Weekly Vulnerabilities Reports > September 9 to 15, 2024

Overview

573 new vulnerabilities reported during this period, including 60 critical vulnerabilities and 228 high severity vulnerabilities. This weekly summary report vulnerabilities in 388 products from 195 vendors including Microsoft, Linux, Adobe, Ivanti, and Gitlab. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "SQL Injection", "Out-of-bounds Read", and "NULL Pointer Dereference".

  • 390 reported vulnerabilities are remotely exploitables.
  • 189 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 245 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 77 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

60 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-09-10 CVE-2024-38194 Microsoft Unspecified vulnerability in Microsoft Azure web Apps

An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.

9.9
2024-09-15 CVE-2024-8868 Code Projects SQL Injection vulnerability in Code-Projects Crud Operation System 1.0

A vulnerability was found in code-projects Crud Operation System 1.0.

9.8
2024-09-14 CVE-2024-8862 H2O Deserialization of Untrusted Data vulnerability in H2O 3.46.0.4

A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4.

9.8
2024-09-13 CVE-2024-44430 Mayurik SQL Injection vulnerability in Mayurik Best Free LAW Office Management 1.0

SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface

9.8
2024-09-13 CVE-2024-8782 Heyewei Path Traversal vulnerability in Heyewei Jfinalcms

A vulnerability was found in JFinalCMS up to 1.0.

9.8
2024-09-13 CVE-2024-46044 Tenda Out-of-bounds Write vulnerability in Tenda Ch22 Firmware 1.0.0.6(468)

CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function.

9.8
2024-09-13 CVE-2024-46045 Tenda Out-of-bounds Write vulnerability in Tenda Ch22 Firmware 1.0.0.6(468)

Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function.

9.8
2024-09-13 CVE-2024-46046 Tenda Out-of-bounds Write vulnerability in Tenda Fh451 Firmware 1.0.0.9

Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function.

9.8
2024-09-13 CVE-2024-46048 Tenda Command Injection vulnerability in Tenda Fh451 Firmware 1.0.0.9

Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i

9.8
2024-09-13 CVE-2024-46049 Tenda Out-of-bounds Write vulnerability in Tenda O6 Firmware 1.0.0.7(2054)

Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function.

9.8
2024-09-13 CVE-2024-41874 Adobe Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2021/2023

ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user.

9.8
2024-09-13 CVE-2024-6656 Tnbmobil Use of Hard-coded Credentials vulnerability in Tnbmobil Cockpit

Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13.

9.8
2024-09-13 CVE-2024-8762 Code Projects SQL Injection vulnerability in Code-Projects Crud Operation System 1.0

A vulnerability was found in code-projects Crud Operation System 1.0.

9.8
2024-09-12 CVE-2024-7961 Rockwellautomation Path Traversal vulnerability in Rockwellautomation Pavilion8 5.20

A path traversal vulnerability exists in the Rockwell Automation affected product.

9.8
2024-09-12 CVE-2024-8695 Docker Unspecified vulnerability in Docker Desktop

A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.

9.8
2024-09-12 CVE-2024-8696 Docker Unspecified vulnerability in Docker Desktop

A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.

9.8
2024-09-12 CVE-2024-45823 Rockwellautomation Unspecified vulnerability in Rockwellautomation Factorytalk Batch View 2.01.00

CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product.

9.8
2024-09-12 CVE-2024-28990 Solarwinds Use of Hard-coded Credentials vulnerability in Solarwinds Access Rights Manager

SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability.

9.8
2024-09-12 CVE-2021-38132 Microfocus Server-Side Request Forgery (SSRF) vulnerability in Microfocus Edirectory

Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory.

9.8
2024-09-12 CVE-2024-29847 Ivanti Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager

Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

9.8
2024-09-11 CVE-2024-8692 Tduckcloud Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tduckcloud Tduckpro

A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3.

9.8
2024-09-11 CVE-2024-44466 Comfast Command Injection vulnerability in Comfast Cf-Xr11 Firmware 2.7.2

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4.

9.8
2024-09-11 CVE-2024-27112 Soplanning SQL Injection vulnerability in Soplanning

A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled.

9.8
2024-09-11 CVE-2024-27113 Soplanning Authorization Bypass Through User-Controlled Key vulnerability in Soplanning

An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled.

9.8
2024-09-11 CVE-2024-27114 Soplanning Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Soplanning

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool.

9.8
2024-09-11 CVE-2024-27115 Soplanning Unrestricted Upload of File with Dangerous Type vulnerability in Soplanning

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool.

9.8
2024-09-11 CVE-2024-45790 Reedos Improper Restriction of Excessive Authentication Attempts vulnerability in Reedos Aim-Star 2.0.1

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login.

9.8
2024-09-11 CVE-2024-6091 Agpt OS Command Injection vulnerability in Agpt Autogpt 0.5.1

A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings.

9.8
2024-09-11 CVE-2024-8277 Villatheme Missing Authentication for Critical Function vulnerability in Villatheme Woocommerce Photo Reviews

The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2.

9.8
2024-09-10 CVE-2024-8191 Ivanti SQL Injection vulnerability in Ivanti Endpoint Manager

SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

9.8
2024-09-10 CVE-2024-45409 Onelogin
Omniauth
Gitlab
Improper Verification of Cryptographic Signature vulnerability in multiple products

The Ruby SAML library is for implementing the client side of a SAML authorization.

9.8
2024-09-10 CVE-2024-21416 Microsoft Unspecified vulnerability in Microsoft products

Windows TCP/IP Remote Code Execution Vulnerability

9.8
2024-09-10 CVE-2024-37341 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SQL Server Elevation of Privilege Vulnerability

9.8
2024-09-10 CVE-2024-38225 Microsoft Unspecified vulnerability in Microsoft Dynamics 365 Business Central 2023/2024

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

9.8
2024-09-10 CVE-2024-38240 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

9.8
2024-09-10 CVE-2024-43455 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Licensing Service Spoofing Vulnerability

9.8
2024-09-10 CVE-2024-43491 Microsoft Unspecified vulnerability in Microsoft Windows 10 1507

Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015).

9.8
2024-09-10 CVE-2023-36103 Tenda Command Injection vulnerability in Tenda Ac15 Firmware 15.03.05.20

Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.

9.8
2024-09-10 CVE-2023-37234 Loftware Unspecified vulnerability in Loftware Spectrum

Loftware Spectrum through 4.6 has unprotected JMX Registry.

9.8
2024-09-10 CVE-2024-44677 Eladmin Server-Side Request Forgery (SSRF) vulnerability in Eladmin 2.7

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.

9.8
2024-09-10 CVE-2024-45595 MAN Unspecified vulnerability in MAN D-Tale

D-Tale is a visualizer for Pandas data structures.

9.8
2024-09-10 CVE-2024-39581 Dell Files or Directories Accessible to External Parties vulnerability in Dell Insightiq 5.0.1/5.1.0

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability.

9.8
2024-09-10 CVE-2024-39583 Dell Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Insightiq 5.0.1/5.1.0

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability.

9.8
2024-09-10 CVE-2024-6596 Endress Code Injection vulnerability in Endress products

An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.

9.8
2024-09-10 CVE-2024-6342 **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
9.8
2024-09-09 CVE-2024-44410 Dlink Command Injection vulnerability in Dlink Di-8300 Firmware 16.07.26A1

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.

9.8
2024-09-09 CVE-2024-8611 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0

A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0.

9.8
2024-09-09 CVE-2024-44902 Thinkphp Deserialization of Untrusted Data vulnerability in Thinkphp

A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

9.8
2024-09-09 CVE-2024-6795 Baxter SQL Injection vulnerability in Baxter Connex Health Portal

In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database.  An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content and/or perform administrative operations including shutting down the database.

9.8
2024-09-09 CVE-2024-7015 Profelis Improper Authorization vulnerability in Profelis Passbox

Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2.

9.8
2024-09-09 CVE-2024-8584 Learningdigital Unspecified vulnerability in Learningdigital Orca HCM

Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.

9.8
2024-09-09 CVE-2024-40643 Joplin Project Cross-site Scripting vulnerability in Joplin Project Joplin

Joplin is a free, open source note taking and to-do application.

9.6
2024-09-15 CVE-2024-8875 Wcms Path Traversal vulnerability in Wcms

A vulnerability classified as critical was found in vedees wcms up to 0.3.2.

9.1
2024-09-12 CVE-2024-7960 Rockwellautomation Unspecified vulnerability in Rockwellautomation Pavilion8 5.20

The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings.

9.1
2024-09-12 CVE-2024-2743 Gitlab Incorrect Authorization vulnerability in Gitlab

An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.

9.1
2024-09-12 CVE-2021-22533 Microfocus Information Exposure Through Log Files vulnerability in Microfocus Edirectory

Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000.

9.1
2024-09-10 CVE-2024-37995 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2).

9.1
2024-09-09 CVE-2024-6796 Baxter Unspecified vulnerability in Baxter Connex Health Portal

In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content.

9.1
2024-09-10 CVE-2024-38216 Microsoft Unspecified vulnerability in Microsoft Azure Stack HUB

Azure Stack Hub Elevation of Privilege Vulnerability

9.0
2024-09-10 CVE-2024-38220 Microsoft Unspecified vulnerability in Microsoft Azure Stack HUB

Azure Stack Hub Elevation of Privilege Vulnerability

9.0

228 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-09-15 CVE-2024-8864 Composio Code Injection vulnerability in Composio

A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical.

8.8
2024-09-14 CVE-2024-6482 Idehweb Unspecified vulnerability in Idehweb Login With Phone Number

The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49.

8.8
2024-09-14 CVE-2024-8246 Themekraft Unspecified vulnerability in Themekraft Buddyforms

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11.

8.8
2024-09-13 CVE-2024-8784 Qdocs SQL Injection vulnerability in Qdocs Smart School 7.0.0

A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0.

8.8
2024-09-13 CVE-2024-7423 XWP Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream

The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1.

8.8
2024-09-13 CVE-2024-8242 Inspireui Unrestricted Upload of File with Dangerous Type vulnerability in Inspireui Mstore API

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_user_profile() function in all versions up to, and including, 4.15.3.

8.8
2024-09-12 CVE-2024-8533 Rockwellautomation Incorrect Default Permissions vulnerability in Rockwellautomation products

A privilege escalation vulnerability exists in the Rockwell Automation affected products.

8.8
2024-09-12 CVE-2024-6678 Gitlab Authentication Bypass by Spoofing vulnerability in Gitlab

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances.

8.8
2024-09-12 CVE-2024-8641 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2.

8.8
2024-09-12 CVE-2024-8640 Gitlab Command Injection vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2.

8.8
2024-09-12 CVE-2024-45826 Rockwellautomation Externally Controlled Reference to a Resource in Another Sphere vulnerability in Rockwellautomation Thinmanager 13.1.0/13.2.0

CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request.

8.8
2024-09-12 CVE-2024-28991 Solarwinds Unspecified vulnerability in Solarwinds Access Rights Manager

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability.

8.8
2024-09-12 CVE-2024-45846 Mindsdb Code Injection vulnerability in Mindsdb

An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server.

8.8
2024-09-12 CVE-2024-45847 Mindsdb Code Injection vulnerability in Mindsdb

An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server.

8.8
2024-09-12 CVE-2024-45848 Mindsdb Code Injection vulnerability in Mindsdb 23.12.4.0/23.12.4.1

An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server.

8.8
2024-09-12 CVE-2024-45849 Mindsdb Code Injection vulnerability in Mindsdb

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server.

8.8
2024-09-12 CVE-2024-45850 Mindsdb Code Injection vulnerability in Mindsdb

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server.

8.8
2024-09-12 CVE-2024-45851 Mindsdb Code Injection vulnerability in Mindsdb

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server.

8.8
2024-09-12 CVE-2024-45852 Mindsdb Deserialization of Untrusted Data vulnerability in Mindsdb

Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.

