Weekly Vulnerabilities Reports > May 13 to 19, 2024

Overview

251 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 92 high severity vulnerabilities. This weekly summary report vulnerabilities in 27 products from 9 vendors including Microsoft, Fortinet, Google, Intel, and Cloudwise. Vulnerabilities are notably categorized as "Out-of-bounds Read", "Out-of-bounds Write", "Use After Free", "Integer Overflow or Wraparound", and "Unrestricted Upload of File with Dangerous Type".

177 reported vulnerabilities are remotely exploitables.
6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
106 reported vulnerabilities are exploitable by an anonymous user.
Microsoft has the most reported vulnerabilities, with 12 reported vulnerabilities.
Google has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES

CRITICAL RISK
VULNERABILITIES

HIGH RISK
VULNERABILITIES

MEDIUM RISK
VULNERABILITIES

LOW RISK
VULNERABILITIES

REMOTELY
EXPLOITABLE

LOCALLY
EXPLOITABLE

EXPLOIT
AVAILABLE

EXPLOITABLE
ANONYMOUSLY

AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2024-05-18	CVE-2024-3658		The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.21.	9.8
2024-05-18	CVE-2024-2771		The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16.	9.8
2024-05-17	CVE-2024-3551		The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter.	9.8
2024-05-16	CVE-2024-4223		The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0.	9.8
2024-05-15	CVE-2024-4893		DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands.	9.8
2024-05-14	CVE-2024-4560		The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function in all versions up to, and including, 1.9.9.	9.8
2024-05-14	CVE-2024-4413		The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input.	9.8
2024-05-14	CVE-2024-4434		The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.	9.8
2024-05-14	CVE-2024-3806		The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function.	9.8
2024-05-14	CVE-2024-3070		The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie.	9.8
2024-05-14	CVE-2024-4671	Google	Use After Free vulnerability in Google Chrome Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	9.6
2024-05-14	CVE-2024-32002	GIT	Link Following vulnerability in GIT Git is a revision control system.	9.0
2024-05-14	CVE-2024-28075		The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability.	9.0

