Weekly Vulnerabilities Reports > June 10 to 16, 2024

Overview

480 new vulnerabilities reported during this period, including 41 critical vulnerabilities and 153 high severity vulnerabilities. This weekly summary report vulnerabilities in 160 products from 84 vendors including Adobe, Google, Microsoft, Apple, and Fedoraproject. Vulnerabilities are notably categorized as "Cross-site Scripting", "Missing Authorization", "Out-of-bounds Write", "Out-of-bounds Read", and "SQL Injection".

  • 373 reported vulnerabilities are remotely exploitables.
  • 197 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 174 reported vulnerabilities are exploitable by an anonymous user.
  • Adobe has the most reported vulnerabilities, with 163 reported vulnerabilities.
  • Itsourcecode has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

41 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-06-15 CVE-2024-3105 The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode.
9.9
2024-06-11 CVE-2024-3549 The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
9.9
2024-06-15 CVE-2024-6016 Itsourcecode SQL Injection vulnerability in Itsourcecode Laundry Management System Project in PHP With Source Code 1.0

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0.

9.8
2024-06-15 CVE-2024-6014 Itsourcecode SQL Injection vulnerability in Itsourcecode Document Management System Project in PHP With Source Code 1.0

A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0.

9.8
2024-06-15 CVE-2024-6015 Itsourcecode SQL Injection vulnerability in Itsourcecode Online House Rental System Project in PHP With Source Code 1.0

A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0.

9.8
2024-06-15 CVE-2024-6009 Itsourcecode SQL Injection vulnerability in Itsourcecode Learning Management System Project in PHP With Source Code 1.0

A vulnerability has been found in itsourcecode Event Calendar 1.0 and classified as critical.

9.8
2024-06-15 CVE-2024-6013 Itsourcecode SQL Injection vulnerability in Itsourcecode Online Book Store Project in PHP and Mysql With Source Code 1.0

A vulnerability was found in itsourcecode Online Book Store 1.0.

9.8
2024-06-15 CVE-2024-4258 The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter.
9.8
2024-06-15 CVE-2024-5871 The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter.
9.8
2024-06-14 CVE-2024-3912 Certain models of ASUS routers have an arbitrary firmware upload vulnerability.
9.8
2024-06-14 CVE-2024-5577 The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file.
9.8
2024-06-14 CVE-2024-4936 The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter.
9.8
2024-06-14 CVE-2024-3080 Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device.
9.8
2024-06-13 CVE-2024-29786 Google Out-of-bounds Write vulnerability in Google Android

In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check.

9.8
2024-06-13 CVE-2024-32905 Google Out-of-bounds Write vulnerability in Google Android

In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check.

9.8
2024-06-13 CVE-2024-32911 Google Use of a Broken or Risky Cryptographic Algorithm vulnerability in Google Android

There is a possible escalation of privilege due to improperly used crypto.

9.8
2024-06-13 CVE-2024-32913 Google Integer Overflow or Wraparound vulnerability in Google Android

In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow.

9.8
2024-06-13 CVE-2024-30299 Adobe Improper Authentication vulnerability in Adobe Framemaker Publishing Server 2020/2022

Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation.

9.8
2024-06-13 CVE-2024-30300 Adobe Information Exposure vulnerability in Adobe Framemaker Publishing Server 2020/2022

Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Information Exposure vulnerability (CWE-200) that could lead to privilege escalation.

9.8
2024-06-13 CVE-2024-34102 Adobe XXE vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution.

9.8
2024-06-13 CVE-2024-34107 Adobe Improper Access Control vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.

9.8
2024-06-13 CVE-2024-4371 Codexpert Deserialization of Untrusted Data vulnerability in Codexpert Codesigner

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie.

9.8
2024-06-13 CVE-2024-26029 Adobe Improper Access Control vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.

9.8
2024-06-13 CVE-2024-3552 Salephpscripts SQL Injection vulnerability in Salephpscripts web Directory Free

The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.

9.8
2024-06-13 CVE-2024-3922 Dokan SQL Injection vulnerability in Dokan PRO Plugin

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

9.8
2024-06-12 CVE-2024-4898 The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38.
9.8
2024-06-11 CVE-2024-30080 Microsoft Use After Free vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

9.8
2024-06-10 CVE-2024-36412 Salesagility SQL Injection vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source Customer Relationship Management (CRM) software application.

9.8
2024-06-10 CVE-2024-37014 Langflow Unspecified vulnerability in Langflow

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script.

9.8
2024-06-10 CVE-2024-35746 Buddypress Cover Project Unrestricted Upload of File with Dangerous Type vulnerability in Buddypress Cover Project Buddypress Cover 2.1.4.2

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2.

9.8
2024-06-10 CVE-2024-5597 Fujielectric Type Confusion vulnerability in Fujielectric Monitouch V-Sft 5.4.42.0/6.1.6.0

Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution.

9.8
2024-06-10 CVE-2024-35677 Stylemixthemes Path Traversal vulnerability in Stylemixthemes Mega Menu 2.3.12

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through 2.3.12.

9.8
2024-06-10 CVE-2024-1228 Eurosoft Use of Hard-coded Credentials vulnerability in Eurosoft Przychodnia

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database.

9.8
2024-06-10 CVE-2024-3699 Dreryk Use of Hard-coded Credentials vulnerability in Dreryk Gabinet 7.0.0.0

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database.

9.8
2024-06-10 CVE-2024-3700 Estomed Use of Hard-coded Credentials vulnerability in Estomed Simple Care

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database.