8.8
2024-09-12 CVE-2024-8709 Mayurik SQL Injection vulnerability in Mayurik Best House Rental Management System 1.0

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0.

8.8
2024-09-12 CVE-2024-8710 Code Projects SQL Injection vulnerability in Code-Projects Inventory Management 1.0

A vulnerability classified as critical was found in code-projects Inventory Management 1.0.

8.8
2024-09-11 CVE-2024-8636 Google Out-of-bounds Write vulnerability in Google Chrome

Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-09-11 CVE-2024-8637 Google Use After Free vulnerability in Google Chrome

Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-09-11 CVE-2024-8638 Google Type Confusion vulnerability in Google Chrome

Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

8.8
2024-09-11 CVE-2024-8639 Google Use After Free vulnerability in Google Chrome

Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-09-11 CVE-2024-8253 Pickplugins Unspecified vulnerability in Pickplugins Post Grid

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90.

8.8
2024-09-10 CVE-2024-8322 Ivanti Unspecified vulnerability in Ivanti Endpoint Manager

Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.

8.8
2024-09-10 CVE-2024-26186 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

8.8
2024-09-10 CVE-2024-26191 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

8.8
2024-09-10 CVE-2024-37335 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

8.8
2024-09-10 CVE-2024-37338 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

8.8
2024-09-10 CVE-2024-37339 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

8.8
2024-09-10 CVE-2024-37340 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

8.8
2024-09-10 CVE-2024-37965 Microsoft SQL Server Elevation of Privilege Vulnerability
8.8
2024-09-10 CVE-2024-37980 Microsoft SQL Server Elevation of Privilege Vulnerability
8.8
2024-09-10 CVE-2024-38018 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8
2024-09-10 CVE-2024-38259 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Management Console Remote Code Execution Vulnerability

8.8
2024-09-10 CVE-2024-38260 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

8.8
2024-09-10 CVE-2024-43461 Microsoft Unspecified vulnerability in Microsoft products

Windows MSHTML Platform Spoofing Vulnerability

8.8
2024-09-10 CVE-2024-43469 Microsoft Code Injection vulnerability in Microsoft Azure Cyclecloud

Azure CycleCloud Remote Code Execution Vulnerability

8.8
2024-09-10 CVE-2023-37233 Loftware XXE vulnerability in Loftware Spectrum

Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks.

8.8
2024-09-10 CVE-2024-45593 Nixos Path Traversal vulnerability in Nixos NIX

Nix is a package manager for Linux and other Unix systems.

8.8
2024-09-10 CVE-2024-7770 Bitapps Unrestricted Upload of File with Dangerous Type vulnerability in Bitapps File Manager

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5.

8.8
2024-09-10 CVE-2024-43385 Phoenixcontact OS Command Injection vulnerability in Phoenixcontact products

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices.

8.8
2024-09-10 CVE-2024-43386 Phoenixcontact OS Command Injection vulnerability in Phoenixcontact products

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.

8.8
2024-09-10 CVE-2024-43387 Phoenixcontact OS Command Injection vulnerability in Phoenixcontact products

A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices.

8.8
2024-09-10 CVE-2024-43388 Phoenixcontact Unspecified vulnerability in Phoenixcontact products

A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation.

8.8
2024-09-10 CVE-2024-7699 Phoenixcontact OS Command Injection vulnerability in Phoenixcontact products

An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.

8.8
2024-09-10 CVE-2024-8268 Buffercode Code Injection vulnerability in Buffercode Frontend Dashboard

The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up to, and including, 2.2.4.

8.8
2024-09-09 CVE-2024-45041 External Secrets Incorrect Permission Assignment for Critical Resource vulnerability in External-Secrets External Secrets Operator

External Secrets Operator is a Kubernetes operator that integrates external secret management systems.

8.8
2024-09-09 CVE-2024-37288 Elastic Deserialization of Untrusted Data vulnerability in Elastic Kibana 8.15.0

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload.

8.8
2024-09-10 CVE-2024-8321 Ivanti Missing Authentication for Critical Function vulnerability in Ivanti Endpoint Manager

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.

8.6
2024-09-09 CVE-2024-45411 Symfony Unspecified vulnerability in Symfony Twig

Twig is a template language for PHP.

8.6
2024-09-10 CVE-2024-43479 Microsoft Unspecified vulnerability in Microsoft Power Automate

Microsoft Power Automate Desktop Remote Code Execution Vulnerability

8.5
2024-09-15 CVE-2024-8869 Totolink OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5.

8.1
2024-09-13 CVE-2024-31415 Eaton Insufficiently Protected Credentials vulnerability in Eaton Foreseer Electrical Power Monitoring System

The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc.

8.1
2024-09-13 CVE-2024-6862 Lunary Cross-Site Request Forgery (CSRF) vulnerability in Lunary 1.2.34

A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/lunary version 1.2.34 due to overly permissive CORS settings.

8.1
2024-09-12 CVE-2024-8754 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2.

8.1
2024-09-11 CVE-2024-8642 Eclipse Improper Authentication vulnerability in Eclipse Dataspace Components

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration.

8.1
2024-09-11 CVE-2024-7626 Wpdelicious Unspecified vulnerability in Wpdelicious WP Delicious

The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the save_edit_profile_details() function in all versions up to, and including, 1.6.9.

8.1
2024-09-10 CVE-2024-38045 Microsoft Unspecified vulnerability in Microsoft products

Windows TCP/IP Remote Code Execution Vulnerability

8.1
2024-09-10 CVE-2024-31489 Fortinet Improper Certificate Validation vulnerability in Fortinet Forticlient

AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation

8.1
2024-09-10 CVE-2024-43389 Phoenixcontact Unspecified vulnerability in Phoenixcontact products

A low privileged remote attacker can perform configuration changes of the ospf service through OSPF_INTERFACE.SIMPLE_KEY, OSPF_INTERFACE.DIGEST_KEY environment variables which can lead to a DoS.

8.1
2024-09-10 CVE-2024-43390 Phoenixcontact Unspecified vulnerability in Phoenixcontact products

A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW_NAT.IN_IP environment variable which can lead to a DoS.

8.1
2024-09-10 CVE-2024-43391 Phoenixcontact Unspecified vulnerability in Phoenixcontact products

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_PORTFORWARDING.SRC_IP environment variable which can lead to a DoS.

8.1
2024-09-10 CVE-2024-43392 Phoenixcontact Unspecified vulnerability in Phoenixcontact products

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP environment variable which can lead to a DoS.

8.1
2024-09-10 CVE-2024-43393 Phoenixcontact Unspecified vulnerability in Phoenixcontact products

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP FW_RULESETS.FROM_IP FW_RULESETS.IN_IP environment variable which can lead to a DoS.

8.1
2024-09-13 CVE-2024-29779 Google Unspecified vulnerability in Google Android

there is a possible escalation of privilege due to an unusual root cause.

7.8
2024-09-13 CVE-2024-44092 Google Unspecified vulnerability in Google Android

In TBD of TBD, there is a possible LCS signing enforcement missing due to test/debugging code left in a production build.

7.8
2024-09-13 CVE-2024-44093 Google Out-of-bounds Write vulnerability in Google Android

In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a possible memory corruption due to a logic error in the code.

7.8
2024-09-13 CVE-2024-44094 Google Out-of-bounds Write vulnerability in Google Android

In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation.

7.8
2024-09-13 CVE-2024-44095 Google Out-of-bounds Write vulnerability in Google Android

In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code.

7.8
2024-09-13 CVE-2024-42025 UI Command Injection vulnerability in UI Unifi Network Application

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.

7.8
2024-09-13 CVE-2024-43756 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Photoshop

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-09-13 CVE-2024-43760 Adobe Out-of-bounds Write vulnerability in Adobe Photoshop

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-09-13 CVE-2024-45108 Adobe Out-of-bounds Write vulnerability in Adobe Photoshop

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-09-13 CVE-2024-45109 Adobe Out-of-bounds Write vulnerability in Adobe Photoshop

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-09-13 CVE-2024-34121 Adobe Integer Overflow or Wraparound vulnerability in Adobe Illustrator

Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-09-13 CVE-2024-39380 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe After Effects

After Effects versions 23.6.6, 24.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-09-13 CVE-2024-39381 Adobe Out-of-bounds Write vulnerability in Adobe After Effects

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-09-13 CVE-2024-39384 Adobe Out-of-bounds Write vulnerability in Adobe Premiere PRO

Premiere Pro versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-09-13 CVE-2024-41857 Adobe Integer Underflow (Wrap or Wraparound) vulnerability in Adobe Illustrator

Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-09-13 CVE-2024-41859 Adobe Out-of-bounds Write vulnerability in Adobe After Effects

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-09-13 CVE-2024-41869 Adobe Use After Free vulnerability in Adobe products

Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-09-13 CVE-2024-43758 Adobe Use After Free vulnerability in Adobe Illustrator

Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-09-13 CVE-2024-45112 Adobe Type Confusion vulnerability in Adobe products

Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-09-13 CVE-2024-39377 Adobe Out-of-bounds Write vulnerability in Adobe Media Encoder

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-09-13 CVE-2024-41871 Adobe Out-of-bounds Read vulnerability in Adobe Media Encoder

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2024-09-13 CVE-2024-46673 Linux Double Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure aac_probe_one() calls hardware-specific init functions through the aac_driver_ident::init pointer, all of which eventually call down to aac_init_adapter(). If aac_init_adapter() fails after allocating memory for aac_dev::queues, it frees the memory but does not clear that member. After the hardware-specific init function returns an error, aac_probe_one() goes down an error path that frees the memory pointed to by aac_dev::queues, resulting.in a double-free.

7.8
2024-09-13 CVE-2024-46674 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undo_platform_dev_alloc" is entirely bogus.

7.8
2024-09-13 CVE-2024-46683 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/xe: prevent UAF around preempt fence The fence lock is part of the queue, therefore in the current design anything locking the fence should then also hold a ref to the queue to prevent the queue from being freed. However, currently it looks like we signal the fence and then drop the queue ref, but if something is waiting on the fence, the waiter is kicked to wake up at some later point, where upon waking up it first grabs the lock before checking the fence state.

7.8
2024-09-13 CVE-2024-46687 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() [BUG] There is an internal report that KASAN is reporting use-after-free, with the following backtrace: BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs] Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45 CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 Workqueue: btrfs-endio btrfs_end_bio_work [btrfs] Call Trace: dump_stack_lvl+0x61/0x80 print_address_description.constprop.0+0x5e/0x2f0 print_report+0x118/0x216 kasan_report+0x11d/0x1f0 btrfs_check_read_bio+0xa68/0xb70 [btrfs] process_one_work+0xce0/0x12a0 worker_thread+0x717/0x1250 kthread+0x2e3/0x3c0 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x11/0x20 Allocated by task 20917: kasan_save_stack+0x37/0x60 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x7d/0x80 kmem_cache_alloc_noprof+0x16e/0x3e0 mempool_alloc_noprof+0x12e/0x310 bio_alloc_bioset+0x3f0/0x7a0 btrfs_bio_alloc+0x2e/0x50 [btrfs] submit_extent_page+0x4d1/0xdb0 [btrfs] btrfs_do_readpage+0x8b4/0x12a0 [btrfs] btrfs_readahead+0x29a/0x430 [btrfs] read_pages+0x1a7/0xc60 page_cache_ra_unbounded+0x2ad/0x560 filemap_get_pages+0x629/0xa20 filemap_read+0x335/0xbf0 vfs_read+0x790/0xcb0 ksys_read+0xfd/0x1d0 do_syscall_64+0x6d/0x140 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Freed by task 20917: kasan_save_stack+0x37/0x60 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x50 __kasan_slab_free+0x4b/0x60 kmem_cache_free+0x214/0x5d0 bio_free+0xed/0x180 end_bbio_data_read+0x1cc/0x580 [btrfs] btrfs_submit_chunk+0x98d/0x1880 [btrfs] btrfs_submit_bio+0x33/0x70 [btrfs] submit_one_bio+0xd4/0x130 [btrfs] submit_extent_page+0x3ea/0xdb0 [btrfs] btrfs_do_readpage+0x8b4/0x12a0 [btrfs] btrfs_readahead+0x29a/0x430 [btrfs] read_pages+0x1a7/0xc60 page_cache_ra_unbounded+0x2ad/0x560 filemap_get_pages+0x629/0xa20 filemap_read+0x335/0xbf0 vfs_read+0x790/0xcb0 ksys_read+0xfd/0x1d0 do_syscall_64+0x6d/0x140 entry_SYSCALL_64_after_hwframe+0x4b/0x53 [CAUSE] Although I cannot reproduce the error, the report itself is good enough to pin down the cause. The call trace is the regular endio workqueue context, but the free-by-task trace is showing that during btrfs_submit_chunk() we already hit a critical error, and is calling btrfs_bio_end_io() to error out.

7.8
2024-09-13 CVE-2024-46696 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix potential UAF in nfsd4_cb_getattr_release Once we drop the delegation reference, the fields embedded in it are no longer safe to access.

7.8
2024-09-13 CVE-2024-46699 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Disable preemption while updating GPU stats We forgot to disable preemption around the write_seqcount_begin/end() pair while updating GPU stats: [ ] WARNING: CPU: 2 PID: 12 at include/linux/seqlock.h:221 __seqprop_assert.isra.0+0x128/0x150 [v3d] [ ] Workqueue: v3d_bin drm_sched_run_job_work [gpu_sched] <...snip...> [ ] Call trace: [ ] __seqprop_assert.isra.0+0x128/0x150 [v3d] [ ] v3d_job_start_stats.isra.0+0x90/0x218 [v3d] [ ] v3d_bin_job_run+0x23c/0x388 [v3d] [ ] drm_sched_run_job_work+0x520/0x6d0 [gpu_sched] [ ] process_one_work+0x62c/0xb48 [ ] worker_thread+0x468/0x5b0 [ ] kthread+0x1c4/0x1e0 [ ] ret_from_fork+0x10/0x20 Fix it.

7.8
2024-09-13 CVE-2024-46700 Linux Classic Buffer Overflow vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/mes: fix mes ring buffer overflow wait memory room until enough before writing mes packets to avoid ring buffer overflow. v2: squash in sched_hw_submission fix (cherry picked from commit 34e087e8920e635c62e2ed6a758b0cd27f836d13)

7.8
2024-09-12 CVE-2024-45181 Wibu Out-of-bounds Write vulnerability in Wibu Wibukey

An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70.

7.8
2024-09-12 CVE-2024-6510 AVG Uncontrolled Search Path Element vulnerability in AVG Internet Security

Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.

7.8
2024-09-12 CVE-2024-27320 Refuel Improper Neutralization of Formula Elements in a CSV File vulnerability in Refuel Autolabel

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files.

7.8
2024-09-12 CVE-2024-27321 Refuel Improper Neutralization of Formula Elements in a CSV File vulnerability in Refuel Autolabel

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files.

7.8
2024-09-11 CVE-2024-20398 Cisco OS Command Injection vulnerability in Cisco IOS XR

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands.

7.8
2024-09-11 CVE-2024-39378 Adobe Out-of-bounds Write vulnerability in Adobe Audition

Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-09-11 CVE-2024-45026 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient (ESE) or thin provisioned volumes need to be formatted on demand during usual IO processing. The dasd_ese_needs_format function checks for error codes that signal the non existence of a proper track format. The check for incorrect length is to imprecise since other error cases leading to transport of insufficient data also have this flag set. This might lead to data corruption in certain error cases for example during a storage server warmstart. Fix by removing the check for incorrect length and replacing by explicitly checking for invalid track format in transport mode. Also remove the check for file protected since this is not a valid ESE handling case.

7.8
2024-09-11 CVE-2024-5760 Samsung Unspecified vulnerability in Samsung Universal Print Driver 3.00.16.0101

The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool.

7.8
2024-09-11 CVE-2024-8306 Schneider Electric Unspecified vulnerability in Schneider-Electric products

CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries.

7.8
2024-09-10 CVE-2024-44103 Ivanti Untrusted Search Path vulnerability in Ivanti Workspace Control

DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

7.8
2024-09-10 CVE-2024-44104 Ivanti Authentication Bypass by Spoofing vulnerability in Ivanti Workspace Control

An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

7.8
2024-09-10 CVE-2024-44105 Ivanti Cleartext Transmission of Sensitive Information vulnerability in Ivanti Workspace Control

Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials.

7.8
2024-09-10 CVE-2024-44106 Ivanti Unspecified vulnerability in Ivanti Workspace Control

Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

7.8
2024-09-10 CVE-2024-44107 Ivanti Uncontrolled Search Path Element vulnerability in Ivanti Workspace Control

DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.

7.8
2024-09-10 CVE-2024-8012 Ivanti Missing Authentication for Critical Function vulnerability in Ivanti Workspace Control

An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

7.8
2024-09-10 CVE-2024-30073 Microsoft Unspecified vulnerability in Microsoft products

Windows Security Zone Mapping Security Feature Bypass Vulnerability

7.8
2024-09-10 CVE-2024-38014 Microsoft Unspecified vulnerability in Microsoft products

Windows Installer Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-38046 Microsoft Unspecified vulnerability in Microsoft products

PowerShell Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-38237 Microsoft Unspecified vulnerability in Microsoft products

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-38238 Microsoft Unspecified vulnerability in Microsoft products

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-38241 Microsoft Unspecified vulnerability in Microsoft products

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-38242 Microsoft Unspecified vulnerability in Microsoft products

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-38243 Microsoft Unspecified vulnerability in Microsoft products

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-38244 Microsoft Unspecified vulnerability in Microsoft products

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-38245 Microsoft Unspecified vulnerability in Microsoft products

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-38247 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-38249 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-38250 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-38252 Microsoft Unspecified vulnerability in Microsoft products

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-38253 Microsoft Unspecified vulnerability in Microsoft products

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-43457 Microsoft Unspecified vulnerability in Microsoft Windows 11 24H2

Windows Setup and Deployment Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-43463 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Visio Remote Code Execution Vulnerability

7.8
2024-09-10 CVE-2024-43465 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Excel Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-43492 Microsoft Unspecified vulnerability in Microsoft Autoupdate

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

7.8
2024-09-10 CVE-2024-31960 Samsung Use After Free vulnerability in Samsung Exynos 1480 Firmware and Exynos 2400 Firmware

An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400.

7.8
2024-09-10 CVE-2024-8258 Logitech Code Injection vulnerability in Logitech Logi Options+

Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.

7.8
2024-09-09 CVE-2024-27383 Samsung Out-of-bounds Write vulnerability in Samsung products

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330.

7.8
2024-09-09 CVE-2024-27387 Samsung Out-of-bounds Write vulnerability in Samsung products

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330.

7.8
2024-09-10 CVE-2024-43458 Microsoft Use of Uninitialized Resource vulnerability in Microsoft Windows 10 1607

Windows Networking Information Disclosure Vulnerability

7.7
2024-09-10 CVE-2024-43474 Microsoft SQL Server Information Disclosure Vulnerability
7.6
2024-09-15 CVE-2024-46943 Opendaylight Unspecified vulnerability in Opendaylight Authentication, Authorization and Accounting

An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3.

7.5
2024-09-15 CVE-2024-46938 Sitecore Unspecified vulnerability in Sitecore products

An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release.

7.5
2024-09-15 CVE-2024-8876 Xiaohe4966 Path Traversal vulnerability in Xiaohe4966 Tpmecms

A vulnerability, which was classified as problematic, has been found in xiaohe4966 TpMeCMS up to 1.3.3.1.

7.5
2024-09-13 CVE-2024-6587 Litellm Server-Side Request Forgery (SSRF) vulnerability in Litellm 1.38.10

A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10.

7.5
2024-09-13 CVE-2024-46047 Tenda Out-of-bounds Write vulnerability in Tenda Fh451 Firmware 1.0.0.9

Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function.

7.5
2024-09-13 CVE-2024-45113 Adobe Improper Authentication vulnerability in Adobe Coldfusion 2021/2023

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation.

7.5
2024-09-12 CVE-2024-44459 Octavolabs Allocation of Resources Without Limits or Throttling vulnerability in Octavolabs Vernemq 2.0.1

A memory allocation issue in vernemq v2.0.1 allows attackers to cause a Denial of Service (DoS) via excessive memory consumption.

7.5
2024-09-12 CVE-2024-44460 Emqx Unspecified vulnerability in Emqx Nanomq 0.21.9

An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS).

7.5
2024-09-12 CVE-2024-6077 Rockwellautomation Unspecified vulnerability in Rockwellautomation products

A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object.

7.5
2024-09-12 CVE-2024-34334 Ordat SQL Injection vulnerability in Ordat Ordat.Erp

ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.

7.5
2024-09-12 CVE-2024-4660 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2.

7.5
2024-09-12 CVE-2024-8124 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of Service via sending a specific POST request.

7.5
2024-09-12 CVE-2024-45825 Rockwellautomation Unspecified vulnerability in Rockwellautomation 5015-U8Ihft Firmware 1.011/1.012

CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products.

7.5
2024-09-12 CVE-2021-22532 Microfocus Allocation of Resources Without Limits or Throttling vulnerability in Microfocus Edirectory

Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000.

7.5
2024-09-12 CVE-2022-26322 Netiq Information Exposure Through Log Files vulnerability in Netiq Identity Manager Rest Driver

Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenText™ Identity Manager REST Driver.

7.5
2024-09-12 CVE-2024-3305 Utarit Unspecified vulnerability in Utarit Soliclub

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.

7.5
2024-09-12 CVE-2024-3306 Utarit Authorization Bypass Through User-Controlled Key vulnerability in Utarit Soliclub

Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.

7.5
2024-09-12 CVE-2024-45853 Mindsdb Deserialization of Untrusted Data vulnerability in Mindsdb

Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction.

7.5
2024-09-12 CVE-2024-45854 Mindsdb Deserialization of Untrusted Data vulnerability in Mindsdb

Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.

7.5
2024-09-12 CVE-2024-45855 Mindsdb Deserialization of Untrusted Data vulnerability in Mindsdb

Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it.

7.5
2024-09-12 CVE-2024-8749 I Doit SQL Injection vulnerability in I-Doit 28

SQL injection vulnerability in idoit pro version 28.

7.5
2024-09-12 CVE-2024-8522 Thimpress SQL Injection vulnerability in Thimpress Learnpress

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

7.5
2024-09-12 CVE-2024-8529 Thimpress SQL Injection vulnerability in Thimpress Learnpress

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

7.5
2024-09-12 CVE-2024-8711 Oretnom23 Unspecified vulnerability in Oretnom23 Food Ordering Management System 1.0

A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0.

7.5
2024-09-11 CVE-2024-20304 Cisco Memory Leak vulnerability in Cisco IOS XR

A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This vulnerability exists because the Mtrace2 code does not properly handle packet memory.

7.5
2024-09-11 CVE-2024-45788 Reedos Unspecified vulnerability in Reedos Aim-Star 2.0.1

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints.

7.5
2024-09-11 CVE-2024-7609 Vidco Path Traversal vulnerability in Vidco VOC Tester

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal.This issue affects VOC TESTER: before 12.34.8.

7.5
2024-09-10 CVE-2023-6841 Redhat Unspecified vulnerability in Redhat Keycloak and Single Sign-On

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.

