Weekly Vulnerabilities Reports > June 10 to 16, 2024
Overview
505 new vulnerabilities reported during this period, including 43 critical vulnerabilities and 164 high severity vulnerabilities. This weekly summary report vulnerabilities in 190 products from 107 vendors including Adobe, Google, Microsoft, Apple, and Fedoraproject. Vulnerabilities are notably categorized as "Cross-site Scripting", "Missing Authorization", "SQL Injection", "Out-of-bounds Write", and "Out-of-bounds Read".
- 396 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 215 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 183 reported vulnerabilities are exploitable by an anonymous user.
- Adobe has the most reported vulnerabilities, with 164 reported vulnerabilities.
- Itsourcecode has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
43 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-06-15 | CVE-2024-3105 | The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. | 9.9 | |
2024-06-11 | CVE-2024-3549 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.9 | |
2024-06-15 | CVE-2024-6016 | Itsourcecode | SQL Injection vulnerability in Itsourcecode Laundry Management System Project in PHP With Source Code 1.0 A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. | 9.8 |
2024-06-15 | CVE-2024-6014 | Itsourcecode | SQL Injection vulnerability in Itsourcecode Document Management System Project in PHP With Source Code 1.0 A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. | 9.8 |
2024-06-15 | CVE-2024-6015 | Itsourcecode | SQL Injection vulnerability in Itsourcecode Online House Rental System Project in PHP With Source Code 1.0 A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0. | 9.8 |
2024-06-15 | CVE-2024-6009 | Itsourcecode | SQL Injection vulnerability in Itsourcecode Learning Management System Project in PHP With Source Code 1.0 A vulnerability has been found in itsourcecode Event Calendar 1.0 and classified as critical. | 9.8 |
2024-06-15 | CVE-2024-6013 | Itsourcecode | SQL Injection vulnerability in Itsourcecode Online Book Store Project in PHP and Mysql With Source Code 1.0 A vulnerability was found in itsourcecode Online Book Store 1.0. | 9.8 |
2024-06-15 | CVE-2024-4258 | The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. | 9.8 | |
2024-06-15 | CVE-2024-5871 | The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. | 9.8 | |
2024-06-14 | CVE-2024-3912 | Certain models of ASUS routers have an arbitrary firmware upload vulnerability. | 9.8 | |
2024-06-14 | CVE-2024-5577 | The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. | 9.8 | |
2024-06-14 | CVE-2024-4936 | The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. | 9.8 | |
2024-06-14 | CVE-2024-3080 | Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device. | 9.8 | |
2024-06-14 | CVE-2024-5983 | Itsourcecode | SQL Injection vulnerability in Itsourcecode Online Book Store Project 1.0 A vulnerability was found in itsourcecode Online Bookstore 1.0. | 9.8 |
2024-06-14 | CVE-2024-5984 | Online Book Store Project Project | SQL Injection vulnerability in Online Book Store Project Online Book Store Project 1.0 A vulnerability was found in itsourcecode Online Bookstore 1.0. | 9.8 |
2024-06-13 | CVE-2024-29786 | Out-of-bounds Write vulnerability in Google Android In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. | 9.8 | |
2024-06-13 | CVE-2024-32905 | Out-of-bounds Write vulnerability in Google Android In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. | 9.8 | |
2024-06-13 | CVE-2024-32911 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Google Android There is a possible escalation of privilege due to improperly used crypto. | 9.8 | |
2024-06-13 | CVE-2024-32913 | Integer Overflow or Wraparound vulnerability in Google Android In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. | 9.8 | |
2024-06-13 | CVE-2024-30299 | Adobe | Improper Authentication vulnerability in Adobe Framemaker Publishing Server 2020/2022 Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. | 9.8 |
2024-06-13 | CVE-2024-30300 | Adobe | Information Exposure vulnerability in Adobe Framemaker Publishing Server 2020/2022 Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Information Exposure vulnerability (CWE-200) that could lead to privilege escalation. | 9.8 |
2024-06-13 | CVE-2024-34102 | Adobe | XXE vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. | 9.8 |
2024-06-13 | CVE-2024-34107 | Adobe | Improper Access Control vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 9.8 |
2024-06-13 | CVE-2024-4371 | Codexpert | Deserialization of Untrusted Data vulnerability in Codexpert Codesigner The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. | 9.8 |
2024-06-13 | CVE-2024-26029 | Adobe | Improper Access Control vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 9.8 |
2024-06-13 | CVE-2024-3552 | Salephpscripts | SQL Injection vulnerability in Salephpscripts web Directory Free The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. | 9.8 |
2024-06-13 | CVE-2024-3922 | Dokan | SQL Injection vulnerability in Dokan PRO Plugin 3.10.3 The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
2024-06-12 | CVE-2024-4898 | Instawp | Missing Authorization vulnerability in Instawp Connect The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. | 9.8 |
2024-06-11 | CVE-2024-30080 | Microsoft | Use After Free vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
2024-06-10 | CVE-2024-36412 | Salesagility | SQL Injection vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 9.8 |
2024-06-10 | CVE-2024-37014 | Langflow | Unspecified vulnerability in Langflow Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. | 9.8 |
2024-06-10 | CVE-2024-35746 | Buddypress Cover Project | Unrestricted Upload of File with Dangerous Type vulnerability in Buddypress Cover Project Buddypress Cover 2.1.4.2 Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2. | 9.8 |
2024-06-10 | CVE-2024-5597 | Fujielectric | Type Confusion vulnerability in Fujielectric Monitouch V-Sft 5.4.42.0/6.1.6.0 Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution. | 9.8 |
2024-06-10 | CVE-2024-35677 | Stylemixthemes | Path Traversal vulnerability in Stylemixthemes Mega Menu 2.3.12 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through 2.3.12. | 9.8 |
2024-06-10 | CVE-2024-1228 | Eurosoft | Use of Hard-coded Credentials vulnerability in Eurosoft Przychodnia Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. | 9.8 |
2024-06-10 | CVE-2024-3699 | Dreryk | Use of Hard-coded Credentials vulnerability in Dreryk Gabinet 7.0.0.0 Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. | 9.8 |
2024-06-10 | CVE-2024-3700 | Estomed | Use of Hard-coded Credentials vulnerability in Estomed Simple Care Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. | 9.8 |
2024-06-10 | CVE-2024-35735 | Codepeople | Missing Authorization vulnerability in Codepeople WP Time Slots Booking Form Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11. | 9.8 |
2024-06-14 | CVE-2024-2472 | The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. | 9.1 | |
2024-06-10 | CVE-2024-32167 | Oretnom23 | Unspecified vulnerability in Oretnom23 Online Medicine Ordering System 1.0 Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files. | 9.1 |
2024-06-10 | CVE-2024-31611 | Seacms | Unspecified vulnerability in Seacms 12.9 SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. | 9.1 |
2024-06-10 | CVE-2024-35658 | Themehigh | Path Traversal vulnerability in Themehigh Checkout Field Editor for Woocommerce Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through 3.6.2. | 9.1 |
2024-06-10 | CVE-2024-36417 | Salesagility | Cross-site Scripting vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 9.0 |
164 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-06-16 | CVE-2024-38457 | Xenforo | Cross-Site Request Forgery (CSRF) vulnerability in Xenforo 2.2.7 Xenforo before 2.2.16 allows CSRF. | 8.8 |
2024-06-16 | CVE-2024-38458 | Xenforo | Code Injection vulnerability in Xenforo 2.2.7 Xenforo before 2.2.16 allows code injection. | 8.8 |
2024-06-15 | CVE-2024-6008 | Isourcecode | SQL Injection vulnerability in Isourcecode Online Book Store Project in PHP With Source Code 1.0 A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. | 8.8 |
2024-06-15 | CVE-2024-3813 | The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. | 8.8 | |
2024-06-14 | CVE-2024-2024 | The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. | 8.8 | |
2024-06-14 | CVE-2024-5996 | The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. | 8.8 | |
2024-06-14 | CVE-2024-5995 | The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. | 8.8 | |
2024-06-14 | CVE-2024-5985 | Best Online News Portal Project | SQL Injection vulnerability in Best Online News Portal Project Best Online News Portal 1.0 A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. | 8.8 |
2024-06-13 | CVE-2024-34111 | Adobe | Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. | 8.8 |
2024-06-12 | CVE-2024-37038 | Schneider Electric | Incorrect Default Permissions vulnerability in Schneider-Electric Sage RTU Firmware CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests. | 8.8 |
2024-06-12 | CVE-2023-51524 | Weformspro | Missing Authorization vulnerability in Weformspro Weforms Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18. | 8.8 |
2024-06-12 | CVE-2024-4845 | Icegram | SQL Injection vulnerability in Icegram Express The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
2024-06-11 | CVE-2024-5830 | Google Fedoraproject | Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | 8.8 |
2024-06-11 | CVE-2024-5831 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2024-06-11 | CVE-2024-5832 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2024-06-11 | CVE-2024-5833 | Google Fedoraproject | Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 8.8 |
2024-06-11 | CVE-2024-5834 | Google Fedoraproject | Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 8.8 |
2024-06-11 | CVE-2024-5835 | Google Fedoraproject | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2024-06-11 | CVE-2024-5836 | Google Fedoraproject | Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. | 8.8 |
2024-06-11 | CVE-2024-5837 | Google Fedoraproject | Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 8.8 |
2024-06-11 | CVE-2024-5838 | Google Fedoraproject | Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | 8.8 |
2024-06-11 | CVE-2024-5841 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2024-06-11 | CVE-2024-5842 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. | 8.8 |
2024-06-11 | CVE-2024-5844 | Google Fedoraproject | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.8 |
2024-06-11 | CVE-2024-5845 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 8.8 |
2024-06-11 | CVE-2024-5846 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 8.8 |
2024-06-11 | CVE-2024-5847 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 8.8 |
2024-06-11 | CVE-2024-35249 | Microsoft | Deserialization of Untrusted Data vulnerability in Microsoft Dynamics 365 Business Central 2023/2024 Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability | 8.8 |
2024-06-11 | CVE-2024-30064 | Microsoft | Unspecified vulnerability in Microsoft Windows Server 2022 Windows Kernel Elevation of Privilege Vulnerability | 8.8 |
2024-06-11 | CVE-2024-30068 | Microsoft | Out-of-bounds Read vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 8.8 |
2024-06-11 | CVE-2024-30078 | Microsoft | Unspecified vulnerability in Microsoft products Windows Wi-Fi Driver Remote Code Execution Vulnerability | 8.8 |
2024-06-11 | CVE-2024-30097 | Microsoft | Double Free vulnerability in Microsoft products Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | 8.8 |
2024-06-11 | CVE-2024-30103 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps, Office and Outlook Microsoft Outlook Remote Code Execution Vulnerability | 8.8 |
2024-06-11 | CVE-2023-25799 | Themeum | Missing Authorization vulnerability in Themeum Tutor LMS Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8. | 8.8 |
2024-06-11 | CVE-2024-35716 | Copymatic | Missing Authorization vulnerability in Copymatic Missing Authorization vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.9. | 8.8 |
2024-06-10 | CVE-2024-27808 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved memory handling. | 8.8 |
2024-06-10 | CVE-2024-27820 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved memory handling. | 8.8 |
2024-06-10 | CVE-2024-27833 | Apple | Integer Overflow or Wraparound vulnerability in Apple products An integer overflow was addressed with improved input validation. | 8.8 |
2024-06-10 | CVE-2024-27851 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products The issue was addressed with improved bounds checks. | 8.8 |
2024-06-10 | CVE-2024-27855 | Apple | Unspecified vulnerability in Apple Iphone OS and Macos The issue was addressed with improved checks. | 8.8 |
2024-06-10 | CVE-2024-36411 | Salesagility | SQL Injection vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 8.8 |
2024-06-10 | CVE-2024-36415 | Salesagility | Unrestricted Upload of File with Dangerous Type vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 8.8 |
2024-06-10 | CVE-2024-36409 | Salesagility | SQL Injection vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 8.8 |
2024-06-10 | CVE-2024-36410 | Salesagility | SQL Injection vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 8.8 |
2024-06-10 | CVE-2024-36408 | Salesagility | SQL Injection vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 8.8 |
2024-06-10 | CVE-2024-35721 | Awplife | Missing Authorization vulnerability in Awplife Image Gallery Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5. | 8.8 |
2024-06-10 | CVE-2024-35722 | Awplife | Missing Authorization vulnerability in Awplife Slider Responsive Slideshow Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through 1.4.0. | 8.8 |
2024-06-10 | CVE-2024-35723 | Arwebdesign | Missing Authorization vulnerability in Arwebdesign Dashboard To-Do List Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through 1.2.0. | 8.8 |
2024-06-10 | CVE-2024-35724 | Bosathemes | Missing Authorization vulnerability in Bosathemes Bosa Elementor Addons and Templates for Woocommerce Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through 1.0.12. | 8.8 |
2024-06-10 | CVE-2024-35725 | LA Studioweb | Missing Authorization vulnerability in La-Studioweb Element KIT for Elementor Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.6. | 8.8 |
2024-06-10 | CVE-2024-35726 | Themekraft | Missing Authorization vulnerability in Themekraft Buddypress Woocommerce MY Account Integration. Create Woocommerce Member Pages Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.19. | 8.8 |
2024-06-10 | CVE-2024-35727 | Actpro | Missing Authorization vulnerability in Actpro Extra Product Options for Woocommerce Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6. | 8.8 |
2024-06-10 | CVE-2024-35729 | Tickera | Missing Authorization vulnerability in Tickera Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through 3.5.2.6. | 8.8 |
2024-06-10 | CVE-2024-35741 | Getawesomesupport | Missing Authorization vulnerability in Getawesomesupport Awesome Support Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7. | 8.8 |
2024-06-10 | CVE-2024-23299 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved checks. | 8.6 |
2024-06-14 | CVE-2024-4404 | The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. | 8.5 | |
2024-06-13 | CVE-2024-34104 | Adobe | Improper Authorization vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. | 8.2 |
2024-06-15 | CVE-2023-6696 | The Popup Builder – Create highly converting, mobile friendly marketing popups. | 8.1 | |
2024-06-14 | CVE-2024-37882 | Nextcloud | Improper Preservation of Permissions vulnerability in Nextcloud Server Nextcloud Server is a self hosted personal cloud system. | 8.1 |
2024-06-13 | CVE-2024-34103 | Adobe | Improper Authentication vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. | 8.1 |
2024-06-12 | CVE-2024-37037 | Schneider Electric | Path Traversal vulnerability in Schneider-Electric Sage RTU Firmware CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request. | 8.1 |
2024-06-12 | CVE-2024-37040 | Schneider Electric | Classic Buffer Overflow vulnerability in Schneider-Electric Sage RTU Firmware CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request. | 8.1 |
2024-06-12 | CVE-2024-5543 | The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.1 | |
2024-06-11 | CVE-2024-37325 | Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability | 8.1 | |
2024-06-11 | CVE-2023-7264 | The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. | 8.1 | |
2024-06-10 | CVE-2024-4328 | Parisneo | Cross-Site Request Forgery (CSRF) vulnerability in Parisneo Lollms web UI 9.6 A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. | 8.1 |
2024-06-11 | CVE-2024-30074 | Microsoft | Unspecified vulnerability in Microsoft Windows Server 2008 R2 Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability | 8.0 |
2024-06-11 | CVE-2024-30075 | Microsoft | Unspecified vulnerability in Microsoft Windows Server 2008 R2 Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability | 8.0 |
2024-06-11 | CVE-2024-30077 | Microsoft | Unspecified vulnerability in Microsoft products Windows OLE Remote Code Execution Vulnerability | 8.0 |
2024-06-13 | CVE-2024-29784 | Integer Overflow or Wraparound vulnerability in Google Android In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. | 7.8 | |
2024-06-13 | CVE-2024-29787 | Use After Free vulnerability in Google Android In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free. | 7.8 | |
2024-06-13 | CVE-2024-32892 | Type Confusion vulnerability in Google Android In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. | 7.8 | |
2024-06-13 | CVE-2024-32895 | Out-of-bounds Write vulnerability in Google Android In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2024-06-13 | CVE-2024-32896 | Unspecified vulnerability in Google Android there is a possible way to bypass due to a logic error in the code. | 7.8 | |
2024-06-13 | CVE-2024-32900 | Improper Locking vulnerability in Google Android In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. | 7.8 | |
2024-06-13 | CVE-2024-32901 | Out-of-bounds Write vulnerability in Google Android In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2024-06-13 | CVE-2024-32903 | Out-of-bounds Write vulnerability in Google Android In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. | 7.8 | |
2024-06-13 | CVE-2024-32906 | Use of Uninitialized Resource vulnerability in Google Android In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. | 7.8 | |
2024-06-13 | CVE-2024-32907 | Classic Buffer Overflow vulnerability in Google Android In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation. | 7.8 | |
2024-06-13 | CVE-2024-32908 | Race Condition vulnerability in Google Android In sec_media_protect of media.c, there is a possible permission bypass due to a race condition. | 7.8 | |
2024-06-13 | CVE-2024-32909 | Out-of-bounds Write vulnerability in Google Android In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow. | 7.8 | |
2024-06-13 | CVE-2024-31956 | Samsung | Out-of-bounds Write vulnerability in Samsung products An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. | 7.8 |
2024-06-13 | CVE-2024-32504 | Samsung | Out-of-bounds Write vulnerability in Samsung products An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. | 7.8 |
2024-06-13 | CVE-2024-20753 | Adobe | Out-of-bounds Read vulnerability in Adobe Photoshop Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2024-06-13 | CVE-2024-34115 | Adobe | Out-of-bounds Write vulnerability in Adobe Substance 3D Stager 2.0.1/2.1.3 Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2024-06-12 | CVE-2024-0865 | Schneider Electric | Use of Hard-coded Credentials vulnerability in Schneider-Electric Ecostruxure IT Gateway CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. | 7.8 |
2024-06-11 | CVE-2024-30104 | Microsoft | Link Following vulnerability in Microsoft 365 Apps and Office Microsoft Office Remote Code Execution Vulnerability | 7.8 |
2024-06-11 | CVE-2024-35250 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7.8 |
2024-06-11 | CVE-2024-30062 | Microsoft | Unspecified vulnerability in Microsoft products Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability | 7.8 |
2024-06-11 | CVE-2024-30072 | Microsoft | Unspecified vulnerability in Microsoft Windows 11 22H2 Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability | 7.8 |
2024-06-11 | CVE-2024-30082 | Microsoft | Unspecified vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.8 |
2024-06-11 | CVE-2024-30085 | Microsoft | Unspecified vulnerability in Microsoft products Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
2024-06-11 | CVE-2024-30086 | Microsoft | Unspecified vulnerability in Microsoft products Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | 7.8 |
2024-06-11 | CVE-2024-30087 | Microsoft | Unspecified vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.8 |
2024-06-11 | CVE-2024-30089 | Microsoft | Use After Free vulnerability in Microsoft products Microsoft Streaming Service Elevation of Privilege Vulnerability | 7.8 |
2024-06-11 | CVE-2024-30091 | Microsoft | Unspecified vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.8 |
2024-06-11 | CVE-2024-30094 | Microsoft | Unspecified vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.8 |
2024-06-11 | CVE-2024-30095 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.8 |
2024-06-11 | CVE-2024-30100 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Server Remote Code Execution Vulnerability | 7.8 |
2024-06-10 | CVE-2024-27801 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved checks. | 7.8 |
2024-06-10 | CVE-2024-27802 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 7.8 |
2024-06-10 | CVE-2024-27811 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved checks. | 7.8 |
2024-06-10 | CVE-2024-27815 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved input validation. | 7.8 |
2024-06-10 | CVE-2024-27817 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved checks. | 7.8 |
2024-06-10 | CVE-2024-27828 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved memory handling. | 7.8 |
2024-06-10 | CVE-2024-27831 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved input validation. | 7.8 |
2024-06-10 | CVE-2024-27832 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved checks. | 7.8 |
2024-06-10 | CVE-2024-27836 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved checks. | 7.8 |
2024-06-10 | CVE-2024-27848 | Apple | Incorrect Authorization vulnerability in Apple Ipados and Macos This issue was addressed with improved permissions checking. | 7.8 |
2024-06-10 | CVE-2024-27857 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An out-of-bounds access issue was addressed with improved bounds checking. | 7.8 |
2024-06-10 | CVE-2022-32897 | Apple | Out-of-bounds Write vulnerability in Apple Macos A memory corruption issue was addressed with improved validation. | 7.8 |
2024-06-10 | CVE-2022-48683 | Apple | Unspecified vulnerability in Apple Macos An access issue was addressed with additional sandbox restrictions. | 7.8 |
2024-06-10 | CVE-2024-36971 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets. | 7.8 |
2024-06-14 | CVE-2024-5551 | The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. | 7.5 | |
2024-06-13 | CVE-2024-29781 | Out-of-bounds Read vulnerability in Google Android In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. | 7.5 | |
2024-06-13 | CVE-2024-32894 | Out-of-bounds Read vulnerability in Google Android In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2024-06-13 | CVE-2024-32902 | Unspecified vulnerability in Google Android Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet) | 7.5 | |
2024-06-13 | CVE-2024-4696 | A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited. | 7.5 | |
2024-06-13 | CVE-2024-35328 | Pyyaml | Infinite Loop vulnerability in Pyyaml Libyaml 0.2.5 libyaml v0.2.5 is vulnerable to DDOS. | 7.5 |
2024-06-13 | CVE-2024-34112 | ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. | 7.5 | |
2024-06-13 | CVE-2024-34129 | Adobe | Path Traversal vulnerability in Adobe Acrobat Reader 20.6.0/20.6.2/20.9.0 Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. | 7.5 |
2024-06-13 | CVE-2024-2098 | The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. | 7.5 | |
2024-06-12 | CVE-2024-37039 | Schneider Electric | Unchecked Return Value vulnerability in Schneider-Electric Sage RTU Firmware CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request. | 7.5 |
2024-06-12 | CVE-2024-5560 | Schneider Electric | Out-of-bounds Read vulnerability in Schneider-Electric Sage RTU Firmware CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request. | 7.5 |
2024-06-11 | CVE-2024-35252 | Microsoft | Unspecified vulnerability in Microsoft Azure Storage Data Movement Library Azure Storage Movement Client Library Denial of Service Vulnerability | 7.5 |
2024-06-11 | CVE-2024-30070 | Microsoft | Unspecified vulnerability in Microsoft products DHCP Server Service Denial of Service Vulnerability | 7.5 |
2024-06-11 | CVE-2024-30083 | Microsoft | Unspecified vulnerability in Microsoft products Windows Standards-Based Storage Management Service Denial of Service Vulnerability | 7.5 |
2024-06-11 | CVE-2024-30101 | Microsoft | Use After Free vulnerability in Microsoft 365 Apps and Office Microsoft Office Remote Code Execution Vulnerability | 7.5 |
2024-06-10 | CVE-2024-22279 | Cloudfoundry | HTTP Request Smuggling vulnerability in Cloudfoundry Cf-Deployment and Routing Release Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale. | 7.5 |
2024-06-10 | CVE-2024-36416 | Salesagility | Unspecified vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 7.5 |
2024-06-10 | CVE-2024-37393 | Securenvoy | Cleartext Transmission of Sensitive Information vulnerability in Securenvoy Multi-Factor Authentication Solutions Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. | 7.5 |
2024-06-10 | CVE-2024-35745 | Strategery Migrations Project | Path Traversal vulnerability in Strategery-Migrations Project Strategery-Migrations Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through 1.0. | 7.5 |
2024-06-10 | CVE-2024-37051 | Jetbrains | Insufficiently Protected Credentials vulnerability in Jetbrains products GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4 | 7.5 |
2024-06-10 | CVE-2024-28833 | Checkmk | Improper Restriction of Excessive Authentication Attempts vulnerability in Checkmk 2.3.0 Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. | 7.5 |
2024-06-10 | CVE-2024-37880 | PQ Crystals | Information Exposure Through Discrepancy vulnerability in Pq-Crystals Kyber The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. | 7.5 |
2024-06-15 | CVE-2024-2544 | The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. | 7.4 | |
2024-06-14 | CVE-2024-1094 | The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. | 7.3 | |
2024-06-12 | CVE-2023-51537 | Awesomesupport | Missing Authorization vulnerability in Awesomesupport Awesome Support Wordpress Helpdesk & Support Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.5. | 7.3 |
2024-06-11 | CVE-2024-35248 | Microsoft | Improper Authentication vulnerability in Microsoft Dynamics 365 Business Central 2023/2024 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | 7.3 |
2024-06-11 | CVE-2024-30093 | Microsoft | Link Following vulnerability in Microsoft products Windows Storage Elevation of Privilege Vulnerability | 7.3 |
2024-06-11 | CVE-2024-30102 | Microsoft | Use After Free vulnerability in Microsoft 365 Apps Microsoft Office Remote Code Execution Vulnerability | 7.3 |
2024-06-11 | CVE-2024-35692 | Termly | Missing Authorization vulnerability in Termly Gdpr Cookie Consent Banner Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2. | 7.3 |
2024-06-10 | CVE-2024-35742 | Codeparrots | Missing Authorization vulnerability in Codeparrots Easy Forms for Mailchimp 6.9.0 Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0. | 7.3 |
2024-06-10 | CVE-2024-4744 | Ipages Flipbook Project | Missing Authorization vulnerability in Ipages Flipbook Project Ipages Flipbook Missing Authorization vulnerability in Avirtum iPages Flipbook.This issue affects iPages Flipbook: from n/a through 1.5.1. | 7.3 |
2024-06-14 | CVE-2024-31162 | The specific function parameter of ASUS Download Master does not properly filter user input. | 7.2 | |
2024-06-14 | CVE-2024-31163 | ASUS Download Master has a buffer overflow vulnerability. | 7.2 | |
2024-06-14 | CVE-2024-31161 | The upload functionality of ASUS Download Master does not properly filter user input. | 7.2 | |
2024-06-13 | CVE-2024-34108 | Adobe | Improper Input Validation vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. | 7.2 |
2024-06-13 | CVE-2024-34109 | Adobe | Improper Input Validation vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. | 7.2 |
2024-06-13 | CVE-2024-34110 | Adobe | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. | 7.2 |
2024-06-13 | CVE-2024-4145 | WP Media | SQL Injection vulnerability in Wp-Media Search & Replace The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network). | 7.2 |
2024-06-10 | CVE-2024-35650 | Melapress | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Melapress Login Security Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through 1.3.0. | 7.2 |
2024-06-15 | CVE-2024-6000 | The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions up to, and including, 1.19.20. | 7.1 | |
2024-06-13 | CVE-2024-34116 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Creative Cloud Desktop Application Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. | 7.1 |
2024-06-11 | CVE-2024-35254 | Microsoft | Link Following vulnerability in Microsoft Azure Monitor Agent Azure Monitor Agent Elevation of Privilege Vulnerability | 7.1 |
2024-06-10 | CVE-2022-48578 | Apple | Out-of-bounds Read vulnerability in Apple Macos An out-of-bounds read was addressed with improved bounds checking. | 7.1 |
2024-06-13 | CVE-2024-32891 | Race Condition vulnerability in Google Android In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition. | 7.0 | |
2024-06-13 | CVE-2024-32899 | Race Condition vulnerability in Google Android In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. | 7.0 | |
2024-06-11 | CVE-2024-35265 | Microsoft | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products Windows Perception Service Elevation of Privilege Vulnerability | 7.0 |
2024-06-11 | CVE-2024-30084 | Microsoft | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7.0 |
2024-06-11 | CVE-2024-30088 | Microsoft | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.0 |
2024-06-11 | CVE-2024-30090 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Microsoft Streaming Service Elevation of Privilege Vulnerability | 7.0 |
2024-06-11 | CVE-2024-30099 | Microsoft | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.0 |
2024-06-10 | CVE-2024-5102 | Avast | Link Following vulnerability in Avast Antivirus A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. | 7.0 |
289 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-06-11 | CVE-2024-30076 | Microsoft | Unspecified vulnerability in Microsoft products Windows Container Manager Service Elevation of Privilege Vulnerability | 6.8 |
2024-06-11 | CVE-2024-29060 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio 2017 and Visual Studio 2022 Visual Studio Elevation of Privilege Vulnerability | 6.7 |
2024-06-11 | CVE-2024-30063 | Microsoft | Unspecified vulnerability in Microsoft products Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 6.7 |
2024-06-15 | CVE-2024-5868 | The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. | 6.5 | |
2024-06-12 | CVE-2024-1495 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. | 6.5 |
2024-06-12 | CVE-2024-1736 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. | 6.5 |
2024-06-12 | CVE-2024-1963 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. | 6.5 |
2024-06-12 | CVE-2024-5674 | Newsletter | Unspecified vulnerability in Newsletter The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. | 6.5 |
2024-06-11 | CVE-2024-5839 | Google Fedoraproject | Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |
2024-06-11 | CVE-2024-5840 | Google Fedoraproject | Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. | 6.5 |
2024-06-11 | CVE-2024-5843 | Google Fedoraproject | Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. | 6.5 |
2024-06-10 | CVE-2024-27800 | Apple | Unspecified vulnerability in Apple products This issue was addressed by removing the vulnerable code. | 6.5 |
2024-06-10 | CVE-2024-27812 | Apple | Unspecified vulnerability in Apple Visionos 1.0.2/1.1 The issue was addressed with improvements to the file handling protocol. | 6.5 |
2024-06-10 | CVE-2024-27830 | Apple | Unspecified vulnerability in Apple products This issue was addressed through improved state management. | 6.5 |
2024-06-10 | CVE-2024-27838 | Apple | Unspecified vulnerability in Apple products The issue was addressed by adding additional logic. | 6.5 |
2024-06-10 | CVE-2024-27850 | Apple | Unspecified vulnerability in Apple products This issue was addressed with improvements to the noise injection algorithm. | 6.5 |
2024-06-10 | CVE-2024-36414 | Salesagility | Server-Side Request Forgery (SSRF) vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 6.5 |
2024-06-10 | CVE-2024-31612 | Emlog | Cross-Site Request Forgery (CSRF) vulnerability in Emlog 2.3.0 Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information. | 6.5 |
2024-06-10 | CVE-2024-35743 | SC Filechecker Project | Path Traversal vulnerability in SC Filechecker Project SC Filechecker 0.6 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through 0.6. | 6.5 |
2024-06-10 | CVE-2024-35744 | Upunzipper Project | Path Traversal vulnerability in Upunzipper Project Upunzipper 1.0.0 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through 1.0.0. | 6.5 |
2024-06-10 | CVE-2024-35754 | Ovic Importer Project | Path Traversal vulnerability in Ovic Importer Project Ovic Importer 1.6.3 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ovic Team Ovic Importer allows Path Traversal.This issue affects Ovic Importer: from n/a through 1.6.3. | 6.5 |
2024-06-10 | CVE-2024-36407 | Salesagility | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 6.5 |
2024-06-10 | CVE-2022-45168 | Liveboxcloud | Improper Authentication vulnerability in Liveboxcloud Vdesk An issue was discovered in LIVEBOX Collaboration vDesk through v018. | 6.5 |
2024-06-15 | CVE-2024-5611 | The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-06-15 | CVE-2024-2695 | The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'. | 6.4 | |
2024-06-15 | CVE-2024-4095 | The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-06-15 | CVE-2024-5263 | The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-06-14 | CVE-2024-5994 | The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. | 6.4 | |
2024-06-14 | CVE-2024-2122 | The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-06-12 | CVE-2024-5558 | Schneider Electric | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Schneider-Electric Spacelogic As-B Firmware and Spacelogic As-P Firmware CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account. | 6.4 |
2024-06-12 | CVE-2024-3492 | The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-06-12 | CVE-2024-3925 | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-06-12 | CVE-2024-5892 | The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-06-12 | CVE-2024-3559 | The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-06-12 | CVE-2024-4564 | The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-06-11 | CVE-2024-4669 | The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-06-11 | CVE-2024-5646 | The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-06-11 | CVE-2024-5189 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-06-11 | CVE-2024-5584 | The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-06-11 | CVE-2024-5531 | The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-06-11 | CVE-2024-5530 | The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-06-11 | CVE-2023-6745 | The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. | 6.4 | |
2024-06-11 | CVE-2024-0627 | The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. | 6.4 | |
2024-06-11 | CVE-2024-5090 | The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 | |
2024-06-12 | CVE-2024-5759 | Tenable | Improper Privilege Management vulnerability in Tenable Security Center An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges | 6.3 |
2024-06-12 | CVE-2023-51680 | Technovama | Missing Authorization vulnerability in Technovama Quotes for Woocommerce Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through 2.0.1. | 6.3 |
2024-06-12 | CVE-2023-52117 | Profilegrid | Missing Authorization vulnerability in Profilegrid Metagauss Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6. | 6.3 |
2024-06-12 | CVE-2023-52177 | Softlab | Missing Authorization vulnerability in Softlab Integrate Google Drive Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3. | 6.3 |
2024-06-11 | CVE-2023-52217 | Wedevs | Missing Authorization vulnerability in Wedevs Woocommerce Conversion Tracking Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. | 6.3 |
2024-06-11 | CVE-2024-24704 | Addonmaster | Missing Authorization vulnerability in Addonmaster Load More Anything Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3. | 6.3 |
2024-06-11 | CVE-2024-34824 | Themeboy | Missing Authorization vulnerability in Themeboy Sportspress Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20. | 6.3 |
2024-06-10 | CVE-2024-27840 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved memory handling. | 6.3 |
2024-06-10 | CVE-2024-27885 | Apple | Link Following vulnerability in Apple Macos This issue was addressed with improved validation of symlinks. | 6.3 |
2024-06-10 | CVE-2024-4745 | Seedprod | Missing Authorization vulnerability in Seedprod Rafflepress Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.4. | 6.3 |
2024-06-10 | CVE-2024-4746 | Netgsm | Missing Authorization vulnerability in Netgsm 2.9.16 Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.16. | 6.3 |
2024-06-16 | CVE-2024-38454 | Expressionengine | Cross-site Scripting vulnerability in Expressionengine ExpressionEngine before 7.4.11 allows XSS. | 6.1 |
2024-06-13 | CVE-2023-35859 | Moderncampus | Cross-site Scripting vulnerability in Moderncampus Omni CMS 2023.1 A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters. | 6.1 |
2024-06-13 | CVE-2024-36395 | Verint | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Verint Workforce Optimization 15.2.918.262 Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 6.1 |
2024-06-13 | CVE-2024-0979 | Plugin Planet | Cross-site Scripting vulnerability in Plugin-Planet Dashboard Widgets Suite The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. | 6.1 |
2024-06-13 | CVE-2024-36216 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2024-06-13 | CVE-2024-3032 | Themify | Open Redirect vulnerability in Themify Builder Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue | 6.1 |
2024-06-12 | CVE-2024-37629 | Summernote | Cross-site Scripting vulnerability in Summernote 0.8.18 SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View Function. | 6.1 |
2024-06-12 | CVE-2024-22855 | Itss | Cross-site Scripting vulnerability in Itss Imlog A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. | 6.1 |
2024-06-12 | CVE-2024-37878 | Twcms | Cross-site Scripting vulnerability in Twcms 2.0.3 Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes parameters input from external sources | 6.1 |
2024-06-13 | CVE-2024-5661 | Citrix | Unspecified vulnerability in Citrix Hypervisor and Xenserver An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive. | 6.0 |
2024-06-13 | CVE-2024-32897 | Out-of-bounds Read vulnerability in Google Android In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. | 5.9 | |
2024-06-11 | CVE-2024-35263 | Microsoft | Unspecified vulnerability in Microsoft Dynamics 365 9.1 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 5.7 |
2024-06-14 | CVE-2024-36499 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 5.5 |
2024-06-14 | CVE-2024-36500 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 5.5 |
2024-06-14 | CVE-2024-36501 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity. | 5.5 |
2024-06-14 | CVE-2024-36502 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability. | 5.5 |
2024-06-14 | CVE-2024-36503 | Huawei | Use of Uninitialized Resource vulnerability in Huawei Emui and Harmonyos Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability. | 5.5 |
2024-06-14 | CVE-2024-5465 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability. | 5.5 |
2024-06-13 | CVE-2024-29780 | Use of Uninitialized Resource vulnerability in Google Android In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. | 5.5 | |
2024-06-13 | CVE-2024-29785 | Use of Uninitialized Resource vulnerability in Google Android In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. | 5.5 | |
2024-06-13 | CVE-2024-32893 | Incorrect Type Conversion or Cast vulnerability in Google Android In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. | 5.5 | |
2024-06-13 | CVE-2024-32910 | Use of Uninitialized Resource vulnerability in Google Android In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. | 5.5 | |
2024-06-13 | CVE-2024-32912 | Unspecified vulnerability in Google Android there is a possible persistent Denial of Service due to test/debugging code left in a production build. | 5.5 | |
2024-06-13 | CVE-2024-34113 | Adobe | Inadequate Encryption Strength vulnerability in Adobe Coldfusion 2021/2023 ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. | 5.5 |
2024-06-13 | CVE-2024-34130 | Adobe | Incorrect Authorization vulnerability in Adobe Acrobat Reader 20.6.0/20.6.2/20.9.0 Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. | 5.5 |
2024-06-13 | CVE-2024-30278 | Adobe | Out-of-bounds Read vulnerability in Adobe Media Encoder Media Encoder versions 23.6.5, 24.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-06-13 | CVE-2024-30276 | Adobe | Out-of-bounds Read vulnerability in Adobe Audition Audition versions 24.2, 23.6.4 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-06-13 | CVE-2024-30285 | Adobe | NULL Pointer Dereference vulnerability in Adobe Audition Audition versions 24.2, 23.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service condition. | 5.5 |
2024-06-11 | CVE-2024-35255 | Microsoft | Race Condition vulnerability in Microsoft Authentication Library and Azure Identity SDK Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | 5.5 |
2024-06-11 | CVE-2024-30065 | Microsoft | Unspecified vulnerability in Microsoft products Windows Themes Denial of Service Vulnerability | 5.5 |
2024-06-11 | CVE-2024-30066 | Microsoft | Unspecified vulnerability in Microsoft products Winlogon Elevation of Privilege Vulnerability | 5.5 |
2024-06-11 | CVE-2024-30067 | Microsoft | Unspecified vulnerability in Microsoft products Winlogon Elevation of Privilege Vulnerability | 5.5 |
2024-06-11 | CVE-2024-30096 | Microsoft | Unspecified vulnerability in Microsoft products Windows Cryptographic Services Information Disclosure Vulnerability | 5.5 |
2024-06-10 | CVE-2024-23282 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved checks. | 5.5 |
2024-06-10 | CVE-2024-27805 | Apple | Unspecified vulnerability in Apple products An issue was addressed with improved validation of environment variables. | 5.5 |
2024-06-10 | CVE-2024-27806 | Apple | Unspecified vulnerability in Apple products This issue was addressed with improved environment sanitization. | 5.5 |
2024-06-10 | CVE-2024-27844 | Apple | Unspecified vulnerability in Apple Macos, Safari and Visionos The issue was addressed with improved checks. | 5.5 |
2024-06-10 | CVE-2023-40389 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved restriction of data container access. | 5.5 |
2024-06-10 | CVE-2024-27792 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed by adding an additional prompt for user consent. | 5.5 |
2024-06-15 | CVE-2024-4479 | Jegtheme | Cross-site Scripting vulnerability in Jegtheme JEG Elementor KIT The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-13 | CVE-2024-30057 | Microsoft Edge for iOS Spoofing Vulnerability | 5.4 | |
2024-06-13 | CVE-2024-30058 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 5.4 | |
2024-06-13 | CVE-2024-1565 | Wpdeveloper | Cross-site Scripting vulnerability in Wpdeveloper Embedpress The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-06-13 | CVE-2024-4176 | Trellix | Cross-site Scripting vulnerability in Trellix Xconsole An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. | 5.4 |
2024-06-13 | CVE-2024-34119 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-34120 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36141 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36142 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36143 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36144 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36146 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36147 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36148 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36149 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36150 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36151 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36152 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36153 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36154 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36155 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36156 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36157 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36158 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36159 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36160 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36161 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36162 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36163 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36164 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36165 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36166 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36167 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36168 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36169 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36170 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36171 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36172 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36173 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36174 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36175 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36176 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36177 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36178 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36179 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36180 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36181 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36182 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36183 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36184 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36185 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36186 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36187 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36188 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36189 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36190 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36191 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36192 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36193 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36194 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36195 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36196 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36197 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36198 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36199 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36200 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36201 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36202 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36203 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36204 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36205 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36206 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36207 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36208 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36209 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36210 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36211 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36212 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36213 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36214 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36215 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36217 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36218 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36219 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36220 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36221 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36222 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36224 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36225 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36227 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36228 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36229 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36230 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36231 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36232 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-36233 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36234 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36235 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36236 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36238 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-36239 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-4615 | Elespare | Cross-site Scripting vulnerability in Elespare The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. | 5.4 |
2024-06-13 | CVE-2024-20769 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-20784 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26036 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26037 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26039 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26053 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26054 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26055 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26057 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26058 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26060 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26066 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26068 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26070 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26071 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26072 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26074 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26075 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26077 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26078 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26081 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26082 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26083 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26085 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26086 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26088 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26089 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26090 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26091 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26092 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26093 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26095 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26110 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26111 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26113 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26114 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26115 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26116 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26117 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2024-06-13 | CVE-2024-26121 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-26123 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-13 | CVE-2024-5265 | Wpbakery Page Builder Clipboard Project | Cross-site Scripting vulnerability in Wpbakery Page Builder Clipboard Project Wpbakery Page Builder Clipboard The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vc_single_image shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-06-13 | CVE-2024-2762 | Fooplugins | Cross-site Scripting vulnerability in Fooplugins Foogallery The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin | 5.4 |
2024-06-13 | CVE-2024-5757 | Brainstormforce | Cross-site Scripting vulnerability in Brainstormforce Elementor - Header, Footer & Blocks Template The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-13 | CVE-2024-5787 | Ideabox | Cross-site Scripting vulnerability in Ideabox Powerpack Addons for Elementor The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-12 | CVE-2024-37297 | Woocommerce | Cross-site Scripting vulnerability in Woocommerce WooCommerce is an open-source e-commerce platform built on WordPress. | 5.4 |
2024-06-12 | CVE-2024-1766 | Wpdownloadmanager | Cross-site Scripting vulnerability in Wpdownloadmanager Download Manager The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. | 5.4 |
2024-06-12 | CVE-2024-2092 | Wpvibes | Cross-site Scripting vulnerability in Wpvibes Elementor Addon Elements The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-06-12 | CVE-2023-51671 | Funnelkit | Missing Authorization vulnerability in Funnelkit Checkout 3.10.3 Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. | 5.4 |
2024-06-12 | CVE-2023-51679 | Bulkgate | Missing Authorization vulnerability in Bulkgate SMS Plugin for Woocommerce 3.0.2 Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin for WooCommerce.This issue affects BulkGate SMS Plugin for WooCommerce: from n/a through 3.0.2. | 5.4 |
2024-06-12 | CVE-2024-5266 | Wpdownloadmanager | Cross-site Scripting vulnerability in Wpdownloadmanager Download Manager The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-06-10 | CVE-2024-36413 | Salesagility | Cross-site Scripting vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 5.4 |
2024-06-10 | CVE-2024-3850 | Uniview | Cross-site Scripting vulnerability in Uniview Nvr301-04S2-P4 Firmware Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). | 5.4 |
2024-06-10 | CVE-2022-45176 | Liveboxcloud | Cross-site Scripting vulnerability in Liveboxcloud Vdesk An issue was discovered in LIVEBOX Collaboration vDesk through v018. | 5.4 |
2024-06-13 | CVE-2024-34106 | Adobe | Incorrect Authorization vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. | 5.3 |
2024-06-13 | CVE-2024-4576 | Tibco | Path Traversal vulnerability in Tibco EBX The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information. | 5.3 |
2024-06-11 | CVE-2024-4266 | The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. | 5.3 | |
2024-06-11 | CVE-2024-3723 | The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. | 5.3 | |
2024-06-11 | CVE-2024-4319 | The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. | 5.3 | |
2024-06-11 | CVE-2024-2473 | Wpserveur | Unspecified vulnerability in Wpserveur WPS Hide Login The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. | 5.3 |
2024-06-10 | CVE-2022-32933 | Apple | Unspecified vulnerability in Apple Macos An information disclosure issue was addressed by removing the vulnerable code. | 5.3 |
2024-06-10 | CVE-2024-35728 | Themeisle | Injection vulnerability in Themeisle Product Addons & Fields for Woocommerce Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20. | 5.3 |
2024-06-10 | CVE-2024-35747 | Contact Form Builder Project | Improper Restriction of Excessive Authentication Attempts vulnerability in Contact Form Builder Project Contact Form Builder Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7. | 5.3 |
2024-06-10 | CVE-2024-35749 | Acurax | Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode 2.6 Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through 2.6. | 5.3 |
2024-06-10 | CVE-2024-35680 | Yithemes | Injection vulnerability in Yithemes Yith Woocommerce Product Add-Ons Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.9.2. | 5.3 |
2024-06-10 | CVE-2024-35712 | Meowapps | Path Traversal vulnerability in Meowapps Database Cleaner Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5. | 4.9 |
2024-06-15 | CVE-2024-3814 | Tagdiv | Cross-site Scripting vulnerability in Tagdiv Composer 4.2/4.4 The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
2024-06-15 | CVE-2024-3815 | Tagdiv | Cross-site Scripting vulnerability in Tagdiv Newspaper The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
2024-06-14 | CVE-2024-31159 | The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. | 4.8 | |
2024-06-14 | CVE-2024-31160 | The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. | 4.8 | |
2024-06-13 | CVE-2024-34105 | Adobe | Cross-site Scripting vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. | 4.8 |
2024-06-13 | CVE-2024-26049 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a privileged attacker to inject malicious scripts into vulnerable form fields. | 4.8 |
2024-06-13 | CVE-2024-4149 | Premio | Cross-site Scripting vulnerability in Premio Floating Chat Widget The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2024-06-13 | CVE-2024-29778 | Out-of-bounds Read vulnerability in Google Android In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. | 4.7 | |
2024-06-13 | CVE-2024-32898 | Out-of-bounds Read vulnerability in Google Android In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. | 4.7 | |
2024-06-13 | CVE-2024-32904 | Out-of-bounds Read vulnerability in Google Android In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. | 4.7 | |
2024-06-11 | CVE-2024-30052 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio 2019 and Visual Studio 2022 Visual Studio Remote Code Execution Vulnerability | 4.7 |
2024-06-11 | CVE-2024-30069 | Microsoft | Out-of-bounds Read vulnerability in Microsoft products Windows Remote Access Connection Manager Information Disclosure Vulnerability | 4.7 |
2024-06-10 | CVE-2024-23251 | Apple | Unspecified vulnerability in Apple products An authentication issue was addressed with improved state management. | 4.6 |
2024-06-12 | CVE-2024-5557 | Schneider Electric | Information Exposure Through Log Files vulnerability in Schneider-Electric Spacelogic As-B Firmware and Spacelogic As-P Firmware CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs. | 4.5 |
2024-06-12 | CVE-2024-4201 | Gitlab | Cross-site Scripting vulnerability in Gitlab A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. | 4.4 |
2024-06-12 | CVE-2024-5553 | The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. | 4.4 | |
2024-06-11 | CVE-2024-35253 | Microsoft | Link Following vulnerability in Microsoft Azure File Sync Microsoft Azure File Sync Elevation of Privilege Vulnerability | 4.4 |
2024-06-11 | CVE-2024-0653 | The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. | 4.4 | |
2024-06-15 | CVE-2024-5858 | The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. | 4.3 | |
2024-06-14 | CVE-2024-2023 | The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. | 4.3 | |
2024-06-14 | CVE-2023-51376 | Brainstormforce | Missing Authorization vulnerability in Brainstormforce Surefeedback Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34. | 4.3 |
2024-06-14 | CVE-2023-6492 | The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. | 4.3 | |
2024-06-14 | CVE-2024-0892 | The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. | 4.3 | |
2024-06-13 | CVE-2024-38083 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.3 | |
2024-06-12 | CVE-2023-51670 | Funnelkit | Missing Authorization vulnerability in Funnelkit Checkout 3.10.3 Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. | 4.3 |
2024-06-11 | CVE-2023-6748 | The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. | 4.3 | |
2024-06-10 | CVE-2024-27807 | Apple | Unspecified vulnerability in Apple Iphone OS The issue was addressed with improved checks. | 4.3 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-06-13 | CVE-2024-26127 | Adobe | Improper Input Validation vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. | 3.5 |
2024-06-13 | CVE-2024-36226 | Adobe | Improper Input Validation vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. | 3.5 |
2024-06-13 | CVE-2024-26126 | Adobe | Improper Input Validation vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. | 3.5 |
2024-06-14 | CVE-2024-5464 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 3.3 |
2024-06-10 | CVE-2024-27799 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with additional entitlement checks. | 3.3 |
2024-06-10 | CVE-2024-27845 | Apple | Unspecified vulnerability in Apple Ipados A privacy issue was addressed with improved handling of temporary files. | 3.3 |
2024-06-13 | CVE-2024-3073 | WP Ecommerce | Unspecified vulnerability in Wp-Ecommerce Easy WP Smtp The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. | 2.7 |
2024-06-10 | CVE-2024-27814 | Apple | Unspecified vulnerability in Apple Watchos This issue was addressed through improved state management. | 2.4 |
2024-06-10 | CVE-2024-27819 | Apple | Unspecified vulnerability in Apple Ipados The issue was addressed by restricting options offered on a locked device. | 2.4 |