Patch Tuesday — December 2024
2024-12-10 · 1223 CVEs
CVEs published or modified the week of 2024-12-10, partitioned by vendor.
Microsoft (112 CVEs)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-49112 | Critical | 9.8 | — | 2024-12-12 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
CVE-2024-49147 | Critical | 9.3 | — | 2024-12-12 | Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver. |
CVE-2024-49125 | High | 8.8 | — | 2024-12-12 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-49117 | High | 8.8 | — | 2024-12-12 | Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2024-49104 | High | 8.8 | — | 2024-12-12 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-49102 | High | 8.8 | — | 2024-12-12 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-49093 | High | 8.8 | — | 2024-12-12 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
CVE-2024-49086 | High | 8.8 | — | 2024-12-12 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-49085 | High | 8.8 | — | 2024-12-12 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-49080 | High | 8.8 | — | 2024-12-12 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
CVE-2024-49105 | High | 8.4 | — | 2024-12-12 | Remote Desktop Client Remote Code Execution Vulnerability |
CVE-2024-49063 | High | 8.4 | — | 2024-12-12 | Microsoft/Muzic Remote Code Execution Vulnerability |
CVE-2024-49068 | High | 8.2 | — | 2024-12-12 | Microsoft SharePoint Elevation of Privilege Vulnerability |
CVE-2024-49132 | High | 8.1 | — | 2024-12-12 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
CVE-2024-49128 | High | 8.1 | — | 2024-12-12 | Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. |
CVE-2024-49127 | High | 8.1 | — | 2024-12-12 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
CVE-2024-49126 | High | 8.1 | — | 2024-12-12 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability |
CVE-2024-49124 | High | 8.1 | — | 2024-12-12 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability |
CVE-2024-49123 | High | 8.1 | — | 2024-12-12 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
CVE-2024-49122 | High | 8.1 | — | 2024-12-12 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
CVE-2024-49120 | High | 8.1 | — | 2024-12-12 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
CVE-2024-49119 | High | 8.1 | — | 2024-12-12 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
CVE-2024-49118 | High | 8.1 | — | 2024-12-12 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
CVE-2024-49116 | High | 8.1 | — | 2024-12-12 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
CVE-2024-49115 | High | 8.1 | — | 2024-12-12 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
CVE-2024-49108 | High | 8.1 | — | 2024-12-12 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
CVE-2024-49106 | High | 8.1 | — | 2024-12-12 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
CVE-2024-49057 | High | 8.1 | — | 2024-12-12 | Microsoft Defender for Endpoint on Android Spoofing Vulnerability |
CVE-2024-49142 | High | 7.8 | — | 2024-12-12 | Microsoft Access Remote Code Execution Vulnerability |
CVE-2024-49138 | High | 7.8 | KEV | 2024-12-12 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2024-49114 | High | 7.8 | — | 2024-12-12 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
CVE-2024-49090 | High | 7.8 | — | 2024-12-12 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2024-49088 | High | 7.8 | — | 2024-12-12 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2024-49079 | High | 7.8 | — | 2024-12-12 | Input Method Editor (IME) Remote Code Execution Vulnerability |
CVE-2024-49076 | High | 7.8 | — | 2024-12-12 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability |
CVE-2024-49074 | High | 7.8 | — | 2024-12-12 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
CVE-2024-49072 | High | 7.8 | — | 2024-12-12 | Windows Task Scheduler Elevation of Privilege Vulnerability |
CVE-2024-49069 | High | 7.8 | — | 2024-12-12 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-43600 | High | 7.8 | — | 2024-12-12 | Microsoft Office Elevation of Privilege Vulnerability |
CVE-2024-53959 | High | 7.8 | — | 2024-12-10 | Adobe Framemaker versions 2020.7, 2022.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-53956 | High | 7.8 | — | 2024-12-10 | Premiere Pro versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-53955 | High | 7.8 | — | 2024-12-10 | Bridge versions 14.1.3, 15.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-53954 | High | 7.8 | — | 2024-12-10 | Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-53953 | High | 7.8 | — | 2024-12-10 | Animate versions 23.0.8, 24.0.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-52997 | High | 7.8 | — | 2024-12-10 | Photoshop Desktop versions 26.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-52990 | High | 7.8 | — | 2024-12-10 | Animate versions 23.0.8, 24.0.5 and earlier are affected by a Buffer Underwrite ('Buffer Underflow') vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-52989 | High | 7.8 | — | 2024-12-10 | Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-52988 | High | 7.8 | — | 2024-12-10 | Animate versions 23.0.8, 24.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-52987 | High | 7.8 | — | 2024-12-10 | Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-52986 | High | 7.8 | — | 2024-12-10 | Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-52985 | High | 7.8 | — | 2024-12-10 | Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-52984 | High | 7.8 | — | 2024-12-10 | Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-52983 | High | 7.8 | — | 2024-12-10 | Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-52982 | High | 7.8 | — | 2024-12-10 | Animate versions 23.0.8, 24.0.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-49545 | High | 7.8 | — | 2024-12-10 | InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-49544 | High | 7.8 | — | 2024-12-10 | InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-49543 | High | 7.8 | — | 2024-12-10 | InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-49538 | High | 7.8 | — | 2024-12-10 | Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-49537 | High | 7.8 | — | 2024-12-10 | After Effects versions 24.6.2, 25.0.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-49513 | High | 7.8 | — | 2024-12-10 | PDFL SDK versions 21.0.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-45156 | High | 7.8 | — | 2024-12-10 | Animate versions 23.0.8, 24.0.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-45155 | High | 7.8 | — | 2024-12-10 | Animate versions 23.0.8, 24.0.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-49553 | High | 7.8 | — | 2024-12-10 | Media Encoder versions 25.0, 24.6.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-49551 | High | 7.8 | — | 2024-12-10 | Media Encoder versions 25.0, 24.6.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-49129 | High | 7.5 | — | 2024-12-12 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
CVE-2024-49121 | High | 7.5 | — | 2024-12-12 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
CVE-2024-49113 | High | 7.5 | — | 2024-12-12 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
CVE-2024-49096 | High | 7.5 | — | 2024-12-12 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
CVE-2024-49075 | High | 7.5 | — | 2024-12-12 | Windows Remote Desktop Services Denial of Service Vulnerability |
CVE-2024-49070 | High | 7.4 | — | 2024-12-12 | Microsoft SharePoint Remote Code Execution Vulnerability |
CVE-2024-49107 | High | 7.3 | — | 2024-12-12 | WmsRepair Service Elevation of Privilege Vulnerability |
CVE-2024-43594 | High | 7.3 | — | 2024-12-12 | Microsoft System Center Elevation of Privilege Vulnerability |
CVE-2024-49091 | High | 7.2 | — | 2024-12-12 | Windows Domain Name Service Remote Code Execution Vulnerability |
CVE-2024-49089 | High | 7.2 | — | 2024-12-12 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-49097 | High | 7.0 | — | 2024-12-12 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
CVE-2024-49095 | High | 7.0 | — | 2024-12-12 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
CVE-2024-49084 | High | 7.0 | — | 2024-12-12 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-49059 | High | 7.0 | — | 2024-12-12 | Microsoft Office Elevation of Privilege Vulnerability |
CVE-2024-49110 | Medium | 6.8 | — | 2024-12-12 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
CVE-2024-49092 | Medium | 6.8 | — | 2024-12-12 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
CVE-2024-49083 | Medium | 6.8 | — | 2024-12-12 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
CVE-2024-49082 | Medium | 6.8 | — | 2024-12-12 | Windows File Explorer Information Disclosure Vulnerability |
CVE-2024-49078 | Medium | 6.8 | — | 2024-12-12 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
CVE-2024-49077 | Medium | 6.8 | — | 2024-12-12 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
CVE-2024-49073 | Medium | 6.8 | — | 2024-12-12 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
CVE-2024-49111 | Medium | 6.6 | — | 2024-12-12 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
CVE-2024-49109 | Medium | 6.6 | — | 2024-12-12 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
CVE-2024-49101 | Medium | 6.6 | — | 2024-12-12 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
CVE-2024-49094 | Medium | 6.6 | — | 2024-12-12 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
CVE-2024-49081 | Medium | 6.6 | — | 2024-12-12 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
CVE-2024-49071 | Medium | 6.5 | — | 2024-12-12 | Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network. |
CVE-2024-49064 | Medium | 6.5 | — | 2024-12-12 | Microsoft SharePoint Information Disclosure Vulnerability |
CVE-2024-49062 | Medium | 6.5 | — | 2024-12-12 | Microsoft SharePoint Information Disclosure Vulnerability |
CVE-2024-52537 | Medium | 6.3 | — | 2024-12-11 | Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. |
CVE-2024-49535 | Medium | 6.3 | — | 2024-12-10 | Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide mali… |
CVE-2024-49065 | Medium | 5.5 | — | 2024-12-12 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2024-53952 | Medium | 5.5 | — | 2024-12-10 | InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. |
CVE-2024-53951 | Medium | 5.5 | — | 2024-12-10 | InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-49549 | Medium | 5.5 | — | 2024-12-10 | InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-49548 | Medium | 5.5 | — | 2024-12-10 | InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-49547 | Medium | 5.5 | — | 2024-12-10 | InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-49546 | Medium | 5.5 | — | 2024-12-10 | InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-49541 | Medium | 5.5 | — | 2024-12-10 | Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-49554 | Medium | 5.5 | — | 2024-12-10 | Media Encoder versions 25.0, 24.6.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. |
CVE-2024-49531 | Medium | 5.5 | — | 2024-12-10 | Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. |
CVE-2024-45761 | Medium | 5.4 | — | 2024-12-09 | Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. |
CVE-2024-49087 | Medium | 4.6 | — | 2024-12-12 | Windows Mobile Broadband Driver Information Disclosure Vulnerability |
CVE-2024-35117 | Medium | 4.4 | — | 2024-12-11 | IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user. |
CVE-2024-49103 | Medium | 4.3 | — | 2024-12-12 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
CVE-2024-49099 | Medium | 4.3 | — | 2024-12-12 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
CVE-2024-49098 | Medium | 4.3 | — | 2024-12-12 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
CVE-2023-23472 | Low | 3.1 | — | 2024-12-11 | IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. |
Other vendors (1111 CVEs across 558 vendors)
Adobe · 128 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54036 | Critical | 9.3 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-54034 | Critical | 9.3 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-54032 | Critical | 9.3 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-54037 | High | 8.1 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-53958 | High | 7.8 | — | 2024-12-10 | Substance3D - Painter versions 10.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-53957 | High | 7.8 | — | 2024-12-10 | Substance3D - Painter versions 10.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-53003 | High | 7.8 | — | 2024-12-10 | Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-53002 | High | 7.8 | — | 2024-12-10 | Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-53001 | High | 7.8 | — | 2024-12-10 | Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-53000 | High | 7.8 | — | 2024-12-10 | Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-52999 | High | 7.8 | — | 2024-12-10 | Substance3D - Modeler versions 1.14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-52996 | High | 7.8 | — | 2024-12-10 | Substance3D - Sampler versions 4.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-52995 | High | 7.8 | — | 2024-12-10 | Substance3D - Sampler versions 4.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-52994 | High | 7.8 | — | 2024-12-10 | Substance3D - Sampler versions 4.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-49552 | High | 7.8 | — | 2024-12-10 | Media Encoder versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-49530 | High | 7.8 | — | 2024-12-10 | Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2024-43729 | Medium | 6.5 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-54051 | Medium | 6.1 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. |
CVE-2024-54050 | Medium | 6.1 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. |
CVE-2024-54049 | Medium | 6.1 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-54048 | Medium | 6.1 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-54047 | Medium | 6.1 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-54046 | Medium | 6.1 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-54045 | Medium | 6.1 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-54044 | Medium | 6.1 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-54043 | Medium | 6.1 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-54042 | Medium | 6.1 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-49550 | Medium | 6.1 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-53006 | Medium | 5.5 | — | 2024-12-10 | Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. |
CVE-2024-53005 | Medium | 5.5 | — | 2024-12-10 | Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-53004 | Medium | 5.5 | — | 2024-12-10 | Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-52833 | Medium | 5.5 | — | 2024-12-10 | Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. |
CVE-2024-49534 | Medium | 5.5 | — | 2024-12-10 | Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-49533 | Medium | 5.5 | — | 2024-12-10 | Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-49532 | Medium | 5.5 | — | 2024-12-10 | Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-53960 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52993 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52992 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52991 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52865 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52864 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52862 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52861 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52860 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-52859 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52858 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52857 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52855 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52854 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52853 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52852 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52851 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52850 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52849 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52848 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52847 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52846 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52845 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52844 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-52843 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52842 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52841 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52840 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-52839 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-52838 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-52837 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-52836 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52835 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52834 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52832 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52830 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52829 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52828 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52827 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52826 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52825 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52824 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52823 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-52822 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-52818 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52817 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-52816 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43754 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. |
CVE-2024-43752 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43751 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43750 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43749 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43748 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43747 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43746 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43745 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-43744 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43743 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43742 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43740 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43739 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43738 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. |
CVE-2024-43737 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43736 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43735 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2024-43734 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43733 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-43730 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43728 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43727 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43726 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43725 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43724 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-43723 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-43722 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-43721 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-43720 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-43719 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-43718 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43715 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-43714 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-43713 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. |
CVE-2024-43712 | Medium | 5.4 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. |
CVE-2024-54041 | Medium | 5.4 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-54040 | Medium | 5.4 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-54039 | Medium | 5.4 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. |
CVE-2024-43732 | Medium | 4.6 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. |
CVE-2024-43731 | Medium | 4.3 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2024-43717 | Medium | 4.3 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. |
CVE-2024-43716 | Medium | 4.3 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. |
CVE-2024-54038 | Medium | 4.3 | — | 2024-12-10 | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. |
CVE-2024-52831 | Low | 3.5 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. |
CVE-2024-43755 | Low | 3.5 | — | 2024-12-10 | Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. |
Apple · 53 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54534 | Critical | 9.8 | — | 2024-12-12 | The issue was addressed with improved memory handling. |
CVE-2024-54506 | Critical | 9.8 | — | 2024-12-12 | An out-of-bounds access issue was addressed with improved bounds checking. |
CVE-2024-54465 | Critical | 9.8 | — | 2024-12-12 | A logic issue was addressed with improved state management. |
CVE-2024-44299 | Critical | 9.8 | — | 2024-12-12 | The issue was addressed with improved bounds checks. |
CVE-2024-44242 | Critical | 9.8 | — | 2024-12-12 | The issue was addressed with improved bounds checks. |
CVE-2024-44241 | Critical | 9.8 | — | 2024-12-12 | The issue was addressed with improved bounds checks. |
CVE-2024-54505 | High | 8.8 | — | 2024-12-12 | A type confusion issue was addressed with improved memory handling. |
CVE-2024-54498 | High | 8.8 | — | 2024-12-12 | A path handling issue was addressed with improved validation. |
CVE-2024-54514 | High | 8.6 | — | 2024-12-12 | The issue was addressed with improved checks. |
CVE-2024-54529 | High | 7.8 | — | 2024-12-12 | A logic issue was addressed with improved checks. |
CVE-2024-54515 | High | 7.8 | — | 2024-12-12 | A logic issue was addressed with improved restrictions. |
CVE-2024-54489 | High | 7.8 | — | 2024-12-12 | A path handling issue was addressed with improved validation. |
CVE-2024-44291 | High | 7.8 | — | 2024-12-12 | A logic issue was addressed with improved file handling. |
CVE-2024-44225 | High | 7.8 | — | 2024-12-12 | A logic issue was addressed with improved checks. |
CVE-2024-44224 | High | 7.8 | — | 2024-12-12 | A permissions issue was addressed with additional restrictions. |
CVE-2024-54508 | High | 7.5 | — | 2024-12-12 | The issue was addressed with improved memory handling. |
CVE-2024-54479 | High | 7.5 | — | 2024-12-12 | The issue was addressed with improved checks. |
CVE-2024-54528 | High | 7.1 | — | 2024-12-12 | A logic issue was addressed with improved restrictions. |
CVE-2024-44245 | High | 7.1 | — | 2024-12-12 | The issue was addressed with improved memory handling. |
CVE-2024-54502 | Medium | 6.5 | — | 2024-12-12 | The issue was addressed with improved checks. |
CVE-2024-54486 | Medium | 6.5 | — | 2024-12-12 | The issue was addressed with improved checks. |
CVE-2024-44248 | Medium | 6.5 | — | 2024-12-12 | This issue was addressed through improved state management. |
CVE-2024-54494 | Medium | 5.9 | — | 2024-12-12 | A race condition was addressed with additional validation. |
CVE-2024-54492 | Medium | 5.9 | — | 2024-12-12 | This issue was addressed by using HTTPS when sending information over the network. |