7.5
2024-09-10 CVE-2024-38119 Microsoft Unspecified vulnerability in Microsoft products

Windows Network Address Translation (NAT) Remote Code Execution Vulnerability

7.5
2024-09-10 CVE-2024-38230 Microsoft Unspecified vulnerability in Microsoft products

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

7.5
2024-09-10 CVE-2024-38231 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

7.5
2024-09-10 CVE-2024-38232 Microsoft Unspecified vulnerability in Microsoft Windows 10 1607

Windows Networking Denial of Service Vulnerability

7.5
2024-09-10 CVE-2024-38233 Microsoft Unspecified vulnerability in Microsoft Windows 10 1607

Windows Networking Denial of Service Vulnerability

7.5
2024-09-10 CVE-2024-38236 Microsoft Unspecified vulnerability in Microsoft products

DHCP Server Service Denial of Service Vulnerability

7.5
2024-09-10 CVE-2024-38257 Microsoft Unspecified vulnerability in Microsoft products

Microsoft AllJoyn API Information Disclosure Vulnerability

7.5
2024-09-10 CVE-2024-38258 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Licensing Service Information Disclosure Vulnerability

7.5
2024-09-10 CVE-2024-38263 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

7.5
2024-09-10 CVE-2024-43466 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019

Microsoft SharePoint Server Denial of Service Vulnerability

7.5
2024-09-10 CVE-2024-43467 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

7.5
2024-09-10 CVE-2023-37232 Loftware Unspecified vulnerability in Loftware Spectrum

Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor.

7.5
2024-09-10 CVE-2024-45412 Yeti Platform Allocation of Resources Without Limits or Throttling vulnerability in Yeti-Platform Yeti

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline.

7.5
2024-09-10 CVE-2024-45590 Openjsf Unspecified vulnerability in Openjsf Body-Parser

body-parser is Node.js body parsing middleware.

7.5
2024-09-10 CVE-2024-37992 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2).

7.5
2024-09-10 CVE-2024-37993 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2).

7.5
2024-09-09 CVE-2024-44375 Dlink Out-of-bounds Write vulnerability in Dlink Di-8100 Firmware 16.07.26A1

D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the dbsrv_asp function.

7.5
2024-09-11 CVE-2024-20317 Cisco Unspecified vulnerability in Cisco IOS XR

A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect classification of certain types of Ethernet frames that are received on an interface.

7.4
2024-09-11 CVE-2024-20406 A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of ingress IS-IS packets.
7.4
2024-09-14 CVE-2024-8479 Webliberty Code Injection vulnerability in Webliberty Simple Spoiler

The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3.

7.3
2024-09-14 CVE-2024-8271 Pluginus Code Injection vulnerability in Pluginus FOX - Currency Switcher Professional for Woocommerce

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1.

7.3
2024-09-12 CVE-2024-20430 Cisco Uncontrolled Search Path Element vulnerability in Cisco Meraki Systems Manager

A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.&nbsp; This vulnerability is due to incorrect handling of directory search paths at runtime.

7.3
2024-09-10 CVE-2024-38226 Microsoft Unspecified vulnerability in Microsoft Office and Publisher

Microsoft Publisher Security Feature Bypass Vulnerability

7.3
2024-09-10 CVE-2024-43470 Microsoft Unspecified vulnerability in Microsoft Azure Network Watcher Agent

Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

7.3
2024-09-10 CVE-2024-43475 Microsoft Unspecified vulnerability in Microsoft Windows Server 2008

Microsoft Windows Admin Center Information Disclosure Vulnerability

7.3
2024-09-10 CVE-2024-43495 Microsoft Unspecified vulnerability in Microsoft Windows 11 22H2

Windows libarchive Remote Code Execution Vulnerability

7.3
2024-09-10 CVE-2024-33508 Fortinet Command Injection vulnerability in Fortinet Forticlient Enterprise Management Server

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests.

7.3
2024-09-10 CVE-2024-8478 Ifeelweb Code Injection vulnerability in Ifeelweb Affiliate Super Assistent

The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3.

7.3
2024-09-14 CVE-2024-8669 Softaculous SQL Injection vulnerability in Softaculous Backuply

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function in all versions up to, and including, 1.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

7.2
2024-09-13 CVE-2024-8278 A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
7.2
2024-09-13 CVE-2024-8279 A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
7.2
2024-09-13 CVE-2024-8280 An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file.
7.2
2024-09-13 CVE-2024-8281 An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell.
7.2
2024-09-13 CVE-2022-2446 Benjaminrojas Deserialization of Untrusted Data vulnerability in Benjaminrojas WP Editor

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9.

7.2
2024-09-13 CVE-2024-7129 Nsqua Unspecified vulnerability in Nsqua Simply Schedule Appointments

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins

7.2
2024-09-12 CVE-2024-8631 Gitlab Unspecified vulnerability in Gitlab

A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2.

7.2
2024-09-12 CVE-2024-7766 Erichamby SQL Injection vulnerability in Erichamby Adicon Server

The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

7.2
2024-09-12 CVE-2024-32840 Ivanti SQL Injection vulnerability in Ivanti Endpoint Manager

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2
2024-09-12 CVE-2024-32842 Ivanti SQL Injection vulnerability in Ivanti Endpoint Manager

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2
2024-09-12 CVE-2024-32843 Ivanti SQL Injection vulnerability in Ivanti Endpoint Manager

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2
2024-09-12 CVE-2024-32845 Ivanti SQL Injection vulnerability in Ivanti Endpoint Manager

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2
2024-09-12 CVE-2024-32846 Ivanti SQL Injection vulnerability in Ivanti Endpoint Manager

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2
2024-09-12 CVE-2024-32848 Ivanti SQL Injection vulnerability in Ivanti Endpoint Manager

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2
2024-09-12 CVE-2024-34779 Ivanti SQL Injection vulnerability in Ivanti Endpoint Manager

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2
2024-09-12 CVE-2024-34783 Ivanti SQL Injection vulnerability in Ivanti Endpoint Manager

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2
2024-09-12 CVE-2024-34785 Ivanti SQL Injection vulnerability in Ivanti Endpoint Manager

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2
2024-09-11 CVE-2024-20483 Cisco OS Command Injection vulnerability in Cisco IOS XR

Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root. These vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands.

7.2
2024-09-11 CVE-2024-8686 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall.

7.2
2024-09-11 CVE-2019-25212 I13Websolution SQL Injection vulnerability in I13Websolution Video Carousel Slider With Lightbox

The video carousel slider with lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

7.2
2024-09-10 CVE-2024-8190 Ivanti OS Command Injection vulnerability in Ivanti Cloud Services Appliance 4.6

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution.

7.2
2024-09-10 CVE-2024-38227 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2
2024-09-10 CVE-2024-38228 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2
2024-09-10 CVE-2024-38239 Microsoft Unspecified vulnerability in Microsoft products

Windows Kerberos Elevation of Privilege Vulnerability

7.2
2024-09-10 CVE-2024-43464 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2
2024-09-10 CVE-2024-44871 Mozilo Unrestricted Upload of File with Dangerous Type vulnerability in Mozilo Mozilocms 3.0

An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file.

7.2
2024-09-11 CVE-2024-8687 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Pan-Os

An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode.

7.1
2024-09-11 CVE-2024-45023 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix data corruption for degraded array with slow disk read_balance() will avoid reading from slow disks as much as possible, however, if valid data only lands in slow disks, and a new normal disk is still in recovery, unrecovered data can be read: raid1_read_request read_balance raid1_should_read_first -> return false choose_best_rdev -> normal disk is not recovered, return -1 choose_bb_rdev -> missing the checking of recovery, return the normal disk -> read unrecovered data Root cause is that the checking of recovery is missing in choose_bb_rdev().

7.1
2024-09-10 CVE-2024-37966 Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
7.1
2024-09-10 CVE-2024-38188 Microsoft Unspecified vulnerability in Microsoft Azure Network Watcher Agent

Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

7.1
2024-09-10 CVE-2024-43454 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

7.1
2024-09-10 CVE-2024-42423 Citrix Incorrect Authorization vulnerability in Citrix Workspace 23.9.0.24.4

Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin.

7.1
2024-09-10 CVE-2024-37994 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2).

7.1
2024-09-09 CVE-2024-7341 Redhat Session Fixation vulnerability in Redhat Keycloak

A session fixation issue was discovered in the SAML adapters provided by Keycloak.

7.1
2024-09-10 CVE-2024-38246 Microsoft Unspecified vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability

7.0
2024-09-10 CVE-2024-38248 Microsoft Unspecified vulnerability in Microsoft products

Windows Storage Elevation of Privilege Vulnerability

7.0

277 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-09-13 CVE-2024-45101 A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL.
6.8
2024-09-13 CVE-2024-7756 A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell.
6.8
2024-09-13 CVE-2024-7863 Pixeljar Cross-Site Request Forgery (CSRF) vulnerability in Pixeljar Favicon Generator

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server

6.8
2024-09-13 CVE-2024-45105 An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code.
6.7
2024-09-13 CVE-2024-4550 A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code.
6.7
2024-09-10 CVE-2024-8441 Ivanti Uncontrolled Search Path Element vulnerability in Ivanti Endpoint Manager

An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.

6.7
2024-09-10 CVE-2024-39580 Dell Unspecified vulnerability in Dell Insightiq 5.0.1/5.1.0

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability.

6.7
2024-09-15 CVE-2024-46942 Opendaylight Unspecified vulnerability in Opendaylight Model-Driven Service Abstraction Layer

In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment.

6.5
2024-09-13 CVE-2024-6259 Zephyrproject Out-of-bounds Write vulnerability in Zephyrproject Zephyr

BT: HCI: adv_ext_report Improper discarding in adv_ext_report

6.5
2024-09-13 CVE-2024-5931 Zephyrproject Out-of-bounds Write vulnerability in Zephyrproject Zephyr

BT: Unchecked user input in bap_broadcast_assistant

6.5
2024-09-13 CVE-2024-6135 Zephyrproject Divide By Zero vulnerability in Zephyrproject Zephyr

BT:Classic: Multiple missing buf length checks

6.5
2024-09-13 CVE-2024-6137 Zephyrproject Out-of-bounds Write vulnerability in Zephyrproject Zephyr

BT: Classic: SDP OOB access in get_att_search_list

6.5
2024-09-13 CVE-2024-5754 Zephyrproject Unspecified vulnerability in Zephyrproject Zephyr

BT: Encryption procedure host vulnerability

6.5
2024-09-13 CVE-2024-6258 Zephyrproject Integer Underflow (Wrap or Wraparound) vulnerability in Zephyrproject Zephyr

BT: Missing length checks of net_buf in rfcomm_handle_data

6.5
2024-09-13 CVE-2024-45104 Lenovo Unspecified vulnerability in Lenovo Xclarity Administrator

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.

6.5
2024-09-13 CVE-2024-31416 Eaton Improper Validation of Specified Quantity in Input vulnerability in Eaton Foreseer Electrical Power Monitoring System

The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc.

6.5
2024-09-13 CVE-2024-6087 Lunary Unspecified vulnerability in Lunary

An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch.

6.5
2024-09-13 CVE-2024-6867 Lunary Insufficient Granularity of Access Control vulnerability in Lunary 1.4.9

An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint.

6.5
2024-09-13 CVE-2024-8269 Inspireui Unspecified vulnerability in Inspireui Mstore API

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3.

6.5
2024-09-13 CVE-2024-7864 Pixeljar Cross-Site Request Forgery (CSRF) vulnerability in Pixeljar Favicon Generator

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrary files on the server

6.5
2024-09-12 CVE-2024-8311 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.

6.5
2024-09-12 CVE-2024-5435 Gitlab Information Exposure Through an Error Message vulnerability in Gitlab

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration.

6.5
2024-09-12 CVE-2024-8635 Gitlab Server-Side Request Forgery (SSRF) vulnerability in Gitlab

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2.

6.5
2024-09-12 CVE-2024-42483 Espressif Insufficient Verification of Data Authenticity vulnerability in Espressif Esp-Now

ESP-NOW Component provides a connectionless Wi-Fi communication protocol.

6.5
2024-09-12 CVE-2021-38133 Microfocus Weak Password Requirements vulnerability in Microfocus Edirectory

Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory.

6.5
2024-09-12 CVE-2024-7817 Michalaugustyniak Cross-Site Request Forgery (CSRF) vulnerability in Michalaugustyniak Misiek Photo Album

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack

6.5
2024-09-12 CVE-2024-7820 Elliot Cross-Site Request Forgery (CSRF) vulnerability in Elliot ILC Thickbox

The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

6.5
2024-09-12 CVE-2024-7859 Visual Sound Project Cross-Site Request Forgery (CSRF) vulnerability in Visual Sound Project Visual Sound

The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

6.5
2024-09-12 CVE-2024-7862 Kimhuebel Cross-Site Request Forgery (CSRF) vulnerability in Kimhuebel Blogintroduction-Wordpress-Plugin

The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

6.5
2024-09-12 CVE-2024-38222 Microsoft Unspecified vulnerability in Microsoft Edge

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

6.5
2024-09-11 CVE-2024-45786 Reedos Authorization Bypass Through User-Controlled Key vulnerability in Reedos Aim-Star 2.0.1

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints.

6.5
2024-09-11 CVE-2024-45787 Reedos Unspecified vulnerability in Reedos Aim-Star 2.0.1

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints.

6.5
2024-09-10 CVE-2024-38234 Microsoft Unspecified vulnerability in Microsoft products

Windows Networking Denial of Service Vulnerability

6.5
2024-09-10 CVE-2024-38235 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Denial of Service Vulnerability

6.5
2024-09-10 CVE-2024-43482 Microsoft Unspecified vulnerability in Microsoft Outlook

Microsoft Outlook for iOS Information Disclosure Vulnerability

6.5
2024-09-10 CVE-2024-43487 Microsoft Unspecified vulnerability in Microsoft products

Windows Mark of the Web Security Feature Bypass Vulnerability

6.5
2024-09-10 CVE-2023-44254 Fortinet Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortianalyzer and Fortimanager

An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request.

6.5
2024-09-10 CVE-2024-31490 Fortinet Unspecified vulnerability in Fortinet Fortisandbox

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get requests.

6.5
2024-09-10 CVE-2024-37990 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2).

6.5
2024-09-10 CVE-2024-37991 Siemens Missing Authentication for Critical Function vulnerability in Siemens products

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2).

6.5
2024-09-10 CVE-2024-38270 Zyxel Insufficient Entropy vulnerability in Zyxel products

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0.

6.5
2024-09-09 CVE-2024-8601 Techexcel Incorrect Authorization vulnerability in Techexcel Back Office Software

This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints.

6.5
2024-09-09 CVE-2024-7688 The AZIndex WordPress plugin through 0.8.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin delete arbitrary indexes via a CSRF attack
6.5
2024-09-09 CVE-2024-8585 Learningdigital Path Traversal vulnerability in Learningdigital Orca HCM

Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files.

6.5
2024-09-11 CVE-2024-43793 Halo Cross-site Scripting vulnerability in Halo

Halo is an open source website building tool.

6.4
2024-09-10 CVE-2024-38254 Microsoft Unspecified vulnerability in Microsoft products

Windows Authentication Information Disclosure Vulnerability

6.2
2024-09-15 CVE-2024-44053 Mohammadarif Cross-site Scripting vulnerability in Mohammadarif Opor Ayam

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through 1.8.

6.1
2024-09-15 CVE-2024-44060 Jenniferhall Cross-site Scripting vulnerability in Jenniferhall Filmix

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1.

6.1
2024-09-15 CVE-2024-45458 Spiffyplugins Cross-site Scripting vulnerability in Spiffyplugins Spiffy Calendar

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.

6.1
2024-09-15 CVE-2024-45459 Pickplugins Cross-site Scripting vulnerability in Pickplugins Product Slider for Woocommerce

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through 1.13.50.

6.1
2024-09-15 CVE-2024-8866 Autocms Project Cross-site Scripting vulnerability in Autocms Project Autocms 5.4

A vulnerability was found in AutoCMS 5.4.

6.1
2024-09-14 CVE-2024-8797 Wpbookingsystem Cross-site Scripting vulnerability in Wpbookingsystem WP Booking System

The WP Booking System – Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.19.8.

6.1
2024-09-14 CVE-2024-8724 Xootix Cross-site Scripting vulnerability in Xootix Waitlist Woocommerce

The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.5.

6.1
2024-09-13 CVE-2024-31414 Eaton Cross-site Scripting vulnerability in Eaton Foreseer Electrical Power Monitoring System

The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages.

6.1
2024-09-13 CVE-2024-8714 Slicewp Cross-site Scripting vulnerability in Slicewp Affiliate Program Suite

The WordPress Affiliates Plugin — SliceWP Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.20.

6.1
2024-09-13 CVE-2024-8730 Cvstech Cross-site Scripting vulnerability in Cvstech Exit Notifier

The Exit Notifier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1.

6.1
2024-09-13 CVE-2024-8731 Leira Cross-site Scripting vulnerability in Leira Cron Jobs

The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9.

6.1
2024-09-13 CVE-2024-8732 Leira Cross-site Scripting vulnerability in Leira Roles & Capabilities

The Roles & Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.9.

6.1
2024-09-13 CVE-2024-8734 Lucasstad Cross-site Scripting vulnerability in Lucasstad Lucas String Replace

The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.5.

6.1
2024-09-13 CVE-2024-8737 Kubiq Cross-site Scripting vulnerability in Kubiq PDF Thumbnail Generator

The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.

6.1
2024-09-13 CVE-2024-8663 Wpsimplebookingcalendar Cross-site Scripting vulnerability in Wpsimplebookingcalendar WP Simple Booking Calendar

The WP Simple Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.10.

6.1
2024-09-13 CVE-2024-8664 Boopathirajan Cross-site Scripting vulnerability in Boopathirajan WP Test Email

The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.7.

6.1
2024-09-13 CVE-2024-8665 Yithemes Cross-site Scripting vulnerability in Yithemes Yith Custom Login

The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.3.

6.1
2024-09-13 CVE-2024-8656 Wpfactory Cross-site Scripting vulnerability in Wpfactory Helper

The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.0.

6.1
2024-09-12 CVE-2024-34335 Ordat Cross-site Scripting vulnerability in Ordat Ordat.Erp

ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page.

6.1
2024-09-12 CVE-2024-45303 Discourse Cross-site Scripting vulnerability in Discourse Calendar 0.2

Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse.

6.1
2024-09-12 CVE-2024-4612 Gitlab Open Redirect vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2.

6.1
2024-09-12 CVE-2021-22503 Microfocus Cross-site Scripting vulnerability in Microfocus Edirectory

Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.3.0000.

6.1
2024-09-12 CVE-2021-38131 Microfocus Cross-site Scripting vulnerability in Microfocus Edirectory

Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000.

6.1
2024-09-12 CVE-2024-8750 I Doit Cross-site Scripting vulnerability in I-Doit 28

Cross-site Scripting (XSS) vulnerability in idoit pro version 28.

6.1
2024-09-12 CVE-2024-2010 Tebilisim Cross-site Scripting vulnerability in Tebilisim V5

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE Informatics V5 allows Reflected XSS.This issue affects V5: before 6.2.

6.1
2024-09-12 CVE-2024-8622 Amcharts Cross-site Scripting vulnerability in Amcharts Amcharts: Charts and Maps

The amCharts: Charts and Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'amcharts_javascript' parameter in all versions up to, and including, 1.4.4 due to the ability to supply arbitrary JavaScript a lack of nonce validation on the preview functionality.

6.1
2024-09-12 CVE-2024-6017 Scriptonite Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Music Request Manager

The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

6.1
2024-09-12 CVE-2024-6018 Scriptonite Cross-site Scripting vulnerability in Scriptonite Music Request Manager

The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

6.1
2024-09-12 CVE-2024-6019 Scriptonite Cross-site Scripting vulnerability in Scriptonite Music Request Manager

The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators

6.1
2024-09-12 CVE-2024-7816 Adeelraza Cross-site Scripting vulnerability in Adeelraza Gixaw Chat

The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

6.1
2024-09-12 CVE-2024-7818 Michalaugustyniak Cross-site Scripting vulnerability in Michalaugustyniak Misiek Photo Album

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

6.1
2024-09-12 CVE-2024-7822 Gwycon Cross-site Scripting vulnerability in Gwycon Quick Code

The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

6.1
2024-09-12 CVE-2024-7860 Outtolunchproductions Cross-site Scripting vulnerability in Outtolunchproductions Simple Headline Rotator

The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

6.1
2024-09-12 CVE-2024-7861 Michalaugustyniak Cross-site Scripting vulnerability in Michalaugustyniak Misiek Paypal

The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

6.1
2024-09-12 CVE-2024-8054 MM Breaking News Project Cross-site Scripting vulnerability in Mm-Breaking News Project Mm-Breaking News

The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

6.1
2024-09-12 CVE-2024-8056 MM Breaking News Project Cross-site Scripting vulnerability in Mm-Breaking News Project Mm-Breaking News

The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

6.1
2024-09-12 CVE-2024-8708 Mayurik Cross-site Scripting vulnerability in Mayurik Best House Rental Management System 1.0

A vulnerability was found in SourceCodester Best House Rental Management System 1.0.

6.1
2024-09-11 CVE-2024-7312 Payara Open Redirect vulnerability in Payara

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50.

6.1
2024-09-11 CVE-2024-8646 Eclipse Open Redirect vulnerability in Eclipse Glassfish

In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/').

6.1
2024-09-10 CVE-2024-44872 Mozilo Cross-site Scripting vulnerability in Mozilo Mozilocms 3.0

A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

6.1
2024-09-10 CVE-2024-45592 Damienharper Cross-site Scripting vulnerability in Damienharper Auditor-Bundle

auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application.

6.1
2024-09-09 CVE-2023-50883 Onlyoffice Cross-site Scripting vulnerability in Onlyoffice Document Server

ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object.

6.1
2024-09-09 CVE-2024-7260 Redhat Open Redirect vulnerability in Redhat Build of Keycloak and Keycloak

An open redirect vulnerability was found in Keycloak.

6.1
2024-09-09 CVE-2024-8604 Online Food Ordering System Project Cross-site Scripting vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0

A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0.

6.1
2024-09-09 CVE-2024-45625 Incsub Cross-site Scripting vulnerability in Incsub Forminator

Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1.

6.1
2024-09-09 CVE-2024-8586 Uniong Open Redirect vulnerability in Uniong Webitr

WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs.

6.1
2024-09-10 CVE-2024-21753 Fortinet Path Traversal vulnerability in Fortinet Forticlient Endpoint Management Server

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requests

6.0
2024-09-10 CVE-2022-45856 Fortinet Improper Certificate Validation vulnerability in Fortinet Forticlient

An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and  both the service provider and the identity provider.

5.9
2024-09-10 CVE-2024-7698 Phoenixcontact Improper Cross-boundary Removal of Sensitive Data vulnerability in Phoenixcontact products

A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.

5.7
2024-09-13 CVE-2024-39382 Adobe Out-of-bounds Read vulnerability in Adobe After Effects

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-09-13 CVE-2024-39385 Adobe Use After Free vulnerability in Adobe Premiere PRO

Premiere Pro versions 24.5, 23.6.8 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-09-13 CVE-2024-41867 Adobe Out-of-bounds Read vulnerability in Adobe After Effects

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-09-13 CVE-2024-43759 Adobe NULL Pointer Dereference vulnerability in Adobe Illustrator

Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS).

5.5
2024-09-13 CVE-2024-45111 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator

Illustrator versions 28.6, 27.9.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-09-13 CVE-2024-41870 Adobe Out-of-bounds Read vulnerability in Adobe Media Encoder

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-09-13 CVE-2024-41872 Adobe Out-of-bounds Read vulnerability in Adobe Media Encoder

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-09-13 CVE-2024-41873 Adobe Out-of-bounds Read vulnerability in Adobe Media Encoder

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-09-13 CVE-2024-46701 Linux Infinite Loop vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: libfs: fix infinite directory reads for offset dir After we switch tmpfs dir operations from simple_dir_operations to simple_offset_dir_operations, every rename happened will fill new dentry to dest dir's maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free key starting with octx->newx_offset, and then set newx_offset equals to free key + 1.

5.5
2024-09-13 CVE-2024-46702 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete host router NVM upgrade and it gets hot-removed from the PCIe side as a result of NVM firmware authentication, if there is another host connected with enabled paths we hang in tearing them down.

5.5
2024-09-13 CVE-2024-46703 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: Revert "serial: 8250_omap: Set the console genpd always on if no console suspend" This reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940. Kevin reported that this causes a crash during suspend on platforms that dont use PM domains.

5.5
2024-09-13 CVE-2024-46705 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/xe: reset mmio mappings with devm Set our various mmio mappings to NULL.

5.5
2024-09-13 CVE-2024-46706 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port With "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel sometimes boot hang.

5.5
2024-09-13 CVE-2024-46707 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the ICC_*SGI*_EL1 registers is trapped to EL2. We therefore try to emulate the SGI access, only to hit a NULL pointer as no private interrupt is allocated (no GIC, remember?). The obvious fix is to give the guest what it deserves, in the shape of a UNDEF exception.

5.5
2024-09-13 CVE-2024-46708 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashing on pin state setting, as well as for the intended state changes to take effect.

5.5
2024-09-13 CVE-2024-46709 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix prime with external buffers Make sure that for external buffers mapping goes through the dma_buf interface instead of trying to access pages directly. External buffers might not provide direct access to readable/writable pages so to make sure the bo's created from external dma_bufs can be read dma_buf interface has to be used. Fixes crashes in IGT's kms_prime with vgem.

5.5
2024-09-13 CVE-2024-46712 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3d Coherent surfaces make only sense if the host renders to them using accelerated apis.

5.5
2024-09-13 CVE-2024-46675 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core invalid event buffer address access This commit addresses an issue where the USB core could access an invalid event buffer address during runtime suspend, potentially causing SMMU faults and other memory issues in Exynos platforms.

5.5
2024-09-13 CVE-2024-46676 Linux Divide By Zero vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_poll(). But then after pn533_poll_create_mod_list() call in pn533_start_poll() poll mod list will remain empty and dev->poll_mod_count will remain 0 which lead to division by zero. Normally no im protocol has value 1 in the mask, so this combination is not expected by driver.

5.5
2024-09-13 CVE-2024-46677 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: gtp: fix a potential NULL pointer dereference When sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case. Fix it by returning an error pointer with the error code carried from sockfd_lookup(). (I found this bug during code inspection.)

5.5
2024-09-13 CVE-2024-46678 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bonding: change ipsec_lock from spin lock to mutex In the cited commit, bond->ipsec_lock is added to protect ipsec_list, hence xdo_dev_state_add and xdo_dev_state_delete are called inside this lock.

5.5
2024-09-13 CVE-2024-46680 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix random crash seen while removing driver This fixes the random kernel crash seen while removing the driver, when running the load/unload test over multiple iterations. 1) modprobe btnxpuart 2) hciconfig hci0 reset 3) hciconfig (check hci0 interface up with valid BD address) 4) modprobe -r btnxpuart Repeat steps 1 to 4 The ps_wakeup() call in btnxpuart_close() schedules the psdata->work(), which gets scheduled after module is removed, causing a kernel crash. This hidden issue got highlighted after enabling Power Save by default in 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on startup) The new ps_cleanup() deasserts UART break immediately while closing serdev device, cancels any scheduled ps_work and destroys the ps_lock mutex. [ 85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258 [ 85.884624] Mem abort info: [ 85.884625] ESR = 0x0000000086000007 [ 85.884628] EC = 0x21: IABT (current EL), IL = 32 bits [ 85.884633] SET = 0, FnV = 0 [ 85.884636] EA = 0, S1PTW = 0 [ 85.884638] FSC = 0x07: level 3 translation fault [ 85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000 [ 85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000 [ 85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP [ 85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)] [ 85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G O 6.1.36+g937b1be4345a #1 [ 85.936176] Hardware name: FSL i.MX8MM EVK board (DT) [ 85.936182] Workqueue: events 0xffffd4a61638f380 [ 85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 85.952817] pc : 0xffffd4a61638f258 [ 85.952823] lr : 0xffffd4a61638f258 [ 85.952827] sp : ffff8000084fbd70 [ 85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000 [ 85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305 [ 85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970 [ 85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000 [ 85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090 [ 85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139 [ 85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50 [ 85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8 [ 85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000 [ 85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000 [ 85.977443] Call trace: [ 85.977446] 0xffffd4a61638f258 [ 85.977451] 0xffffd4a61638f3e8 [ 85.977455] process_one_work+0x1d4/0x330 [ 85.977464] worker_thread+0x6c/0x430 [ 85.977471] kthread+0x108/0x10c [ 85.977476] ret_from_fork+0x10/0x20 [ 85.977488] Code: bad PC value [ 85.977491] ---[ end trace 0000000000000000 ]--- Preset since v6.9.11

5.5
2024-09-13 CVE-2024-46681 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: pktgen: use cpus_read_lock() in pg_net_init() I have seen the WARN_ON(smp_processor_id() != cpu) firing in pktgen_thread_worker() during tests. We must use cpus_read_lock()/cpus_read_unlock() around the for_each_online_cpu(cpu) loop. While we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.

5.5
2024-09-13 CVE-2024-46682 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open Prior to commit 3f29cc82a84c ("nfsd: split sc_status out of sc_type") states_show() relied on sc_type field to be of valid type before calling into a subfunction to show content of a particular stateid.

5.5
2024-09-13 CVE-2024-46684 Linux Incorrect Calculation of Buffer Size vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined create_elf_fdpic_tables() does not correctly account the space for the AUX vector when an architecture has ELF_HWCAP2 defined.

5.5
2024-09-13 CVE-2024-46685 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcs_get_function() pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL.

5.5
2024-09-13 CVE-2024-46686 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold.

5.5
2024-09-13 CVE-2024-46688 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails If z_erofs_gbuf_growsize() partially fails on a global buffer due to memory allocation failure or fault injection (as reported by syzbot [1]), new pages need to be freed by comparing to the existing pages to avoid memory leaks. However, the old gbuf->pages[] array may not be large enough, which can lead to null-ptr-deref or out-of-bound access. Fix this by checking against gbuf->nrpages in advance. [1] https://lore.kernel.org/r/[email protected]

5.5
2024-09-13 CVE-2024-46689 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region.

5.5
2024-09-13 CVE-2024-46690 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease It is not safe to dereference fl->c.flc_owner without first confirming fl->fl_lmops is the expected manager.

5.5
2024-09-13 CVE-2024-46691 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Move unregister out of atomic section Commit '9329933699b3 ("soc: qcom: pmic_glink: Make client-lock non-sleeping")' moved the pmic_glink client list under a spinlock, as it is accessed by the rpmsg/glink callback, which in turn is invoked from IRQ context. This means that ucsi_unregister() is now called from atomic context, which isn't feasible as it's expecting a sleepable context.

5.5
2024-09-13 CVE-2024-46692 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Mark get_wq_ctx() as atomic call Currently get_wq_ctx() is wrongly configured as a standard call.

5.5
2024-09-13 CVE-2024-46694 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid using null object of framebuffer Instead of using state->fb->obj[0] directly, get object from framebuffer by calling drm_gem_fb_get_obj() and return error code when object is null to avoid using null object of framebuffer. (cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3)

5.5
2024-09-13 CVE-2024-46697 Linux Improper Initialization vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4_fattr_args.context is zeroed out If nfsd4_encode_fattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk on the stack, which we'll then try to free. Initialize it early.

5.5
2024-09-13 CVE-2024-46698 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: video/aperture: optionally match the device in sysfb_disable() In aperture_remove_conflicting_pci_devices(), we currently only call sysfb_disable() on vga class devices.

5.5
2024-09-12 CVE-2024-45182 Wibu Out-of-bounds Read vulnerability in Wibu Wibukey

An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service.

5.5
2024-09-12 CVE-2024-4472 Gitlab Information Exposure Through Log Files vulnerability in Gitlab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs.

5.5
2024-09-12 CVE-2024-41629 TI Cleartext Storage of Sensitive Information vulnerability in TI Fusion Digital Power Designer 7.10.1

An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials

5.5
2024-09-12 CVE-2021-22518 Opentext Information Exposure Through Log Files vulnerability in Opentext Identity Manager Azuread Driver

A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file.

5.5
2024-09-11 CVE-2024-20343 Cisco Unspecified vulnerability in Cisco IOS XR

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system.

5.5
2024-09-11 CVE-2024-20489 Cisco Insufficiently Protected Credentials vulnerability in Cisco IOS XR

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software.

5.5
2024-09-11 CVE-2024-41868 Adobe Out-of-bounds Read vulnerability in Adobe Audition

Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-09-11 CVE-2024-45009 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement add_addr_accepted for MPJ req Adding the following warning ... WARN_ON_ONCE(msk->pm.add_addr_accepted == 0) ...

5.5
2024-09-11 CVE-2024-45010 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARN_ON_ONCE(msk->pm.local_addr_used == 0) ...

5.5
2024-09-11 CVE-2024-45011 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Check USB endpoints when probing device Ensure, as the driver probes the device, that all endpoints that the driver may attempt to access exist and are of the correct type. All XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at address 1.

5.5
2024-09-11 CVE-2024-45012 Linux Allocation of Resources Without Limits or Throttling vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nouveau/firmware: use dma non-coherent allocator Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on startup, when the iommu is enabled: kernel BUG at include/linux/scatterlist.h:187! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30 Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019 RIP: 0010:sg_init_one+0x85/0xa0 Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54 24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b 0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00 RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000 RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000 R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508 R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018 FS: 00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0 Call Trace: <TASK> ? die+0x36/0x90 ? do_trap+0xdd/0x100 ? sg_init_one+0x85/0xa0 ? do_error_trap+0x65/0x80 ? sg_init_one+0x85/0xa0 ? exc_invalid_op+0x50/0x70 ? sg_init_one+0x85/0xa0 ? asm_exc_invalid_op+0x1a/0x20 ? sg_init_one+0x85/0xa0 nvkm_firmware_ctor+0x14a/0x250 [nouveau] nvkm_falcon_fw_ctor+0x42/0x70 [nouveau] ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau] r535_gsp_oneinit+0xb3/0x15f0 [nouveau] ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? nvkm_udevice_new+0x95/0x140 [nouveau] ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? ktime_get+0x47/0xb0 Fix this by using the non-coherent allocator instead, I think there might be a better answer to this, but it involve ripping up some of APIs using sg lists.

5.5
2024-09-11 CVE-2024-45013 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: nvme: move stopping keep-alive into nvme_uninit_ctrl() Commit 4733b65d82bd ("nvme: start keep-alive after admin queue setup") moves starting keep-alive from nvme_start_ctrl() into nvme_init_ctrl_finish(), but don't move stopping keep-alive into nvme_uninit_ctrl(), so keep-alive work can be started and keep pending after failing to start controller, finally use-after-free is triggered if nvme host driver is unloaded. This patch fixes kernel panic when running nvme/004 in case that connection failure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl(). This way is reasonable because keep-alive is now started in nvme_init_ctrl_finish().

5.5
2024-09-11 CVE-2024-45014 Linux Allocation of Resources Without Limits or Throttling vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: s390/boot: Avoid possible physmem_info segment corruption When physical memory for the kernel image is allocated it does not consider extra memory required for offsetting the image start to match it with the lower 20 bits of KASLR virtual base address.

5.5
2024-09-11 CVE-2024-45015 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() For cases where the crtc's connectors_changed was set without enable/active getting toggled , there is an atomic_enable() call followed by an atomic_disable() but without an atomic_mode_set(). This results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in the atomic_enable() as the dpu_encoder's connector was cleared in the atomic_disable() but not re-assigned as there was no atomic_mode_set() call. Fix the NULL ptr access by moving the assignment for atomic_enable() and also use drm_atomic_get_new_connector_for_encoder() to get the connector from the atomic_state. Patchwork: https://patchwork.freedesktop.org/patch/606729/

5.5
2024-09-11 CVE-2024-45016 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails There is a bug in netem_enqueue() introduced by commit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") that can lead to a use-after-free. This commit made netem_enqueue() always return NET_XMIT_SUCCESS when a packet is duplicated, which can cause the parent qdisc's q.qlen to be mistakenly incremented.

5.5
2024-09-11 CVE-2024-45017 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down_read+0x75/0x94 Modules linked in: esp4_offload esp4 act_mirred act_vlan cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa mst_pciconf(OE) nfsv3 nfs_acl nfs lockd grace fscache netfs xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill cuse fuse rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_ipoib iw_cm ib_cm ipmi_ssif intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel sha1_ssse3 dell_smbios ib_uverbs aesni_intel crypto_simd dcdbas wmi_bmof dell_wmi_descriptor cryptd pcspkr ib_core acpi_ipmi sp5100_tco ccp i2c_piix4 ipmi_si ptdma k10temp ipmi_devintf ipmi_msghandler acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops cec ahci libahci mlxfw drm pci_hyperv_intf libata tg3 sha256_ssse3 tls megaraid_sas i2c_algo_bit psample wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mst_pci] CPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7_u3_update_v6.6_ipsec_bf.x86_64 #2 Hardware name: Dell Inc.

5.5
2024-09-11 CVE-2024-45018 Linux Improper Initialization vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload.

5.5
2024-09-11 CVE-2024-45019 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take state lock during tx timeout reporter mlx5e_safe_reopen_channels() requires the state lock taken.

5.5
2024-09-11 CVE-2024-45020 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a kernel verifier crash in stacksafe() Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksafe().

5.5
2024-09-11 CVE-2024-45021 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: memcg_write_event_control(): fix a user-triggerable oops we are *not* guaranteed that anything past the terminating NUL is mapped (let alone initialized with anything sane).

5.5
2024-09-11 CVE-2024-45022 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 The __vmap_pages_range_noflush() assumes its argument pages** contains pages with the same page shift.

5.5
2024-09-11 CVE-2024-45024 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugetlb vs.

5.5
2024-09-11 CVE-2024-45025 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps(new, old, count) is expected to copy the first count/BITS_PER_LONG bits from old->full_fds_bits[] and fill the rest with zeroes.

5.5
2024-09-11 CVE-2024-45027 Linux Incomplete Cleanup vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup() If xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop up the damage.

5.5
2024-09-11 CVE-2024-45028 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mmc: mmc_test: Fix NULL dereference on allocation failure If the "test->highmem = alloc_pages()" allocation fails then calling __free_pages(test->highmem) will result in a NULL dereference.

5.5
2024-09-11 CVE-2024-45029 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to a mutex being called inside a spinlock.

5.5
2024-09-11 CVE-2024-45030 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: igb: cope with large MAX_SKB_FRAGS Sabrina reports that the igb driver does not cope well with large MAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload corruption on TX. An easy reproducer is to run ssh to connect to the machine.

5.5
2024-09-11 CVE-2024-46672 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion wpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the driver for SAE/OWE offload cases") SSID based PMKSA del commands. brcmfmac is not prepared and tries to dereference the NULL bssid and pmkid pointers in cfg80211_pmksa.

5.5
2024-09-10 CVE-2024-38256 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel-Mode Driver Information Disclosure Vulnerability

5.5
2024-09-10 CVE-2024-42344 Siemens Information Exposure Through Log Files vulnerability in Siemens Sinema Remote Connect Client

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2).

5.5
2024-09-10 CVE-2024-42425 Dell Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dell 7920 XL Firmware and Precision 7920 Firmware

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location After End of Buffer vulnerability.

5.5
2024-09-09 CVE-2024-27365 Samsung Out-of-bounds Write vulnerability in Samsung products

An issue was discovered in Samsung Mobile Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930.

5.5
2024-09-09 CVE-2024-27364 Samsung Out-of-bounds Read vulnerability in Samsung products

An issue was discovered in Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930.

5.5
2024-09-09 CVE-2024-27366 Samsung Out-of-bounds Read vulnerability in Samsung products

An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930.

5.5
2024-09-09 CVE-2024-27367 Samsung Out-of-bounds Read vulnerability in Samsung products

An issue was discovered in Samsung Mobile Processor Exynos Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930.

5.5
2024-09-09 CVE-2024-27368 Samsung Out-of-bounds Read vulnerability in Samsung products

An issue was discovered in Samsung Mobile Processor Exynos Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930.

5.5
2024-09-15 CVE-2024-44054 Cryoutcreations Cross-site Scripting vulnerability in Cryoutcreations Fluida

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8.

5.4
2024-09-15 CVE-2024-44056 Cryoutcreations Cross-site Scripting vulnerability in Cryoutcreations Mantra

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Mantra allows Stored XSS.This issue affects Mantra: from n/a through 3.3.2.

5.4
2024-09-15 CVE-2024-44057 Cryoutcreations Cross-site Scripting vulnerability in Cryoutcreations Nirvana

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Nirvana allows Stored XSS.This issue affects Nirvana: from n/a through 1.6.3.

5.4
2024-09-15 CVE-2024-44058 Cryoutcreations Cross-site Scripting vulnerability in Cryoutcreations Parabola

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Parabola allows Stored XSS.This issue affects Parabola: from n/a through 2.4.1.

5.4
2024-09-15 CVE-2024-44059 Mediaron Cross-site Scripting vulnerability in Mediaron Custom Query Blocks

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MediaRon LLC Custom Query Blocks allows Stored XSS.This issue affects Custom Query Blocks: from n/a through 5.3.1.

5.4
2024-09-15 CVE-2024-44062 Wpgogo Cross-site Scripting vulnerability in Wpgogo Custom Field Template

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5.

5.4
2024-09-15 CVE-2024-44063 Happyforms Cross-site Scripting vulnerability in Happyforms

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0.

5.4
2024-09-15 CVE-2024-45456 Joomunited Cross-site Scripting vulnerability in Joomunited WP Meta SEO

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13.

5.4
2024-09-15 CVE-2024-45457 Spiffyplugins Cross-site Scripting vulnerability in Spiffyplugins Spiffy Calendar

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.

5.4
2024-09-15 CVE-2024-8867 Perfexcrm Cross-site Scripting vulnerability in Perfexcrm Perfex CRM 3.1.6

A vulnerability was found in Perfex CRM 3.1.6.

5.4
2024-09-14 CVE-2024-8863 Aimstack Cross-site Scripting vulnerability in Aimstack AIM

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24.

5.4
2024-09-14 CVE-2023-3410 Bricksbuilder Cross-site Scripting vulnerability in Bricksbuilder Bricks

The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping.

5.4
2024-09-13 CVE-2024-8783 Opentibiabr Cross-site Scripting vulnerability in Opentibiabr Myaac

A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16.

5.4
2024-09-13 CVE-2024-5789 Towfiqi Cross-site Scripting vulnerability in Towfiqi Triton Lite

The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping.

5.4
2024-09-13 CVE-2024-5867 Nattywp Cross-site Scripting vulnerability in Nattywp Delicate

The Delicate theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter within the theme's Button shortcode in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping.

5.4
2024-09-13 CVE-2024-5869 Arnoldgoodway Cross-site Scripting vulnerability in Arnoldgoodway Neighborly

The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping.

5.4
2024-09-13 CVE-2024-5870 Arnoldgoodway Cross-site Scripting vulnerability in Arnoldgoodway Tweaker5

The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping.

5.4
2024-09-13 CVE-2024-5884 Allprices Cross-site Scripting vulnerability in Allprices Beauty

The Beauty theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tpl_featured_cat_id’ parameter in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping.

5.4
2024-09-13 CVE-2024-8747 Khromov Cross-site Scripting vulnerability in Khromov Email Obfuscate Shortcode

The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-13 CVE-2024-5567 Muffingroup Cross-site Scripting vulnerability in Muffingroup Betheme 26.5.1.4/26.6/26.6.1

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output escaping.

5.4
2024-09-13 CVE-2024-8742 Wpdeveloper Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-13 CVE-2024-5628 Theme Fusion Cross-site Scripting vulnerability in Theme-Fusion Avada

The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusion_button shortcode in all versions up to, and including, 3.11.9 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-12 CVE-2024-45856 Mindsdb Cross-site Scripting vulnerability in Mindsdb

A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI.

5.4
2024-09-11 CVE-2024-44851 Perfexcrm Cross-site Scripting vulnerability in Perfexcrm Perfex CRM 1.1.0

A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.

5.4
2024-09-11 CVE-2024-5416 Elementor Cross-site Scripting vulnerability in Elementor Website Builder

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and including, 3.23.4 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-11 CVE-2024-8045 Wpbackgrounds Cross-site Scripting vulnerability in Wpbackgrounds Advanced Wordpress Backgrounds

The Advanced WordPress Backgrounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘imageTag’ parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping.

5.4
2024-09-11 CVE-2024-8440 Wpdeveloper Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-10 CVE-2024-38217 Microsoft Unspecified vulnerability in Microsoft products

Windows Mark of the Web Security Feature Bypass Vulnerability

5.4
2024-09-10 CVE-2024-43476 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

5.4
2024-09-10 CVE-2024-6282 Master Addons Cross-site Scripting vulnerability in Master-Addons Master Addons

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-jltma-wrapper-link element in all versions up to, and including 2.0.6.4 due to insufficient input sanitization and output escaping on user-supplied attributes.

5.4
2024-09-10 CVE-2024-8241 Pixelgrade Cross-site Scripting vulnerability in Pixelgrade Nova Blocks

The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-10 CVE-2024-8543 Artembovkun Cross-site Scripting vulnerability in Artembovkun Slider Comparison Image Before and After

The Slider comparison image before and after plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [sciba] shortcode in all versions up to, and including, 0.8.3 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-09 CVE-2024-8610 Mayurik Cross-site Scripting vulnerability in Mayurik Best House Rental Management System 1.0

A vulnerability classified as problematic has been found in SourceCodester Best House Rental Management System 1.0.

5.4
2024-09-09 CVE-2024-8605 Code Projects Cross-site Scripting vulnerability in Code-Projects Inventory Management 1.0

A vulnerability classified as problematic was found in code-projects Inventory Management 1.0.

5.4
2024-09-14 CVE-2022-3459 Lilmonkee Authorization Bypass Through User-Controlled Key vulnerability in Lilmonkee Woocommerce multiple Free Gift

The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3.

5.3
2024-09-13 CVE-2024-6544 Coffee2Code Information Exposure Through an Error Message vulnerability in Coffee2Code Custom Post Limits

The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions up to, and including, 4.4.1.

5.3
2024-09-12 CVE-2024-45607 Secreto31126 Unspecified vulnerability in Secreto31126 Whatsapp-Api-Js

whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework.

5.3
2024-09-12 CVE-2024-34336 Ordat Information Exposure Through Discrepancy vulnerability in Ordat Ordat.Erp

User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality.

5.3
2024-09-11 CVE-2024-20390 A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets.
5.3
2024-09-11 CVE-2024-7727 Bplugins Missing Authorization vulnerability in Bplugins Html5 Video Player

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vp_ajax_handler' ajax action in all versions up to, and including, 2.5.32.

5.3
2024-09-10 CVE-2024-8320 Ivanti Missing Authentication for Critical Function vulnerability in Ivanti Endpoint Manager

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.

5.3
2024-09-10 CVE-2024-45407 Lizardbyte Unspecified vulnerability in Lizardbyte Sunshine 20240527

Sunshine is a self-hosted game stream host for Moonlight.

5.3
2024-09-10 CVE-2024-45591 Xwiki Missing Authorization vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

5.3
2024-09-10 CVE-2024-8369 Metagauss Missing Authorization vulnerability in Metagauss Eventprime

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3.

5.3
2024-09-10 CVE-2024-7734 Phoenixcontact Allocation of Resources Without Limits or Throttling vulnerability in Phoenixcontact products

An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service.

5.3
2024-09-12 CVE-2024-45383 Microsoft Improper Control of a Resource Through its Lifetime vulnerability in Microsoft High Definition Audio BUS Driver 10.0.19041.3636

A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800).

5.0
2024-09-11 CVE-2024-4465 Nozominetworks Incorrect Authorization vulnerability in Nozominetworks CMC and Guardian

An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration.

5.0
2024-09-15 CVE-2024-46918 Misp Incorrect Authorization vulnerability in Misp

app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.

4.9
2024-09-15 CVE-2024-8865 Composio Path Traversal vulnerability in Composio

A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic.

4.9
2024-09-15 CVE-2024-45455 Joomunited Cross-site Scripting vulnerability in Joomunited WP Meta SEO

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13.

4.8
2024-09-15 CVE-2024-45460 Info D 74 Cross-site Scripting vulnerability in Info-D-74 Flipping Cards

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manu225 Flipping Cards allows Stored XSS.This issue affects Flipping Cards: from n/a through 1.30.

4.8
2024-09-13 CVE-2024-44798 Anujk305 Cross-site Scripting vulnerability in Anujk305 BUS Pass Management System 1.0

phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters.

4.8
2024-09-13 CVE-2024-6493 Ninjateam Cross-site Scripting vulnerability in Ninjateam Header Footer Custom Code

The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2024-09-13 CVE-2024-6617 Ninjateam Cross-site Scripting vulnerability in Ninjateam Header Footer Custom Code

The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2024-09-13 CVE-2024-6850 Majeedraza Cross-site Scripting vulnerability in Majeedraza Carousel Slider

The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8
2024-09-13 CVE-2024-7133 Premio Cross-site Scripting vulnerability in Premio MY Sticky BAR

The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks.

4.8
2024-09-12 CVE-2024-6700 Pega Cross-site Scripting vulnerability in Pega Infinity

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.

4.8
2024-09-12 CVE-2024-6701 Pega Cross-site Scripting vulnerability in Pega Infinity

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.

4.8
2024-09-12 CVE-2024-6702 Pega Cross-site Scripting vulnerability in Pega Infinity

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.

4.8
2024-09-12 CVE-2024-5799 Cminds Cross-site Scripting vulnerability in Cminds CM Popup

The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.

4.8
2024-09-12 CVE-2024-6887 Seedprod Cross-site Scripting vulnerability in Seedprod Rafflepress

The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2024-09-11 CVE-2024-3899 Enviragallery Cross-site Scripting vulnerability in Enviragallery Envira Gallery

The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform Cross-Site Scripting attacks.

4.8
2024-09-11 CVE-2024-7716 Gsplugins Cross-site Scripting vulnerability in Gsplugins GS Logo Slider

The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2024-09-10 CVE-2024-44676 Eladmin Cross-site Scripting vulnerability in Eladmin 2.7

eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController.

4.8
2024-09-10 CVE-2024-7618 Peepso Cross-site Scripting vulnerability in Peepso

The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping.

4.8
2024-09-10 CVE-2024-7655 Peepso Cross-site Scripting vulnerability in Peepso

The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping.

4.8
2024-09-09 CVE-2024-7318 Redhat Use of a Key Past its Expiration Date vulnerability in Redhat Build of Keycloak

A vulnerability was found in Keycloak.

4.8
2024-09-09 CVE-2024-45406 Craftcms Cross-site Scripting vulnerability in Craftcms Craft CMS

Craft is a content management system (CMS).

4.8
2024-09-09 CVE-2024-5561 The Popup Maker WordPress plugin before 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
4.8
2024-09-09 CVE-2024-6910 The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
4.8
2024-09-09 CVE-2024-7918 The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
4.8
2024-09-13 CVE-2024-46704 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix spruious data race in __flush_work() When flushing a work item for cancellation, __flush_work() knows that it exclusively owns the work item through its PENDING bit.

4.7
2024-09-13 CVE-2024-46710 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers The kms paths keep a persistent map active to read and compare the cursor buffer.

4.7
2024-09-13 CVE-2024-46711 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix ID 0 endp usage after multiple re-creations 'local_addr_used' and 'add_addr_accepted' are decremented for addresses not related to the initial subflow (ID0), because the source and destination addresses of the initial subflows are known from the beginning: they don't count as "additional local address being used" or "ADD_ADDR being accepted". It is then required not to increment them when the entrypoint used by the initial subflow is removed and re-added during a connection.

4.7
2024-09-13 CVE-2024-46679 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present.

4.7
2024-09-13 CVE-2024-46693 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink: Fix race during initialization As pointed out by Stephen Boyd it is possible that during initialization of the pmic_glink child drivers, the protection-domain notifiers fires, and the associated work is scheduled, before the client registration returns and as a result the local "client" pointer has been initialized. The outcome of this is a NULL pointer dereference as the "client" pointer is blindly dereferenced. Timeline provided by Stephen: CPU0 CPU1 ---- ---- ucsi->client = NULL; devm_pmic_glink_register_client() client->pdr_notify(client->priv, pg->client_state) pmic_glink_ucsi_pdr_notify() schedule_work(&ucsi->register_work) <schedule away> pmic_glink_ucsi_register() ucsi_register() pmic_glink_ucsi_read_version() pmic_glink_ucsi_read() pmic_glink_ucsi_read() pmic_glink_send(ucsi->client) <client is NULL BAD> ucsi->client = client // Too late! This code is identical across the altmode, battery manager and usci child drivers. Resolve this by splitting the allocation of the "client" object and the registration thereof into two operations. This only happens if the protection domain registry is populated at the time of registration, which by the introduction of commit '1ebcde047c54 ("soc: qcom: add pd-mapper implementation")' became much more likely.

4.7
2024-09-13 CVE-2024-6723 Meowapps SQL Injection vulnerability in Meowapps AI Engine

The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions.

4.7
2024-09-10 CVE-2024-43796 Openjsf Cross-site Scripting vulnerability in Openjsf Express

Express.js minimalist web framework for node.

4.7
2024-09-10 CVE-2024-43799 Send Project Cross-site Scripting vulnerability in Send Project Send

Send is a library for streaming files from the file system as a http response.

4.7
2024-09-10 CVE-2024-43800 Openjsf Cross-site Scripting vulnerability in Openjsf Serve-Static

serve-static serves static files.

4.7
2024-09-10 CVE-2024-44815 Hathway Insufficiently Protected Credentials vulnerability in Hathway Skyworth Cm5100-511 Firmware 4.1.1.24

Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV.

4.6
2024-09-10 CVE-2024-35282 Fortinet Cleartext Storage of Sensitive Information vulnerability in Fortinet Forticlient

A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump.

4.6
2024-09-13 CVE-2024-44096 Google Insecure Default Initialization of Resource vulnerability in Google Android

there is a possible arbitrary read due to an insecure default value.

4.4
2024-09-13 CVE-2024-46695 Linux Incorrect Default Permissions vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inode_setsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashing enabled. The end of the kerneldoc comment for __vfs_setxattr_noperm() states: * This function requires the caller to lock the inode's i_mutex before it * is executed.

4.4
2024-09-11 CVE-2024-8688 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Pan-Os

An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.

4.4
2024-09-11 CVE-2024-8690 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Cortex XDR Agent 7.9.102Ce

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent.

4.4
2024-09-10 CVE-2024-6876 Codesys Out-of-bounds Read vulnerability in Codesys Oscat Basic Library

Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.

4.4
2024-09-10 CVE-2024-39574 Dell Unspecified vulnerability in Dell Insightiq 5.1.0

Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability.

4.4
2024-09-10 CVE-2024-39582 Dell Use of Hard-coded Credentials vulnerability in Dell Insightiq 5.0

Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability.

4.4
2024-09-13 CVE-2024-45103 Lenovo Unspecified vulnerability in Lenovo Xclarity Administrator

A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.

4.3
2024-09-13 CVE-2024-8059 IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.
4.3
2024-09-13 CVE-2024-6582 Lunary Missing Authentication for Critical Function vulnerability in Lunary

A broken access control vulnerability exists in the latest version of lunary-ai/lunary.

4.3
2024-09-13 CVE-2024-7888 Radiustheme Missing Authorization vulnerability in Radiustheme Classified Listing - Classified ADS & Business Directory

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like export_forms(), import_forms(), update_fb_options(), and many more in all versions up to, and including, 3.1.7.

4.3
2024-09-13 CVE-2024-43180 IBM Cleartext Transmission of Sensitive Information vulnerability in IBM Concert 1.0

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies.

4.3
2024-09-12 CVE-2024-25270 Mirapolis Authorization Bypass Through User-Controlled Key vulnerability in Mirapolis LMS

An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data.

4.3
2024-09-12 CVE-2020-24061 Kasdanet Cross-site Scripting vulnerability in Kasdanet Kw5515 Firmware 4.3.1.0

Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script

4.3
2024-09-12 CVE-2024-6389 Gitlab Unspecified vulnerability in Gitlab

An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2.

4.3
2024-09-12 CVE-2024-3163 Realestateconnected Cross-Site Request Forgery (CSRF) vulnerability in Realestateconnected Easy Property Listings

The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack

4.3
2024-09-11 CVE-2024-45789 Reedos Improper Validation of Integrity Check Value vulnerability in Reedos Aim-Star 2.0.1

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process.

4.3
2024-09-11 CVE-2024-7721 Bplugins Missing Authorization vulnerability in Bplugins Html5 Video Player

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in all versions up to, and including, 2.5.34.

4.3
2024-09-10 CVE-2024-37337 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

4.3
2024-09-10 CVE-2024-37342 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

4.3
2024-09-10 CVE-2024-27257 IBM Unspecified vulnerability in IBM Openpages GRC Platform and Openpages With Watson

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.

4.3
2024-09-10 CVE-2023-2919 Themeum Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS

The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4.

4.3
2024-09-10 CVE-2024-42345 Siemens Session Fixation vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2).

4.3
2024-09-10 CVE-2024-44112 SAP Missing Authorization vulnerability in SAP OIL %/ GAS

Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table.

4.3
2024-09-09 CVE-2024-8372 Angularjs Unspecified vulnerability in Angularjs Angular.Js

Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue.

4.3
2024-09-09 CVE-2024-8373 Angularjs Unspecified vulnerability in Angularjs Angular.Js

Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue.

4.3
2024-09-09 CVE-2024-45203 Istyle Unspecified vulnerability in Istyle @Cosme

Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App.

4.3
2024-09-09 CVE-2024-7687 The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
4.3
2024-09-09 CVE-2024-7689 The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
4.3

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-09-10 CVE-2024-36511 Fortinet Unspecified vulnerability in Fortinet Fortiadc

An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature

3.7
2024-09-12 CVE-2024-6446 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2.

3.5
2024-09-12 CVE-2024-36066 Keyfactor Unspecified vulnerability in Keyfactor Ejbca 8.0.0

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier.

3.1
2024-09-09 CVE-2024-8042 Rapid7 Missing Authorization vulnerability in Rapid7 Insight Platform

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group.

3.1
2024-09-10 CVE-2024-8443 Opensc Project
Redhat
Out-of-bounds Write vulnerability in multiple products

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver.

2.9
2024-09-10 CVE-2024-45323 Fortinet Unspecified vulnerability in Fortinet Fortiedrmanager 6.0.1

An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include information related to other organizations.

2.7
2024-09-10 CVE-2024-41728 SAP Missing Authorization vulnerability in SAP Netweaver Application Server Abap

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package.

2.7
2024-09-10 CVE-2024-44114 SAP Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap

SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network.

2.7