Expand/Hide

92 High Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2024-05-18	CVE-2024-3810		The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute.	8.8
2024-05-16	CVE-2024-4838		The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode.	8.8
2024-05-16	CVE-2024-4351		The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0.	8.8
2024-05-16	CVE-2024-4352		The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function.	8.8
2024-05-16	CVE-2024-4318		The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.	8.8
2024-05-16	CVE-2024-3750		The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15.	8.8
2024-05-15	CVE-2024-4947	Google	Type Confusion vulnerability in Google Chrome Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.	8.8
2024-05-15	CVE-2024-4670		The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode.	8.8
2024-05-15	CVE-2024-4010		The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19.	8.8
2024-05-15	CVE-2024-4847		The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to generic SQL Injection via the ‘last_post_id’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.	8.8
2024-05-14	CVE-2024-30040	Microsoft	Unspecified vulnerability in Microsoft products Windows MSHTML Platform Security Feature Bypass Vulnerability	8.8
2024-05-14	CVE-2024-30006		Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	8.8
2024-05-14	CVE-2024-30009		Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	8.8
2024-05-14	CVE-2024-30017		Windows Hyper-V Remote Code Execution Vulnerability	8.8
2024-05-14	CVE-2024-4761	Google	Out-of-bounds Write vulnerability in Google Chrome Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.	8.8
2024-05-14	CVE-2024-4605		The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data.	8.8
2024-05-14	CVE-2024-4397		The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5.	8.8
2024-05-14	CVE-2024-3807		The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'porto_page_header_shortcode_type', 'slideshow_type' and 'post_layout' post meta.	8.8
2024-05-14	CVE-2024-3808		The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'porto_portfolios' shortcode 'portfolio_layout' attribute.	8.8
2024-05-14	CVE-2024-3809		The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshow_type' post meta.	8.8
2024-05-14	CVE-2024-3954		The Ditty plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.1.38 via deserialization of untrusted input when adding a new ditty.	8.8
2024-05-14	CVE-2024-23473		The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability.	8.6
2024-05-16	CVE-2024-30314		Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker.	8.2
2024-05-14	CVE-2024-30020		Windows Cryptographic Services Remote Code Execution Vulnerability	8.1
2024-05-14	CVE-2024-4441		The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the 'feed' parameter.	8.1
2024-05-18	CVE-2024-3745		MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user.	7.8
2024-05-16	CVE-2024-21835	Intel	Incorrect Permission Assignment for Critical Resource vulnerability in Intel Extreme Tuning Utility Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access.	7.8
2024-05-16	CVE-2024-30288		Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-16	CVE-2024-30289		Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-16	CVE-2024-30290		Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-16	CVE-2024-30291		Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-16	CVE-2024-30292		Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-16	CVE-2024-20791		Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.	7.8
2024-05-16	CVE-2024-20792		Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-16	CVE-2024-30275		Adobe Aero Desktop versions 23.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-16	CVE-2024-30282		Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-16	CVE-2024-30293		Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-16	CVE-2024-30294		Animate versions 24.0.2, 23.0.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-16	CVE-2024-30295		Animate versions 24.0.2, 23.0.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-16	CVE-2024-30296		Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-16	CVE-2024-30297		Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-16	CVE-2024-30307		Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-15	CVE-2024-30284		Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-15	CVE-2024-30310		Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-15	CVE-2024-34094		Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-15	CVE-2024-34095		Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-15	CVE-2024-34096		Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-15	CVE-2024-34098		Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-15	CVE-2024-34099		Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-15	CVE-2024-34100		Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.	7.8