CVE-2024-54531 | Medium | 5.5 | — | 2024-12-12 | The issue was addressed with improved memory handling. |
CVE-2024-54527 | Medium | 5.5 | — | 2024-12-12 | This issue was addressed with improved checks. |
CVE-2024-54526 | Medium | 5.5 | — | 2024-12-12 | The issue was addressed with improved checks. |
CVE-2024-54524 | Medium | 5.5 | — | 2024-12-12 | A logic issue was addressed with improved file handling. |
CVE-2024-54513 | Medium | 5.5 | — | 2024-12-12 | A permissions issue was addressed with additional restrictions. |
CVE-2024-54504 | Medium | 5.5 | — | 2024-12-12 | A privacy issue was addressed with improved private data redaction for log entries. |
CVE-2024-54501 | Medium | 5.5 | — | 2024-12-12 | The issue was addressed with improved checks. |
CVE-2024-54500 | Medium | 5.5 | — | 2024-12-12 | The issue was addressed with improved checks. |
CVE-2024-54495 | Medium | 5.5 | — | 2024-12-12 | The issue was addressed with improved permissions logic. |
CVE-2024-54490 | Medium | 5.5 | — | 2024-12-12 | This issue was addressed by enabling hardened runtime. |
CVE-2024-54484 | Medium | 5.5 | — | 2024-12-12 | The issue was resolved by sanitizing logging. |
CVE-2024-54477 | Medium | 5.5 | — | 2024-12-12 | The issue was addressed with improved checks. |
CVE-2024-54476 | Medium | 5.5 | — | 2024-12-12 | The issue was addressed with improved checks. |
CVE-2024-54474 | Medium | 5.5 | — | 2024-12-12 | The issue was addressed with improved checks. |
CVE-2024-54471 | Medium | 5.5 | — | 2024-12-12 | This issue was addressed with additional entitlement checks. |
CVE-2024-44300 | Medium | 5.5 | — | 2024-12-12 | A logic issue was addressed with improved file handling. |
CVE-2024-44243 | Medium | 5.5 | — | 2024-12-12 | A configuration issue was addressed with additional restrictions. |
CVE-2024-44220 | Medium | 5.5 | — | 2024-12-12 | The issue was addressed with improved memory handling. |
CVE-2024-44201 | Medium | 5.5 | — | 2024-12-12 | The issue was addressed with improved memory handling. |
CVE-2024-54466 | Medium | 5.3 | — | 2024-12-12 | An authorization issue was addressed with improved state management. |
CVE-2024-44246 | Medium | 5.3 | — | 2024-12-12 | The issue was addressed with improved routing of Safari-originated requests. |
CVE-2024-44212 | Medium | 5.3 | — | 2024-12-12 | A cookie management issue was addressed with improved state management. |
CVE-2024-54510 | Medium | 5.1 | — | 2024-12-12 | A race condition was addressed with improved locking. |
CVE-2024-54503 | Medium | 4.2 | — | 2024-12-12 | An inconsistent user interface issue was addressed with improved state management. |
CVE-2024-54493 | Low | 3.3 | — | 2024-12-12 | This issue was addressed through improved state management. |
CVE-2024-54491 | Low | 3.3 | — | 2024-12-12 | The issue was resolved by sanitizing logging. |
CVE-2024-44290 | Low | 3.3 | — | 2024-12-12 | This issue was addressed with improved redaction of sensitive information. |
CVE-2024-44200 | Low | 3.3 | — | 2024-12-12 | This issue was addressed with improved redaction of sensitive information. |
CVE-2024-54485 | Low | 2.4 | — | 2024-12-12 | The issue was addressed by adding additional logic. |
N/a · 46 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54811 | Critical | 9.8 | — | 2024-12-12 | A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter. |
CVE-2024-54810 | Critical | 9.8 | — | 2024-12-12 | A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via the mobileno parameter. |
CVE-2024-55099 | Critical | 9.8 | — | 2024-12-12 | A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter. |
CVE-2024-54842 | Critical | 9.8 | — | 2024-12-12 | A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/password-recovery.php via the mobileno parameter. |
CVE-2024-53480 | Critical | 9.8 | — | 2024-12-10 | Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter. |
CVE-2024-46340 | Critical | 9.8 | — | 2024-12-10 | TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset. |
CVE-2024-46442 | Critical | 9.8 | — | 2024-12-10 | An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack. |
CVE-2024-45494 | Critical | 9.8 | — | 2024-12-10 | An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). |
CVE-2024-45493 | Critical | 9.8 | — | 2024-12-10 | An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). |
CVE-2024-54751 | Critical | 9.8 | — | 2024-12-10 | COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. |
CVE-2024-55586 | Critical | 9.8 | — | 2024-12-10 | Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. |
CVE-2024-46455 | Critical | 9.8 | — | 2024-12-09 | unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser. |
CVE-2024-48956 | Critical | 9.8 | — | 2024-12-09 | Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution. |
CVE-2024-55564 | Critical | 9.8 | — | 2024-12-09 | The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow. |
CVE-2024-53441 | Critical | 9.1 | — | 2024-12-09 | An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack. |
CVE-2024-40583 | Critical | 9.1 | — | 2024-12-09 | Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials. |
CVE-2024-55884 | Critical | 9.0 | — | 2024-12-12 | In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in exception_logging/unix.rs, aka MLLVD-C… |
CVE-2024-55587 | High | 8.8 | — | 2024-12-12 | python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract. |
CVE-2024-55500 | High | 8.8 | — | 2024-12-10 | Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine. |
CVE-2024-50930 | High | 8.8 | — | 2024-12-10 | An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code. |
CVE-2024-50920 | High | 8.8 | — | 2024-12-10 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets. |
CVE-2024-55579 | High | 8.8 | — | 2024-12-09 | An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. |
CVE-2024-21544 | High | 8.6 | — | 2024-12-13 | Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method. An attacker can exploit this vulnerability by using leading whitespace (%20) before t… |
CVE-2024-21542 | High | 8.6 | — | 2024-12-10 | Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function. |
CVE-2024-46341 | High | 8.0 | — | 2024-12-10 | TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack. |
CVE-2024-50699 | High | 8.0 | — | 2024-12-10 | TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account. |
CVE-2024-53919 | High | 7.6 | — | 2024-12-10 | An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command executi… |
CVE-2024-46547 | High | 7.5 | — | 2024-12-09 | A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3.2.6) where unauthorized users could access sensitive information due to improper access control validation via PHP Info Page. |
CVE-2024-40582 | High | 7.5 | — | 2024-12-09 | Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information. |
CVE-2024-55580 | High | 7.5 | — | 2024-12-09 | An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. |
CVE-2024-21543 | High | 7.1 | — | 2024-12-13 | Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. |
CVE-2024-55566 | Medium | 6.6 | — | 2024-12-09 | ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name derived from an unseeded RNG). |
CVE-2024-50928 | Medium | 6.5 | — | 2024-12-10 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's communications with the controller. |
CVE-2024-50924 | Medium | 6.5 | — | 2024-12-10 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending crafted packets to the controller. |
CVE-2024-50921 | Medium | 6.5 | — | 2024-12-10 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeatedly sending crafted packets to the controller. |
CVE-2024-31670 | Medium | 6.3 | — | 2024-12-12 | rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c. |
CVE-2024-50929 | Medium | 6.2 | — | 2024-12-10 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS). |
CVE-2024-53481 | Medium | 6.1 | — | 2024-12-10 | A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters. |
CVE-2024-55582 | Medium | 5.7 | — | 2024-12-09 | Oxide before 6 has unencrypted Control Plane datastores. |
CVE-2024-55918 | Medium | 5.3 | — | 2024-12-13 | An issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl. |
CVE-2023-43962 | Medium | 4.8 | — | 2024-12-09 | Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab. |
CVE-2024-50931 | Medium | 4.6 | — | 2024-12-10 | Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions. |
CVE-2022-29974 | Medium | 4.3 | — | 2024-12-09 | AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. |
CVE-2024-55578 | Medium | 4.3 | — | 2024-12-09 | Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files. |
CVE-2024-55565 | Medium | 4.3 | — | 2024-12-09 | nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. |
CVE-2024-12346 | Low | 3.5 | — | 2024-12-09 | A vulnerability has been found in Talentera up to 20241128 and classified as problematic. |
Gstreamer · 28 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47615 | Critical | 9.8 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47613 | Critical | 9.8 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47607 | Critical | 9.8 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47540 | Critical | 9.8 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47539 | Critical | 9.8 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47538 | Critical | 9.8 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47537 | Critical | 9.8 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47834 | Critical | 9.1 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47777 | Critical | 9.1 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47776 | Critical | 9.1 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47775 | Critical | 9.1 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47774 | Critical | 9.1 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47600 | Critical | 9.1 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47598 | Critical | 9.1 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47597 | Critical | 9.1 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47835 | High | 7.5 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47778 | High | 7.5 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47603 | High | 7.5 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47602 | High | 7.5 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47601 | High | 7.5 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47599 | High | 7.5 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47596 | High | 7.5 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47546 | High | 7.5 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47545 | High | 7.5 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47544 | High | 7.5 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47543 | High | 7.5 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47542 | High | 7.5 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
CVE-2024-47541 | High | 7.5 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
Huawei · 24 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54098 | High | 8.5 | — | 2024-12-12 | Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity. |
CVE-2024-54097 | High | 7.3 | — | 2024-12-12 | Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability may affect feature implementation and integrity. |
CVE-2024-54107 | High | 7.1 | — | 2024-12-12 | Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-54106 | High | 7.1 | — | 2024-12-12 | Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-54099 | Medium | 6.7 | — | 2024-12-12 | File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. |
CVE-2024-54113 | Medium | 6.5 | — | 2024-12-12 | Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect power consumption. |
CVE-2024-54109 | Medium | 6.5 | — | 2024-12-12 | Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-54108 | Medium | 6.5 | — | 2024-12-12 | Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-54122 | Medium | 6.2 | — | 2024-12-12 | Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability. |
CVE-2024-54119 | Medium | 6.2 | — | 2024-12-12 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
CVE-2024-54117 | Medium | 6.2 | — | 2024-12-12 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
CVE-2024-54110 | Medium | 6.2 | — | 2024-12-12 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
CVE-2024-54104 | Medium | 6.2 | — | 2024-12-12 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
CVE-2024-54101 | Medium | 6.2 | — | 2024-12-12 | Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-54100 | Medium | 6.2 | — | 2024-12-12 | Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. |
CVE-2024-54103 | Medium | 6.1 | — | 2024-12-12 | Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
CVE-2024-54102 | Medium | 6.1 | — | 2024-12-12 | Race condition vulnerability in the DDR module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
CVE-2024-54111 | Medium | 5.7 | — | 2024-12-12 | Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-54112 | Medium | 5.5 | — | 2024-12-12 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
CVE-2024-54096 | Medium | 5.3 | — | 2024-12-12 | Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy. |
CVE-2024-54105 | Medium | 5.1 | — | 2024-12-12 | Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-54114 | Medium | 4.4 | — | 2024-12-12 | Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. |
CVE-2024-54116 | Medium | 4.3 | — | 2024-12-12 | Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. |
CVE-2024-54115 | Medium | 4.3 | — | 2024-12-12 | Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. |
Dell · 22 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37143 | Critical | 10.0 | — | 2024-12-10 | Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Ma… |
CVE-2024-22461 | High | 8.8 | — | 2024-12-13 | Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. |
CVE-2024-53290 | High | 8.4 | — | 2024-12-11 | Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. |
CVE-2024-47484 | High | 8.2 | — | 2024-12-10 | Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. |
CVE-2024-37144 | High | 8.2 | — | 2024-12-10 | Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Ma… |
CVE-2024-53289 | High | 7.8 | — | 2024-12-11 | Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. |
CVE-2024-49600 | High | 7.8 | — | 2024-12-09 | Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. |
CVE-2024-52538 | High | 7.6 | — | 2024-12-10 | Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. |
CVE-2024-47238 | High | 7.5 | — | 2024-12-12 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. |
CVE-2024-53292 | High | 7.2 | — | 2024-12-11 | Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. |
CVE-2024-47977 | High | 7.1 | — | 2024-12-10 | Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. |
CVE-2024-24902 | Medium | 6.6 | — | 2024-12-13 | Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. |
CVE-2024-28980 | Medium | 6.5 | — | 2024-12-13 | Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. |
CVE-2024-38488 | Medium | 6.5 | — | 2024-12-13 | Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. |
CVE-2024-49602 | Medium | 6.5 | — | 2024-12-09 | Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability. |
CVE-2024-48008 | Medium | 5.3 | — | 2024-12-13 | Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. |
CVE-2024-48007 | Medium | 5.3 | — | 2024-12-13 | Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. |
CVE-2024-47984 | Medium | 4.4 | — | 2024-12-13 | Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. |
CVE-2024-45760 | Medium | 4.3 | — | 2024-12-09 | Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. |
CVE-2024-49603 | Medium | 4.3 | — | 2024-12-09 | Dell PowerScale OneFS Versions 8.2.2.x through 9.9.0.x contain an incorrect specified argument vulnerability. |
CVE-2024-42426 | Medium | 4.3 | — | 2024-12-09 | Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource consumption vulnerability. |
CVE-2024-38485 | Medium | 4.3 | — | 2024-12-09 | Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. |
Lopalopa · 21 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54934 | Critical | 9.8 | — | 2024-12-09 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php. |
CVE-2024-54932 | Critical | 9.8 | — | 2024-12-09 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php. |
CVE-2024-54931 | Critical | 9.8 | — | 2024-12-09 | A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. |
CVE-2024-54925 | Critical | 9.8 | — | 2024-12-09 | A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. |
CVE-2024-54924 | Critical | 9.8 | — | 2024-12-09 | A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters. |
CVE-2024-54923 | Critical | 9.8 | — | 2024-12-09 | A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department param… |
CVE-2024-54921 | Critical | 9.8 | — | 2024-12-09 | A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and… |
CVE-2024-54918 | Critical | 9.8 | — | 2024-12-09 | Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. |
CVE-2024-54920 | Critical | 9.8 | — | 2024-12-09 | A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname… |
CVE-2024-54926 | High | 8.8 | — | 2024-12-09 | A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter. |
CVE-2024-54938 | High | 7.5 | — | 2024-12-09 | A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads. |
CVE-2024-54928 | High | 7.2 | — | 2024-12-09 | kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php, |
CVE-2024-54927 | High | 7.2 | — | 2024-12-09 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php. |
CVE-2024-54933 | High | 7.2 | — | 2024-12-09 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php. |
CVE-2024-54930 | High | 7.2 | — | 2024-12-09 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php. |
CVE-2024-54922 | High | 7.2 | — | 2024-12-09 | A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username… |
CVE-2024-54929 | High | 7.2 | — | 2024-12-09 | KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. |
CVE-2024-54935 | Medium | 5.4 | — | 2024-12-09 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. |
CVE-2024-54919 | Medium | 5.4 | — | 2024-12-09 | A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. |
CVE-2024-54936 | Medium | 5.4 | — | 2024-12-09 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. |
CVE-2024-54937 | Medium | 5.3 | — | 2024-12-09 | A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. |
Ivanti · 16 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11639 | Critical | 10.0 | — | 2024-12-10 | An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access |
CVE-2024-11773 | Critical | 9.1 | — | 2024-12-10 | SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. |
CVE-2024-11772 | Critical | 9.1 | — | 2024-12-10 | Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
CVE-2024-11634 | Critical | 9.1 | — | 2024-12-10 | Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
CVE-2024-11633 | Critical | 9.1 | — | 2024-12-10 | Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution |
CVE-2024-8540 | High | 8.8 | — | 2024-12-10 | Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components. |
CVE-2024-9845 | High | 7.8 | — | 2024-12-11 | Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. |
CVE-2024-8496 | High | 7.8 | — | 2024-12-11 | Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. |
CVE-2024-11598 | High | 7.8 | — | 2024-12-11 | Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation. |
CVE-2024-11597 | High | 7.8 | — | 2024-12-11 | Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation. |
CVE-2024-10251 | High | 7.8 | — | 2024-12-11 | Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. |
CVE-2024-37401 | High | 7.5 | — | 2024-12-12 | An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service. |
CVE-2024-37377 | High | 7.5 | — | 2024-12-12 | A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. |
CVE-2024-9844 | High | 7.1 | — | 2024-12-10 | Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions. |
CVE-2024-7572 | High | 7.1 | — | 2024-12-10 | Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files. |
CVE-2024-10256 | High | 7.1 | — | 2024-12-10 | Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files. |
Image Access Gmbh · 14 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-28139 | High | 8.8 | — | 2024-12-11 | The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. |
CVE-2024-28146 | High | 8.4 | — | 2024-12-12 | The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device. |
CVE-2024-28143 | High | 8.4 | — | 2024-12-12 | The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. |
CVE-2024-28138 | High | 7.3 | — | 2024-12-10 | An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized. |
CVE-2024-47946 | High | 7.2 | — | 2024-12-10 | If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. |
CVE-2024-28141 | Medium | 6.3 | — | 2024-12-11 | The web application is not protected against cross-site request forgery attacks. |
CVE-2024-28140 | Medium | 6.1 | — | 2024-12-11 | The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. |
CVE-2024-28145 | Medium | 5.9 | — | 2024-12-12 | An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. |
CVE-2024-28144 | Medium | 5.5 | — | 2024-12-12 | An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. |
CVE-2024-47947 | Medium | 4.7 | — | 2024-12-12 | Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. |
CVE-2024-36498 | Medium | 4.7 | — | 2024-12-12 | Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. |
CVE-2024-36494 | Medium | 4.7 | — | 2024-12-12 | Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. |
CVE-2024-28142 | Medium | 4.7 | — | 2024-12-12 | Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. |
CVE-2024-50584 | Medium | 4.4 | — | 2024-12-12 | An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based… |
Siemens · 12 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-28398 | High | 8.8 | — | 2024-12-10 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM… |
CVE-2024-54095 | High | 7.8 | — | 2024-12-10 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). |
CVE-2024-54094 | High | 7.8 | — | 2024-12-10 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). |
CVE-2024-54093 | High | 7.8 | — | 2024-12-10 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). |
CVE-2024-54091 | High | 7.8 | — | 2024-12-10 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 12), Solid Edge SE2025 (All versions < V225.0 Update 3). |
CVE-2024-53242 | High | 7.8 | — | 2024-12-10 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim… |
CVE-2024-53041 | High | 7.8 | — | 2024-12-10 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim… |
CVE-2024-49849 | High | 7.8 | — | 2024-12-10 | A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 9), SIMATIC STEP 7 Safety V18… |
CVE-2024-52051 | High | 7.3 | — | 2024-12-10 | A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 9), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19… |
CVE-2024-49704 | Medium | 5.5 | — | 2024-12-10 | A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All vers… |
CVE-2024-54005 | Medium | 5.1 | — | 2024-12-10 | A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All vers… |
CVE-2024-53832 | Medium | 4.6 | — | 2024-12-10 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). |
Rti · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-52061 | Critical | 9.8 | — | 2024-12-13 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Co… |
CVE-2024-52057 | Critical | 9.8 | — | 2024-12-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0, from 6… |
CVE-2024-52063 | High | 8.6 | — | 2024-12-13 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 befor… |