9.8
2024-06-10 CVE-2024-35735 Codepeople Missing Authorization vulnerability in Codepeople WP Time Slots Booking Form

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11.

9.8
2024-06-14 CVE-2024-2472 The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9.
9.1
2024-06-10 CVE-2024-32167 Oretnom23 Unspecified vulnerability in Oretnom23 Online Medicine Ordering System 1.0

Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files.

9.1
2024-06-10 CVE-2024-31611 Seacms Unspecified vulnerability in Seacms 12.9

SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.

9.1
2024-06-10 CVE-2024-35658 Themehigh Path Traversal vulnerability in Themehigh Checkout Field Editor for Woocommerce

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through 3.6.2.

9.1
2024-06-10 CVE-2024-36417 Salesagility Cross-site Scripting vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source Customer Relationship Management (CRM) software application.

9.0

153 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-06-15 CVE-2024-6008 Isourcecode SQL Injection vulnerability in Isourcecode Online Book Store Project in PHP With Source Code 1.0

A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0.

8.8
2024-06-15 CVE-2024-3813 The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute.
8.8
2024-06-14 CVE-2024-2024 The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2.
8.8
2024-06-14 CVE-2024-5996 The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session.
8.8
2024-06-14 CVE-2024-5995 The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session.
8.8
2024-06-13 CVE-2024-34111 Adobe Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution.

8.8
2024-06-12 CVE-2023-51524 Weformspro Missing Authorization vulnerability in Weformspro Weforms

Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18.

8.8
2024-06-12 CVE-2024-4845 The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
8.8
2024-06-11 CVE-2024-5830 Google
Fedoraproject
Type Confusion vulnerability in multiple products

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

8.8
2024-06-11 CVE-2024-5831 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-06-11 CVE-2024-5832 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-06-11 CVE-2024-5833 Google
Fedoraproject
Type Confusion vulnerability in multiple products

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8
2024-06-11 CVE-2024-5834 Google
Fedoraproject
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
8.8
2024-06-11 CVE-2024-5835 Google
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-06-11 CVE-2024-5836 Google
Fedoraproject
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
8.8
2024-06-11 CVE-2024-5837 Google
Fedoraproject
Type Confusion vulnerability in multiple products

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8
2024-06-11 CVE-2024-5838 Google
Fedoraproject
Type Confusion vulnerability in multiple products

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

8.8
2024-06-11 CVE-2024-5841 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-06-11 CVE-2024-5842 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page.

8.8
2024-06-11 CVE-2024-5844 Google
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8
2024-06-11 CVE-2024-5845 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8
2024-06-11 CVE-2024-5846 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8
2024-06-11 CVE-2024-5847 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8
2024-06-11 CVE-2024-35249 Microsoft Deserialization of Untrusted Data vulnerability in Microsoft Dynamics 365 Business Central 2023/2024

Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability

8.8
2024-06-11 CVE-2024-30064 Microsoft Unspecified vulnerability in Microsoft Windows Server 2022

Windows Kernel Elevation of Privilege Vulnerability

8.8
2024-06-11 CVE-2024-30068 Microsoft Out-of-bounds Read vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

8.8
2024-06-11 CVE-2024-30078 Microsoft Unspecified vulnerability in Microsoft products

Windows Wi-Fi Driver Remote Code Execution Vulnerability

8.8
2024-06-11 CVE-2024-30097 Microsoft Double Free vulnerability in Microsoft products

Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

8.8
2024-06-11 CVE-2024-30103 Microsoft Unspecified vulnerability in Microsoft 365 Apps, Office and Outlook

Microsoft Outlook Remote Code Execution Vulnerability

8.8
2024-06-10 CVE-2024-27808 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

8.8
2024-06-10 CVE-2024-27820 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

8.8
2024-06-10 CVE-2024-27833 Apple Integer Overflow or Wraparound vulnerability in Apple products

An integer overflow was addressed with improved input validation.

8.8
2024-06-10 CVE-2024-27851 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

The issue was addressed with improved bounds checks.

8.8
2024-06-10 CVE-2024-27855 Apple Unspecified vulnerability in Apple Iphone OS and Macos

The issue was addressed with improved checks.

8.8
2024-06-10 CVE-2024-36411 Salesagility SQL Injection vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source Customer Relationship Management (CRM) software application.

8.8
2024-06-10 CVE-2024-36415 Salesagility Unrestricted Upload of File with Dangerous Type vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source Customer Relationship Management (CRM) software application.

8.8
2024-06-10 CVE-2024-36409 Salesagility SQL Injection vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source Customer Relationship Management (CRM) software application.

8.8
2024-06-10 CVE-2024-36410 Salesagility SQL Injection vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source Customer Relationship Management (CRM) software application.

8.8
2024-06-10 CVE-2024-36408 Salesagility SQL Injection vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source Customer Relationship Management (CRM) software application.

8.8
2024-06-10 CVE-2024-35721 Awplife Missing Authorization vulnerability in Awplife Image Gallery

Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5.

8.8
2024-06-10 CVE-2024-35722 Awplife Missing Authorization vulnerability in Awplife Slider Responsive Slideshow

Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through 1.4.0.

8.8
2024-06-10 CVE-2024-35723 Arwebdesign Missing Authorization vulnerability in Arwebdesign Dashboard To-Do List

Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through 1.2.0.

8.8
2024-06-10 CVE-2024-35724 Bosathemes Missing Authorization vulnerability in Bosathemes Bosa Elementor Addons and Templates for Woocommerce

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through 1.0.12.