2024-05-14	CVE-2024-30028		Win32k Elevation of Privilege Vulnerability	7.8
2024-05-14	CVE-2024-30030	Microsoft	NULL Pointer Dereference vulnerability in Microsoft Windows Server 2008 R2 Win32k Elevation of Privilege Vulnerability	7.8
2024-05-14	CVE-2024-30031		Windows CNG Key Isolation Service Elevation of Privilege Vulnerability	7.8
2024-05-14	CVE-2024-30032		Windows DWM Core Library Elevation of Privilege Vulnerability	7.8
2024-05-14	CVE-2024-30038		Win32k Elevation of Privilege Vulnerability	7.8
2024-05-14	CVE-2024-30042		Microsoft Excel Remote Code Execution Vulnerability	7.8
2024-05-14	CVE-2024-30049		Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability	7.8
2024-05-14	CVE-2024-30051	Microsoft	Out-of-bounds Write vulnerability in Microsoft products Windows DWM Core Library Elevation of Privilege Vulnerability	7.8
2024-05-14	CVE-2024-29994		Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability	7.8
2024-05-14	CVE-2024-29996		Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8
2024-05-14	CVE-2024-30018		Windows Kernel Elevation of Privilege Vulnerability	7.8
2024-05-14	CVE-2024-30025		Windows Common Log File System Driver Elevation of Privilege Vulnerability	7.8
2024-05-14	CVE-2024-30027		NTFS Elevation of Privilege Vulnerability	7.8
2024-05-14	CVE-2024-26238		Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability	7.8
2024-05-14	CVE-2024-28133		A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges.	7.8
2024-05-14	CVE-2024-28136		A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service.	7.8
2024-05-14	CVE-2024-28137		A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability.	7.8
2024-05-14	CVE-2024-30047		Dynamics 365 Customer Insights Spoofing Vulnerability	7.6
2024-05-14	CVE-2024-30048		Dynamics 365 Customer Insights Spoofing Vulnerability	7.6
2024-05-18	CVE-2024-2782		The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including, 5.1.16.	7.5
2024-05-18	CVE-2024-3812		The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectar_icon' shortcode 'icon_linea' attribute.	7.5
2024-05-16	CVE-2024-4733		The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the `hc3_session`-cookie in versions up to, and including, 4.9.57.	7.5
2024-05-16	CVE-2024-3286		A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request.	7.5
2024-05-16	CVE-2024-34905	Cloudwise	Classic Buffer Overflow vulnerability in Cloudwise Flyfish 3.0.0 FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page.	7.5
2024-05-14	CVE-2024-30029		Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	7.5
2024-05-14	CVE-2024-30014		Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	7.5
2024-05-14	CVE-2024-30015		Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	7.5
2024-05-14	CVE-2024-30022		Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	7.5
2024-05-14	CVE-2024-30023		Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	7.5
2024-05-14	CVE-2024-30024		Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	7.5
2024-05-14	CVE-2024-23105	Fortinet	Use of Less Trusted Source vulnerability in Fortinet Fortiportal A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.	7.5
2024-05-16	CVE-2024-4222		The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0.	7.3
2024-05-18	CVE-2024-4709		The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping.	7.2
2024-05-14	CVE-2024-30044		Microsoft SharePoint Server Remote Code Execution Vulnerability	7.2
2024-05-14	CVE-2023-44247	Fortinet	Double Free vulnerability in Fortinet Fortios A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.	7.2
2024-05-14	CVE-2023-45583	Fortinet	Use of Externally-Controlled Format String vulnerability in Fortinet products A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests.	7.2
2024-05-14	CVE-2023-46714	Fortinet	Stack-based Buffer Overflow vulnerability in Fortinet Fortios A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests.	7.2
2024-05-14	CVE-2024-2662		The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102.	7.2
2024-05-14	CVE-2024-2290		The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the 'placement_slug' parameter.	7.2
2024-05-14	CVE-2023-40720	Fortinet	Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortivoice An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.	7.1
2024-05-14	CVE-2024-30033		Windows Search Service Elevation of Privilege Vulnerability	7.0
2024-05-14	CVE-2024-28134		An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information.	7.0