CVE-2024-52066 | High | 7.8 | — | 2024-12-13 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7… |
CVE-2024-52062 | High | 7.8 | — | 2024-12-13 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6… |
CVE-2024-52060 | High | 7.8 | — | 2024-12-13 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer… |
CVE-2024-52059 | High | 7.8 | — | 2024-12-13 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue a… |
CVE-2024-52058 | High | 7.8 | — | 2024-12-13 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.This issue affects Connext Professional: from 7.0.0 before 7… |
CVE-2024-52065 | High | 7.1 | — | 2024-12-13 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional… |
CVE-2024-52064 | High | 7.1 | — | 2024-12-13 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6… |
Sap_se · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47578 | Critical | 9.1 | — | 2024-12-10 | Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. |
CVE-2024-54198 | High | 8.5 | — | 2024-12-10 | In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. |
CVE-2024-54197 | High | 7.2 | — | 2024-12-10 | SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. |
CVE-2024-47580 | Medium | 6.8 | — | 2024-12-10 | An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. |
CVE-2024-47579 | Medium | 6.8 | — | 2024-12-10 | An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. |
CVE-2024-47582 | Medium | 5.3 | — | 2024-12-10 | Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. |
CVE-2024-47585 | Medium | 4.3 | — | 2024-12-10 | SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. |
CVE-2024-47581 | Medium | 4.3 | — | 2024-12-10 | SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. |
CVE-2024-47576 | Low | 3.3 | — | 2024-12-10 | SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. |
CVE-2024-47577 | Low | 2.7 | — | 2024-12-10 | Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. |
Gitlab · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11274 | High | 8.7 | — | 2024-12-12 | An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to ses… |
CVE-2024-8233 | High | 7.5 | — | 2024-12-12 | An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. |
CVE-2024-12570 | Medium | 6.7 | — | 2024-12-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. |
CVE-2024-9387 | Medium | 6.4 | — | 2024-12-12 | An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. |
CVE-2024-8647 | Medium | 5.4 | — | 2024-12-12 | An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. |
CVE-2024-8179 | Medium | 5.4 | — | 2024-12-12 | An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. |
CVE-2024-9367 | Medium | 4.3 | — | 2024-12-12 | An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of… |
CVE-2024-12292 | Medium | 4.0 | — | 2024-12-12 | An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have… |
CVE-2024-10043 | Low | 3.1 | — | 2024-12-12 | An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential in… |
Code-projects · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12490 | Medium | 6.3 | — | 2024-12-12 | A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. |
CVE-2024-12489 | Medium | 6.3 | — | 2024-12-12 | A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. |
CVE-2024-12488 | Medium | 6.3 | — | 2024-12-12 | A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. |
CVE-2024-12487 | Medium | 6.3 | — | 2024-12-12 | A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. |
CVE-2024-12486 | Medium | 6.3 | — | 2024-12-12 | A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. |
CVE-2024-12485 | Medium | 6.3 | — | 2024-12-12 | A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. |
CVE-2024-12360 | Medium | 6.3 | — | 2024-12-09 | A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. |
CVE-2024-12359 | Low | 3.5 | — | 2024-12-09 | A vulnerability was found in code-projects Admin Dashboard 1.0. |
Plextrac · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11838 | Critical | 9.8 | — | 2024-12-13 | External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1. |
CVE-2024-11837 | Critical | 9.8 | — | 2024-12-13 | Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1. |
CVE-2024-11834 | Critical | 9.1 | — | 2024-12-13 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1. |
CVE-2024-11833 | Critical | 9.1 | — | 2024-12-13 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1. |
CVE-2024-11839 | High | 7.5 | — | 2024-12-13 | Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1. |
CVE-2024-11836 | High | 7.5 | — | 2024-12-13 | Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.This issue affects PlexTrac: from 1.61.3 before 2.8.1. |
CVE-2024-11835 | High | 7.5 | — | 2024-12-13 | Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue affects PlexTrac: from 1.61.3 before 2.8.1. |
Synology · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-53285 | Medium | 5.9 | — | 2024-12-09 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator priv… |
CVE-2024-53284 | Medium | 5.9 | — | 2024-12-09 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administr… |
CVE-2024-53283 | Medium | 5.9 | — | 2024-12-09 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administra… |
CVE-2024-53282 | Medium | 5.9 | — | 2024-12-09 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with admini… |
CVE-2024-53281 | Medium | 5.9 | — | 2024-12-09 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to read or write specif… |
CVE-2024-53280 | Medium | 5.9 | — | 2024-12-09 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with ad… |
CVE-2024-53279 | Medium | 5.9 | — | 2024-12-09 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator pri… |
Apache · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-53677 | Critical | 9.8 | — | 2024-12-11 | File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Executi… |
CVE-2024-53947 | Critical | 9.8 | — | 2024-12-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. |
CVE-2024-55633 | Medium | 6.5 | — | 2024-12-12 | Improper Authorization vulnerability in Apache Superset. |
CVE-2024-53949 | Medium | 6.5 | — | 2024-12-09 | Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). |
CVE-2024-53948 | Medium | 5.3 | — | 2024-12-09 | Generation of Error Message Containing analytics metadata Information in Apache Superset. |
CVE-2024-46901 | Low | 3.1 | — | 2024-12-09 | Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the r… |
Drupal · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55638 | Critical | 9.8 | — | 2024-12-10 | Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9. |
CVE-2024-55637 | Critical | 9.8 | — | 2024-12-10 | Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. |
CVE-2024-55636 | Critical | 9.8 | — | 2024-12-10 | Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. |
CVE-2024-55634 | High | 8.1 | — | 2024-12-10 | A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. |
CVE-2024-55635 | Medium | 6.1 | — | 2024-12-10 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102. |
CVE-2024-12393 | Medium | 5.4 | — | 2024-12-10 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9… |
Wp Onlinesupport, Essential Plugin · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-39996 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Accordion and Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion and Accordion Slider: from n/a th… |
CVE-2022-46846 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Trending/Popular Post Slider and Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trending/Popular Post Slider and W… |
CVE-2023-30488 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Featured Post Creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through 1.2.7. |
CVE-2023-25703 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Meta slider and carousel with lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta slider and carousel with light… |
CVE-2023-25060 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Album and Image Gallery plus Lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Album and Image Gallery plus Lightbo… |
CVE-2023-39995 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Portfolio and Projects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio and Projects: from n/a through 1.3.7. |
Wpdeveloper · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-47594 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 3.8.5. |
CVE-2023-51360 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through… |
CVE-2023-51359 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through… |
CVE-2023-47762 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in WPDeveloper BetterDocs betterdocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through <= 2.5.2. |
CVE-2023-47761 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in WPDeveloper Simple 301 Redirects by BetterLinks simple-301-redirects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple 301 Redirects by BetterLinks: fro… |
CVE-2023-47760 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through… |
Anzar Ahmed · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54258 | High | 8.5 | — | 2024-12-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anzar Ahmed Ni CRM Lead ni-crm-lead allows SQL Injection.This issue affects Ni CRM Lead: from n/a through <= 1.3.0. |
CVE-2024-54237 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni CRM Lead ni-crm-lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through <= 1.3.0. |
CVE-2024-54236 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Bulk Product Editor ni-woocommerce-product-editor allows Reflected XSS.This issue affects Ni WooCommerce Bulk… |
CVE-2024-54231 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Order Export ni-woocommerce-order-export allows Reflected XSS.This issue affects Ni WooCommerce Order Export… |
CVE-2023-32299 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Sales Report ni-woocommerce-sales-report allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ni WooCommerce Sales Report: from n/a thr… |
Glpi-project · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47760 | High | 8.8 | — | 2024-12-11 | GLPI is a free asset and IT management software package. |
CVE-2024-47758 | High | 8.8 | — | 2024-12-11 | GLPI is a free asset and IT management software package. |
CVE-2024-48912 | High | 8.1 | — | 2024-12-11 | GLPI is a free asset and IT management software package. |
CVE-2024-47761 | High | 7.2 | — | 2024-12-11 | GLPI is a free asset and IT management software package. |
CVE-2024-50339 | Medium | 5.3 | — | 2024-12-12 | GLPI is a free asset and IT management software package. |
Miniorange · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-37987 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in miniOrange YourMembership Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YourMembership Single Sign On: from n/a through 1.1.3. |
CVE-2023-25455 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login an… |
CVE-2023-41873 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4. |
CVE-2023-47776 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniorange otp verification: from n/a thro… |
CVE-2023-24375 | Low | 3.5 | — | 2024-12-09 | Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login an… |
Oring · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55547 | Critical | 9.8 | — | 2024-12-10 | SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e. |
CVE-2024-55544 | High | 8.8 | — | 2024-12-10 | Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below. |
CVE-2024-55548 | High | 7.5 | — | 2024-12-10 | Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e. |
CVE-2024-55545 | Medium | 6.1 | — | 2024-12-10 | Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. |
CVE-2024-55546 | Medium | 5.4 | — | 2024-12-10 | Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. |
Splunk · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-53247 | High | 8.8 | — | 2024-12-10 | In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles coul… |
CVE-2024-53244 | Medium | 5.7 | — | 2024-12-10 | In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a sav… |
CVE-2024-53246 | Medium | 5.3 | — | 2024-12-10 | In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. |
CVE-2024-53243 | Medium | 4.3 | — | 2024-12-10 | In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk rol… |
CVE-2024-53245 | Low | 3.1 | — | 2024-12-10 | In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a ro… |
Themeum · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54282 | High | 7.2 | — | 2024-12-13 | Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu wp-megamenu allows Object Injection.This issue affects WP Mega Menu: from n/a through <= 1.4.2. |
CVE-2024-11910 | Medium | 6.4 | — | 2024-12-13 | The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.15 due to insufficient input sanitization and output escaping. |
CVE-2023-41870 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5. |
CVE-2024-11911 | Medium | 4.3 | — | 2024-12-13 | The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. |
CVE-2024-53816 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons.This issue affects Tutor LMS Elementor Addons: from n/a through <= 2.1.5. |
Xwiki · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55877 | Critical | 9.9 | — | 2024-12-12 | XWiki Platform is a generic wiki platform. |
CVE-2024-55662 | Critical | 9.9 | — | 2024-12-12 | XWiki Platform is a generic wiki platform. |
CVE-2024-55663 | Critical | 9.8 | — | 2024-12-12 | XWiki Platform is a generic wiki platform. |
CVE-2024-55879 | Critical | 9.1 | — | 2024-12-12 | XWiki Platform is a generic wiki platform. |
CVE-2024-55876 | Medium | 5.4 | — | 2024-12-12 | XWiki Platform is a generic wiki platform. |
Autodesk · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11608 | High | 7.8 | — | 2024-12-09 | A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. |
CVE-2024-11454 | High | 7.8 | — | 2024-12-09 | A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized. |
CVE-2024-11268 | Medium | 5.5 | — | 2024-12-09 | A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. |
CVE-2023-7298 | Medium | 4.4 | — | 2024-12-09 | A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability. |
Awesomesupport · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54289 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.3.1. |
CVE-2023-49857 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.7. |
CVE-2023-49757 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.10. |
CVE-2023-48324 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.4. |
B3log · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55660 | Critical | 9.8 | — | 2024-12-12 | SiYuan is a personal knowledge management system. |
CVE-2024-55658 | High | 7.5 | — | 2024-12-12 | SiYuan is a personal knowledge management system. |
CVE-2024-55657 | High | 7.5 | — | 2024-12-12 | SiYuan is a personal knowledge management system. |
CVE-2024-55659 | Medium | 5.4 | — | 2024-12-12 | SiYuan is a personal knowledge management system. |
Cjbi · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12481 | Medium | 6.3 | — | 2024-12-12 | A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. |
CVE-2024-12480 | Medium | 6.3 | — | 2024-12-12 | A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. |
CVE-2024-12479 | Medium | 6.3 | — | 2024-12-12 | A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and classified as critical. |
CVE-2024-12482 | Medium | 4.3 | — | 2024-12-12 | A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. |
Digi · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-50628 | High | 8.8 | — | 2024-12-09 | An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. |
CVE-2024-50627 | High | 8.8 | — | 2024-12-09 | An issue was discovered in Digi ConnectPort LTS before 1.4.12. |
CVE-2024-50626 | High | 8.8 | — | 2024-12-09 | An issue was discovered in Digi ConnectPort LTS before 1.4.12. |
CVE-2024-50625 | High | 8.0 | — | 2024-12-09 | An issue was discovered in Digi ConnectPort LTS before 1.4.12. |
Google · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12382 | High | 8.8 | — | 2024-12-12 | Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2024-12381 | High | 8.8 | — | 2024-12-12 | Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2024-54317 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Google Web Stories web-stories allows Stored XSS.This issue affects Web Stories: from n/a through <= 1.37.0. |
CVE-2024-12236 | Medium | 5.5 | — | 2024-12-10 | A security issue exists in Vertex Gemini API for customers using VPC-SC. |
Hashthemes · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-28990 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in HashThemes Viral Mag allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Mag: from n/a through 1.0.9. |
CVE-2023-27456 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19. |
CVE-2024-12201 | Medium | 4.3 | — | 2024-12-12 | The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. |
CVE-2023-30486 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in HashThemes Square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through 2.0.0. |
Ibm · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-52901 | Medium | 6.5 | — | 2024-12-12 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation. |
CVE-2024-47117 | Medium | 5.4 | — | 2024-12-10 | IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. |
CVE-2024-51460 | Medium | 4.3 | — | 2024-12-11 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. |
CVE-2023-37395 | Low | 2.5 | — | 2024-12-11 | IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. |
Nicheaddons · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54316 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor allows DOM-Based XSS.This issue affects Restaurant… |
CVE-2024-54315 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Events Addon for Elementor events-addon-for-elementor allows DOM-Based XSS.This issue affects Events Addon for Elementor: fro… |
CVE-2024-54314 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Primary Addon for Elementor primary-addon-for-elementor allows Stored XSS.This issue affects Primary Addon for Elementor: fro… |
CVE-2023-47826 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5… |
Properfraction · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12309 | Medium | 5.3 | — | 2024-12-13 | The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the get_post_status() due to missing validation on a user controlled… |
CVE-2023-50882 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in properfraction ProfilePress wp-user-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfilePress: from n/a through <= 4.13.2. |
CVE-2024-10518 | Medium | 4.8 | — | 2024-12-12 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege… |
CVE-2024-10517 | Medium | 4.8 | — | 2024-12-12 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privile… |
Thimpress · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12283 | Medium | 6.1 | — | 2024-12-11 | The WP Pipes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘x1’ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. |
CVE-2024-11868 | Medium | 5.3 | — | 2024-12-10 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. |
CVE-2024-9881 | Medium | 4.8 | — | 2024-12-12 | The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability… |
CVE-2024-10010 | Medium | 4.8 | — | 2024-12-12 | The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability… |
Think201 · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54246 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 FAQs faqs allows Stored XSS.This issue affects FAQs: from n/a through <= 1.0.2. |
CVE-2024-54245 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Clients clients allows Stored XSS.This issue affects Clients: from n/a through <= 1.1.4. |
CVE-2024-54244 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Easy Replace easy-replace allows Stored XSS.This issue affects Easy Replace: from n/a through <= 1.3. |
CVE-2024-54243 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Echoza echoza allows Stored XSS.This issue affects Echoza: from n/a through <= 0.1.1. |
Appsbd · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54242 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in appsbd Simple Notification simple-notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Notification: from n/a through <= 1.3. |
CVE-2024-54241 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in Appsbd Elite Notification – Sales Popup, Social Proof, FOMO & WooCommerce Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elite Notification – S… |
CVE-2023-47694 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in appsbd Mini Cart Drawer For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mini Cart Drawer For WooCommerce: from n/a through 4.0.0. |
Arena.im · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12463 | Medium | 6.4 | — | 2024-12-12 | The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arena_embed_amp' shortcode in all versions up to, and including, 0.4.1 due to insufficient input sanitiza… |
CVE-2024-11384 | Medium | 6.4 | — | 2024-12-12 | The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arenablog' shortcode in all versions up to, and including, 0.3.0 due to insufficient input sanitization a… |
CVE-2024-12526 | Medium | 4.3 | — | 2024-12-12 | The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.1. |
Arraytics · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49756 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in Arraytics Eventin wp-event-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through <= 3.3.52. |
CVE-2023-47805 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through <= 2.2.22. |
CVE-2024-11275 | Medium | 4.3 | — | 2024-12-13 | The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoin… |
Codepeople · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23895 | Medium | 4.7 | — | 2024-12-09 | Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through 1.1.82. |
CVE-2023-25037 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact Form: from n/a through 1.2.34. |
CVE-2023-23814 | Low | 3.8 | — | 2024-12-09 | Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13. |
Fullworks · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-25714 | High | 7.5 | — | 2024-12-09 | Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25. |
CVE-2023-25035 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in Fullworks Quick Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Contact Form : from n/a through 8.0.3.1. |
CVE-2023-23975 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Fullworks Quick Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Event Manager: from n/a through 9.7.4. |
Gfi · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11948 | Critical | 9.8 | — | 2024-12-12 | GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. |
CVE-2024-11949 | High | 8.8 | — | 2024-12-12 | GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. |
CVE-2024-11947 | High | 8.8 | — | 2024-12-12 | GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. |
Habitica · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-53274 | Medium | 6.1 | — | 2024-12-12 | Habitica is an open-source habit-building program. |
CVE-2024-53273 | Medium | 6.1 | — | 2024-12-12 | Habitica is an open-source habit-building program. |
CVE-2024-53272 | Medium | 6.1 | — | 2024-12-12 | Habitica is an open-source habit-building program. |
Joomsky · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-46838 | Critical | 9.1 | — | 2024-12-13 | Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: f… |