8.8
2024-06-10 CVE-2024-35725 LA Studioweb Missing Authorization vulnerability in La-Studioweb Element KIT for Elementor

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.6.

8.8
2024-06-10 CVE-2024-35726 Themekraft Missing Authorization vulnerability in Themekraft Buddypress Woocommerce MY Account Integration. Create Woocommerce Member Pages

Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.19.

8.8
2024-06-10 CVE-2024-35727 Actpro Missing Authorization vulnerability in Actpro Extra Product Options for Woocommerce

Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6.

8.8
2024-06-10 CVE-2024-35729 Tickera Missing Authorization vulnerability in Tickera

Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through 3.5.2.6.

8.8
2024-06-10 CVE-2024-35741 Getawesomesupport Missing Authorization vulnerability in Getawesomesupport Awesome Support

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7.

8.8
2024-06-10 CVE-2024-23299 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved checks.

8.6
2024-06-14 CVE-2024-4404 The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function.
8.5
2024-06-13 CVE-2024-34104 Adobe Improper Authorization vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.

8.2
2024-06-15 CVE-2023-6696 The Popup Builder – Create highly converting, mobile friendly marketing popups.
8.1
2024-06-14 CVE-2024-37882 Nextcloud Improper Preservation of Permissions vulnerability in Nextcloud Server

Nextcloud Server is a self hosted personal cloud system.

8.1
2024-06-13 CVE-2024-34103 Adobe Improper Authentication vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation.

8.1
2024-06-12 CVE-2024-5543 The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
8.1
2024-06-11 CVE-2024-37325 Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability
8.1
2024-06-11 CVE-2023-7264 The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21.
8.1
2024-06-10 CVE-2024-4328 Parisneo Cross-Site Request Forgery (CSRF) vulnerability in Parisneo Lollms web UI 9.6

A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6.

8.1
2024-06-11 CVE-2024-30074 Microsoft Unspecified vulnerability in Microsoft Windows Server 2008 R2

Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability

8.0
2024-06-11 CVE-2024-30075 Microsoft Unspecified vulnerability in Microsoft Windows Server 2008 R2

Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability

8.0
2024-06-11 CVE-2024-30077 Microsoft Unspecified vulnerability in Microsoft products

Windows OLE Remote Code Execution Vulnerability

8.0
2024-06-13 CVE-2024-29784 Google Integer Overflow or Wraparound vulnerability in Google Android

In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow.

7.8
2024-06-13 CVE-2024-29787 Google Use After Free vulnerability in Google Android

In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free.

7.8
2024-06-13 CVE-2024-32892 Google Type Confusion vulnerability in Google Android

In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion.

7.8
2024-06-13 CVE-2024-32895 Google Out-of-bounds Write vulnerability in Google Android

In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check.

7.8
2024-06-13 CVE-2024-32896 Google Unspecified vulnerability in Google Android

there is a possible way to bypass due to a logic error in the code.

7.8
2024-06-13 CVE-2024-32900 Google Improper Locking vulnerability in Google Android

In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking.

7.8
2024-06-13 CVE-2024-32901 Google Out-of-bounds Write vulnerability in Google Android

In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check.

7.8
2024-06-13 CVE-2024-32903 Google Out-of-bounds Write vulnerability in Google Android

In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation.

7.8
2024-06-13 CVE-2024-32906 Google Use of Uninitialized Resource vulnerability in Google Android

In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data.

7.8
2024-06-13 CVE-2024-32907 Google Classic Buffer Overflow vulnerability in Google Android

In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation.

7.8
2024-06-13 CVE-2024-32908 Google Race Condition vulnerability in Google Android

In sec_media_protect of media.c, there is a possible permission bypass due to a race condition.

7.8
2024-06-13 CVE-2024-32909 Google Out-of-bounds Write vulnerability in Google Android

In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow.

7.8
2024-06-13 CVE-2024-31956 Samsung Out-of-bounds Write vulnerability in Samsung products

An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400.

7.8
2024-06-13 CVE-2024-32504 Samsung Out-of-bounds Write vulnerability in Samsung products

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930.

7.8
2024-06-13 CVE-2024-20753 Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
7.8
2024-06-13 CVE-2024-34115 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Stager 2.0.1/2.1.3

Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-06-12 CVE-2024-0865 Schneider Electric Use of Hard-coded Credentials vulnerability in Schneider-Electric Ecostruxure IT Gateway

CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user.

7.8
2024-06-11 CVE-2024-30104 Microsoft Link Following vulnerability in Microsoft 365 Apps and Office

Microsoft Office Remote Code Execution Vulnerability

7.8
2024-06-11 CVE-2024-35250 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

7.8
2024-06-11 CVE-2024-30062 Microsoft Unspecified vulnerability in Microsoft products

Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability

7.8
2024-06-11 CVE-2024-30072 Microsoft Unspecified vulnerability in Microsoft Windows 11 22H2

Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability

7.8
2024-06-11 CVE-2024-30082 Microsoft Unspecified vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability

7.8
2024-06-11 CVE-2024-30085 Microsoft Unspecified vulnerability in Microsoft products

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

7.8
2024-06-11 CVE-2024-30086 Microsoft Unspecified vulnerability in Microsoft products

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

7.8
2024-06-11 CVE-2024-30087 Microsoft Unspecified vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability

7.8
2024-06-11 CVE-2024-30089 Microsoft Use After Free vulnerability in Microsoft products

Microsoft Streaming Service Elevation of Privilege Vulnerability

7.8
2024-06-11 CVE-2024-30091 Microsoft Unspecified vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability

7.8
2024-06-11 CVE-2024-30094 Microsoft Unspecified vulnerability in Microsoft products

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

7.8
2024-06-11 CVE-2024-30095 Microsoft Out-of-bounds Write vulnerability in Microsoft products

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

7.8
2024-06-11 CVE-2024-30100 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.8
2024-06-10 CVE-2024-27801 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.

