVE-2024-38201High7.02024-08-13Azure Stack Hub Elevation of Privilege Vulnerability
CVE-2024-38158High7.02024-08-13Azure IoT SDK Remote Code Execution Vulnerability
CVE-2024-38157High7.02024-08-13Azure IoT SDK Remote Code Execution Vulnerability
CVE-2024-38137High7.02024-08-13Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
CVE-2024-38136High7.02024-08-13Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
CVE-2024-38106High7.0KEV2024-08-13Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-38223Medium6.82024-08-13Windows Initial Machine Configuration Elevation of Privilege Vulnerability
CVE-2024-38161Medium6.82024-08-13Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-38173Medium6.72024-08-13Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-38214Medium6.52024-08-13Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2024-38213Medium6.5KEV2024-08-13Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2024-38197Medium6.52024-08-13Microsoft Teams for iOS Spoofing Vulnerability
CVE-2024-38167Medium6.52024-08-13.NET and Visual Studio Information Disclosure Vulnerability
CVE-2024-38165Medium6.52024-08-13Windows Compressed Folder Tampering Vulnerability
CVE-2024-42474Medium6.52024-08-12Streamlit is a data oriented application development framework for python.
CVE-2024-38219Medium6.52024-08-12Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2024-38200Medium6.52024-08-12Microsoft Office Spoofing Vulnerability
CVE-2024-43472Medium5.82024-08-16Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2024-41866Medium5.52024-08-14InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS).
CVE-2024-41854Medium5.52024-08-14InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-41835Medium5.52024-08-14Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-41834Medium5.52024-08-14Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-41833Medium5.52024-08-14Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-41832Medium5.52024-08-14Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-39395Medium5.52024-08-14InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS).
CVE-2024-39387Medium5.52024-08-14Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-34138Medium5.52024-08-14Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS).
CVE-2024-34137Medium5.52024-08-14Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition.
CVE-2024-34136Medium5.52024-08-14Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS).
CVE-2024-34135Medium5.52024-08-14Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-34134Medium5.52024-08-14Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-34127Medium5.52024-08-14InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-34118Medium5.52024-08-14Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition.
CVE-2024-38155Medium5.52024-08-13Security Center Broker Information Disclosure Vulnerability
CVE-2024-38151Medium5.52024-08-13Windows Kernel Information Disclosure Vulnerability
CVE-2024-38122Medium5.52024-08-13Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
CVE-2024-38118Medium5.52024-08-13Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
CVE-2024-38123Medium4.42024-08-13Windows Bluetooth Driver Information Disclosure Vulnerability
CVE-2024-38143Medium4.22024-08-13Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
CVE-2024-67682024-08-12A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to…

Other vendors (731 CVEs across 216 vendors)

N/a · 128 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43042Critical9.82024-08-16Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack.
CVE-2024-42850Critical9.82024-08-16An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.
CVE-2024-42634Critical9.82024-08-16A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42.
CVE-2024-42757Critical9.82024-08-15Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page.
CVE-2024-23168Critical9.82024-08-15Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution.
CVE-2024-42978Critical9.82024-08-15An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2024-42967Critical9.82024-08-15Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.
CVE-2024-42966Critical9.82024-08-15Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.
CVE-2024-42947Critical9.82024-08-15An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2024-42843Critical9.82024-08-15Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php.
CVE-2024-42547Critical9.82024-08-12TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.
CVE-2024-42546Critical9.82024-08-12TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.
CVE-2024-42545Critical9.82024-08-12TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function.
CVE-2024-42543Critical9.82024-08-12TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.
CVE-2024-42520Critical9.82024-08-12TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.
CVE-2024-41577Critical9.82024-08-12An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.
CVE-2024-40477Critical9.82024-08-12A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" parameter.
CVE-2024-40472Critical9.82024-08-12Sourcecodester Daily Calories Monitoring Tool v1.0 is vulnerable to SQL Injection via "delete-calorie.php."
CVE-2024-38989Critical9.82024-08-12izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js.
CVE-2024-22218High8.82024-08-15XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as acces…
CVE-2024-42681High8.82024-08-15Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component.
CVE-2024-21810High8.82024-08-14Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21807High8.82024-08-14Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-42739High8.82024-08-13In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg.
CVE-2024-42738High8.82024-08-13In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg.
CVE-2024-42737High8.82024-08-13In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist.
CVE-2024-42748High8.82024-08-12In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg.
CVE-2024-42747High8.82024-08-12In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg.
CVE-2024-42745High8.82024-08-12In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg.
CVE-2024-42744High8.82024-08-12In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser.
CVE-2024-42743High8.82024-08-12In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg .
CVE-2024-42742High8.82024-08-12In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules.
CVE-2024-42741High8.82024-08-12In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg.
CVE-2023-48171High8.82024-08-12An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
CVE-2024-41475High8.82024-08-12Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.
CVE-2024-40500High8.62024-08-12Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component.
CVE-2024-42995High8.32024-08-16VTiger CRM <= 8.1.0 does not correctly check user privileges.
CVE-2024-36877High8.22024-08-12Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where con…
CVE-2024-41651High8.12024-08-12An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality.
CVE-2023-49141High7.82024-08-14Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-42667High7.82024-08-14Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-42736High7.82024-08-13In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist.
CVE-2024-27442High7.82024-08-12An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0.
CVE-2023-50809High7.82024-08-12In certain Sonos products before S1 Release 11.12 and S2 release 15.9, the mt_7615.ko wireless driver does not properly validate an information element during negotiation of a WPA2 four-way handshake.
CVE-2024-42987High7.52024-08-15Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function.
CVE-2024-42986High7.52024-08-15Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function.
CVE-2024-42985High7.52024-08-15Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromNatlimit function.
CVE-2024-42984High7.52024-08-15Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function.
CVE-2024-42983High7.52024-08-15Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pptpPPW parameter in the fromAdvSetWan function.
CVE-2024-42982High7.52024-08-15Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function.
CVE-2024-42981High7.52024-08-15Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function.
CVE-2024-42980High7.52024-08-15Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function.
CVE-2024-42979High7.52024-08-15Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ProtForm function.
CVE-2024-42977High7.52024-08-15Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the qos parameter in the fromqossetting function.
CVE-2024-42976High7.52024-08-15Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function.
CVE-2024-42974High7.52024-08-15Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function.
CVE-2024-42973High7.52024-08-15Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSetlpBind function.
CVE-2024-42969High7.52024-08-15Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeUrlFilter function.
CVE-2024-42968High7.52024-08-15Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the Go parameter in the fromSafeUrlFilter function.
CVE-2024-42955High7.52024-08-15Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function.
CVE-2024-42954High7.52024-08-15Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function.
CVE-2024-42953High7.52024-08-15Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPW parameter in the fromWizardHandle function.
CVE-2024-42952High7.52024-08-15Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromqossetting function.
CVE-2024-42951High7.52024-08-15Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the mit_pptpusrpw parameter in the fromWizardHandle function.
CVE-2024-42950High7.52024-08-15Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the fromSafeClientFilter function.
CVE-2024-42949High7.52024-08-15Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the qos parameter in the fromqossetting function.
CVE-2024-42948High7.52024-08-15Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function.
CVE-2024-42946High7.52024-08-15Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function.
CVE-2024-42945High7.52024-08-15Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromAddressNat function.
CVE-2024-42944High7.52024-08-15Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromNatlimit function.
CVE-2024-42943High7.52024-08-15Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function.
CVE-2024-42942High7.52024-08-15Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function.
CVE-2024-42941High7.52024-08-15Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in the fromAdvSetWan function.
CVE-2024-42940High7.52024-08-15Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function.
CVE-2024-33535High7.52024-08-12An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0.
CVE-2024-37826High7.52024-08-12A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2024-37015High7.42024-08-13An issue was discovered in Ada Web Server 20.0.
CVE-2024-42994High7.22024-08-16VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module.
CVE-2024-24853High7.22024-08-14Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-38655Medium6.82024-08-14Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access.
CVE-2024-41711Medium6.82024-08-13A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an unauthenticated attacker with physical access to the phone to conduct an…
CVE-2024-42740Medium6.82024-08-13In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg.
CVE-2024-28953Medium6.72024-08-14Uncontrolled search path in some EMON software before version 11.44 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23974Medium6.72024-08-14Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-22378Medium6.72024-08-14Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software installers before version 1.1.352.157 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-22376Medium6.72024-08-14Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21857Medium6.72024-08-14Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21769Medium6.72024-08-14Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21766Medium6.72024-08-14Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-49144Medium6.72024-08-14Out of bounds read in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.15-0, bhs-0.27 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2023-43747Medium6.72024-08-14Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers before version 2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-42849Medium6.52024-08-16An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function.
CVE-2024-22217Medium6.52024-08-15A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on.
CVE-2024-24983Medium6.52024-08-14Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2024-22374Medium6.52024-08-14Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-41332Medium6.52024-08-12Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories.
CVE-2024-21787Medium6.42024-08-14Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-32231Medium6.32024-08-15Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter.
CVE-2024-22219Medium6.32024-08-15XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as acces…
CVE-2024-24980Medium6.12024-08-14Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-27443Medium6.1KEV2024-08-12An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0.
CVE-2024-21550Medium6.12024-08-12SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points.
CVE-2024-41482Medium6.12024-08-12Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax component.
CVE-2024-41481Medium6.12024-08-12Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component.
CVE-2024-40484Medium6.12024-08-12A Reflected Cross Site Scripting (XSS) vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter.
CVE-2024-25939Medium6.02024-08-14Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.
CVE-2023-50810Medium6.02024-08-12In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges.
CVE-2023-40067Medium5.72024-08-14Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVE-2024-21806Medium5.52024-08-14Improper conditions check in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-43006Medium5.42024-08-16A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21.
CVE-2024-42758Medium5.42024-08-16A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine).
CVE-2024-25837Medium5.42024-08-16A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section.
CVE-2024-41613Medium5.42024-08-13A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note.
CVE-2024-33536Medium5.42024-08-12An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0.
CVE-2024-33533Medium5.42024-08-12An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2.
CVE-2024-40481Medium5.42024-08-12A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/view-enquiry.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the Contact Us page "message" parameter.
CVE-2024-7658Medium5.32024-08-12A vulnerability, which was classified as problematic, has been found in projectsend up to r1605.
CVE-2024-43011Medium4.92024-08-16An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier.
CVE-2024-41614Medium4.82024-08-13symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in the Comment component for articles.
CVE-2024-43009Medium4.72024-08-16A reflected cross-site scripting (XSS) vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier.
CVE-2024-43005Medium4.72024-08-16A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2023 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
CVE-2023-34424Medium4.42024-08-14Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access.
CVE-2024-21844Medium4.32024-08-14Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-35123Medium4.32024-08-14Uncaught exception in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.14-0, bhs-0.27 may allow an authenticated user to potentially enable denial of service via network access.
CVE-2024-7709Medium4.32024-08-13A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1.
CVE-2024-7659Low3.72024-08-12A vulnerability, which was classified as problematic, was found in projectsend up to r1605.
CVE-2024-7733Low3.52024-08-13A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5.
CVE-2023-48361Low2.32024-08-14Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access.

Adobe · 34 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-39397Critical9.02024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker.
CVE-2024-39402High8.42024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execut…
CVE-2024-39401High8.42024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execut…
CVE-2024-39400High8.12024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.
CVE-2024-41865High7.82024-08-14Dimension versions 3.4.11 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution.
CVE-2024-34124High7.82024-08-14Dimension versions 3.4.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-20789High7.82024-08-14Dimension versions 3.4.11 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-41864High7.82024-08-14Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-39399High7.72024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read.
CVE-2024-39403High7.62024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form…
CVE-2024-39398High7.42024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass.
CVE-2024-39406Medium6.82024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read.
CVE-2024-34126Medium5.52024-08-14Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-34125Medium5.52024-08-14Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20790Medium5.52024-08-14Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-41863Medium5.52024-08-14Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-41862Medium5.52024-08-14Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-41861Medium5.52024-08-14Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-41860Medium5.52024-08-14Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-39418Medium5.42024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
CVE-2024-39419Medium4.32024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
CVE-2024-39417Medium4.32024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
CVE-2024-39416Medium4.32024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
CVE-2024-39415Medium4.32024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
CVE-2024-39414Medium4.32024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
CVE-2024-39413Medium4.32024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
CVE-2024-39412Medium4.32024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
CVE-2024-39411Medium4.32024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
CVE-2024-39410Medium4.32024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on be…
CVE-2024-39409Medium4.32024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on be…
CVE-2024-39408Medium4.32024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson beh…
CVE-2024-39407Medium4.32024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
CVE-2024-39405Medium4.32024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
CVE-2024-39404Medium4.32024-08-14Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.

Intel · 33 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24986High8.82024-08-14Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23981High8.82024-08-14Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23497High8.82024-08-14Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-28947High8.22024-08-14Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-25576High7.92024-08-14improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-26022High7.82024-08-14Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34163High7.52024-08-14Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access.
CVE-2024-21801High7.12024-08-14Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access.
CVE-2024-29015Medium6.72024-08-14Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-28887Medium6.72024-08-14Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-28876Medium6.72024-08-14Uncontrolled search path for some Intel(R) MPI Library software before version 2021.12 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-28172Medium6.72024-08-14Uncontrolled search path for some Intel(R) Trace Analyzer and Collector software before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-28046Medium6.72024-08-14Uncontrolled search path in some Intel(R) GPA software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-26027Medium6.72024-08-14Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-26025Medium6.72024-08-14Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-25561Medium6.72024-08-14Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-24977Medium6.72024-08-14Uncontrolled search path for some Intel(R) License Manager for FLEXlm product software before version 11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23909Medium6.72024-08-14Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) software technology may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23908Medium6.72024-08-14Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23907Medium6.72024-08-14Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23495Medium6.72024-08-14Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23491Medium6.72024-08-14Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23489Medium6.72024-08-14Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-22184Medium6.72024-08-14Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21784Medium6.72024-08-14Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-24580Medium6.52024-08-14Improper conditions check in some Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow a privileged user to potentially enable denial of service via local access.
CVE-2024-23499Medium6.52024-08-14Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of service via network acce…
CVE-2024-39283Medium6.02024-08-14Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-25562Medium5.82024-08-14Improper buffer restrictions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-27461Medium5.62024-08-14Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-43489Medium5.52024-08-14Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-28050Medium5.02024-08-14Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-24973Low2.22024-08-14Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access.

Amd · 27 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-20578High7.52024-08-13A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.
CVE-2022-23815High7.52024-08-13Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.
CVE-2023-31315High7.52024-08-12Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
CVE-2023-31349High7.32024-08-13Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2023-31348High7.32024-08-13A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2023-31341High7.32024-08-13Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.
CVE-2021-26344High7.22024-08-13An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB blo…
CVE-2022-23817High7.02024-08-13Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege e…
CVE-2023-20591Medium6.52024-08-13Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and…
CVE-2024-21981Medium5.72024-08-13Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality a…
CVE-2021-26367Medium5.72024-08-13A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
CVE-2023-20584Medium5.32024-08-13IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially le…
CVE-2023-20509Medium5.22024-08-13An insufficient DRAM address validation in PMFW may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially resulting in loss of data integrity.
CVE-2021-46746Medium5.22024-08-13Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potent…
CVE-2023-31310Medium5.02024-08-13Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the "set temperature input selection" command, potentially resulting in a loss of integrity and/or availabili…
CVE-2023-31339Medium4.82024-08-13Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.
CVE-2023-20510Medium4.72024-08-13An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service.
CVE-2023-31356Medium4.42024-08-13Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.
CVE-2021-46772Low3.92024-08-13Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in me…
CVE-2021-26387Low3.92024-08-13Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.
CVE-2023-31366Low3.32024-08-13Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service.
CVE-2023-20513Low3.32024-08-13An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service.
CVE-2023-31307Low2.32024-08-13Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.
CVE-2023-31304Low2.32024-08-13Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF)     to modify the PCIe® lane count and speed, potentially leading to a loss of availability.
CVE-2023-31305Low1.92024-08-13Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure.
CVE-2023-20518Low1.92024-08-13Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.
CVE-2023-20512Low1.92024-08-13A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage.

Oretnom23 · 26 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7798High7.32024-08-15A vulnerability was found in SourceCodester Simple Online Bidding System 1.0.
CVE-2024-7797High7.32024-08-15A vulnerability was found in SourceCodester Simple Online Bidding System 1.0.
CVE-2024-7853Medium6.32024-08-16A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0.
CVE-2024-7851Medium6.32024-08-16A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and classified as critical.
CVE-2024-7841Medium6.32024-08-15A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System 1.0.
CVE-2024-7800Medium6.32024-08-15A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0.
CVE-2024-7754Medium6.32024-08-14A vulnerability was found in SourceCodester Clinics Patient Management System 1.0.
CVE-2024-7751Medium6.32024-08-13A vulnerability was found in SourceCodester Clinics Patient Management System 1.0 and classified as critical.
CVE-2024-7750Medium6.32024-08-13A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical.
CVE-2024-7676Medium6.32024-08-12A vulnerability was found in Sourcecodester Car Driving School Management System 1.0.
CVE-2024-7669Medium6.32024-08-12A vulnerability was found in SourceCodester Car Driving School Management System 1.0 and classified as critical.
CVE-2024-7668Medium6.32024-08-12A vulnerability has been found in SourceCodester Car Driving School Management System 1.0 and classified as critical.
CVE-2024-7667Medium6.32024-08-12A vulnerability, which was classified as critical, was found in SourceCodester Car Driving School Management System 1.0.
CVE-2024-7666Medium6.32024-08-12A vulnerability, which was classified as critical, has been found in SourceCodester Car Driving School Management System 1.0.
CVE-2024-7665Medium6.32024-08-12A vulnerability classified as critical was found in SourceCodester Car Driving School Management System 1.0.
CVE-2024-7664Medium6.32024-08-12A vulnerability classified as critical has been found in SourceCodester Car Driving School Management System 1.0.
CVE-2024-7663Medium6.32024-08-12A vulnerability was found in SourceCodester Car Driving School Management System 1.0.
CVE-2024-7799Medium5.32024-08-15A vulnerability was found in SourceCodester Simple Online Bidding System 1.0.
CVE-2024-7753Medium5.32024-08-14A vulnerability was found in SourceCodester Clinics Patient Management System 1.0.
CVE-2024-7662Medium4.32024-08-12A vulnerability was found in SourceCodester Car Driving School Management System 1.0.
CVE-2024-7661Medium4.32024-08-12A vulnerability was found in SourceCodester Car Driving School Management System 1.0.
CVE-2024-7645Medium4.32024-08-12A vulnerability was found in SourceCodester Clinics Patient Management System 1.0.
CVE-2024-7852Low3.52024-08-16A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as problematic.
CVE-2024-7752Low3.52024-08-14A vulnerability was found in SourceCodester Clinics Patient Management System 1.0.
CVE-2024-7678Low3.52024-08-12A vulnerability was found in SourceCodester Car Driving School Management System 1.0.
CVE-2024-7677Low3.52024-08-12A vulnerability was found in SourceCodester Car Driving School Management System 1.0.

Ibm · 19 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35124High7.52024-08-13A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BM…
CVE-2024-40697High7.52024-08-13IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVE-2022-33162High7.32024-08-16IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the priv…
CVE-2023-47728Medium6.52024-08-16IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the reques…
CVE-2024-40705Medium6.52024-08-15IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads.
CVE-2024-37529Medium6.52024-08-14IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.
CVE-2024-35152Medium6.52024-08-14IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.
CVE-2023-38018Medium6.32024-08-12IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
CVE-2024-31905Medium5.92024-08-15IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
CVE-2024-27267Medium5.92024-08-14The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads.
CVE-2024-28799Medium5.62024-08-14IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which ma…
CVE-2024-25024Medium5.52024-08-15IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user.
CVE-2024-35136Medium5.32024-08-14IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions.
CVE-2024-31882Medium5.32024-08-14IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an aut…
CVE-2023-50314Medium5.32024-08-14IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks.
CVE-2023-50315Medium5.32024-08-14IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks.
CVE-2024-40704Medium4.92024-08-15IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers.
CVE-2024-41774Medium4.82024-08-13IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting.
CVE-2022-38382Medium4.72024-08-13IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information.

Siemens · 19 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-41940Critical9.12024-08-13A vulnerability has been identified in SINEC NMS (All versions < V3.0).
CVE-2024-41939High8.82024-08-13A vulnerability has been identified in SINEC NMS (All versions < V3.0).
CVE-2024-41908High7.82024-08-13A vulnerability has been identified in NX (All versions < V2406.3000).
CVE-2024-36398High7.82024-08-13A vulnerability has been identified in SINEC NMS (All versions < V3.0).
CVE-2023-7066High7.82024-08-12The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PDF files.
CVE-2024-41904High7.52024-08-13A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0).
CVE-2024-41976High7.22024-08-13A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8…
CVE-2024-41977High7.12024-08-13A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8…
CVE-2024-41905Medium6.82024-08-13A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0).
CVE-2024-41681Medium6.72024-08-13A vulnerability has been identified in Location Intelligence family (All versions < V4.4).
CVE-2024-41903Medium6.62024-08-13A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0).
CVE-2024-41978Medium6.52024-08-13A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8…
CVE-2024-41938Medium5.52024-08-13A vulnerability has been identified in SINEC NMS (All versions < V3.0).
CVE-2024-41683Medium5.32024-08-13A vulnerability has been identified in Location Intelligence family (All versions < V4.4).
CVE-2024-41682Medium5.32024-08-13A vulnerability has been identified in Location Intelligence family (All versions < V4.4).
CVE-2024-41906Medium4.82024-08-13A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0).
CVE-2024-39922Medium4.62024-08-13A vulnerability has been identified in LOGO!
CVE-2024-41941Medium4.32024-08-13A vulnerability has been identified in SINEC NMS (All versions < V3.0).
CVE-2024-41907Medium4.22024-08-13A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0).

Sap · 17 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-41730Critical9.82024-08-13In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint.
CVE-2024-42374High8.22024-08-13BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted from an untrusted source.
CVE-2024-33003High7.42024-08-13Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path par…
CVE-2024-42376Medium6.52024-08-13SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges.
CVE-2024-33005Medium6.32024-08-13Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actio…
CVE-2024-41735Medium5.42024-08-13SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application.
CVE-2024-41733Medium5.32024-08-13In SAP Commerce, valid user accounts can be identified during the customer registration and login processes.
CVE-2024-41737Medium5.02024-08-13SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests.
CVE-2024-41732Medium4.72024-08-13SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls.
CVE-2024-42373Medium4.32024-08-13SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges.
CVE-2024-41734Medium4.32024-08-13Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information.
CVE-2024-39591Medium4.32024-08-13SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.
CVE-2024-42377Medium4.32024-08-13SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application
CVE-2024-42375Medium4.32024-08-13SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application.
CVE-2024-41736Medium4.32024-08-13Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application.
CVE-2024-28166Low3.72024-08-13SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application.
CVE-2024-41731Low3.12024-08-13SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application.

Mayurik · 14 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-40475High8.82024-08-12SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control via /rental/payment_report.php, /rental/balance_report.php, /rental/invoices.php, /rental/tenants.php, and /rental/users.php.
CVE-2024-40476High8.02024-08-12A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0.
CVE-2024-7642Medium6.32024-08-12A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical.
CVE-2024-7641Medium6.32024-08-12A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0.
CVE-2024-7640Medium6.32024-08-12A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0.
CVE-2024-7639Medium6.32024-08-12A vulnerability classified as critical was found in SourceCodester Kortex Lite Advocate Office Management System 1.0.
CVE-2024-7638Medium6.32024-08-12A vulnerability classified as critical has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0.
CVE-2024-40474Medium5.42024-08-12A Reflected Cross Site Scripting (XSS) vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0.
CVE-2024-40473Medium5.42024-08-12A Stored Cross Site Scripting (XSS) vulnerability was found in "manage_houses.php" in SourceCodester Best House Rental Management System v1.0.
CVE-2024-7812Low3.52024-08-15A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0.
CVE-2024-7686Low3.52024-08-12A vulnerability, which was classified as problematic, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0.
CVE-2024-7685Low3.52024-08-12A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0.
CVE-2024-7684Low3.52024-08-12A vulnerability classified as problematic was found in SourceCodester Kortex Lite Advocate Office Management System 1.0.
CVE-2024-7683Low3.52024-08-12A vulnerability classified as problematic has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0.

Google · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-20083Critical9.82024-08-14In venc, there is a possible out of bounds write due to a missing bounds check.
CVE-2024-34743High7.82024-08-15In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code.
CVE-2024-34741High7.82024-08-15In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the co…
CVE-2024-34740High7.82024-08-15In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow.
CVE-2024-34739High7.82024-08-15In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code.
CVE-2024-34738High7.82024-08-15In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code.
CVE-2024-34737High7.82024-08-15In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code.
CVE-2024-34736High7.82024-08-15In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled.
CVE-2024-34734High7.82024-08-15In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value.
CVE-2024-31333High7.82024-08-15In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow.
CVE-2024-34727High7.52024-08-15In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow.
CVE-2024-34731High7.02024-08-15In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition.
CVE-2024-34742Medium5.52024-08-15In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code.

Zoom · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-39825High8.52024-08-14Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2024-39818High7.52024-08-14Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.
CVE-2024-42439Medium6.52024-08-14Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access.
CVE-2024-42438Medium6.52024-08-14Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-42437Medium6.52024-08-14Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-42436Medium6.52024-08-14Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-39822Medium6.52024-08-14Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
CVE-2024-42441Medium6.22024-08-14Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local a…
CVE-2024-42440Medium6.22024-08-14Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local ac…
CVE-2024-42435Medium4.92024-08-14Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
CVE-2024-42434Medium4.92024-08-14Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
CVE-2024-39824Medium4.92024-08-14Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
CVE-2024-39823Medium4.92024-08-14Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.

Frogcms_project · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42627High8.82024-08-12FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/delete/3.
CVE-2024-42626High8.82024-08-12FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add.
CVE-2024-42625High8.82024-08-12FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/add
CVE-2024-42624High8.82024-08-12FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/delete/10.
CVE-2024-42623High8.82024-08-12FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/delete/1
CVE-2024-42632High8.82024-08-12FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add.
CVE-2024-42631High8.82024-08-12FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1.
CVE-2024-42630High8.82024-08-12FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file.
CVE-2024-42629High8.82024-08-12FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/edit/10.
CVE-2024-42628High8.82024-08-12FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/edit/3.

F5 · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-41727High7.52024-08-14In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization.   Note: Software versions which have reac…
CVE-2024-39809High7.52024-08-14The Central Manager user session refresh token does not expire when a user logs out.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2024-39792High7.52024-08-14When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-39778High7.52024-08-14When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate.
CVE-2024-41164Medium5.92024-08-14When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate.
CVE-2024-37028Medium5.32024-08-14BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-7347Medium4.72024-08-14NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file.
CVE-2024-41723Medium4.32024-08-14Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-41719Medium4.22024-08-14When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs.  Note: Software versions which have reached End of Technical Support (EoTS…
CVESeverityCVSSKEVPublishedSummary
CVE-2024-7849High8.82024-08-16** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DN…
CVE-2024-7832High8.82024-08-15** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100…
CVE-2024-7831High8.82024-08-15** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS…
CVE-2024-7830High8.82024-08-15** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DN…
CVE-2024-7829High8.82024-08-15** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340…
CVE-2024-7828High8.82024-08-15** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-3…
CVE-2024-7833Medium6.32024-08-15A vulnerability was found in D-Link DI-8100 16.07.
CVE-2024-7715Medium6.32024-08-13** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100…

Ivanti · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7593Critical9.8KEV2024-08-13Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
CVE-2024-7569Critical9.62024-08-13An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
CVE-2024-38652Critical9.12024-08-14Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.
CVE-2024-7570High8.32024-08-13Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
CVE-2024-38653High7.52024-08-14XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
CVE-2024-37399High7.52024-08-14A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
CVE-2024-36136High7.52024-08-14An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
CVE-2024-37373High7.22024-08-14Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.

Rockwell Automation · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7513High8.82024-08-14CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product.
CVE-2024-7515High7.52024-08-14CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products.
CVE-2024-40620High7.52024-08-14CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information.
CVE-2024-40619High7.52024-08-14CVE-2024-40619 IMPACT A denial-of-service vulnerability exists in the affected products.
CVE-2024-7507Medium6.52024-08-14CVE-2024-7507 IMPACT A denial-of-service vulnerability exists in the affected products.
CVE-2024-60782024-08-14CVE-2024-6078 IMPACT An improper authentication vulnerability exists in the affected product, which could allow a malicious user to generate cookies for any user ID without the use of a username or password.
CVE-2024-75672024-08-13A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E).
CVE-2024-60792024-08-13A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack.

Zabbix · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22116Critical9.92024-08-12An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section.
CVE-2024-36461Critical9.12024-08-12Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.
CVE-2024-36460High8.12024-08-12The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.
CVE-2024-36462High7.52024-08-12Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or controls.
CVE-2024-22121Medium6.12024-08-12A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.
CVE-2024-22114Medium4.32024-08-12User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.
CVE-2024-22122Low3.02024-08-12Zabbix allows to configure SMS notifications.
CVE-2024-22123Low2.72024-08-12Setting SMS media allows to set GSM modem file.

Lenovo · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4763High7.82024-08-16An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges to kernel.
CVE-2024-2175High7.82024-08-16An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges.
CVE-2024-6004Medium6.52024-08-16A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted.
CVE-2024-5210Medium6.52024-08-16A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the system is rebooted.
CVE-2024-5209Medium6.52024-08-16A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted.
CVE-2024-4782Medium6.52024-08-16A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer's functionality until a manual system reboot occurs.
CVE-2024-4781Medium6.52024-08-16A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted.

Code-projects · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7808High7.32024-08-15A vulnerability was found in code-projects Job Portal 1.0.
CVE-2024-7682High7.32024-08-12A vulnerability was found in code-projects Job Portal 1.0.
CVE-2024-7681High7.32024-08-12A vulnerability was found in code-projects College Management System 1.0.
CVE-2024-7637High7.32024-08-12A vulnerability was found in code-projects Online Polling 1.0.
CVE-2024-7636High7.32024-08-12A vulnerability was found in code-projects Simple Ticket Booking 1.0.
CVE-2024-7635High7.32024-08-12A vulnerability was found in code-projects Simple Ticket Booking 1.0.

Enphase · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21878Critical9.82024-08-12Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.
CVE-2024-21876Critical9.12024-08-12Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This is…
CVE-2024-21879High8.82024-08-12Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue a…
CVE-2024-21880High7.22024-08-12Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue af…
CVE-2024-21877Medium6.52024-08-12Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation.
CVE-2024-218812024-08-12Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x

Sourcecodester · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7845Medium6.32024-08-16A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical.
CVE-2024-7810Medium6.32024-08-15A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0.
CVE-2024-7843Medium5.32024-08-15A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0.
CVE-2024-7842Medium5.32024-08-15A vulnerability, which was classified as problematic, has been found in SourceCodester Online Graduate Tracer System 1.0.
CVE-2024-7809Medium5.32024-08-15A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0.
CVE-2024-7844Low3.52024-08-15A vulnerability has been found in SourceCodester Online Graduate Tracer System 1.0 and classified as problematic.

Vonets · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-39791Critical10.02024-08-12Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code.
CVE-2024-39815Critical9.12024-08-12Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause…
CVE-2024-37023Critical9.12024-08-12Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands v…
CVE-2024-42001High8.62024-08-12An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a…
CVE-2024-29082High8.62024-08-12Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory res…
CVE-2024-41936High7.52024-08-12A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to read arbitrary files and bypass authentic…

Apache · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-29831High8.82024-08-12Improper Input Validation vulnerability in Apache DolphinScheduler.
CVE-2024-30188High8.12024-08-12File read and write vulnerability in Apache DolphinScheduler ,  authenticated users can illegally access additional resource files.
CVE-2024-41909Medium5.92024-08-12Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795.
CVE-2024-41890Medium5.32024-08-12Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.
CVE-2024-41888Medium5.32024-08-12Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.

Crocoblock · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7145High8.82024-08-16The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter.
CVE-2024-7146High8.82024-08-16The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the 'switcher_preset' parameter.
CVE-2024-7144Medium6.42024-08-16The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping.
CVE-2024-7147Medium6.42024-08-16The JetBlocks for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple placeholder parameters in all versions up to, and including, 1.3.12 due to insufficient input sanitization and output escaping.
CVE-2024-7136Medium6.42024-08-16The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping.

Fiware · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42167Critical9.12024-08-12The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly.
CVE-2024-42166Critical9.12024-08-12The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly.
CVE-2024-42163High8.32024-08-12Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link.
CVE-2024-42165Medium6.32024-08-12Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link.
CVE-2024-42164Medium4.32024-08-12Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link.

Fortinet · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-26211Medium6.82024-08-13An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.
CVE-2022-27486Medium6.62024-08-13A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and Forti…
CVE-2024-21757Medium6.12024-08-13A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7…
CVE-2024-36505Medium5.12024-08-13An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via…
CVE-2022-45862Low3.72024-08-13An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all ve…

Manageengine · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5527High8.32024-08-12Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration.
CVE-2024-5487High8.32024-08-12Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option.
CVE-2024-36518High8.32024-08-12Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard.
CVE-2024-36035High8.32024-08-12Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording.
CVE-2024-36034High8.32024-08-12Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option.

Red Hat · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7557High8.82024-08-12A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace.
CVE-2024-5651High8.82024-08-12A flaw was found in the Fence Agents Remediation operator.
CVE-2024-7700Medium6.52024-08-12A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page.
CVE-2024-43168Medium4.82024-08-12DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application.
CVE-2024-43167Low2.82024-08-12DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application.

Rems · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7811Medium6.32024-08-15A vulnerability classified as critical has been found in SourceCodester Daily Expenses Monitoring App 1.0.
CVE-2024-7792Medium6.32024-08-14A vulnerability was found in SourceCodester Task Progress Tracker 1.0.
CVE-2024-7643Medium6.32024-08-12A vulnerability was found in SourceCodester Leads Manager Tool 1.0 and classified as critical.
CVE-2024-7793Low3.52024-08-14A vulnerability was found in SourceCodester Task Progress Tracker 1.0.
CVE-2024-7644Low3.52024-08-12A vulnerability was found in SourceCodester Leads Manager Tool 1.0.

Upkeeper · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42466Critical9.82024-08-16Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.
CVE-2024-42465Critical9.82024-08-16Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.
CVE-2024-42462Critical9.82024-08-16Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9.
CVE-2024-42464Medium6.52024-08-16Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.
CVE-2024-42463Medium6.52024-08-16Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.

Aveva · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-64562024-08-15AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a sp…
CVE-2024-71132024-08-13If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack.
CVE-2024-66192024-08-13In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service.
CVE-2024-66182024-08-13In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL).

Coffee2code · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7416Medium5.32024-08-12The Reveal Template plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.7.
CVE-2024-7413Medium5.32024-08-12The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.8.1.
CVE-2024-7412Medium5.32024-08-12The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.12.
CVE-2024-7382Medium5.32024-08-12The Linkify Text plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.1.

Freebsd · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7589High8.12024-08-12A signal handler in sshd(8) may call a logging function that is not async-signal-safe.
CVE-2024-6760High7.52024-08-12A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs.
CVE-2024-6640Medium6.32024-08-12In ICMPv6 Neighbor Discovery (ND), the ID is always 0.
CVE-2024-6759Medium5.32024-08-12When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/".

Friendica · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27730Critical9.82024-08-15Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature.
CVE-2024-27731Medium6.12024-08-15Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter.
CVE-2024-27729Medium6.12024-08-15Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature.
CVE-2024-27728Medium6.12024-08-15Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature.

Jetbrains · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43810Medium4.62024-08-16In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
CVE-2024-43807Medium4.62024-08-16In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
CVE-2024-43808Low3.72024-08-16In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
CVE-2024-43809Low3.52024-08-16In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page

Lopalopa · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-40486Critical9.82024-08-12A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters.
CVE-2024-40482Critical9.82024-08-12An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-40488High8.82024-08-12A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0.
CVE-2024-40487High7.62024-08-12A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter.

Ltcms · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7743High7.32024-08-13A vulnerability was found in wanglongcn ltcms 1.0.20.
CVE-2024-7742High7.32024-08-13A vulnerability was found in wanglongcn ltcms 1.0.20.
CVE-2024-7740High7.32024-08-13A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical.
CVE-2024-7741Medium5.32024-08-13A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical.

Openhab · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42467Critical10.02024-08-12openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu.
CVE-2024-42469Critical9.82024-08-12openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu.
CVE-2024-42470Medium6.52024-08-12openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu.
CVE-2024-42468Medium5.32024-08-12openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu.

Tenda · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7707High8.82024-08-13A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical.
CVE-2024-7615High8.82024-08-12A vulnerability was found in Tenda FH1206 1.2.0.8.
CVE-2024-7614High8.82024-08-12A vulnerability was found in Tenda FH1206 1.2.0.8(8155).
CVE-2024-7613High8.82024-08-12A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical.

Zoneminder · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43360Critical9.82024-08-12ZoneMinder is a free, open source closed-circuit television software application.
CVE-2023-41884High7.12024-08-12ZoneMinder is a free, open source Closed-circuit television software application.
CVE-2024-43358Medium6.12024-08-12ZoneMinder is a free, open source closed-circuit television software application.
CVE-2024-43359Unrated2024-08-12ZoneMinder is a free, open source closed-circuit television software application.

Bdthemes · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4359Medium6.52024-08-12The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lac…
CVE-2024-7247Medium6.42024-08-13The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Gallery and Countdown widgets in all vers…
CVE-2024-4360Medium6.42024-08-12The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 5…

Cilium · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42488Medium6.82024-08-15Cilium is a networking, observability, and security solution with an eBPF-based dataplane.
CVE-2024-42486Medium5.42024-08-16Cilium is a networking, observability, and security solution with an eBPF-based dataplane.
CVE-2024-42487Medium4.02024-08-15Cilium is a networking, observability, and security solution with an eBPF-based dataplane.

Cysoft168 · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42679High7.82024-08-15SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component.
CVE-2024-42678Medium6.12024-08-15Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component.
CVE-2024-42680Medium5.52024-08-15An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark.

Ggerganov · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42479Critical10.02024-08-12llama.cpp provides LLM inference in C/C++.
CVE-2024-42478Medium5.32024-08-12llama.cpp provides LLM inference in C/C++.
CVE-2024-42477Medium5.32024-08-12llama.cpp provides LLM inference in C/C++.

Gncchome · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31800Medium6.82024-08-15Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port.
CVE-2024-31798Medium6.82024-08-15Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices
CVE-2024-31799Medium4.62024-08-15Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port.

H3c · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42639Critical9.82024-08-16H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root.
CVE-2024-42638Critical9.82024-08-16H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVE-2024-42637Critical9.82024-08-16H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Jayesh · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-40480Critical9.82024-08-12A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user account…
CVE-2024-40479High8.12024-08-12A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter.
CVE-2024-40478Medium5.42024-08-12A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields

Palo Alto Networks · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5914Critical9.82024-08-14A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.
CVE-2024-5915High7.82024-08-14A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.
CVE-2024-5916Medium4.42024-08-14An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems.

Pepperl+fuchs · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5849High7.12024-08-13An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once.
CVE-2024-38502High7.12024-08-13An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once.
CVE-2024-38501Medium6.12024-08-13An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.

Remyandrade · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7748Medium6.32024-08-13A vulnerability, which was classified as critical, has been found in SourceCodester Accounts Manager App 1.0.
CVE-2024-7749Low3.52024-08-13A vulnerability, which was classified as problematic, was found in SourceCodester Accounts Manager App 1.0.
CVE-2024-7660Low3.52024-08-12A vulnerability has been found in SourceCodester File Manager App 1.0 and classified as problematic.

Tipsandtricks-hq · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6133Medium6.52024-08-12The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users suc…
CVE-2024-6136Medium5.42024-08-12The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-6134Medium5.42024-08-12The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users suc…

Wpdeveloper · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43129Medium6.52024-08-13Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper BetterDocs allows PHP Local File Inclusion.This issue affects BetterDocs: from n/a through 3.5.8.
CVE-2024-43227Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper BetterDocs allows Stored XSS.This issue affects BetterDocs: from n/a through 3.5.8.
CVE-2024-7092Medium6.42024-08-13The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘no_more_items_text’ parameter in all versions up to, and includi…

Wpweb · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7503Critical9.82024-08-12The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5.
CVE-2024-39651High8.62024-08-13Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPWeb WooCommerce PDF Vouchers allows File Manipulation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.5.
CVE-2024-43131High7.52024-08-13Incorrect Authorization vulnerability in WPWeb Docket (WooCommerce Collections / Wishlist / Watchlist) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlis…

Xpdf · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7868High8.22024-08-15In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder.
CVE-2024-7867Medium6.22024-08-15In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.
CVE-2024-7866Medium5.52024-08-15In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.

Angeljudesuarez · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7839High7.32024-08-15A vulnerability classified as critical has been found in itsourcecode Billing System 1.0.
CVE-2024-7680Medium6.32024-08-12A vulnerability was found in itsourcecode Tailoring Management System 1.0.

Antoine Hurkmans · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43139Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.9.
CVE-2024-43130Medium5.92024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.10.

Averta · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4389High8.82024-08-14The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFile function in all versions up to, and including, 3.1.1.
CVE-2024-43161Medium5.92024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.1.2.

Awesomemotive · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6691Medium4.42024-08-12The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due…
CVE-2024-6692Low3.32024-08-12The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3…

Brainstorm Force · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7590Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows DOM-Based XSS.This issue affects Spectra: from n/a through <= 2.14.1.
CVE-2024-43151Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder…

Cayin Technology · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7729High7.52024-08-14The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files.
CVE-2024-7728High7.22024-08-14The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server.

Codeastro · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7815Low2.42024-08-15A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic.
CVE-2024-7814Low2.42024-08-15A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0.

Concrete Cms · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7512Medium4.82024-08-12Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances.
CVE-2024-4350Medium4.82024-08-12Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses.

Cordea · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42476Medium6.52024-08-15In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the `state` parameter to prevent cross-site request forgery (CSRF) attacks where a resource owner might have their session ass…
CVE-2024-42475Medium6.52024-08-15In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy.

Directus · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6533Medium5.42024-08-15Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client.
CVE-2024-6534Medium4.32024-08-15Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user.

Elastic · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-37287Critical9.12024-08-13A flaw allowing arbitrary code execution was discovered in Kibana.
CVE-2024-37283Medium6.52024-08-12An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug.

Firewalla · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-40892High7.12024-08-12A weak credential vulnerability exists in Firewalla Box Software versions before 1.979.
CVE-2024-40893Medium6.82024-08-12Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software versions before 1.979.

Fujian · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7706Medium4.72024-08-12A vulnerability was found in Fujian mwcms 1.0.0.
CVE-2024-7705Medium4.72024-08-12A vulnerability was found in Fujian mwcms 1.0.0.

Isellerpal · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42676High8.82024-08-15File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload.
CVE-2024-42677Medium5.52024-08-15An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle.

Linux · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42259Medium5.52024-08-14In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual siz…
CVE-2024-42258Medium5.52024-08-12In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines Yves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don't force huge pag…

Mitel · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-36446High8.82024-08-13The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control.
CVE-2024-41710High7.2KEV2024-08-12A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argum…

Phoenix Contact · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6788High8.62024-08-13A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password.
CVE-2024-3913Medium5.92024-08-13An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup.

Pickplugins · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43155Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86.
CVE-2024-7588Medium6.42024-08-14The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and out…

Secom · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7732Critical9.82024-08-14Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
CVE-2024-7731Critical9.82024-08-14Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.

Wpmet · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7064Medium6.42024-08-15The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping.
CVE-2024-7063Medium4.32024-08-15The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' function.

Wpopal · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7649Medium6.12024-08-12The Opal Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via checkout form fields in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping.
CVE-2024-7648Medium4.32024-08-12The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments.

Yzane · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7739Medium4.32024-08-13A vulnerability, which was classified as problematic, was found in yzane vscode-markdown-pdf 1.5.0.
CVE-2024-7738Low3.32024-08-13A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0.

10web · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43220High7.12024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26.

3dflipbook · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43152Medium5.92024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Stored XSS.This issue affects 3D FlipBook – PDF Flipb…

Addonmaster · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43156High7.12024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10.

Admerc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7794Medium6.32024-08-14A vulnerability was found in itsourcecode Vehicle Management System 1.0.

Aiohttp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42367Medium4.82024-08-12aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.

Airveda · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7408Medium6.52024-08-12This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode.

Amttgroup · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-41476Critical9.82024-08-12AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php.

Anhvnit · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-37935High7.52024-08-13Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.

Annke · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-39091High8.82024-08-12An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request.

Axios · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-39338High7.52024-08-12axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Axtonyao · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6639Medium6.42024-08-12The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdx_list_item' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied att…

B&r Industrial Automation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-58012024-08-12Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filterin…

Bannersky · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43233High7.12024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8.

Basecamp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43368Medium6.52024-08-14The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code.

Berqwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43160Critical10.02024-08-13Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6.

Blockspare · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43164Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.0.

Boa-dev · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43367High7.52024-08-15Boa is an embeddable and experimental Javascript engine written in Rust.

Bplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43148Medium5.92024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins StreamCast allows Stored XSS.This issue affects StreamCast: from n/a through 2.2.3.

Br-automation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5800High7.52024-08-12Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication.

Canonical · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0115Medium6.12024-08-12NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains a vulnerability in Python APIs where a user may cause an uncontrolled resource consumption issue by a long running CV-CUDA Python process.

Celsius Benelux · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27120High7.52024-08-14A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux.

Clastix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42480High8.12024-08-12Kamaji is the Hosted Control Plane Manager for Kubernetes.

Codersaiful · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6532Medium6.42024-08-14The Sheet to Table Live Sync for Google Sheet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STWT_Sheet_Table shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization…

Comesio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7630Medium5.32024-08-16The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 (Free) and 2.25.1 (Premium) via the relevanssi_do_query() due to insufficient limitations on the posts…

Contrid · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7411Medium5.32024-08-15The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9.

Creativemindssolutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43149Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.7.

Cservit · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6562Medium5.32024-08-12The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.5.

Cyberfoxdigital · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7574Medium6.12024-08-12The Christmasify!

D3dsecurity · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-41623Critical9.82024-08-13An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload

David Maucher · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38760Medium5.32024-08-13Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1.

Davidlingren · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6823High8.82024-08-13The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18.

Debian · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42472Critical10.02024-08-15Flatpak is a Linux application sandboxing and distribution framework.

Dell · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38483Medium5.82024-08-14Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component.

Devikia · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7790Medium6.52024-08-14A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input.

Dotcamp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43125Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder – WordPress Table Plugin allows Stored XSS.This issue affects WP Table Builder – WordPress Table…

Dylanjkotze · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7624High8.12024-08-15The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101.

Edgarrojas · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7414Medium5.32024-08-12The PDF Builder for WPForms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.116.

Edimax · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7616Medium5.52024-08-12A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06.

Elabftw · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25633Medium5.42024-08-15eLabFTW is an open source electronic lab notebook for research labs.

Ericsson · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25008Medium6.82024-08-16Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker.

Esthertyler · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7410Medium5.32024-08-12The My Custom CSS PHP & ADS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.3.

F1logic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7420Medium5.82024-08-15The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.

Ffmpeg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7272Medium6.32024-08-12A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5.

Fish-shop · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42482Medium4.82024-08-12fish-shop/syntax-check is a GitHub action for syntax checking fish shell files.

Fortra · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25157Medium6.52024-08-14An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages.

G5plus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43140High7.52024-08-13Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor…

Ge · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6098Medium5.32024-08-16When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulate…

Gfazioli · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7388Medium4.02024-08-13The WP Bannerize Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via banner alt data in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping.

Gila · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7657Low3.52024-08-12A vulnerability classified as problematic was found in Gila CMS 1.10.9.

Gravitymaster97 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7049Medium4.32024-08-16The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cm_fieldshow' shortcode due to missing validation on the 'job_id' user contro…

Gst Electronics · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-66842024-08-12Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom Nova Panel N7 allows Authentication Bypass.

Guillaumepotier · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43370High7.22024-08-16gettext.js is a GNU gettext port for node and the browser.

Gunet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38530Critical9.82024-08-12The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System.

Hashicorp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7625Medium5.82024-08-15In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive hea…

Havocframework · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-41570Critical9.82024-08-12An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.

Hitpay Payment Solutions Pte Ltd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38747High7.52024-08-13Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay P…

Humanityco · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-3399Medium4.42024-08-16The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookie_notice_options[refuse_code_head]' parameter in versions up to, and including, 2.4.17.1 due to insufficient inp…

Ibexa · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43369High7.22024-08-16Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format.

Inspireui · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7628High8.12024-08-15The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2.

Iptanus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7301High7.22024-08-16The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.24.8 due to insufficient input sanitization and output escaping.

Iqonic Design · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43124Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iqonic Design Graphina allows Stored XSS.This issue affects Graphina: from n/a through 1.8.10.

Itsourcecode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7838High7.32024-08-15A vulnerability was found in itsourcecode Online Food Ordering System 1.0.

Javier Carazo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38787High7.52024-08-13Insertion of Sensitive Information Into Sent Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.8.

Jeroen Sormani · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43226Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jeroen Sormani WP Dashboard Notes allows Stored XSS.This issue affects WP Dashboard Notes: from n/a through 1.0.11.

Jfarthing84 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7422Medium4.32024-08-16The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7.

Kubernetes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7646High8.82024-08-16A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the c…

La-studio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43210Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a t…

Libtiff · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7006High7.52024-08-12A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`.

Litestar-org · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42370High8.32024-08-12Litestar is an Asynchronous Server Gateway Interface (ASGI) framework.

Mage-people · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43138Medium6.52024-08-13Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MagePeople Team Event Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Event Manager for WooCommerce: from n/a throug…

Magic-post-thumbnail · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6724Medium4.82024-08-13The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabil…

Matter-labs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43366High7.52024-08-15zkvyper is a Vyper compiler.

Mbe Worldwide S.p.a. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38742Medium5.32024-08-13Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MBE Worldwide S.P.A.

Mcjack123 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43395High8.22024-08-16CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing.

Meddiff Technologies · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22592024-08-13This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application.

Mediatek · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-20082Critical9.82024-08-14In Modem, there is a possible memory corruption due to a missing bounds check.

Mediavine · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43218Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mediavine Mediavine Control Panel mediavine-control-panel.This issue affects Mediavine Control Panel: from n/a through <= 2.10.4.

Merkulove · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43147Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Merkulove Selection Lite allows Stored XSS.This issue affects Selection Lite: from n/a through 1.11.

Mintplex-labs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3279Critical9.12024-08-12An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint.

Mongodb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6384Medium5.32024-08-13"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier.

Muhammad Rehman · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38724High7.12024-08-13Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Rehman Contact Form 7 Summary and Print allows Stored XSS.This issue affects Contact F…

Multivendorx · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43213High7.12024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Reflected XSS.This issue affects WC Marketplace: from n/a through 4.1.17.

N-able · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5445Low3.82024-08-12Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent an…

Neovim · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43374Medium4.52024-08-16The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling.

Nissan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6347Medium6.52024-08-15* Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU's programming session.

Nixos · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43378High7.82024-08-16calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux.

Nvidia · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0113High7.52024-08-12NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI.

Olive Themes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38749Medium5.32024-08-13Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a t…

Open-telemetry · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42368Medium6.52024-08-13OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs.

Openfga · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42473High7.52024-08-12OpenFGA is an authorization/permission engine.

Opentext · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7249Critical9.82024-08-12Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1.

Parcel Panel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43163High7.12024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Parcel Panel ParcelPanel allows Reflected XSS.This issue affects ParcelPanel: from n/a through 4.3.2.

Pierre Lebedel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43217High7.12024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pierre Lebedel Kodex Posts likes allows Reflected XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0.

Pluginus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43121Critical9.12024-08-13Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1.

Prison_management_system_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7813Medium5.32024-08-15A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0.

Pxlrbt · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42485High7.52024-08-12Filament Excel enables excel export for Filament admin resources.

Pylons · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42353Medium6.12024-08-14WebOb provides objects for HTTP requests and responses.

Qnap · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32765Medium4.22024-08-12A vulnerability has been reported to affect Network & Virtual Switch.

Rabilal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7094Critical9.82024-08-13The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function.

Raidenmaild · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7693High7.52024-08-12Raiden MAILD Remote Management System from Team Johnlong Software has a Relative Path Traversal vulnerability, allowing unauthenticated remote attackers to read arbitrary file on the remote server.

Rashid87 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43165Medium6.52024-08-13Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rashid87 WPSection allows PHP Local File Inclusion.This issue affects WPSection: from n/a through 1.3.8.

Roland Barker, Xnau Webdesign · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43141Critical9.82024-08-13Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.This issue affects Participants Database: from n/a through 2.5.9.2.

Samsung · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7399High8.8KEV2024-08-12Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.

Scooter Software · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7886High7.82024-08-16A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical.

Sender · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43126High7.12024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce allows Reflected XSS.This issue affects Sender – Ne…

Skyport · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42481High7.52024-08-12Skyport Daemon (skyportd) is the daemon for the Skyport Panel.

Solarwinds · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28986Critical9.8KEV2024-08-13SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.

Soliloquy Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35775Medium5.92024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloq…

Sprecher Automation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6758Medium6.52024-08-12Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments.

Tc39 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43357High8.62024-08-15ECMA-262 is the language specification for the scripting language ECMAScript.

Teamt5 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7694High7.2KEV2024-08-12ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files.

Techeshta · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43123Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Techeshta Card Elements for Elementor allows Stored XSS.This issue affects Card Elements for Elementor: from n/a through 1.2.2.

Tecno · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7697High7.52024-08-12Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks.

Theme-sphere · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-37930Medium5.32024-08-12Insertion of Sensitive Information into Log File vulnerability in ThemeSphere SmartMag smartmag-responsive-retina-wordpress-magazine.This issue affects SmartMag: from n/a through < 10.1.0.

Themelooks · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43225Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.7.

Themeum · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43231Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3.

Themewinter · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43135High7.52024-08-13Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through 2.2.28.

Themify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43133Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1.

Thimpress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-39642Medium6.52024-08-13Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2.

Tiptoppress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6158Medium4.82024-08-12The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/p…

Traccar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7746Critical9.82024-08-13Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwi…

Tradedoubler · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6460Critical9.82024-08-16The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter.

Veribase · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6917Critical9.82024-08-12Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.

Wapppress Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43137Medium5.92024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WappPress Team WappPress allows Stored XSS.This issue affects WappPress: from n/a through 6.0.4.

Wc Product Table · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43128Medium6.52024-08-13Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.This issue affects WooCommerce Product Table Lite: from n/a through 3.5.1.

Weaver · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7704Medium5.32024-08-12A vulnerability was found in Weaver e-cology 8.

Weblizar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38756Medium5.32024-08-13Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Weblizar Coming Soon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming Soon: from n/a through 1.6.3.

Wofficeio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43153Critical9.82024-08-13Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through <= 5.4.10.

Wp Chill · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43216Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Filr filr-protection.This issue affects Filr: from n/a through <= 1.2.4.

Wp Swings · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38699High7.52024-08-13Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13.

Wp2speed · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-37924Medium5.32024-08-12Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wp2speed WP2Speed Faster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP2Speed Faster: from n/a through 1.0.1.

Wpcodefactory · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7501Medium4.22024-08-16The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7.

Wpfactory · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43127High7.12024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPFactory Products, Order & Customers Export for WooCommerce allows Reflected XSS.This issue affects Products, Order & Customers E…

Wpfeedback · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7621Medium5.42024-08-12The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all ver…

Wpxpro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43150Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.4.2.

Wurmlab · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42360Critical9.82024-08-14SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use.

Xwiki · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42489Critical10.02024-08-12Pro Macros provides XWiki rendering macros.

Yogeshojha · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43381Medium5.02024-08-16reNgine is an automated reconnaissance framework for web applications.

Yuri Baranov · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43224Medium6.52024-08-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yuri Baranov YaMaps for WordPress allows Stored XSS.This issue affects YaMaps for WordPress: from n/a through 0.6.27.

Zoho Campaigns · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38752Medium6.52024-08-13Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho Campaigns allows Cross-Site Scripting (XSS).This issue affects Zoho Campaigns: from n/a through 2.0.8.