Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-06-27 CVE-2024-2973 An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability. No other Juniper Networks products or platforms are affected by this issue. This issue affects: Session Smart Router:  * All versions before 5.6.15,  * from 6.0 before 6.1.9-lts,  * from 6.2 before 6.2.5-sts. Session Smart Conductor:  * All versions before 5.6.15,  * from 6.0 before 6.1.9-lts,  * from 6.2 before 6.2.5-sts.  WAN Assurance Router:  * 6.0 versions before 6.1.9-lts,  * 6.2 versions before 6.2.5-sts.
network
low complexity
critical
 10.0
10
2024-06-27 CVE-2024-35260 Microsoft Dataverse Remote Code Execution Vulnerability
network
high complexity
 8.0
8.0
2024-06-27 CVE-2024-1153 Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.
low complexity
CWE-284
4.3
4.3
2024-06-27 CVE-2024-1107 Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.
network
low complexity
CWE-639
8.8
8.8
2024-06-27 CVE-2024-6262 The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-06-27 CVE-2024-0947 Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb: before v17.0.68.
network
low complexity
critical
 9.8
9.8
2024-06-27 CVE-2024-0949 Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shared File, Add Malicious File to Shared Webroot, Run Software at Logon, Disable Security Software.This issue affects Elektraweb: before v17.0.68.
network
low complexity
critical
 9.8
9.8
2024-06-27 CVE-2024-4983 The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-06-27 CVE-2024-5601 The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-06-27 CVE-2024-6283 The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes.
network
low complexity
 5.4
5.4