7.8
2024-06-10 CVE-2024-27802 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

7.8
2024-06-10 CVE-2024-27811 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.

7.8
2024-06-10 CVE-2024-27815 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved input validation.

7.8
2024-06-10 CVE-2024-27817 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.

7.8
2024-06-10 CVE-2024-27828 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

7.8
2024-06-10 CVE-2024-27831 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved input validation.

7.8
2024-06-10 CVE-2024-27832 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.

7.8
2024-06-10 CVE-2024-27836 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.

7.8
2024-06-10 CVE-2024-27848 Apple Incorrect Authorization vulnerability in Apple Ipados and Macos

This issue was addressed with improved permissions checking.

7.8
2024-06-10 CVE-2024-27857 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An out-of-bounds access issue was addressed with improved bounds checking.

7.8
2024-06-10 CVE-2022-32897 Apple Out-of-bounds Write vulnerability in Apple Macos

A memory corruption issue was addressed with improved validation.

7.8
2024-06-10 CVE-2022-48683 Apple Unspecified vulnerability in Apple Macos

An access issue was addressed with additional sandbox restrictions.

7.8
2024-06-10 CVE-2024-36971 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets.

7.8
2024-06-14 CVE-2024-5551 The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0.
7.5
2024-06-13 CVE-2024-29781 Google Out-of-bounds Read vulnerability in Google Android

In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation.

7.5
2024-06-13 CVE-2024-32894 Google Out-of-bounds Read vulnerability in Google Android

In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check.

7.5
2024-06-13 CVE-2024-32902 Google Unspecified vulnerability in Google Android

Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet)

7.5
2024-06-13 CVE-2024-4696 A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited.
7.5
2024-06-13 CVE-2024-35328 Pyyaml Infinite Loop vulnerability in Pyyaml Libyaml 0.2.5

libyaml v0.2.5 is vulnerable to DDOS.

7.5
2024-06-13 CVE-2024-34112 ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read.
7.5
2024-06-13 CVE-2024-34129 Adobe Path Traversal vulnerability in Adobe Acrobat Reader 20.6.0/20.6.2/20.9.0

Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass.

7.5
2024-06-13 CVE-2024-2098 The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89.
7.5
2024-06-11 CVE-2024-35252 Microsoft Unspecified vulnerability in Microsoft Azure Storage Data Movement Library

Azure Storage Movement Client Library Denial of Service Vulnerability

7.5
2024-06-11 CVE-2024-30070 Microsoft Unspecified vulnerability in Microsoft products

DHCP Server Service Denial of Service Vulnerability

7.5
2024-06-11 CVE-2024-30083 Microsoft Unspecified vulnerability in Microsoft products

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

7.5
2024-06-11 CVE-2024-30101 Microsoft Use After Free vulnerability in Microsoft 365 Apps and Office

Microsoft Office Remote Code Execution Vulnerability

7.5
2024-06-10 CVE-2024-22279 Cloudfoundry HTTP Request Smuggling vulnerability in Cloudfoundry Cf-Deployment and Routing Release

Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale.

7.5
2024-06-10 CVE-2024-36416 Salesagility Unspecified vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source Customer Relationship Management (CRM) software application.

7.5
2024-06-10 CVE-2024-37393 Securenvoy Cleartext Transmission of Sensitive Information vulnerability in Securenvoy Multi-Factor Authentication Solutions

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input.

7.5
2024-06-10 CVE-2024-35745 Strategery Migrations Project Path Traversal vulnerability in Strategery-Migrations Project Strategery-Migrations

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through 1.0.

7.5
2024-06-10 CVE-2024-37051 Jetbrains Insufficiently Protected Credentials vulnerability in Jetbrains products

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4

7.5
2024-06-10 CVE-2024-28833 Tribe29 Improper Restriction of Excessive Authentication Attempts vulnerability in Tribe29 Checkmk 2.3.0

Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms.

7.5
2024-06-10 CVE-2024-37880 PQ Crystals Information Exposure Through Discrepancy vulnerability in Pq-Crystals Kyber

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes.

7.5
2024-06-15 CVE-2024-2544 The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions.
7.4
2024-06-14 CVE-2024-1094 The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21.
7.3
2024-06-12 CVE-2023-51537 Awesomesupport Missing Authorization vulnerability in Awesomesupport Awesome Support Wordpress Helpdesk & Support

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.5.

7.3
2024-06-11 CVE-2024-35248 Microsoft Improper Authentication vulnerability in Microsoft Dynamics 365 Business Central 2023/2024

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

7.3
2024-06-11 CVE-2024-30093 Microsoft Link Following vulnerability in Microsoft products

Windows Storage Elevation of Privilege Vulnerability

7.3
2024-06-11 CVE-2024-30102 Microsoft Use After Free vulnerability in Microsoft 365 Apps

Microsoft Office Remote Code Execution Vulnerability

7.3
2024-06-10 CVE-2024-35742 Codeparrots Missing Authorization vulnerability in Codeparrots Easy Forms for Mailchimp 6.9.0

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0.