CVE-2023-28689 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0. |
CVE-2022-46840 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: f… |
Jwillber · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12351 | Medium | 6.3 | — | 2024-12-09 | A vulnerability classified as critical has been found in JFinalCMS 1.0. |
CVE-2024-12350 | Medium | 6.3 | — | 2024-12-09 | A vulnerability was found in JFinalCMS 1.0. |
CVE-2024-12349 | Medium | 4.3 | — | 2024-12-09 | A vulnerability was found in JFinalCMS 1.0. |
Multivendorx · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51355 | High | 8.2 | — | 2024-12-09 | Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiVendorX: from n/a through <= 4.0.23. |
CVE-2023-37971 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in MultiVendorX WooCommerce Product Stock Alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Product Stock Alert: from n/a through 2.0.1. |
CVE-2023-50899 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Catalog Enquiry for WooCommerce… |
Ni · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-10496 | High | 7.8 | — | 2024-12-10 | An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. |
CVE-2024-10495 | High | 7.8 | — | 2024-12-10 | An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. |
CVE-2024-10494 | High | 7.8 | — | 2024-12-10 | An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. |
Pwndoc · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55602 | High | 7.6 | — | 2024-12-10 | PwnDoc is a penetration test report generator. |
CVE-2024-55652 | Medium | 6.5 | — | 2024-12-12 | PenDoc is a penetration testing reporting application. |
CVE-2024-55653 | Medium | 6.5 | — | 2024-12-10 | PwnDoc is a penetration test report generator. |
Quantumcloud · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12417 | Medium | 6.5 | — | 2024-12-13 | The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.5. |
CVE-2024-11928 | Medium | 6.4 | — | 2024-12-10 | The iChart – Easy Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. |
CVE-2024-12156 | Medium | 6.1 | — | 2024-12-12 | The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 6.1.3 due to insufficient input sanitization… |
Razormist · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12354 | Medium | 5.3 | — | 2024-12-09 | A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. |
CVE-2024-12355 | Low | 3.3 | — | 2024-12-09 | A vulnerability has been found in SourceCodester Phone Contact Manager System 1.0 and classified as problematic. |
CVE-2024-12353 | Low | 3.3 | — | 2024-12-09 | A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. |
Red Hat · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12397 | High | 7.4 | — | 2024-12-12 | A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. |
CVE-2024-12401 | Medium | 4.4 | — | 2024-12-12 | A flaw was found in the cert-manager package. |
CVE-2024-12369 | Medium | 4.2 | — | 2024-12-09 | A vulnerability was found in OIDC-Client. |
Unifiedtransform · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12307 | Medium | 4.3 | — | 2024-12-09 | A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. |
CVE-2024-12306 | Medium | 4.3 | — | 2024-12-09 | Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. |
CVE-2024-12305 | Medium | 4.3 | — | 2024-12-09 | An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. |
Adnan · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-53814 | Medium | 6.5 | — | 2024-12-09 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Adnan Analytify wp-analytify.This issue affects Analytify: from n/a through <= 5.4.3. |
CVE-2023-41695 | Low | 3.5 | — | 2024-12-13 | Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through <= 5.1.0. |
Alexacrm · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-28417 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.12. |
CVE-2023-29422 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.13. |
Apollo13themes · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-27454 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in Apollo13Themes Rife Elementor Extensions & Templates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rife Elementor Extensions & Templates: from n/a through… |
CVE-2023-25959 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apollo13 Framework Extensions: from n/a through 1.8.10. |
Bakkbone Australia · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54347 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BAKKBONE Australia FloristPress bakkbone-florist-companion allows Reflected XSS.This issue affects FloristPress: from n/a through <= 7.2… |
CVE-2024-53798 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in BAKKBONE Australia FloristPress bakkbone-florist-companion.This issue affects FloristPress: from n/a through <= 7.3.0. |
Bowo · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11107 | Medium | 6.1 | — | 2024-12-10 | The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. |
CVE-2024-10708 | Medium | 4.9 | — | 2024-12-10 | The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server |
Bqworks · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41865 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in bqworks Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider Pro: from n/a through 4.8.6. |
CVE-2023-40331 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in bqworks Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider: from n/a through 1.9.6. |
Brainstorm Force · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23834 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0. |
CVE-2023-23825 | Low | 3.1 | — | 2024-12-09 | Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0. |
Code-atlantic · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-10583 | Medium | 5.4 | — | 2024-12-12 | The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in all versions up to, and including, 1.20… |
CVE-2022-45819 | Low | 3.5 | — | 2024-12-13 | Missing Authorization vulnerability in Popup Maker Popup Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Maker: from n/a through 1.17.1. |
Cyberlord92 · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-10111 | High | 8.1 | — | 2024-12-12 | The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. |
CVE-2024-11901 | Medium | 6.4 | — | 2024-12-12 | The PowerBI Embed Reports plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MO_API_POWER_BI' shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping… |
Fahad Mahmood · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54344 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Quick Shop wp-quick-shop allows Reflected XSS.This issue affects WP Quick Shop: from n/a through <= 1.3.1. |
CVE-2023-32574 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Fahad Mahmood Injection Guard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Injection Guard: from n/a through 1.2.1. |
Falselight · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11760 | Medium | 6.4 | — | 2024-12-12 | The Currency Converter Widget ⚡ PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'currency-converter-widget-pro' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitiza… |
CVE-2024-54308 | Medium | 5.9 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falselight Cryptocurrency Price Widget cryptocurrency-price-widget allows Stored XSS.This issue affects Cryptocurrency Price Widget: from… |
G5theme · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-10910 | High | 7.3 | — | 2024-12-12 | The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via grid_plus_load_by_category AJAX action in all versions up to, and including, 1.3.5. |
CVE-2023-34014 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in G5Theme Grid Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grid Plus: from n/a through 1.3.2. |
Gallagher · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42407 | High | 8.5 | — | 2024-12-12 | Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted acce… |
CVE-2024-41146 | Medium | 4.6 | — | 2024-12-12 | Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBU… |
Genetech · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-53822 | Critical | 10.0 | — | 2024-12-09 | Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3. |
CVE-2024-52391 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3. |
Hive Support · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54304 | High | 8.5 | — | 2024-12-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hive Support Hive Support hive-support allows SQL Injection.This issue affects Hive Support: from n/a through <= 1.1.2. |
CVE-2024-54321 | Medium | 4.3 | — | 2024-12-13 | Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support hive-support allows Cross Site Request Forgery.This issue affects Hive Support: from n/a through <= 1.1.2. |
Horner Automation · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9508 | High | 7.8 | — | 2024-12-13 | Horner Automation Cscape contains a memory corruption vulnerability, which could allow an attacker to disclose information and execute arbitrary code. |
CVE-2024-12212 | High | 7.8 | — | 2024-12-13 | The vulnerability occurs in the parsing of CSP files. |
Imagination Technologies · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47892 | High | 7.8 | — | 2024-12-13 | Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. |
CVE-2024-46971 | High | 7.8 | — | 2024-12-13 | Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. |
Kadencewp · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-10637 | Medium | 5.4 | — | 2024-12-12 | The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contrib… |
CVE-2024-12581 | Medium | 4.4 | — | 2024-12-13 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53 due to insufficient input sanitization and… |
Karlkiesinger · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54226 | High | 7.1 | — | 2024-12-09 | Cross-Site Request Forgery (CSRF) vulnerability in karlkiesinger Country Blocker country-blocker allows Stored XSS.This issue affects Country Blocker: from n/a through <= 3.2. |
CVE-2024-11459 | Medium | 6.1 | — | 2024-12-12 | The Country Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. |
Ltdrdata · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21574 | Critical | 10.0 | — | 2024-12-12 | The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. |
CVE-2024-21575 | High | 8.6 | — | 2024-12-12 | ComfyUI-Impact-Pack is vulnerable to Path Traversal. |
Mayurik · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12357 | Medium | 4.3 | — | 2024-12-09 | A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. |
CVE-2024-12536 | Low | 3.5 | — | 2024-12-12 | A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. |
Ninja Team · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-25966 | Medium | 5.5 | — | 2024-12-09 | Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 5.1.4. |
CVE-2024-54269 | Medium | 4.3 | — | 2024-12-11 | Missing Authorization vulnerability in Ninja Team Notibar notibar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notibar: from n/a through <= 2.1.4. |
Noah Hearle, Design Extreme · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23986 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in Noah Hearle, Design Extreme Reviews and Rating – Google My Business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reviews and Rating – Google My Business… |
CVE-2023-25067 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Noah Hearle, Design Extreme We’re Open! |
Ogun Labs · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-53790 | High | 7.5 | — | 2024-12-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS lenxel-core allows PHP Local File Inclusion.This issue affects Lenxel Core for Lenxel(LNX) LMS: from… |
CVE-2024-53791 | Medium | 6.5 | — | 2024-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS lenxel-core allows DOM-Based XSS.This issue affects Lenxel Core for Lenxel(LNX) LMS: from n/a t… |
Onthegosystems · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-38383 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in OnTheGoSystems Language allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Language: from n/a through 1.2.1. |
CVE-2023-29431 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in OntheGoSystems qTranslate X Cleanup and WPML Import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects qTranslate X Cleanup and WPML Import: from n/a through 3… |
Prodigycommerce · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54250 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows DOM-Based XSS.This issue affects Prodigy Commerce: from n/a through <= 3.0.8. |
CVE-2024-54251 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prodigy Commerce: from n/a through <= 3.1.2. |
Propertyhive · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12465 | Medium | 6.4 | — | 2024-12-13 | The Property Hive Stamp Duty Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stamp_duty_calculator_scotland' shortcode in all versions up to, and including, 1.0.22 due to insufficient input sa… |
CVE-2024-11940 | Medium | 6.4 | — | 2024-12-10 | The Property Hive Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘price’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. |
Reputeinfosystems · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54217 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.1. |
CVE-2024-54223 | Medium | 5.3 | — | 2024-12-09 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in reputeinfosystems ARForms Form Builder arforms-form-builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through <= 1… |
Roninwp · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54215 | Critical | 9.3 | — | 2024-12-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy revy.This issue affects Revy: from n/a through <= 1.18. |
CVE-2024-54220 | High | 7.1 | — | 2024-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in roninwp FAT Services Booking fat-services-booking allows Stored XSS.This issue affects FAT Services Booking: from n/a through <= 5.6. |
Samdani · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11766 | Medium | 6.4 | — | 2024-12-12 | The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_book_showcase' shortcode in all versions up to, and includin… |
CVE-2024-11765 | Medium | 6.4 | — | 2024-12-12 | The WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_portfolio' shortcode in all versions up to, an… |
Schneider Electric · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11737 | Critical | 9.8 | — | 2024-12-11 | CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device. |
CVE-2024-10511 | Medium | 5.3 | — | 2024-12-11 | CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the web interface when someone on the local network repeatedly requests the /accessdenied URL. |
Sonalsinha21 · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54346 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 Barter barter allows DOM-Based XSS.This issue affects Barter: from n/a through <= 1.6. |
CVE-2024-54345 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 Bicycleshop bicycleshop allows DOM-Based XSS.This issue affects Bicycleshop: from n/a through <= 1.5. |
Sparkle Themes · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-30476 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Sparkle Themes Blogger Buzz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blogger Buzz: from n/a through 1.2.2. |
CVE-2023-28416 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Sparkle Themes Chankhe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chankhe: from n/a through 1.0.5. |
Stylemixthemes · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-40011 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in StylemixThemes Cost Calculator Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost Calculator Builder: from n/a through 3.1.42. |
CVE-2022-43472 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom – Zoom Meetings & Webinar: from n/a through 1.4.6. |
Supsystic · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-39997 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19. |
CVE-2023-51353 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through <= 1.10.19. |
Thehp · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54219 | High | 7.1 | — | 2024-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thehp AIO Contact aio-contact.This issue affects AIO Contact: from n/a through <= 2.8.1. |
CVE-2024-54218 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in thehp AIO Contact aio-contact.This issue affects AIO Contact: from n/a through <= 2.8.1. |
Themehunk · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-10124 | Critical | 9.8 | — | 2024-12-12 | The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions u… |
CVE-2023-28688 | Medium | 5.4 | — | 2024-12-09 | Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk TH Variation Swatches allows Cross Site Request Forgery.This issue affects TH Variation Swatches: from n/a through 1.2.7. |
Webcodin · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32520 | High | 7.5 | — | 2024-12-13 | Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0. |
CVE-2023-32519 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0. |
1000 Projects · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12497 | High | 7.3 | — | 2024-12-12 | A vulnerability classified as critical has been found in 1000 Projects Attendance Tracking Management System 1.0. |
10up · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32798 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in 10up Simple Page Ordering allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Page Ordering: from n/a through 2.5.0. |
10web · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-33995 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15. |
3dweb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48779 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in 3DWeb 360 Javascript Viewer 360deg-javascript-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 360 Javascript Viewer: from n/a through <= 1.7.11. |
8degree Themes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-47429 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in 8Degree Themes Coming Soon Landing Page and Maintenance Mode WordPress Plugin allows Retrieve Embedded Sensitive Data.This issue affects Coming Soon Landing Page and Maintenance Mode WordPress Plugin… |
A3rev Software · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32963 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in a3rev Software WooCommerce Predictive Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Predictive Search: from n/a through 5.8.0. |
Abcbiz · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54247 | Medium | 6.5 | — | 2024-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABCBiz ABCBiz Addons and Templates for Elementor allows Stored XSS.This issue affects ABCBiz Addons and Templates for Elementor: from n/a… |
Acato · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-28536 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Acato Branded Social Images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Branded Social Images: from n/a through 1.1.0. |
Acme Themes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47793 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Acme Themes Acme Fix Images acme-fix-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acme Fix Images: from n/a through <= 1.0.0. |
Addons For Contact Form 7 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47830 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in Addons for Contact Form 7 Live Preview for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Preview for Contact Form 7: from n/a through 1… |
Aipost · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54307 | Medium | 4.3 | — | 2024-12-13 | Cross-Site Request Forgery (CSRF) vulnerability in aipost AIcomments aicomments allows Cross Site Request Forgery.This issue affects AIcomments: from n/a through <= 1.4.1. |
Aitool · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54306 | Medium | 4.3 | — | 2024-12-13 | Cross-Site Request Forgery (CSRF) vulnerability in aitool AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot ai-seo-translator allows Cross Site Request Forgery.This issue affects AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Be… |
Aleksandar Urošević · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-27626 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Aleksandar Urošević Stock Ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Ticker: from n/a through 3.23.0. |
Alex Volkov · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41869 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.4. |
Alexander Volkov · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-53785 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Alexander Volkov Chatter.This issue affects Chatter: from n/a through 1.0.1. |
Aliakro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12018 | Medium | 4.3 | — | 2024-12-12 | The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. |
Alireza Aliniya · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54277 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alireza Aliniya Nias course nias-course allows DOM-Based XSS.This issue affects Nias course: from n/a through <= 1.2.10. |
Alphabpo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41664 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in AlphaBPO Easy Newsletter Signups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Newsletter Signups: from n/a through 1.0.4. |
Altair-graphql · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54147 | Medium | 6.8 | — | 2024-12-09 | Altair is a GraphQL client for all platforms. |
Amauric · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12420 | Medium | 6.5 | — | 2024-12-13 | The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. |
Amazon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55886 | Medium | 6.9 | — | 2024-12-12 | OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. |
Ameliabooking · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11754 | Medium | 6.4 | — | 2024-12-13 | The Booking System Trafft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trafftbooking' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping o… |
Amrendesign · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12574 | Medium | 5.4 | — | 2024-12-13 | The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. |
Analytify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47841 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.1. |
Andrew Fiebert · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-40678 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in Andrew Fiebert Simple URLs simple-urls allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple URLs: from n/a through <= 117. |
Androidbubble · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-30873 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through 1.9.8. |
Anisha · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12492 | Medium | 6.3 | — | 2024-12-12 | A vulnerability was found in code-projects Farmacia 1.0. |
Apasionados · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-44147 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in apasionados Comment Blacklist Updater comment-blacklist-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comment Blacklist Updater: from n/a through <… |