Expand/Hide

146 Medium Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2024-05-14	CVE-2024-29997	Microsoft	Integer Overflow or Wraparound vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability	6.8
2024-05-14	CVE-2024-29998	Microsoft	Unspecified vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability	6.8
2024-05-14	CVE-2024-29999	Microsoft	Integer Overflow or Wraparound vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability	6.8
2024-05-14	CVE-2024-30000	Microsoft	Integer Overflow or Wraparound vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability	6.8
2024-05-14	CVE-2024-30001	Microsoft	Integer Overflow or Wraparound vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability	6.8
2024-05-14	CVE-2024-30002	Microsoft	Unspecified vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability	6.8
2024-05-14	CVE-2024-30003	Microsoft	Integer Overflow or Wraparound vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability	6.8
2024-05-14	CVE-2024-30004	Microsoft	Integer Overflow or Wraparound vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability	6.8
2024-05-14	CVE-2024-30005	Microsoft	Integer Overflow or Wraparound vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability	6.8
2024-05-14	CVE-2024-30012		Windows Mobile Broadband Driver Remote Code Execution Vulnerability	6.8
2024-05-14	CVE-2024-30021		Windows Mobile Broadband Driver Remote Code Execution Vulnerability	6.8
2024-05-14	CVE-2023-36640	Fortinet	Use of Externally-Controlled Format String vulnerability in Fortinet Fortiproxy A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands	6.7
2024-05-16	CVE-2024-4279		The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key.	6.5
2024-05-14	CVE-2024-30036		Windows Deployment Services Information Disclosure Vulnerability	6.5
2024-05-14	CVE-2024-30043		Microsoft SharePoint Server Information Disclosure Vulnerability	6.5
2024-05-14	CVE-2024-30053		Azure Migrate Cross-Site Scripting Vulnerability	6.5
2024-05-14	CVE-2024-30054		Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability	6.5
2024-05-14	CVE-2024-30011		Windows Hyper-V Denial of Service Vulnerability	6.5
2024-05-14	CVE-2024-30019		DHCP Server Service Denial of Service Vulnerability	6.5
2024-05-14	CVE-2024-4144		The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502.	6.5
2024-05-14	CVE-2024-4445		The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01.	6.5
2024-05-14	CVE-2024-4448		The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' widgets in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes.	6.5
2024-05-14	CVE-2024-4038		The The Back In Stock Notifier for WooCommerce \| WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1.	6.5
2024-05-14	CVE-2024-4039		The The Orders Tracking for WooCommerce plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.10.	6.5
2024-05-18	CVE-2024-5088		The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping.	6.4
2024-05-18	CVE-2024-4432		The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.26 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-18	CVE-2024-2772		The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping.	6.4
2024-05-18	CVE-2024-4698		The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping.	6.4
2024-05-18	CVE-2024-3811		The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-18	CVE-2024-4849		The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping.	6.4
2024-05-18	CVE-2024-4374		The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-18	CVE-2024-4891		The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping.	6.4
2024-05-18	CVE-2024-4865		The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping.	6.4
2024-05-17	CVE-2024-4789		Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the send_demo_webhook() function.	6.4
2024-05-16	CVE-2024-3134		The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping.	6.4
2024-05-16	CVE-2024-4580		The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping.	6.4
2024-05-16	CVE-2024-4288		The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping.	6.4
2024-05-16	CVE-2024-4400		The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping.	6.4
2024-05-16	CVE-2024-4617		The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping.	6.4
2024-05-16	CVE-2024-4634		The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping.	6.4
2024-05-16	CVE-2024-4391		The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-16	CVE-2024-4478		The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'tooltip_position' attribute.	6.4
2024-05-16	CVE-2024-4546		The Custom Post Type Attachment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pdf_attachment' shortcode in all versions up to, and including, 3.4.5 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-16	CVE-2024-4635		The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_mime_type’ function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping.	6.4
2024-05-16	CVE-2024-4984		The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping.	6.4
2024-05-15	CVE-2024-4702		The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-15	CVE-2024-4636		The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping.	6.4
2024-05-15	CVE-2024-4208		The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-15	CVE-2024-4618		The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute.	6.4
2024-05-15	CVE-2024-4363		The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping.	6.4
2024-05-15	CVE-2024-4370		The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-4666		The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-4333		The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-4440		The 140+ Widgets \| Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-4473		The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-4624		The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugins for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_ext_toc_title_tag’ parameter in versions up to, and including, 5.9.20 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-4542		The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-4567		The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-4574		The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-4630		The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-4158		The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-4193		The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-4209		The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-4275		The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Interactive Circle widget in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-4316		The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-4329		The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-4339		The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-4383		The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-4386		The Gallery Block (Meow Gallery) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data_atts’ parameter in versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-4398		The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-4411		The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-4430		The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the photo widget crop attribute in all versions up to, and including, 2.8.1.2 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-4449		The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content Ticker', 'Woo Product Gallery', & 'Twitter Feed' widgets in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-4481		The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-4487		The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-4490		The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-3680		The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-3831		The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-3923		The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_target parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-3952		The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Ad widget in all versions up to, and including, 1.52.1 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-3974		The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-3989		The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-3990		The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip & Popover Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-3595		The Pure Chat – Live Chat Plugin & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the purechatwid and purechatwname parameter in all versions up to, and including, 2.22 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-2923		The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text effect widget in all versions up to, and including, 1.1.37 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-2785		The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-1166		The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hover Effects Widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes.	6.4