7.3
2024-06-10 CVE-2024-4744 Ipages Flipbook Project Missing Authorization vulnerability in Ipages Flipbook Project Ipages Flipbook

Missing Authorization vulnerability in Avirtum iPages Flipbook.This issue affects iPages Flipbook: from n/a through 1.5.1.

7.3
2024-06-14 CVE-2024-31162 The specific function parameter of ASUS Download Master does not properly filter user input.
7.2
2024-06-14 CVE-2024-31163 ASUS Download Master has a buffer overflow vulnerability.
7.2
2024-06-14 CVE-2024-31161 The upload functionality of ASUS Download Master does not properly filter user input.
7.2
2024-06-13 CVE-2024-34108 Adobe Improper Input Validation vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.

7.2
2024-06-13 CVE-2024-34109 Adobe Improper Input Validation vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.

7.2
2024-06-13 CVE-2024-34110 Adobe Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution.

7.2
2024-06-13 CVE-2024-4145 WP Media SQL Injection vulnerability in Wp-Media Search & Replace

The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network).

7.2
2024-06-10 CVE-2024-35650 Melapress Inclusion of Functionality from Untrusted Control Sphere vulnerability in Melapress Login Security

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through 1.3.0.

7.2
2024-06-15 CVE-2024-6000 The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions up to, and including, 1.19.20.
7.1
2024-06-13 CVE-2024-34116 Adobe Uncontrolled Search Path Element vulnerability in Adobe Creative Cloud Desktop Application

Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass.

7.1
2024-06-11 CVE-2024-35254 Microsoft Link Following vulnerability in Microsoft Azure Monitor Agent

Azure Monitor Agent Elevation of Privilege Vulnerability

7.1
2024-06-10 CVE-2022-48578 Apple Out-of-bounds Read vulnerability in Apple Macos

An out-of-bounds read was addressed with improved bounds checking.

7.1
2024-06-13 CVE-2024-32891 Google Race Condition vulnerability in Google Android

In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition.

7.0
2024-06-13 CVE-2024-32899 Google Race Condition vulnerability in Google Android

In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition.

7.0
2024-06-11 CVE-2024-35265 Microsoft Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products

Windows Perception Service Elevation of Privilege Vulnerability

7.0
2024-06-11 CVE-2024-30084 Microsoft Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

7.0
2024-06-11 CVE-2024-30088 Microsoft Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.0
2024-06-11 CVE-2024-30090 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Microsoft Streaming Service Elevation of Privilege Vulnerability

7.0
2024-06-11 CVE-2024-30099 Microsoft Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.0
2024-06-10 CVE-2024-5102 Avast Link Following vulnerability in Avast Antivirus

A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM.

7.0

277 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-06-11 CVE-2024-30076 Microsoft Unspecified vulnerability in Microsoft products

Windows Container Manager Service Elevation of Privilege Vulnerability

6.8
2024-06-11 CVE-2024-29060 Microsoft Unspecified vulnerability in Microsoft Visual Studio 2017 and Visual Studio 2022

Visual Studio Elevation of Privilege Vulnerability

6.7
2024-06-11 CVE-2024-30063 Microsoft Unspecified vulnerability in Microsoft products

Windows Distributed File System (DFS) Remote Code Execution Vulnerability

6.7
2024-06-15 CVE-2024-5868 The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code.
6.5
2024-06-12 CVE-2024-1495 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2.

6.5
2024-06-12 CVE-2024-1736 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2.

6.5
2024-06-12 CVE-2024-1963 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2.

6.5
2024-06-12 CVE-2024-5674 The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5.
6.5
2024-06-11 CVE-2024-5839 Google
Fedoraproject
Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.5
2024-06-11 CVE-2024-5840 Google
Fedoraproject
Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page.
6.5
2024-06-11 CVE-2024-5843 Google
Fedoraproject
Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file.
6.5
2024-06-10 CVE-2024-27800 Apple Unspecified vulnerability in Apple products

This issue was addressed by removing the vulnerable code.

6.5
2024-06-10 CVE-2024-27812 Apple Unspecified vulnerability in Apple Visionos 1.0.2/1.1

The issue was addressed with improvements to the file handling protocol.

6.5
2024-06-10 CVE-2024-27830 Apple Unspecified vulnerability in Apple products

This issue was addressed through improved state management.

6.5
2024-06-10 CVE-2024-27838 Apple Unspecified vulnerability in Apple products

The issue was addressed by adding additional logic.

6.5
2024-06-10 CVE-2024-27850 Apple Unspecified vulnerability in Apple products

This issue was addressed with improvements to the noise injection algorithm.

6.5
2024-06-10 CVE-2024-36414 Salesagility Server-Side Request Forgery (SSRF) vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source Customer Relationship Management (CRM) software application.

6.5
2024-06-10 CVE-2024-31612 Emlog Cross-Site Request Forgery (CSRF) vulnerability in Emlog 2.3.0

Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information.

6.5
2024-06-10 CVE-2024-35743 SC Filechecker Project Path Traversal vulnerability in SC Filechecker Project SC Filechecker 0.6

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through 0.6.

6.5
2024-06-10 CVE-2024-35744 Upunzipper Project Path Traversal vulnerability in Upunzipper Project Upunzipper 1.0.0

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through 1.0.0.

6.5
2024-06-10 CVE-2024-35754 Ovic Importer Project Path Traversal vulnerability in Ovic Importer Project Ovic Importer 1.6.3

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ovic Team Ovic Importer allows Path Traversal.This issue affects Ovic Importer: from n/a through 1.6.3.

6.5
2024-06-10 CVE-2024-36407 Salesagility Weak Password Recovery Mechanism for Forgotten Password vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source Customer Relationship Management (CRM) software application.

6.5
2024-06-15 CVE-2024-5611 The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping.
6.4
2024-06-15 CVE-2024-2695 The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'.
6.4
2024-06-15 CVE-2024-4095 The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-06-15 CVE-2024-4479 The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping.
6.4
2024-06-15 CVE-2024-5263 The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-06-14 CVE-2024-5994 The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38.
6.4
2024-06-14 CVE-2024-2122 The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping.
6.4
2024-06-12 CVE-2024-3492 The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-06-12 CVE-2024-5266 The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-06-12 CVE-2024-3925 The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-06-12 CVE-2024-5892 The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping.
6.4
2024-06-12 CVE-2024-3559 The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping.
6.4
2024-06-12 CVE-2024-4564 The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-06-11 CVE-2024-4669 The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-06-11 CVE-2024-5646 The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping.
6.4
2024-06-11 CVE-2024-5189 The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output escaping.
6.4
2024-06-11 CVE-2024-5584 The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping.
6.4
2024-06-11 CVE-2024-5531 The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-06-11 CVE-2024-5530 The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-06-11 CVE-2023-6745 The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta.
6.4
2024-06-11 CVE-2024-0627 The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields.
6.4
2024-06-11 CVE-2024-5090 The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-06-12 CVE-2024-5759 Tenable Improper Privilege Management vulnerability in Tenable Security Center

An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges

6.3
2024-06-12 CVE-2023-51680 Technovama Missing Authorization vulnerability in Technovama Quotes for Woocommerce

Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through 2.0.1.

6.3
2024-06-12 CVE-2023-52117 Profilegrid Missing Authorization vulnerability in Profilegrid Metagauss

Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6.

6.3
2024-06-12 CVE-2023-52177 Softlab Missing Authorization vulnerability in Softlab Integrate Google Drive

Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3.

6.3
2024-06-10 CVE-2024-27840 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

6.3
2024-06-10 CVE-2024-27885 Apple Link Following vulnerability in Apple Macos

This issue was addressed with improved validation of symlinks.

6.3
2024-06-10 CVE-2024-4745 Seedprod Missing Authorization vulnerability in Seedprod Rafflepress

Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.4.

6.3
2024-06-10 CVE-2024-4746 Netgsm Missing Authorization vulnerability in Netgsm 2.9.16

Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.16.

6.3
2024-06-13 CVE-2023-35859 Moderncampus Cross-site Scripting vulnerability in Moderncampus Omni CMS 2023.1

A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters.

6.1
2024-06-13 CVE-2024-36395 Verint Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Verint Workforce Optimization 15.2.918.262

Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

6.1
2024-06-13 CVE-2024-0979 Plugin Planet Cross-site Scripting vulnerability in Plugin-Planet Dashboard Widgets Suite

The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping.

6.1
2024-06-13 CVE-2024-36216 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

6.1
2024-06-13 CVE-2024-3032 Themify Open Redirect vulnerability in Themify Builder

Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue

6.1
2024-06-12 CVE-2024-37629 Summernote Cross-site Scripting vulnerability in Summernote 0.8.18

SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View Function.

6.1
2024-06-13 CVE-2024-5661 Citrix Unspecified vulnerability in Citrix Hypervisor and Xenserver

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.

6.0
2024-06-13 CVE-2024-32897 Google Out-of-bounds Read vulnerability in Google Android

In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check.

5.9
2024-06-11 CVE-2024-35263 Microsoft Unspecified vulnerability in Microsoft Dynamics 365 9.1

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

5.7
2024-06-15 CVE-2024-3814 The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes.
5.5
2024-06-15 CVE-2024-3815 The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes.
5.5
2024-06-14 CVE-2024-36499 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5
2024-06-14 CVE-2024-36500 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5
2024-06-14 CVE-2024-36501 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity.

5.5
2024-06-14 CVE-2024-36502 Huawei Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos

Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability.

5.5
2024-06-14 CVE-2024-36503 Huawei Use of Uninitialized Resource vulnerability in Huawei Emui and Harmonyos

Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability.

5.5
2024-06-14 CVE-2024-5465 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability.

5.5
2024-06-13 CVE-2024-29780 Google Use of Uninitialized Resource vulnerability in Google Android

In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data.

5.5
2024-06-13 CVE-2024-29785 Google Use of Uninitialized Resource vulnerability in Google Android

In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data.

5.5
2024-06-13 CVE-2024-32893 Google Incorrect Type Conversion or Cast vulnerability in Google Android

In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting.

5.5
2024-06-13 CVE-2024-32910 Google Use of Uninitialized Resource vulnerability in Google Android

In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data.

5.5
2024-06-13 CVE-2024-32912 Google Unspecified vulnerability in Google Android

there is a possible persistent Denial of Service due to test/debugging code left in a production build.

5.5
2024-06-13 CVE-2024-34113 Adobe Inadequate Encryption Strength vulnerability in Adobe Coldfusion 2021/2023

ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass.

5.5
2024-06-13 CVE-2024-34130 Adobe Incorrect Authorization vulnerability in Adobe Acrobat Reader 20.6.0/20.6.2/20.9.0

Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass.

5.5
2024-06-13 CVE-2024-30278 Adobe Out-of-bounds Read vulnerability in Adobe Media Encoder

Media Encoder versions 23.6.5, 24.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-06-13 CVE-2024-30276 Adobe Out-of-bounds Read vulnerability in Adobe Audition

Audition versions 24.2, 23.6.4 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-06-13 CVE-2024-30285 Adobe NULL Pointer Dereference vulnerability in Adobe Audition

Audition versions 24.2, 23.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service condition.

5.5
2024-06-11 CVE-2024-35255 Microsoft Race Condition vulnerability in Microsoft Authentication Library and Azure Identity SDK

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

5.5
2024-06-11 CVE-2024-30065 Microsoft Unspecified vulnerability in Microsoft products

Windows Themes Denial of Service Vulnerability

5.5
2024-06-11 CVE-2024-30066 Microsoft Unspecified vulnerability in Microsoft products

Winlogon Elevation of Privilege Vulnerability

5.5
2024-06-11 CVE-2024-30067 Microsoft Unspecified vulnerability in Microsoft products

Winlogon Elevation of Privilege Vulnerability

5.5
2024-06-11 CVE-2024-30096 Microsoft Unspecified vulnerability in Microsoft products

Windows Cryptographic Services Information Disclosure Vulnerability

5.5
2024-06-10 CVE-2024-23282 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.

5.5
2024-06-10 CVE-2024-27805 Apple Unspecified vulnerability in Apple products

An issue was addressed with improved validation of environment variables.

5.5
2024-06-10 CVE-2024-27806 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved environment sanitization.

5.5
2024-06-10 CVE-2024-27844 Apple Unspecified vulnerability in Apple Macos, Safari and Visionos

The issue was addressed with improved checks.

5.5
2024-06-10 CVE-2023-40389 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved restriction of data container access.

5.5
2024-06-10 CVE-2024-27792 Apple Unspecified vulnerability in Apple Macos

This issue was addressed by adding an additional prompt for user consent.

5.5
2024-06-13 CVE-2024-30057 Microsoft Edge for iOS Spoofing Vulnerability
5.4
2024-06-13 CVE-2024-30058 Microsoft Edge (Chromium-based) Spoofing Vulnerability
5.4
2024-06-13 CVE-2024-1565 Wpdeveloper Cross-site Scripting vulnerability in Wpdeveloper Embedpress

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-06-13 CVE-2024-4176 Trellix Cross-site Scripting vulnerability in Trellix Xconsole

An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables.

5.4
2024-06-13 CVE-2024-34119 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-34120 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36141 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36142 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36143 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36144 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36146 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36147 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36148 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36149 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36150 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36151 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36152 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36153 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36154 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36155 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36156 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36157 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36158 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36159 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36160 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36161 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36162 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36163 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36164 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36165 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36166 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36167 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36168 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36169 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36170 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36171 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36172 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36173 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36174 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36175 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36176 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36177 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36178 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36179 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36180 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36181 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36182 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36183 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36184 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36185 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36186 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36187 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36188 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36189 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36190 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36191 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36192 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36193 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36194 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36195 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36196 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36197 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36198 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36199 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36200 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36201 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36202 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36203 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36204 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36205 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36206 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36207 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36208 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36209 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36210 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36211 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36212 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36213 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36214 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36215 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36217 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36218 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36219 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36220 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36221 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36222 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36224 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36225 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36227 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36228 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36229 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36230 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36231 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36232 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-36233 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36234 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36235 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36236 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36238 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-36239 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-4615 Elespare Cross-site Scripting vulnerability in Elespare

The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder.

5.4
2024-06-13 CVE-2024-20769 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-20784 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26036 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26037 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26039 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26053 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26054 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26055 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26057 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26058 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26060 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26066 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26068 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26070 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26071 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26072 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26074 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26075 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26077 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26078 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26081 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26082 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26083 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26085 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26086 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26088 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26089 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26090 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26091 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26092 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26093 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26095 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26110 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26111 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26113 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26114 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26115 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26116 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26117 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2024-06-13 CVE-2024-26121 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-26123 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

5.4
2024-06-13 CVE-2024-5265 Wpbakery Page Builder Clipboard Project Cross-site Scripting vulnerability in Wpbakery Page Builder Clipboard Project Wpbakery Page Builder Clipboard

The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vc_single_image shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-06-13 CVE-2024-5757 Brainstormforce Cross-site Scripting vulnerability in Brainstormforce Elementor - Header, Footer & Blocks Template

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping.

5.4
2024-06-13 CVE-2024-5787 Ideabox Cross-site Scripting vulnerability in Ideabox Powerpack Addons for Elementor

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and output escaping.

5.4
2024-06-12 CVE-2024-2092 The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes.
5.4
2024-06-12 CVE-2023-51671 Funnelkit Missing Authorization vulnerability in Funnelkit Checkout

Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.

5.4
2024-06-12 CVE-2023-51679 Bulkgate Missing Authorization vulnerability in Bulkgate SMS Plugin for Woocommerce

Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin for WooCommerce.This issue affects BulkGate SMS Plugin for WooCommerce: from n/a through 3.0.2.

5.4
2024-06-10 CVE-2024-36413 Salesagility Cross-site Scripting vulnerability in Salesagility Suitecrm

SuiteCRM is an open-source Customer Relationship Management (CRM) software application.

5.4
2024-06-10 CVE-2024-3850 Uniview Cross-site Scripting vulnerability in Uniview Nvr301-04S2-P4 Firmware

Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS).

5.4
2024-06-13 CVE-2024-34106 Adobe Incorrect Authorization vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.

5.3
2024-06-13 CVE-2024-4576 Tibco Path Traversal vulnerability in Tibco EBX

The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information.

5.3
2024-06-11 CVE-2024-4266 The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function.
5.3
2024-06-11 CVE-2024-3723 The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory.
5.3
2024-06-11 CVE-2024-4319 The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2.
5.3
2024-06-11 CVE-2024-2473 The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2.
5.3
2024-06-10 CVE-2022-32933 Apple Unspecified vulnerability in Apple Macos

An information disclosure issue was addressed by removing the vulnerable code.

5.3
2024-06-10 CVE-2024-35728 Themeisle Injection vulnerability in Themeisle Product Addons & Fields for Woocommerce

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20.

5.3
2024-06-10 CVE-2024-35747 Contact Form Builder Project Improper Restriction of Excessive Authentication Attempts vulnerability in Contact Form Builder Project Contact Form Builder

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7.

5.3
2024-06-10 CVE-2024-35749 Acurax Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode 2.6

Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through 2.6.

5.3
2024-06-10 CVE-2024-35680 Yithemes Injection vulnerability in Yithemes Yith Woocommerce Product Add-Ons

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.9.2.

5.3
2024-06-10 CVE-2024-35712 Meowapps Path Traversal vulnerability in Meowapps Database Cleaner

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5.

4.9
2024-06-14 CVE-2024-31159 The parameter used in the certain page of ASUS Download Master is not properly filtered for user input.
4.8
2024-06-14 CVE-2024-31160 The parameter used in the certain page of ASUS Download Master is not properly filtered for user input.
4.8
2024-06-13 CVE-2024-34105 Adobe Cross-site Scripting vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields.

4.8
2024-06-13 CVE-2024-26049 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a privileged attacker to inject malicious scripts into vulnerable form fields.

4.8
2024-06-13 CVE-2024-4149 Premio Cross-site Scripting vulnerability in Premio Floating Chat Widget

The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2024-06-13 CVE-2024-29778 Google Out-of-bounds Read vulnerability in Google Android

In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check.

4.7
2024-06-13 CVE-2024-32898 Google Out-of-bounds Read vulnerability in Google Android

In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check.

4.7
2024-06-13 CVE-2024-32904 Google Out-of-bounds Read vulnerability in Google Android

In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check.

4.7
2024-06-11 CVE-2024-30052 Microsoft Unspecified vulnerability in Microsoft Visual Studio 2019 and Visual Studio 2022

Visual Studio Remote Code Execution Vulnerability

4.7
2024-06-11 CVE-2024-30069 Microsoft Out-of-bounds Read vulnerability in Microsoft products

Windows Remote Access Connection Manager Information Disclosure Vulnerability

4.7
2024-06-10 CVE-2024-23251 Apple Unspecified vulnerability in Apple products

An authentication issue was addressed with improved state management.

4.6
2024-06-12 CVE-2024-4201 Gitlab Cross-site Scripting vulnerability in Gitlab

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2.

4.4
2024-06-12 CVE-2024-1766 The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping.
4.4
2024-06-12 CVE-2024-5553 The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping.
4.4
2024-06-11 CVE-2024-35253 Microsoft Link Following vulnerability in Microsoft Azure File Sync

Microsoft Azure File Sync Elevation of Privilege Vulnerability

4.4
2024-06-11 CVE-2024-0653 The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping.
4.4
2024-06-15 CVE-2024-5858 The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4.
4.3
2024-06-14 CVE-2024-2023 The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function.
4.3
2024-06-14 CVE-2023-51376 Brainstormforce Missing Authorization vulnerability in Brainstormforce Surefeedback

Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34.

4.3
2024-06-14 CVE-2023-6492 The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13.
4.3
2024-06-14 CVE-2024-0892 The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0.
4.3
2024-06-13 CVE-2024-38083 Microsoft Edge (Chromium-based) Spoofing Vulnerability
4.3
2024-06-12 CVE-2023-51670 Funnelkit Missing Authorization vulnerability in Funnelkit Checkout

Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.

4.3
2024-06-11 CVE-2023-6748 The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode.
4.3
2024-06-10 CVE-2024-27807 Apple Unspecified vulnerability in Apple Iphone OS

The issue was addressed with improved checks.

4.3

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-06-13 CVE-2024-26127 Adobe Improper Input Validation vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass.

3.5
2024-06-13 CVE-2024-36226 Adobe Improper Input Validation vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass.

3.5
2024-06-13 CVE-2024-26126 Adobe Improper Input Validation vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass.

3.5
2024-06-14 CVE-2024-5464 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

3.3
2024-06-10 CVE-2024-27799 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with additional entitlement checks.

3.3
2024-06-10 CVE-2024-27845 Apple Unspecified vulnerability in Apple Ipados

A privacy issue was addressed with improved handling of temporary files.

3.3
2024-06-13 CVE-2024-3073 WP Ecommerce Unspecified vulnerability in Wp-Ecommerce Easy WP Smtp

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0.

2.7
2024-06-10 CVE-2024-27814 Apple Unspecified vulnerability in Apple Watchos

This issue was addressed through improved state management.

2.4
2024-06-10 CVE-2024-27819 Apple Unspecified vulnerability in Apple Ipados

The issue was addressed by restricting options offered on a locked device.

2.4