Appgenix Infotech · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54294 | Critical | 9.8 | — | 2024-12-13 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP Authentication authentication-via-otp-using-firebase allows Authentication Bypass.This issue affects Firebase OTP Authentication: from… |
Appsplate · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54292 | Critical | 9.3 | — | 2024-12-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsplate Appsplate appsplate allows SQL Injection.This issue affects Appsplate: from n/a through <= 2.1.3. |
Arcinfo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12057 | — | — | — | 2024-12-09 | User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end. |
Arm · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5660 | Critical | 9.8 | — | 2024-12-10 | Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2… |
Arni Cinco · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54271 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2. |
Artbees · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-38385 | High | 8.3 | — | 2024-12-13 | Missing Authorization vulnerability in Artbees JupiterX Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JupiterX Core: from 3.0.0 through 3.3.0. |
Artifex · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-46657 | Medium | 5.5 | — | 2024-12-10 | Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. |
Arul Prasad J · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-31214 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through 2.0. |
Ashish Ajani · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49850 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Simple HTML Sitemap: from n/a through 2.7. |
Aslam Khan Gouran · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54310 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in Aslam Khan Gouran Gou Manage My Account Menu gou-wc-account-tabs allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Gou Manage My Account Menu: from n/a through <= 1.0… |
Astoundify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-52480 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Astoundify Jobify jobify.This issue affects Jobify: from n/a through < 4.3.0. |
Austin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49858 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Austin Custom Login custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login: from n/a through <= 4.1.0. |
Averta · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-47176 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through 1.9.0. |
Aviplugins.com · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54255 | Medium | 4.7 | — | 2024-12-09 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in aviplugins.com Login Widget With Shortcode login-sidebar-widget allows Phishing.This issue affects Login Widget With Shortcode: from n/a through <= 6.1.2. |
Awesome Togi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-29173 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in AWESOME TOGI Product Category Tree allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Category Tree: from n/a through 2.5. |
Awesomemotive · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-40005 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in Syed Balkhi Easy Digital Downloads easy-digital-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through <= 3.1.5. |
Ays Pro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50904 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.8.0. |
Ays-pro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-22697 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through 3.2.0. |
Azzaroco · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9290 | Critical | 9.8 | — | 2024-12-13 | The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up… |
B.m. Rafiul Alam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49755 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in B.M. |
Basar Ventures · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54300 | Medium | 4.3 | — | 2024-12-13 | Cross-Site Request Forgery (CSRF) vulnerability in Basar Ventures AutoWP autowp-ai-content-writer-rewriter allows Cross Site Request Forgery.This issue affects AutoWP: from n/a through <= 2.0.8. |
Basecamp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-53847 | — | — | — | 2024-12-09 | The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting (XSS) + mutation XSS attacks when pasting malicious code. |
Beaverbuilder · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11832 | Medium | 6.4 | — | 2024-12-13 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JavaScript row settings in all versions up to, and including, 2.8.4.4 due to insufficient input sanitization and o… |
Beego · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55885 | High | 7.5 | — | 2024-12-12 | beego is an open-source web framework for the Go programming language. |
Berocket · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-44149 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in BeRocket Brands for WooCommerce brands-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brands for WooCommerce: from n/a through <= 3.8.2.2. |
Best Wp Developer · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54287 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Best WP Developer Advanced Blog Post Block advanced-blog-post-block allows Stored XSS.This issue affects Advanced Blog Post Block: from n… |
Bill Minozzi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32599 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Bill Minozzi reCAPTCHA for all allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects reCAPTCHA for all: from n/a through 1.22. |
Binh Nguyen · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49158 | High | 7.1 | — | 2024-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binh Nguyen LadiApp ladipage allows Stored XSS.This issue affects LadiApp: from n/a through <= 4.4. |
Bitcoin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55563 | Medium | 5.3 | — | 2024-12-09 | Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. |
Bitpay · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41803 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in BitPay BitPay Checkout for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BitPay Checkout for WooCommerce: from n/a through 4.1.0. |
Blazeonline · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54240 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazeonline Blaze Online eParcel for WooCommerce blaze-online-eparcel-for-woocommerce allows Reflected XSS.This issue affects Blaze Onlin… |
Blazethemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54260 | Medium | 6.5 | — | 2024-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Stored XSS.This issue affects News Kit Elementor Addons: from n/a… |
Blossom Themes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47849 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Blossom Themes BlossomThemes Email Newsletter blossomthemes-email-newsletter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BlossomThemes Email Newsletter… |
Bmad4ever · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21576 | Critical | 10.0 | — | 2024-12-13 | ComfyUI-Bmad-Nodes is vulnerable to Code Injection. |
Boldgrid · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-53819 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.0. |
Booking Ultra Pro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32601 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in Booking Ultra Pro Booking Ultra Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Ultra Pro: from n/a through 1.1.12. |
Bplugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11882 | Medium | 6.4 | — | 2024-12-12 | The FAQ And Answers – Create Frequently Asked Questions Area on WP Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'faq' shortcode in all versions up to, and including, 1.1.0 due to insufficient inp… |
Caagsoftware · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11689 | High | 8.8 | — | 2024-12-12 | The HQ Rental Software plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.29. |
Cadus Pro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-25791 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in Cadus Pro Fontiran allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fontiran: from n/a through 2.1. |
Ce21 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54293 | Critical | 9.8 | — | 2024-12-13 | Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through <= 2.2.0. |
Certain Dev · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-38480 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in Certain Dev Booster Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster Elementor Addons: from n/a through 1.4.9. |
Chris Baldelomar · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23725 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Chris Baldelomar Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes: from n/a through 3.46. |
Christer_f · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54338 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in christer_f Hello Event Widgets For Elementor hello-event-widgets-for-elementor allows DOM-Based XSS.This issue affects Hello Event Widget… |
Cimatti · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-35051 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7. |
Citeum · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-45404 | High | 8.1 | — | 2024-12-12 | OpenCTI is an open-source cyber threat intelligence platform. |
Cl272 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49192 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in cl272 Enhanced Text Widget enhanced-text-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through <= 1.6.3. |
Classcms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12503 | Low | 2.4 | — | 2024-12-12 | A vulnerability classified as problematic was found in ClassCMS 4.8. |
Cleo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55956 | Critical | 9.8 | KEV | 2024-12-13 | In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autor… |
Cleveland Heights-university Heights Public Library Webdeveloper · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54238 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cleveland Heights-University Heights Public Library Webdeveloper Board Document Manager from CHUHPL board-document-manager-from-chuhpl al… |
Clever Widgets · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23823 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8. |
Clicktotweet.com · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41857 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in ClickToTweet.com Click To Tweet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Click To Tweet: from n/a through 2.0.14. |
Cmorillas1 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54264 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmorillas1 Shortcodes Blocks Creator Ultimate ultimate-shortcodes-creator allows Reflected XSS.This issue affects Shortcodes Blocks Creat… |
Code4life · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49167 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in code4life Database for CF7 database-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database for CF7: from n/a through <= 1.2.4. |
Codegearthemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54225 | High | 7.5 | — | 2024-12-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codegearthemes Designer designer allows PHP Local File Inclusion.This issue affects Designer: from n/a through <= 1.4… |
Codents · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-38479 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in Codents Simple Googlebot Visit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Googlebot Visit: from n/a through 1.2.4. |
Codexpert, Inc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54296 | Critical | 9.8 | — | 2024-12-13 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS coschool allows Authentication Bypass.This issue affects CoSchool LMS: from n/a through <= 1.4.3. |
Codezips · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12484 | High | 7.3 | — | 2024-12-12 | A vulnerability classified as critical was found in Codezips Technical Discussion Forum 1.0. |
Cognitoapps · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-10182 | Medium | 6.4 | — | 2024-12-12 | The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. |
Combodo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54139 | High | 7.9 | — | 2024-12-13 | Combodo iTop is an open source and web-based IT service management platform. |
Constant Contact · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-34387 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Constant Contact Constant Contact Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact Forms: from n/a through 2.0.3. |
Contact Form - Wpmanageninja Llc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41952 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in Contact Form - WPManageNinja LLC FluentForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through 5.0.8. |
Conversios · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51357 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through <= 6.5.0. |
Cool Plugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-36681 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets – Price Ticker & Coins… |
Creativemindssolutions · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54267 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in CreativeMindsSolutions CM Answers cm-answers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Answers: from n/a through <= 3.2.6. |
Crudlab · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47820 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in CRUDLab WP Like Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Like Button: from n/a through 1.7.0. |
Crushftp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-53552 | Critical | 9.8 | — | 2024-12-10 | CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover. |
Crushftp, Llc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11986 | Critical | 9.6 | — | 2024-12-13 | Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. |
Curl · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11053 | Low | 3.4 | — | 2024-12-11 | When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. |
Cybernetikz · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-33998 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in cybernetikz Easy Social Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Icons: from n/a through 3.2.5. |
Damir Calusic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-27428 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in Damir Calusic WP users media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP users media: from n/a through 4.2.3. |
Dash Labs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-39305 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in Dash Labs Yet Another Stars Rating yet-another-stars-rating allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yet Another Stars Rating: from n/a through <= 3.4… |
Datax-web_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12358 | Medium | 6.3 | — | 2024-12-09 | A vulnerability was found in WeiYe-Jing datax-web 2.1.1. |
David Vongries · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47756 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in David Vongries Welcome Email Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcome Email Editor: from n/a through 5.0.6. |
Dealertrend · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54325 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DealerTrend CarDealerPress cardealerpress allows Reflected XSS.This issue affects CarDealerPress: from n/a through <= 6.6.2410.02. |
Debian · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47606 | Critical | 9.8 | — | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. |
Decollete · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11443 | High | 8.8 | — | 2024-12-12 | The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in all versions up to, and including, 1.0.2. |
Deepen Bajracharya · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-44142 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in Deepen Bajracharya Inactive Logout inactive-logout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Inactive Logout: from n/a through <= 3.2.2. |
Dejureorg · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11417 | Medium | 6.1 | — | 2024-12-12 | The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.97.5. |
Delucks · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54259 | Medium | 6.5 | — | 2024-12-13 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Path Traversal.This issue affects DELUCKS SEO: from n/a through <= 2.7.0. |
Depayfi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12265 | Medium | 5.3 | — | 2024-12-12 | The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint in all versions up to, and including, 2… |
Designinvento · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-37967 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2. |
Devfelixmoira · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54276 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devfelixmoira Poll Builder poll-builder allows Stored XSS.This issue affects Poll Builder: from n/a through <= 1.3.5. |
Devrix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54337 | High | 7.1 | — | 2024-12-13 | Cross-Site Request Forgery (CSRF) vulnerability in DevriX DX Dark Site devrix-dark-site allows Stored XSS.This issue affects DX Dark Site: from n/a through <= 1.0.1. |
Dfinity · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11991 | Medium | 5.6 | — | 2024-12-09 | Motoko's incremental garbage collector is impacted by an uninitialized memory access bug, caused by incorrect use of write barriers in a few locations. |
Dipankarpal212 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12260 | Medium | 6.1 | — | 2024-12-12 | The Ultimate Endpoints With Rest Api plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. |
Directus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54151 | High | 7.5 | — | 2024-12-09 | Directus is a real-time API and App dashboard for managing SQL database content. |
Divscorp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-38946 | Critical | 9.8 | — | 2024-12-09 | Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code. |
Dmitry V. (Ceo Of "Ukr Solution") · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54265 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dmitry V. |
Dotcamp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-10678 | Medium | 5.4 | — | 2024-12-13 | The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to p… |
Dotonpaper · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54252 | Medium | 6.3 | — | 2024-12-13 | Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.7. |
Dotstore · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54227 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Dotstore Minimum and Maximum Quantity for WooCommerce min-and-max-quantity-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Minimum and Maximu… |
Dromara · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12483 | Low | 3.7 | — | 2024-12-12 | A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. |
Dugudlabs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54239 | Critical | 9.8 | — | 2024-12-13 | Missing Authorization vulnerability in dugudlabs Eyewear prescription form eyewear-prescription-form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through <= 4.0.18. |
Dylan Blokhuis · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-38483 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in Dylan Blokhuis Instant CSS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instant CSS: from n/a through 1.1.4. |
Dynamic.ooo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-35046 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in Dynamic.ooo Dynamic Visibility for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Visibility for Elementor: from n/a through 5.0.5. |
Easy-appointments · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-30748 | Medium | 4.3 | — | 2024-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7. |
Easyship · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-37989 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in Easyship Easyship WooCommerce Shipping Rates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easyship WooCommerce Shipping Rates: from n/a through 0.9.0. |
Easysocialfeed · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48740 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Sajid Javed Easy Social Feed easy-facebook-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Feed: from n/a through <= 6.5.1. |
Ederson Peka · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54322 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader media-downloader allows Reflected XSS.This issue affects Media Downloader: from n/a through <= 0.4.7.4. |
Edgarrojas · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49856 | High | 8.1 | — | 2024-12-09 | Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through <= 2.6.84. |
Edo888 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50375 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in edo888 Google Language Translator google-language-translator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Language Translator: from n/a through <=… |
Eewee · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54248 | High | 8.8 | — | 2024-12-13 | Cross-Site Request Forgery (CSRF) vulnerability in eewee eewee admin custom eewee-admincustom allows Privilege Escalation.This issue affects eewee admin custom: from n/a through <= 1.8.2.4. |
Elabftw · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-52586 | Medium | 5.4 | — | 2024-12-09 | eLabFTW is an open source electronic lab notebook for research labs. |
Elementinvader · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12059 | Medium | 4.3 | — | 2024-12-12 | The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode. |
Elliotvs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12421 | Medium | 6.5 | — | 2024-12-13 | The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. |
Elvinhaci · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11430 | Medium | 6.5 | — | 2024-12-12 | The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvn_schart_2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack o… |
Enalean · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-52599 | Medium | 5.4 | — | 2024-12-09 | Tuleap is an open source suite to improve management of software developments and collaboration. |
Epic Games · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11872 | High | 7.8 | — | 2024-12-12 | Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. |
Eryaz Information Technologies · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8259 | Critical | 9.8 | — | 2024-12-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection. |
Espressif · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-53845 | — | — | — | 2024-12-12 | ESPTouch is a connection protocol for internet of things devices. |
Expresstech · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-37984 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10. |
Extremeidea · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54297 | Critical | 9.8 | — | 2024-12-13 | Authentication Bypass Using an Alternate Path or Channel vulnerability in extremeidea vBSSO-lite vbsso-lite allows Authentication Bypass.This issue affects vBSSO-lite: from n/a through <= 1.4.3. |
Eyal Fitoussi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54326 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in Eyal Fitoussi GEO my WordPress geo-my-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GEO my WordPress: from n/a through <= 4.5.0.4. |
Fantastic Plugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-25048 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Fantastic Plugins Fantastic Content Protector Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fantastic Content Protector Free: from n/a through 2.6. |
Fatcatapps · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12072 | Medium | 6.1 | — | 2024-12-12 | The Analytics Cat – Google Analytics Made Easy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. |
Feedbackwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-36528 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.3. |
Felix Welberg · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32094 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in Felix Welberg Extended Post Status allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extended Post Status: from n/a through 1.0.19. |
Fhir · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55887 | High | 8.6 | — | 2024-12-13 | Ucum-java is a FHIR Java library providing UCUM Services. |
Flowdee · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47780 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in flowdee EasyAzon easyazon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyAzon: from n/a through <= 5.1.0. |
Fluentforms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9651 | Medium | 6.1 | — | 2024-12-09 | The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability… |
Fluxbuilder · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54295 | Critical | 9.8 | — | 2024-12-13 | Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through <= 1.7.7. |
Fooplugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6947 | High | 7.7 | — | 2024-12-10 | The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. |
Formfacade · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54301 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in manidoraisamy FormFacade formfacade allows Reflected XSS.This issue affects FormFacade: from n/a through <= 1.3.6. |
Fortra · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9945 | Medium | 5.3 | — | 2024-12-13 | An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders. |
Full. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54313 | Medium | 6.5 | — | 2024-12-13 | Path Traversal vulnerability in FULL. |
G5plus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12329 | Medium | 4.3 | — | 2024-12-12 | The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. |
Gemini Labs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49832 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Gemini Labs Site Reviews site-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through <= 6.10.2. |
Geovision · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12553 | Medium | 6.5 | — | 2024-12-13 | GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. |
Gesundheit Bewegt Gmbh · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-34381 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in Gesundheit Bewegt GmbH Zippy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zippy: from n/a through 1.6.2. |
Get3code · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11419 | Medium | 6.1 | — | 2024-12-12 | The Password for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. |
Godaddy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49156 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in GoDaddy GoDaddy Email Marketing godaddy-email-marketing-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDaddy Email Marketing: from n/a throu… |
Gohugoio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55601 | — | — | — | 2024-12-09 | Hugo is a static site generator. |
Golang.org/x/crypto · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-45337 | Critical | 9.1 | — | 2024-12-12 | Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. |
Gopiplus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11442 | Medium | 6.4 | — | 2024-12-12 | The Horizontal scroll image slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'horizontal-scroll-image-slideshow' shortcode in all versions up to, and including, 10.1 due to insufficient input san… |
Greenshiftwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11181 | Medium | 4.3 | — | 2024-12-12 | The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which po… |
Greg - Siteorigin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54268 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through <=… |
Gs Plugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32593 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in GS Plugins GS Pins for Pinterest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Pins for Pinterest: from n/a through 1.6.7. |
Gsarig · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11827 | Medium | 6.4 | — | 2024-12-13 | The Out of the Block: OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ootb_query shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escap… |
Guangzhou Huayi Intelligent Technology · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12347 | Medium | 5.3 | — | 2024-12-09 | A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. |
Guido · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41862 | Medium | 5.3 | — | 2024-12-13 | Weak Authentication vulnerability in Guido VS Contact Form allows Authentication Abuse.This issue affects VS Contact Form: from n/a through 14.0. |
Guizhou Xiaoma Technology · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12348 | Low | 3.5 | — | 2024-12-09 | A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. |
Gvectors · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47869 | Medium | 4.3 | — | 2024-12-09 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Code Injection.This issue affects wpForo Forum: from n/a through 2.2.5. |
Hage · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11875 | Medium | 6.4 | — | 2024-12-12 | The Add infos to the events calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fuss' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping… |
Halfdata · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-10590 | High | 8.8 | — | 2024-12-12 | The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. |
Hanif-khan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11683 | Medium | 6.1 | — | 2024-12-12 | The Newsletter Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'token_type' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. |
Hanthuy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11785 | Medium | 6.4 | — | 2024-12-12 | The Integrate Firebase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'firebase_show' shortcode in all versions up to, and including, 0.9.3 due to insufficient input sanitization and output escaping on u… |
Hashicorp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12289 | Medium | 5.9 | — | 2024-12-12 | Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. |
Hay86 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21577 | Critical | 10.0 | — | 2024-12-13 | ComfyUI-Ace-Nodes is vulnerable to Code Injection. |
Heateor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41802 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Team Heateor Super Socializer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Socializer: from n/a through 7.13.54. |
Heolixfy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49817 | High | 8.2 | — | 2024-12-09 | Missing Authorization vulnerability in heoLixfy Flexible Woocommerce Checkout Field Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flexible Woocommerce Checkout Field Editor: from n/a thro… |
Hewlett Packard Enterprise (Hpe) · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54008 | High | 7.2 | — | 2024-12-10 | An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. |
Hk Digital Agency Llc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54261 | Critical | 10.0 | — | 2024-12-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM virtual-hdm-for-taxservice-am allows SQL Injection.This issue affects TAX SERVICE Electr… |
Hookandhook · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12172 | High | 7.5 | — | 2024-12-12 | The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function i… |
Hostfact · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11413 | Medium | 6.4 | — | 2024-12-12 | The HostFact bestelformulier integratie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bestelformulier' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and out… |
Http4k · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55875 | Critical | 9.8 | — | 2024-12-12 | http4k is a functional toolkit for Kotlin HTTP applications. |
Hugh Lashbrooke · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-36518 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Hugh Lashbrooke Post Hit Counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Hit Counter: from n/a through 1.3.2. |
Hurraki · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54330 | High | 7.2 | — | 2024-12-13 | Server-Side Request Forgery (SSRF) vulnerability in hurraki Hurrakify hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through <= 2.4. |
I.lychkov · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54311 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in i.lychkov Mark New Posts mark-new-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through <= 7.5.1. |
I13websolution · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25221 | Medium | 6.5 | — | 2024-12-13 | The Responsive Filterable Portfolio plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient p… |
Icdsoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54320 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icdsoft ICDSoft Reseller Store icdsoft-reseller-store allows Reflected XSS.This issue affects ICDSoft Reseller Store: from n/a through <=… |
Ido Kobelkowsky · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54303 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ido Kobelkowsky Simple Payment simple-payment allows Reflected XSS.This issue affects Simple Payment: from n/a through <= 2.3.8. |
Igor Benic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23893 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Igor Benic Simple Giveaways allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Giveaways: from n/a through 2.48.0. |
Ilghera · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41686 | Medium | 6.5 | — | 2024-12-13 | Cross-Site Request Forgery (CSRF) vulnerability in ilGhera Woocommerce Support System allows Cross Site Request Forgery.This issue affects Woocommerce Support System: from n/a through 1.2.2. |
Ilmdesigns · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49851 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in ILMDESIGNS Square Thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square Thumbnails: from n/a through 1.1.1. |
Imagerecycle · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54266 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ImageRecycle ImageRecycle pdf & image compression imagerecycle-pdf-image-compression allows Reflected XSS.This issue affects ImageRecycle… |
Immosoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54335 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ImmoSoft ImmoToolBox Connect immotoolbox-connect allows Reflected XSS.This issue affects ImmoToolBox Connect: from n/a through <= 1.3.3. |
Importify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49194 | Medium | 5.3 | — | 2024-12-09 | Insertion of Sensitive Information Into Debugging Code vulnerability in importify Importify (Dropshipping WooCommerce) importify allows Retrieve Embedded Sensitive Data.This issue affects Importify (Dropshipping WooCommerce): from n/a thro… |
Infiniflow · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-53450 | High | 7.5 | — | 2024-12-09 | RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents. |
Inisev · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-34009 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media & Share Icons: from n/a through 2.8.1. |
Inqsys Technology · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-36526 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in Inqsys Technology Duplicate Post Page Menu & Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Duplicate Post Page Menu & Custom Post Type: fr… |
Insiderealestate · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11723 | Medium | 6.1 | — | 2024-12-12 | The kvCORE IDX plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter on pages with the kvcoreidx_listings_sitemap_ranges, kvcoreidx_listings_sitemap_page, kvcoreidx_agent_profile_sitemap, or kvcoreidx_agent… |
Inspireui · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12042 | Medium | 5.4 | — | 2024-12-13 | The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, and including, 4.16.4 due to insufficient… |
It Path Solutions · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47871 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in IT Path Solutions Contact Form to Any API allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form to Any API: from n/a through 1.1.6. |
Iulia Cazan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-36680 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in Iulia Cazan Image Regenerate & Select Crop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Regenerate & Select Crop: from n/a through 7.1.0. |
Jbd7 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54339 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jbd7 geoFlickr geoflickr allows Reflected XSS.This issue affects geoFlickr: from n/a through <= 1.3. |
Jegstudio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-35875 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5. |
Jerod Santo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-28168 | Low | 3.7 | — | 2024-12-09 | Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9. |
Jigar-sable · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-38947 | Critical | 9.8 | — | 2024-12-09 | SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code. |
Jobboardwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23715 | Medium | 5.2 | — | 2024-12-09 | Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP – Job Board Listings and Submissions: f… |
Johnwwweissberg · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12312 | High | 8.1 | — | 2024-12-12 | The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie. |
Jose Vega · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-31073 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend – Post and User Profile Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display custom fields in the f… |
Jottlieb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12294 | Medium | 5.3 | — | 2024-12-11 | The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function. |
Jtermaat · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12271 | Medium | 4.4 | — | 2024-12-12 | The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. |
Jtexpress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54305 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jtexpress J&T Express Malaysia jt-express allows Reflected XSS.This issue affects J&T Express Malaysia: from n/a through <= 2.0.13. |
Jules Colle · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47838 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Jules Colle Conditional Fields for Contact Form 7 cf7-conditional-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conditional Fields for Contact Form… |
Justin Fletcher · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54290 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Fletcher Role Includer role-includer allows Reflected XSS.This issue affects Role Includer: from n/a through <= 1.6. |
Karim Salman · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-22708 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through 2.6.7. |
Karim42 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11973 | Medium | 6.1 | — | 2024-12-10 | The Quran multilanguage Text & Audio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sourate' and 'lang' parameter in all versions up to, and including, 2.3.21 due to insufficient input sanitization and output… |
Kaushik07 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11891 | Medium | 6.4 | — | 2024-12-12 | The Perfect Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfai' shortcode in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping o… |
Kekotron · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11709 | Medium | 4.3 | — | 2024-12-12 | The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ai_post_generator_delete_Post AJAX action in all versions up to, and including, 3.5. |
Ketr · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-51165 | High | 7.5 | — | 2024-12-10 | SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the… |
Koen Reus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41689 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Koen Reus Post to Google My Business (Google Business Profile) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post to Google My Business (Google Business Pr… |
Kofi Mokome · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54254 | Medium | 6.3 | — | 2024-12-09 | Missing Authorization vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter.This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.3. |
Kstover · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11052 | High | 7.2 | — | 2024-12-12 | The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitiza… |
Kundgenerator · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54319 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kundgenerator Kundgenerator kundgenerator allows Reflected XSS.This issue affects Kundgenerator: from n/a through <= 1.0.6. |
La-studio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50884 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from… |
Labelgrid · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54341 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LabelGrid LabelGrid Tools label-grid-tools allows Reflected XSS.This issue affects LabelGrid Tools: from n/a through <= 1.3.58. |
Laravel · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55661 | High | 8.8 | — | 2024-12-13 | Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. |
Lauri Karisola / Wp Trio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-46807 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2. |
Ldd Web Design · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54288 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LDD Web Design LDD Directory Lite ldd-directory-lite allows Reflected XSS.This issue affects LDD Directory Lite: from n/a through <= 3.3. |
Link Whisper · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32506 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in Link Whisper Link Whisper Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through 0.6.3. |
Linknacional · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54328 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linknacional Invoice Payment for WooCommerce invoice-payment-for-woocommerce allows Reflected XSS.This issue affects Invoice Payment for… |
Liquidpoll · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-36531 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in LiquidPoll LiquidPoll – Advanced Polls for Creators and Brands allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LiquidPoll – Advanced Polls for Creators and B… |
Lordspace · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12263 | Medium | 4.3 | — | 2024-12-12 | The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cloud_delete() and cloud_update() functions in all versions up to, and including, 1.5.5. |
Lucian Apostol · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-45840 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Affiliate Links: from n/a through 6.2.1.5. |
Luckywp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-29239 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in LuckyWP LuckyWP Scripts Control allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LuckyWP Scripts Control: from n/a through 1.2.1. |
Mad Fish Digital · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41688 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 1.5. |
Magazine3 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-25469 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in Magazine3 Easy Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Table of Contents: from n/a through 2.0.45.2. |
Mahendrapatidarmp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12341 | Medium | 4.3 | — | 2024-12-12 | The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7cs_action_callback' function in all versions up to, and including, 1.0. |
Maheshmaharjan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11427 | Medium | 6.4 | — | 2024-12-12 | The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catch-popup' shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user suppl… |
Mailmunch · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-40203 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4. |
Mainwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-10783 | High | 8.1 | — | 2024-12-13 | The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and… |
Majeed Raza · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41848 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carousel Slider: from n/a through 2.2.2. |
Man-group · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55890 | — | — | — | 2024-12-13 | D-Tale is a visualizer for pandas data structures. |
Marc Dooder · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49848 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in Marc dooder Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy woo-aliexpress-dropshipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdr… |
Marcus (Aka @Msykes) · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49859 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Marcus (aka @msykes) Login With Ajax login-with-ajax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login With Ajax: from n/a through <= 4.1. |
Martin Gibson · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48774 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a. |
Mashiurz · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54349 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mashiurz Plain Post plain-post allows Stored XSS.This issue affects Plain Post: from n/a through <= 1.0.3. |
Masud Hasan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54230 | Medium | 6.5 | — | 2024-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Masud Hasan Unlock Addons for Elementor unlock-addons-for-elementor allows DOM-Based XSS.This issue affects Unlock Addons for Elementor… |
Matat Technologies · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48287 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in Matat Technologies TextMe SMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through 1.9.0. |
Mateusz Czardybon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-40213 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Mateusz Czardybon Justified Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justified Gallery: from n/a through 1.7.3. |
Mattdeclaire · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49845 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in mattdeclaire Redirects redirects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirects: from n/a through <= 1.2.1. |
Matthew Ruddy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-30490 | High | 7.5 | — | 2024-12-13 | Missing Authorization vulnerability in Matthew Ruddy Easing Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easing Slider : from n/a through 3.0.8. |
Max Chirkov · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-26520 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Max Chirkov Advanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Text Widget : from n/a through 2.1.2. |
Meowapps · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-10499 | High | 7.2 | — | 2024-12-12 | The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks |
Metagauss · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49831 | High | 7.5 | — | 2024-12-09 | Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from… |
Metaphor Creations · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49835 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through 2.31. |
Metaphorcreations · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47764 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in metaphorcreations Ditty ditty-news-ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through <= 3.1.24. |
Metup · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54329 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metup CleverNode Related Content clevernode-related-content allows Reflected XSS.This issue affects CleverNode Related Content: from n/a… |
Mg12 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23886 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in mg12 WP-RecentComments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-RecentComments: from n/a through 2.2.7. |
Michal Novák · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41133 | Medium | 5.3 | — | 2024-12-13 | Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows Functionality Bypass.This issue affects Secure Admin IP: from n/a through 2.0. |
Migrate · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-25486 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.3.7. |
Mitel · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55550 | Low | 2.7 | KEV | 2024-12-10 | Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. |
Mobatime · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12286 | Critical | 9.8 | — | 2024-12-10 | MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials. |
Mobilemonkey · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32581 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in MobileMonkey WP-Chatbot for Messenger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Chatbot for Messenger: from n/a through 4.7. |
Molongui · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50876 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Molongui Molongui allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Molongui: from n/a through 4.7.3. |
Mondial Relay Woocommerce - Wcmultishipping · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48274 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in Mondial Relay WooCommerce - WCMultiShipping WCMultiShipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCMultiShipping: from n/a through 2.3.5. |
Morehawes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12325 | Medium | 6.1 | — | 2024-12-11 | The Waymark plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. |
Mra13 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48286 | High | 8.2 | — | 2024-12-09 | Missing Authorization vulnerability in mra13 Stripe Payments stripe-payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stripe Payments: from n/a through <= 2.0.79. |
Mtomic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54324 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mtomic SMSify smsify allows Reflected XSS.This issue affects SMSify: from n/a through <= 6.0.4. |
Muhammad Rehman · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-29237 | Medium | 6.3 | — | 2024-12-09 | Missing Authorization vulnerability in Muhammad Rehman Remove Duplicate Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Remove Duplicate Posts: from n/a through 1.3.5. |
Nate Reist · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-25454 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Button: from n/a through 1.4.5. |
Ncrafts · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47823 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.7. |
Nerdpress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49193 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in NerdPress Hubbub Lite social-pug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hubbub Lite: from n/a through <= 1.30.0. |
Newsmanapp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11767 | Medium | 6.4 | — | 2024-12-13 | The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'newsman_subscribe_widget' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping o… |
Nicejob · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54318 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicejob NiceJob nicejob allows Stored XSS.This issue affects NiceJob: from n/a through <= 3.6.5. |
Ninjateam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11012 | Medium | 6.3 | — | 2024-12-13 | The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njt_nofi_text AJAX action in all versions up to, and including, 2.1.4. |
Northern Beaches Websites · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47763 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from… |
Numerix Llc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-50585 | Medium | 4.7 | — | 2024-12-11 | Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the "Numerix License Server Administration System Login" (nlslogin.jsp) pa… |
Octrace · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54274 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace WordPress HelpDesk & Support Ticket System Plugin – Octrace Support octrace-support allows Reflected XSS.This issue affects WordP… |
Onewebsite · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-26522 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in OneWebsite WP Repost allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Repost: from n/a through 0.1. |
Onlyoffice · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11750 | Medium | 6.4 | — | 2024-12-12 | The ONLYOFFICE DocSpace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice-docspace' shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escapi… |
Open Design Alliance · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12564 | — | — | — | 2024-12-12 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. |
Overclokk · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54233 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in overclokk Advanced Control Manager for WordPress by ItalyStrap advanced-control-manager allows Reflected XSS.This issue affects Advanced… |
Ovic Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41649 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in Ovic Team Ovic Product Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovic Product Bundle: from n/a through 1.1.2. |
Owthub · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12406 | Medium | 6.5 | — | 2024-12-12 | The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping on the use… |
Pagelayer Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49196 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7. |
Papercut · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9672 | Medium | 5.4 | — | 2024-12-10 | A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. |
Paul Ryley · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-27625 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0. |
Paypal · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-25026 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in PayPal PayPal Brasil para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Brasil para WooCommerce: from n/a through 1.4.2. |
Paytr Ödeme Ve Elektronik Para Kuruluşu A.ş. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47847 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. |
Pechenki · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41683 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in Pechenki TelSender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TelSender: from n/a through 1.14.11. |
Peerigon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54152 | — | — | — | 2024-12-10 | Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. |
Persianscript · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54312 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a t… |
Photonicgnostic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11359 | Medium | 6.1 | — | 2024-12-12 | The Library Bookshelves plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8. |
Phpmyfaq · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55889 | Medium | 4.9 | — | 2024-12-13 | phpMyFAQ is an open source FAQ web application. |
Pickplugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54273 | Critical | 9.8 | — | 2024-12-13 | Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker mail-picker allows Object Injection.This issue affects Mail Picker: from n/a through <= 1.0.14. |
Pierre Jehan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-44578 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3. |
Planaday · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11804 | Medium | 6.1 | — | 2024-12-12 | The Planaday API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 11.4 due to insufficient input sanitization and output escaping. |
Plugin Devs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54278 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Plugin Devs News Ticker for Elementor news-ticker-for-elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects News Ticker for Elementor: from n/a through <= 2.1.3. |
Pluginus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-40334 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in RealMag777 HUSKY woocommerce-products-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HUSKY: from n/a through <= 1.3.4.2. |
Pnpm · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-53866 | Critical | 9.8 | — | 2024-12-10 | The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and install… |
Prasadkirpekar · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47836 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in prasadkirpekar WP Meta and Date Remover wp-meta-and-date-remover allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meta and Date Remover: from n/a through <… |
Premio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51362 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Premio My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through <= 2.1.3. |
Premmerce · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41130 | High | 8.1 | — | 2024-12-13 | Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through <= 1.0.12. |
Primersoftware · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11809 | Medium | 6.1 | — | 2024-12-13 | The Primer MyData for Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'img_src' parameter in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. |
Printful · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-47168 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in printful Printful Integration for WooCommerce printful-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printful Integration for WooC… |
Profilepress Membership Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41953 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1. |
Projectopia · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54336 | High | 8.8 | — | 2024-12-13 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia projectopia-core allows Authentication Bypass.This issue affects Projectopia: from n/a through <= 5.1.7. |
Quetrobits · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55946 | — | — | — | 2024-12-13 | Playloom Engine is an open-source, high-performance game development engine. |
Quomodosoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54224 | Medium | 6.5 | — | 2024-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows DOM-Based XSS.This issue affects ElementsReady Addons for Elemen… |
Radiustheme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54272 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Radius Blocks radius-blocks allows Stored XSS.This issue affects Radius Blocks: from n/a through <= 2.1.2. |
Rails · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54133 | — | — | — | 2024-12-10 | Action Pack is a framework for handling and responding to web requests. |
Rapid7 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11401 | — | — | — | 2024-12-11 | Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings… |
Realmag777 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-10959 | High | 7.3 | — | 2024-12-10 | The The Active Products Tables for WooCommerce. |
Realwebcare · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32293 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Realwebcare WRC Pricing Tables allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WRC Pricing Tables: from n/a through 2.3.7. |
Rednao · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-38475 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in RedNao Donations Made Easy – Smart Donations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. |
Reservation Diary · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-36510 | High | 7.3 | — | 2024-12-13 | Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReDi Restaurant Reservation: from n/a through 23.0211. |
Revidev · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54299 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revidev Revi.io revi-io-customer-and-product-reviews allows Reflected XSS.This issue affects Revi.io: from n/a through <= 5.7.3. |
Reviewx Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-40670 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17. |
Rextheme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-34376 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in Rextheme Change WooCommerce Add To Cart Button Text allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Change WooCommerce Add To Cart Button Text: from n/a thro… |
Richardperdaan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9608 | Medium | 6.1 | — | 2024-12-13 | The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.24.1. |
Robosoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-45841 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9. |
Roland Murg · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49758 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Roland Murg WP Booking System wp-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Booking System: from n/a through <= 2.0.19.2. |
Roxnor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50903 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Roxnor Metform metform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform: from n/a through <= 3.4.0. |
Rrdevs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54232 | Medium | 6.5 | — | 2024-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RRDevs RRAddons for Elementor rrdevs-for-elementor allows Stored XSS.This issue affects RRAddons for Elementor: from n/a through <= 1.1.0. |
Rtcamp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41951 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a… |
Saad Iqbal · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54323 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 2.6.2. |
Sap · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32732 | Medium | 5.3 | — | 2024-12-10 | Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of… |
Scidsg · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55888 | High | 7.1 | — | 2024-12-12 | Hush Line is an open-source whistleblower management system. |
Searchiq · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47832 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in SearchIQ SearchIQ searchiq allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SearchIQ: from n/a through <= 4.4. |
Secomea · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2021-32007 | Low | 3.5 | — | 2024-12-13 | This issue affects: Secomea GateManager Version 9.5 and all prior versions. |
Seerox · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54256 | High | 7.1 | — | 2024-12-13 | Missing Authorization vulnerability in Seerox Easy Blocks pro easy-blocks-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Easy Blocks pro: from n/a through <= 1.0.21. |
Seraphinitesoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12160 | Medium | 6.1 | — | 2024-12-12 | The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. |
Seventhqueen · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43222 | Critical | 9.8 | — | 2024-12-09 | Missing Authorization vulnerability in SeventhQueen Sweet Date sweetdate allows Privilege Escalation.This issue affects Sweet Date: from n/a through <= 3.7.3. |
Shafayat-alam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11914 | Medium | 6.4 | — | 2024-12-12 | The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attire-blocks/post-carousel' block in all versions up to, and including, 1.9.5 due to insufficient input sanit… |
Shakee93 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11840 | High | 7.1 | — | 2024-12-11 | The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_hta… |
Shanebp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12441 | Medium | 6.1 | — | 2024-12-12 | The BP Email Assign Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. |
Shaon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23887 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Shaon Easy Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Google Analytics for WordPress: from n/a through 1.6.0. |
Shapedplugin Llc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41132 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in ShapedPlugin LLC Category Slider for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Category Slider for WooCommerce: from n/a through 1.4.15. |
Sharabindu · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11410 | Medium | 6.4 | — | 2024-12-12 | The Top and footer bars for announcements, notifications, advertisements, promotions – YooBar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Yoo Bar settings in all versions up to, and including, 2.0.6 due to ins… |
Shiptimize · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54235 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiptimize Shiptimize for WooCommerce shiptimize-for-woocommerce allows Reflected XSS.This issue affects Shiptimize for WooCommerce: from… |
Shivtiwari · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12258 | Medium | 6.1 | — | 2024-12-12 | The WP Service Payment Form With Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output esca… |
Shohei.tanaka · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47698 | High | 8.6 | — | 2024-12-09 | Missing Authorization vulnerability in shohei.tanaka Japanized For WooCommerce woocommerce-for-japan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Japanized For WooCommerce: from n/a through <=… |
Shopfiles · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-22701 | High | 7.5 | — | 2024-12-09 | Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775. |
Shuchkin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55878 | Medium | 6.8 | — | 2024-12-12 | SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. |
Sidngr · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54262 | Critical | 9.9 | — | 2024-12-13 | Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a throug… |
Sigstore · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55655 | — | — | — | 2024-12-10 | sigstore-python is a Python tool for generating and verifying Sigstore signatures. |
Silverplugins217 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54333 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Check Pincode For Woocommerce check-pincode-for-woocommerce allows Reflected XSS.This issue affects Check Pincode For Wo… |
Smaily · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54286 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Smaily Smaily for WP smaily-for-wp allows Stored XSS.This issue affects Smaily for WP: from n/a through <= 3.1.5. |
Smartagenda · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11781 | Medium | 6.4 | — | 2024-12-12 | The Smart Agenda – Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartagenda' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization an… |
Sminozzi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54298 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in sminozzi Car Dealer cardealer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Dealer: from n/a through <= 4.46. |
Smub · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11205 | High | 8.5 | — | 2024-12-10 | The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. |
Social Share Pro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-38514 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in social share pro Social Share Icons & Social Share Buttons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Icons & Social Share Buttons: from n/… |
Socialmediafeather · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49861 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in socialmediafeather Social Media Feather social-media-feather allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media Feather: from n/a through <= 2.1.3. |
Softlab · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32117 | Critical | 9.8 | — | 2024-12-09 | Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99. |
Sojahu · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11757 | Medium | 6.4 | — | 2024-12-12 | The WP GeoNames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-geonames' shortcode in all versions up to, and including, 1.9.0.1 due to insufficient input sanitization and output escaping on user sup… |
Solarwinds · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-45709 | Medium | 5.3 | — | 2024-12-10 | SolarWinds Web Help Desk was susceptible to a local file read vulnerability. |
Solidwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-40001 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13. |
Sonaar · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47822 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcas… |
Staggs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54342 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in STAGGS STAGGS staggs allows Reflected XSS.This issue affects STAGGS: from n/a through <= 2.0.0. |
Stamped.io · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-30479 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Stamped.io Stamped.io Product Reviews & UGC for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stamped.io Product Reviews & UGC for WooCommerce… |
Stanislav Kuznetsov · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-38477 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Stanislav Kuznetsov QR code MeCard/vCard generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QR code MeCard/vCard generator: from n/a through 1.6.0. |
Stathisg · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12572 | Medium | 6.1 | — | 2024-12-13 | The Hello In All Languages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. |
Stellarwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-10939 | Medium | 4.8 | — | 2024-12-13 | The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_ht… |
Strategy11 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-45806 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4. |
Suiteplugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12162 | Medium | 6.1 | — | 2024-12-12 | The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escap… |
Sunshinephotocart · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-45826 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 2.9.13. |
Supercleanse · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11008 | Medium | 5.3 | — | 2024-12-11 | The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. |
Superpwa · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48277 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in SuperPWA Super Progressive Web Apps super-progressive-web-apps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Progressive Web Apps: from n/a through <… |
Surbma · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11433 | Medium | 6.4 | — | 2024-12-12 | The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sa-form' shortcode in all versions up to, and including, 2.5 due to insufficient input sanitization and output escapi… |
Suresh Chand · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-36509 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in Suresh Chand CHP Ads Block Detector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CHP Ads Block Detector: from n/a through 3.9.5. |
Surfer · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-35037 | High | 7.6 | — | 2024-12-13 | Missing Authorization vulnerability in Surfer Surfer surferseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Surfer: from n/a through <= 1.3.2.357. |
Syed Balkhi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50887 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through <= 1.0.10. |
Sygnoos · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9428 | Medium | 4.8 | — | 2024-12-12 | The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabilit… |
Sylviavanos · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54340 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sylviavanos Simple Presenter simple-presenter allows Reflected XSS.This issue affects Simple Presenter: from n/a through <= 1.5.1. |
Taggbox · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-33215 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in Taggbox Taggbox taggbox-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taggbox: from n/a through <= 3.3. |
Tarecord · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11015 | Critical | 9.8 | — | 2024-12-12 | The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. |
Team Plugins360 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41866 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Team Plugins360 Automatic YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic YouTube Gallery: from n/a through 2.3.3. |
Teamviewer · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12363 | High | 7.1 | — | 2024-12-11 | Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files. TeamViewer Patch & Asset Management is part of TeamViewer Remote M… |
Tech Banker · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-28165 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.2… |
Teckel · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12579 | Medium | 5.3 | — | 2024-12-13 | The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. |
Tecno · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12603 | Critical | 9.8 | — | 2024-12-13 | A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password. |
Teltonika Networks · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8256 | — | — | — | 2024-12-10 | In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user… |
Tenable · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12174 | Low | 2.7 | — | 2024-12-09 | An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server. |
The African Boss · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-37969 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in The African Boss Checkout with Zelle on Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout with Zelle on Woocommerce: from n/a through 3.1. |
The Events Calendar · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-35777 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through 6.1.2.2. |
Thehowarde · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54343 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thehowarde Connect Contact Form 7 to Constant Contact connect-contact-form-7-to-constant-contact-v3 allows Reflected XSS.This issue affec… |
Theluckywp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9641 | Medium | 4.8 | — | 2024-12-12 | The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_htm… |
Themeisle · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-39920 | High | 7.5 | — | 2024-12-13 | Missing Authorization vulnerability in Themeisle Redirection for Contact Form 7 wpcf7-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirection for Contact Form 7: from n/a through <= 2… |
Themify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12414 | Medium | 4.3 | — | 2024-12-13 | The Themify Store Locator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.9. |
Thomas K Landis · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54351 | High | 7.1 | — | 2024-12-13 | Cross-Site Request Forgery (CSRF) vulnerability in Thomas K Landis Fancy Roller Scroller fancy-roller-scroller allows Stored XSS.This issue affects Fancy Roller Scroller: from n/a through <= 1.4.0. |
Thomas Michalak · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32586 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in Thomas Michalak Soundcloud Is Gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Soundcloud Is Gold: from n/a through 2.5.1. |
Tickera · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11351 | Medium | 5.3 | — | 2024-12-11 | The Restrict – membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature. |
Tickera.com · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23726 | Medium | 5.4 | — | 2024-12-09 | Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera allows Cross Site Request Forgery.This issue affects Tickera: from n/a through 3.5.1.0. |
Total-soft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32585 | High | 7.5 | — | 2024-12-13 | Missing Authorization vulnerability in Total-Soft Portfolio Gallery – Responsive Image Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery – Responsive Image Gallery: from n/… |
Totalsuite · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-27449 | Medium | 6.3 | — | 2024-12-09 | Missing Authorization vulnerability in TotalSuite Total Poll Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through 4.8.6. |
Totolink · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12352 | Medium | 4.3 | — | 2024-12-09 | A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. |
Turbosmtp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12323 | Medium | 6.1 | — | 2024-12-10 | The turboSMTP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. |
Tw2113 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11871 | Medium | 6.4 | — | 2024-12-12 | The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'patreon' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on us… |
Tyche Softwares · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-46795 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce… |
Tychesoftwares · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41671 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in tychesoftwares Abandoned Cart Lite for WooCommerce woocommerce-abandoned-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Cart Lite for WooComm… |
Uncanny Owl · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-34019 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3. |
Unitecms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-10784 | Medium | 6.4 | — | 2024-12-12 | The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Tile Gallery' widget in all versions up to, and including, 1.5.126 due to insufficient input… |
Universam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54327 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in universam UNIVERSAM universam-demo allows Reflected XSS.This issue affects UNIVERSAM: from n/a through < 8.59. |
Unknown · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-10568 | Medium | 4.7 | — | 2024-12-12 | The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab… |
Vaakash · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49849 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in vaakash Shortcoder shortcoder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcoder: from n/a through <= 6.3. |
Varun Sharma · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48332 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Varun Sharma Mail Bank - #1 Mail SMTP Plugin for WordPress wp-mail-bank allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mail Bank - #1 Mail SMTP Plugin for W… |
Vberkel · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11279 | Medium | 6.1 | — | 2024-12-12 | The Schema App Structured Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.4. |
Veeam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-42448 | Critical | 9.9 | — | 2024-12-12 | From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. |
Veronalabs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-33994 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through <= 5.0.5.1. |
Video Gallery By Total-soft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-25988 | High | 7.5 | — | 2024-12-13 | Missing Authorization vulnerability in Video Gallery by Total-Soft Video Gallery – YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Gallery – YouTube Gallery: from n/a through… |
Vikas Ratudi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54302 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VPSUForm v-form allows Reflected XSS.This issue affects VPSUForm: from n/a through <= 3.0.0. |
Villatheme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-46796 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25. |
Villatheme(villatheme.com) · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-46811 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ALD – Dropshippi… |
Virtuellwerk · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48776 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in virtuellwerk canvasio3D Light canvasio3d-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects canvasio3D Light: from n/a through <= 2.5.0. |
Voidthemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48750 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in voidthemes Void Elementor Post Grid Addon for Elementor Page builder void-elementor-post-grid-addon-for-elementor-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.T… |
Wacom · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12552 | High | 7.8 | — | 2024-12-13 | Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. |
Webandprint · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12300 | Low | 3.7 | — | 2024-12-13 | The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to, and including, 7.3. |
Webberzone · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-25993 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3. |
Webflow · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49818 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8. |
Weboccult Technologies Pvt Ltd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54228 | Medium | 6.5 | — | 2024-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weboccult Technologies Pvt Ltd Wot Elementor Widgets wot-elementor-widgets allows DOM-Based XSS.This issue affects Wot Elementor Widgets… |
Websitetoolbox · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12338 | Medium | 6.1 | — | 2024-12-12 | The Website Toolbox Community plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘websitetoolbox_username’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output es… |
Webtoffee · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-33928 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.0. |
Wedevs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-40003 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through <= 2.6.7. |
Wibergsweb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54275 | High | 7.1 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wibergsweb CSV to html csv-to-html allows Reflected XSS.This issue affects CSV to html: from n/a through <= 3.08. |
Wintercms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54149 | High | 8.4 | — | 2024-12-09 | Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. |
Wiser Notify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41690 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in Wiser Notify WiserNotify Social Proof allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserNotify Social Proof: from n/a through 2.5. |
Woobewoo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50877 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in woobewoo Product Filter by WBW allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Filter by WBW: from n/a through 2.5.0. |
Wooproductimporter · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-30870 | Medium | 6.5 | — | 2024-12-09 | Missing Authorization vulnerability in wooproductimporter Sharkdropship for AliExpress Dropship and Affiliate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship for AliExpress Dropship… |
Wow-company · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49154 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in Wow-Company Button Generator – easily Button Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Button Generator – easily Button Builder: from n/a throu… |
Wp Happy Coders · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41849 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in WP Happy Coders Posts Like Dislike allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Like Dislike: from n/a through 1.1.0. |
Wp-buy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54234 | Critical | 9.3 | — | 2024-12-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts wp-limit-failed-login-attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through… |
Wp3sixty · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32507 | High | 7.3 | — | 2024-12-13 | Missing Authorization vulnerability in wp3sixty Woo Custom Emails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Custom Emails: from n/a through 2.2. |
Wpchill · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11106 | Medium | 5.3 | — | 2024-12-10 | The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. |
Wpclever · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12004 | Medium | 6.1 | — | 2024-12-11 | The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. |
Wpdebuglog · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54309 | Medium | 6.5 | — | 2024-12-13 | Insertion of Sensitive Information Into Sent Data vulnerability in wpdebuglog PostBox postbox-email-logs allows Retrieve Embedded Sensitive Data.This issue affects PostBox: from n/a through <= 1.0.4. |
Wpdevart · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-24407 | Medium | 5.0 | — | 2024-12-09 | Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a… |
Wpdevelop · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11945 | Medium | 6.4 | — | 2024-12-10 | The Email Reminders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. |
Wpdevteam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11727 | Medium | 4.4 | — | 2024-12-12 | The NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content settin… |
Wpdirectorykit · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41875 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in wpdirectorykit.com WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through 1.2.6. |
Wpdirectorykit.com · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-28532 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in wpdirectorykit.com Real Estate Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through 1.0.5. |
Wpeka · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11724 | Medium | 4.3 | — | 2024-12-12 | The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script… |
Wpeverest · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-29429 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1. |
Wpexpertsio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-47182 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in Wpexpertsio APIExperts Square for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects APIExperts Square for WooCommerce: from n/a through 4.4.1. |
Wpfactory · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23868 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in WPFactory Cost of Goods for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost of Goods for WooCommerce: from n/a through 2.8.6. |
Wpmart · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-52385 | Medium | 4.3 | — | 2024-12-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpmart Team Member team-showcase-supreme.This issue affects Team Member: from n/a through <= 7.4. |
Wpoperation · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-32126 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in WPoperation SALERT allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALERT: from n/a through 1.2.1. |
Wppal · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-33324 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in wppal Easy Captcha allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Captcha: from n/a through 1.0. |
Wpsaad · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50373 | Medium | 5.3 | — | 2024-12-09 | Missing Authorization vulnerability in WPSAAD Alt Manager alt-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alt Manager: from n/a through <= 1.6.1. |
Wpschoolpress Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-37887 | Medium | 6.5 | — | 2024-12-13 | Missing Authorization vulnerability in WPSchoolPress Team WPSchoolPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through 2.2.7. |
Wpthemego · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-36519 | Medium | 5.4 | — | 2024-12-13 | Missing Authorization vulnerability in wpthemego SW Product Bundles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SW Product Bundles: from n/a through 2.0.15. |
Wpwax · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12040 | High | 8.8 | — | 2024-12-12 | The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `wcpcsu` shortcode. |
Wpwax - Wp Business Directory Plugin And Classified Listings Directory · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-35052 | Medium | 4.3 | — | 2024-12-13 | Missing Authorization vulnerability in wpWax - WP Business Directory Plugin and Classified Listings Directory Directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a thro… |
Wpxpo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-53818 | Medium | 6.5 | — | 2024-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post.This issue affects PostX: from n/a through <= 4.1.15. |
Wpxpro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54253 | Medium | 6.5 | — | 2024-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.6.5. |
Xnsoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-11950 | High | 8.8 | — | 2024-12-12 | XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. |
Xtemos · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12333 | Medium | 6.5 | — | 2024-12-12 | The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. |
Yith · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-36506 | Medium | 5.3 | — | 2024-12-13 | Missing Authorization vulnerability in YITH YITH WooCommerce Waiting List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Waiting List: from n/a through 2.13.0. |
Yogesh Pawar · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49754 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Yogesh Pawar Bulk Edit Post Titles bulk-edit-post-titles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Edit Post Titles: from n/a through <= 5.0.0. |
Yummywp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-30783 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in YummyWP Smart WooCommerce Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart WooCommerce Search: from n/a through 2.5.0. |
Zealopensource · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12255 | Medium | 5.3 | — | 2024-12-12 | The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. |
Zendesk · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-23716 | Medium | 4.3 | — | 2024-12-09 | Missing Authorization vulnerability in Zendesk Zendesk Support for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: from n/a through 1.8.4. |
Zeshanb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-54334 | Medium | 6.5 | — | 2024-12-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zeshanb Quran Phrases About Most People Shortcodes quran-phrases-about-most-people-shortcodes allows DOM-Based XSS.This issue affects Qur… |
Zoan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-12461 | Medium | 6.4 | — | 2024-12-12 | The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprevive_async' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on… |
Сleantalk - Anti-spam Protection · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-33996 | High | 8.8 | — | 2024-12-13 | Missing Authorization vulnerability in СleanTalk - Anti-Spam Protection Spam protection, AntiSpam, FireWall by CleanTalk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam… |
腾讯云 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-29433 | Medium | 5.4 | — | 2024-12-09 | Missing Authorization vulnerability in 腾讯云 tencentcloud-cos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects tencentcloud-cos: from n/a through 1.0.7. |