2024-05-14	CVE-2024-0445		The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's element attributes in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping.	6.4
2024-05-14	CVE-2024-30045		.NET and Visual Studio Remote Code Execution Vulnerability	6.3
2024-05-14	CVE-2024-30059		Microsoft Intune for Android Mobile Application Management Tampering Vulnerability	6.1
2024-05-14	CVE-2024-4041		The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping.	6.1
2024-05-14	CVE-2024-4104		The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dbp_id' parameter in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping.	6.1
2024-05-14	CVE-2024-4150		The Simple Basic Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘scf_email’ parameter in versions up to, and including, 20221201 due to insufficient input sanitization and output escaping.	6.1
2024-05-14	CVE-2024-3547		The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google_connect_error' parameter in all versions up to, and including, 1.5.102 due to insufficient input sanitization and output escaping.	6.1
2024-05-16	CVE-2024-30283		Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.	5.5
2024-05-16	CVE-2024-30286		Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.	5.5
2024-05-16	CVE-2024-30287		Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.	5.5
2024-05-16	CVE-2024-20793		Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.	5.5
2024-05-16	CVE-2024-30281		Substance3D - Designer versions 13.1.1 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.	5.5
2024-05-16	CVE-2024-30308		Substance3D - Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.	5.5
2024-05-16	CVE-2024-30309		Substance3D - Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.	5.5
2024-05-15	CVE-2024-30311		Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.	5.5
2024-05-15	CVE-2024-30312		Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.	5.5
2024-05-15	CVE-2024-34101		Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.	5.5
2024-05-14	CVE-2024-30034		Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability	5.5
2024-05-14	CVE-2024-30037		Windows Common Log File System Driver Elevation of Privilege Vulnerability	5.5
2024-05-14	CVE-2024-30039		Windows Remote Access Connection Manager Information Disclosure Vulnerability	5.5
2024-05-14	CVE-2024-30008		Windows DWM Core Library Information Disclosure Vulnerability	5.5
2024-05-14	CVE-2024-30016		Windows Cryptographic Services Information Disclosure Vulnerability	5.5
2024-05-14	CVE-2023-50180	Fortinet	Exposure of System Data to an Unauthorized Control Sphere vulnerability in Fortinet Fortiadc An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins.	5.5
2024-05-15	CVE-2024-34906	Dootask	Unrestricted Upload of File with Dangerous Type vulnerability in Dootask 0.30.13 An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file.	5.4
2024-05-15	CVE-2024-34909	Kykms	Unrestricted Upload of File with Dangerous Type vulnerability in Kykms An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.	5.4
2024-05-15	CVE-2024-34913	Technocking	Unrestricted Upload of File with Dangerous Type vulnerability in Technocking R-Pan-Scaffolding An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.	5.4
2024-05-15	CVE-2024-3189		The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes.	5.4
2024-05-14	CVE-2024-30041		Microsoft Bing Search Spoofing Vulnerability	5.4
2024-05-14	CVE-2024-30050		Windows Mark of the Web Security Feature Bypass Vulnerability	5.4
2024-05-14	CVE-2024-3722		The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18.	5.4
2024-05-14	CVE-2024-3956		The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pod Form widget in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes.	5.4
2024-05-14	CVE-2024-30055		Microsoft Edge (Chromium-based) Spoofing Vulnerability	5.4
2024-05-15	CVE-2024-4894		ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks.	5.3
2024-05-14	CVE-2024-0870		The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_mail_status' and 'save_email_settings' functions in all versions up to, and including, 4.12.0.	5.3
2024-05-14	CVE-2024-4213		The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality.	5.3
2024-05-14	CVE-2024-4280		The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3.	5.3
2024-05-14	CVE-2024-4444		The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5.	5.3
2024-05-14	CVE-2024-3915		The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sf_edit_directory_item() function in all versions up to, and including, 2.7.31.	5.3
2024-05-14	CVE-2024-3916		The Swift Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 2.7.31 due to insufficient input sanitization and output escaping on user supplied attributes.	5.3
2024-05-14	CVE-2024-1229		The SimpleShop plugin for WordPress is vulnerable to unauthorized disconnection from SimpleShop due to a missing capability check on the maybe_disconnect_simpleshop function in all versions up to, and including, 2.10.2.	5.3
2024-05-14	CVE-2023-6327		The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7.	5.3
2024-05-14	CVE-2023-45586	Fortinet	Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortios and Fortiproxy An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.	5.0
2024-05-14	CVE-2024-28135		A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation.	5.0
2024-05-15	CVE-2024-4656		The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping.	4.4
2024-05-15	CVE-2024-4734		The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping.	4.4
2024-05-14	CVE-2024-4417		The Falang multilanguage for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.49 due to insufficient input sanitization and output escaping.	4.4
2024-05-14	CVE-2024-3068		The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfs[fields][*][name]' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping.	4.4
2024-05-14	CVE-2024-2846		The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping.	4.4
2024-05-16	CVE-2024-3609		The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27.	4.3
2024-05-16	CVE-2024-4204		The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3.	4.3
2024-05-15	CVE-2024-4199		The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3.	4.3
2024-05-15	CVE-2024-0437		The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API.	4.3
2024-05-14	CVE-2024-4312		The Soccer Engine – Soccer Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.	4.3
2024-05-14	CVE-2024-4314		The Hostel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5.3.	4.3
2024-05-14	CVE-2024-4463		The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.7.	4.3
2024-05-14	CVE-2024-4082		The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2.	4.3
2024-05-14	CVE-2024-4103		The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0.	4.3
2024-05-14	CVE-2024-1693		The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70.	4.3
2024-05-14	CVE-2024-1467		The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request().	4.3

Expand/Hide

0 Low Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS