Weekly Vulnerabilities Reports > September 23 to 29, 2024
Overview
401 new vulnerabilities reported during this period, including 43 critical vulnerabilities and 124 high severity vulnerabilities. This weekly summary report vulnerabilities in 239 products from 164 vendors including Linux, Google, Gotenna, Cisco, and Synology. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", "NULL Pointer Dereference", and "Missing Authorization".
- 272 reported vulnerabilities are remotely exploitables.
- 163 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 194 reported vulnerabilities are exploitable by an anonymous user.
- Linux has the most reported vulnerabilities, with 66 reported vulnerabilities.
- Mayurik has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
43 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-09-25 | CVE-2024-8436 | The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'edit_imageId' and 'edit_imageDelete' parameters in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.9 | |
2024-09-24 | CVE-2024-8624 | Pluginus | SQL Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.9 |
2024-09-29 | CVE-2024-9328 | Mayurik | SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0 A vulnerability was found in SourceCodester Advocate Office Management System 1.0. | 9.8 |
2024-09-29 | CVE-2024-9327 | Code Projects | SQL Injection vulnerability in Code-Projects Blood Bank System 1.0 A vulnerability was found in code-projects Blood Bank System 1.0. | 9.8 |
2024-09-29 | CVE-2024-9326 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Online Shopping Portal 2.0 A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. | 9.8 |
2024-09-29 | CVE-2024-9322 | Anisha | SQL Injection vulnerability in Anisha Supply Chain Management 1.0 A vulnerability was found in code-projects Supply Chain Management 1.0. | 9.8 |
2024-09-28 | CVE-2024-9318 | Mayurik | SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Advocate Office Management System 1.0. | 9.8 |
2024-09-28 | CVE-2024-9296 | Mayurik | SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0 A vulnerability was found in SourceCodester Advocate Office Management System 1.0. | 9.8 |
2024-09-28 | CVE-2024-9295 | Mayurik | SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0 A vulnerability was found in SourceCodester Advocate Office Management System 1.0 and classified as critical. | 9.8 |
2024-09-28 | CVE-2024-8353 | Givewp | Deserialization of Untrusted Data vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. | 9.8 |
2024-09-27 | CVE-2024-8630 | Alisonic | SQL Injection vulnerability in Alisonic Sibylla Firmware Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database. | 9.8 |
2024-09-27 | CVE-2024-8607 | Oceanicsoft | SQL Injection vulnerability in Oceanicsoft Valeapp Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0. | 9.8 |
2024-09-27 | CVE-2024-8643 | Oceanicsoft | Session Fixation vulnerability in Oceanicsoft Valeapp Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0. | 9.8 |
2024-09-27 | CVE-2024-9280 | KVF Admin Project | Unrestricted Upload of File with Dangerous Type vulnerability in Kvf-Admin Project Kvf-Admin 20220212 A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. | 9.8 |
2024-09-26 | CVE-2024-46628 | Tendacn | OS Command Injection vulnerability in Tendacn G3 Firmware 15.03.05.05 Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. | 9.8 |
2024-09-26 | CVE-2024-7108 | Nationalkeep | Incorrect Authorization vulnerability in Nationalkeep Cybermath 1.4 Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CyberMath: before CYBM.240816253. | 9.8 |
2024-09-26 | CVE-2024-7772 | Artbees | Unrestricted Upload of File with Dangerous Type vulnerability in Artbees Jupiter X Core The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. | 9.8 |
2024-09-26 | CVE-2024-7781 | Artbees | Missing Authentication for Critical Function vulnerability in Artbees Jupiter X Core The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. | 9.8 |
2024-09-25 | CVE-2024-47078 | Meshtastic | Incorrect Authorization vulnerability in Meshtastic Firmware Meshtastic is an open source, off-grid, decentralized, mesh network. | 9.8 |
2024-09-25 | CVE-2024-7575 | Telerik | Command Injection vulnerability in Telerik UI for WPF In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | 9.8 |
2024-09-25 | CVE-2024-7576 | Telerik | Deserialization of Untrusted Data vulnerability in Telerik UI for WPF In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. | 9.8 |
2024-09-25 | CVE-2024-8275 | Stellarwp | SQL Injection vulnerability in Stellarwp the Events Calendar The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up to, and including, 6.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
2024-09-25 | CVE-2024-8485 | Jianbo | Authorization Bypass Through User-Controlled Key vulnerability in Jianbo Rest API to Miniprogram The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be updated. | 9.8 |
2024-09-25 | CVE-2024-43423 | Doverfuelingsolutions | Use of Hard-coded Credentials vulnerability in Doverfuelingsolutions products The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. | 9.8 |
2024-09-25 | CVE-2024-43692 | Doverfuelingsolutions | Unspecified vulnerability in Doverfuelingsolutions products An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly. | 9.8 |
2024-09-25 | CVE-2024-43693 | Doverfuelingsolutions | Command Injection vulnerability in Doverfuelingsolutions products A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. | 9.8 |
2024-09-25 | CVE-2024-45066 | Doverfuelingsolutions | Command Injection vulnerability in Doverfuelingsolutions products A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. | 9.8 |
2024-09-25 | CVE-2024-8877 | Riello UPS | SQL Injection vulnerability in Riello-Ups Netman 204 Firmware 02.05 Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. | 9.8 |
2024-09-25 | CVE-2024-8878 | Riello UPS | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Riello-Ups Netman 204 Firmware 02.05 The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05. | 9.8 |
2024-09-25 | CVE-2024-8940 | Scriptcase | Unrestricted Upload of File with Dangerous Type vulnerability in Scriptcase 9.4.019 Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. | 9.8 |
2024-09-24 | CVE-2024-8791 | Wpcharitable | Authorization Bypass Through User-Controlled Key vulnerability in Wpcharitable Charitable The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. | 9.8 |
2024-09-23 | CVE-2024-47222 | Myoffice | Server-Side Request Forgery (SSRF) vulnerability in Myoffice MY Office SDK New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol. | 9.8 |
2024-09-23 | CVE-2024-0001 | Purestorage | Insecure Default Initialization of Resource vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | 9.8 |
2024-09-23 | CVE-2024-0002 | Purestorage | Unspecified vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | 9.8 |
2024-09-23 | CVE-2024-46997 | Dataease | Unspecified vulnerability in Dataease DataEase is an open source data visualization analysis tool. | 9.8 |
2024-09-23 | CVE-2024-9094 | Code Projects | SQL Injection vulnerability in Code-Projects Blood Bank System 1.0 A vulnerability classified as critical was found in code-projects Blood Bank System 1.0. | 9.8 |
2024-09-23 | CVE-2024-9090 | Mayurik | SQL Injection vulnerability in Mayurik Modern Loan Management System 1.0 A vulnerability was found in SourceCodester Modern Loan Management System 1.0. | 9.8 |
2024-09-23 | CVE-2024-9091 | Code Projects | SQL Injection vulnerability in Code-Projects Student Record System 1.0 A vulnerability was found in code-projects Student Record System 1.0. | 9.8 |
2024-09-23 | CVE-2024-7024 | Out-of-bounds Write vulnerability in Google Chrome Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 | |
2024-09-25 | CVE-2024-20510 | Cisco | Incorrect Authorization vulnerability in Cisco IOS XE A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before user authentication. This vulnerability is due to a logic error when activating the pre-authentication ACL that is received from the authentication, authorization, and accounting (AAA) server. | 9.3 |
2024-09-25 | CVE-2024-6592 | Watchguard | Incorrect Authorization vulnerability in Watchguard Authentication Gateway and Single Sign-On Client Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through 12.10.2; Windows Single Sign-On Client: through 12.7; MacOS Single Sign-On Client: through 12.5.4. | 9.1 |
2024-09-25 | CVE-2024-6593 | Watchguard | Incorrect Authorization vulnerability in Watchguard Authentication Gateway Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands. This issue affects Authentication Gateway: through 12.10.2. | 9.1 |
2024-09-24 | CVE-2024-8671 | Exthemes | Path Traversal vulnerability in Exthemes Wooevents The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. | 9.1 |
124 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-09-29 | CVE-2024-9324 | Intelbras | Improper Enforcement of Message or Data Structure vulnerability in Intelbras Incontrol web A vulnerability was found in Intelbras InControl up to 2.21.57. | 8.8 |
2024-09-29 | CVE-2024-9319 | Rems | SQL Injection vulnerability in Rems Online Timesheet APP 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Online Timesheet App 1.0. | 8.8 |
2024-09-28 | CVE-2024-9317 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Online Eyewear Shop 1.0 A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. | 8.8 |
2024-09-28 | CVE-2024-9315 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Employee and Visitor Gate Pass Logging System 1.0 A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. | 8.8 |
2024-09-28 | CVE-2024-23923 | Alpsalpine | Use After Free vulnerability in Alpsalpine Ilx-F509 Firmware 6.0.000 Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. | 8.8 |
2024-09-28 | CVE-2024-23958 | Autel | Use of Hard-coded Credentials vulnerability in Autel Maxicharger AC Elite Business C50 Firmware 1.32.00 Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. | 8.8 |
2024-09-28 | CVE-2024-23938 | Silabs | Out-of-bounds Write vulnerability in Silabs Gecko OS 1.0.46 Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 8.8 |
2024-09-28 | CVE-2024-23957 | Autel | Out-of-bounds Write vulnerability in Autel Maxicharger AC Elite Business C50 Firmware 1.32.00 Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 8.8 |
2024-09-27 | CVE-2024-9293 | Skyselang | SQL Injection vulnerability in Skyselang Yyladmin A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. | 8.8 |
2024-09-27 | CVE-2024-28948 | Advantech | Cross-Site Request Forgery (CSRF) vulnerability in Advantech Adam-5630 Firmware Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. | 8.8 |
2024-09-27 | CVE-2024-39275 | Advantech | Unspecified vulnerability in Advantech Adam-5630 Firmware Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. | 8.8 |
2024-09-27 | CVE-2024-7149 | Themewinter | Path Traversal vulnerability in Themewinter Eventin The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters. | 8.8 |
2024-09-27 | CVE-2024-8922 | Piwebsolution | Deserialization of Untrusted Data vulnerability in Piwebsolution Product Enquiry for Woocommerce The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquiry_detail.php. | 8.8 |
2024-09-26 | CVE-2024-39577 | Dell | Unspecified vulnerability in Dell Smartfabric Os10 10.5.3.0/10.5.3.4/10.5.3.5 Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. | 8.8 |
2024-09-26 | CVE-2024-47126 | Gotenna | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Gotenna PRO The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. | 8.8 |
2024-09-26 | CVE-2024-47169 | Agnai | Path Traversal: '.../...//' vulnerability in Agnai Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. | 8.8 |
2024-09-26 | CVE-2024-8126 | Advancedfilemanager | Unrestricted Upload of File with Dangerous Type vulnerability in Advancedfilemanager Advanced File Manager The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. | 8.8 |
2024-09-26 | CVE-2024-47330 | Supsystic | Missing Authorization vulnerability in Supsystic Slider and Social Share Buttons Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9. | 8.8 |
2024-09-25 | CVE-2024-46489 | Ferrislucas | Code Injection vulnerability in Ferrislucas Promptr 6.0.7 A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL. | 8.8 |
2024-09-25 | CVE-2024-47305 | Dineshkarki | Cross-Site Request Forgery (CSRF) vulnerability in Dineshkarki USE ANY Font Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08. | 8.8 |
2024-09-25 | CVE-2024-47315 | Givewp | Cross-Site Request Forgery (CSRF) vulnerability in Givewp Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1. | 8.8 |
2024-09-25 | CVE-2024-20437 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. | 8.8 |
2024-09-25 | CVE-2024-8290 | Wclovers | Authorization Bypass Through User-Controlled Key vulnerability in Wclovers Frontend Manager for Woocommerce Along With Bookings Subscription Listings Compatible The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function due to missing validation on the ID user controlled key. | 8.8 |
2024-09-25 | CVE-2024-45373 | Doverfuelingsolutions | Unspecified vulnerability in Doverfuelingsolutions products Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. | 8.8 |
2024-09-25 | CVE-2024-9120 | Use After Free vulnerability in Google Chrome Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2024-09-25 | CVE-2024-9121 | Out-of-bounds Write vulnerability in Google Chrome Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 8.8 | |
2024-09-25 | CVE-2024-9122 | Type Confusion vulnerability in Google Chrome Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | 8.8 | |
2024-09-25 | CVE-2024-9123 | Integer Overflow or Wraparound vulnerability in Google Chrome Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | 8.8 | |
2024-09-24 | CVE-2024-8795 | BA Booking | Cross-Site Request Forgery (CSRF) vulnerability in Ba-Booking BA Book Everything The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. | 8.8 |
2024-09-23 | CVE-2024-7023 | Unspecified vulnerability in Google Chrome Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. | 8.8 | |
2024-09-23 | CVE-2021-38023 | Use After Free vulnerability in Google Chrome Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2024-09-23 | CVE-2024-0005 | Purestorage | Command Injection vulnerability in Purestorage Purity//Fa A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | 8.8 |
2024-09-23 | CVE-2024-47066 | Lobehub | Server-Side Request Forgery (SSRF) vulnerability in Lobehub Lobe Chat Lobe Chat is an open-source artificial intelligence chat framework. | 8.8 |
2024-09-23 | CVE-2024-45348 | MI | Command Injection vulnerability in MI Ax9000 Firmware Xiaomi Router AX9000 has a post-authorization command injection vulnerability. | 8.8 |
2024-09-23 | CVE-2024-8606 | Checkmk | Incorrect Authorization vulnerability in Checkmk 2.2.0/2.3.0 Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication | 8.8 |
2024-09-25 | CVE-2024-20455 | Cisco | Unspecified vulnerability in Cisco IOS XE A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because UTD improperly handles certain packets as those packets egress an SD-WAN IPsec tunnel. | 8.6 |
2024-09-25 | CVE-2024-20464 | Cisco | Unspecified vulnerability in Cisco IOS XE 17.13.1/17.13.1A A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets. | 8.6 |
2024-09-25 | CVE-2024-20467 | Cisco | Unspecified vulnerability in Cisco IOS XE 17.11.99Sw/17.12.1/17.12.1A A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper management of resources during fragment reassembly. | 8.6 |
2024-09-25 | CVE-2024-20480 | Cisco | Always-Incorrect Control Flow Implementation vulnerability in Cisco IOS XE A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition that requires a manual reload to recover. | 8.6 |
2024-09-26 | CVE-2024-0132 | Nvidia | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Nvidia Container Toolkit and Nvidia GPU Operator NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. | 8.3 |
2024-09-27 | CVE-2024-40510 | Openpetra | Cross-site Scripting vulnerability in Openpetra 2023.02 Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMCommon.asmx function. | 8.2 |
2024-09-26 | CVE-2023-52946 | Synology | Classic Buffer Overflow vulnerability in Synology Drive Client Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors. | 8.2 |
2024-09-25 | CVE-2024-8942 | Scriptcase | Cross-site Scripting vulnerability in Scriptcase 9.4.019 Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others. | 8.2 |
2024-09-28 | CVE-2024-23959 | Autel | Out-of-bounds Write vulnerability in Autel Maxicharger AC Elite Business C50 Firmware 1.32.00 Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 8.0 |
2024-09-28 | CVE-2024-23967 | Autel | Out-of-bounds Write vulnerability in Autel Maxicharger AC Elite Business C50 Firmware 1.32.00 Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 8.0 |
2024-09-25 | CVE-2024-47082 | Strawberryrocks | Cross-Site Request Forgery (CSRF) vulnerability in Strawberryrocks Strawberry Strawberry GraphQL is a library for creating GraphQL APIs. | 8.0 |
2024-09-25 | CVE-2021-38963 | IBM | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. | 8.0 |
2024-09-29 | CVE-2024-9325 | Intelbras | Untrusted Search Path vulnerability in Intelbras Incontrol web A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. | 7.8 |
2024-09-27 | CVE-2024-46804 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check for hdcp ddc access [Why] Coverity reports OVERRUN warning. | 7.8 |
2024-09-27 | CVE-2024-46811 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box [Why] Coverity reports OVERRUN warning. | 7.8 |
2024-09-27 | CVE-2024-46812 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration [Why] Coverity reports Memory - illegal accesses. [How] Skip inactive planes. | 7.8 |
2024-09-27 | CVE-2024-46813 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check link_index before accessing dc->links[] [WHY & HOW] dc->links[] has max size of MAX_LINKS and NULL is return when trying to access with out-of-bound index. This fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity. | 7.8 |
2024-09-27 | CVE-2024-46814 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check msg_id before processing transcation [WHY & HOW] HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid array index, and it needs checking before used. This fixes 4 OVERRUN issues reported by Coverity. | 7.8 |
2024-09-27 | CVE-2024-46815 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] [WHY & HOW] num_valid_sets needs to be checked to avoid a negative index when accessing reader_wm_sets[num_valid_sets - 1]. This fixes an OVERRUN issue reported by Coverity. | 7.8 |
2024-09-27 | CVE-2024-46818 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpio_id before used as array index [WHY & HOW] GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore should be checked in advance. This fixes 5 OVERRUN issues reported by Coverity. | 7.8 |
2024-09-27 | CVE-2024-46820 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend We do not directly enable/disable VCN IRQ in vcn 5.0.0. And we do not handle the IRQ state as well. | 7.8 |
2024-09-27 | CVE-2024-46821 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix negative array index read Avoid using the negative values for clk_idex as an index into an array pptable->DpmDescriptor. V2: fix clk_index return check (Tim Huang) | 7.8 |
2024-09-27 | CVE-2024-46828 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: fix bulk flow accounting logic for host fairness In sch_cake, we keep track of the count of active bulk flows per host, when running in dst/src host fairness mode, which is used as the round-robin weight when iterating through flows. | 7.8 |
2024-09-27 | CVE-2024-46830 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX reads guest memory. Note, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN via sync_regs(), which already holds SRCU. | 7.8 |
2024-09-27 | CVE-2024-46831 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap: Fix use-after-free error in kunit test This is a clear use-after-free error. | 7.8 |
2024-09-27 | CVE-2024-46833 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: hns3: void array out of bound when loop tnl_num When query reg inf of SSU, it loops tnl_num times. | 7.8 |
2024-09-27 | CVE-2024-46836 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed_udc: validate endpoint index for ast udc We should verify the bound of the array to assure that host may not manipulate the index to point past endpoint array. Found by static analysis. | 7.8 |
2024-09-27 | CVE-2024-46844 | Linux | Access of Uninitialized Pointer vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initialize it in all possible cases in setup_one_line(). | 7.8 |
2024-09-27 | CVE-2024-46845 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Only clear timer if a kthread exists The timerlat tracer can use user space threads to check for osnoise and timer latency. | 7.8 |
2024-09-27 | CVE-2024-46849 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'pad' pointer initialization after this function when memory is already reallocated. Kasan bug report: ================================================================== BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc Read of size 8 at addr ffff000000e8b260 by task modprobe/356 CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1 Call trace: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x78/0x90 print_report+0xfc/0x5c0 kasan_report+0xb8/0xfc __asan_load8+0x9c/0xb8 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card] meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils] platform_probe+0x8c/0xf4 really_probe+0x110/0x39c __driver_probe_device+0xb8/0x18c driver_probe_device+0x108/0x1d8 __driver_attach+0xd0/0x25c bus_for_each_dev+0xe0/0x154 driver_attach+0x34/0x44 bus_add_driver+0x134/0x294 driver_register+0xa8/0x1e8 __platform_driver_register+0x44/0x54 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card] do_one_initcall+0xdc/0x25c do_init_module+0x10c/0x334 load_module+0x24c4/0x26cc init_module_from_file+0xd4/0x128 __arm64_sys_finit_module+0x1f4/0x41c invoke_syscall+0x60/0x188 el0_svc_common.constprop.0+0x78/0x13c do_el0_svc+0x30/0x40 el0_svc+0x38/0x78 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194 | 7.8 |
2024-09-27 | CVE-2024-46852 | Linux | Off-by-one Error vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix off-by-one in CMA heap fault handler Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps: Don't track CMA dma-buf pages under RssFile") it was possible to obtain a mapping larger than the buffer size via mremap and bypass the overflow check in dma_buf_mmap_internal. | 7.8 |
2024-09-27 | CVE-2024-46853 | Linux | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the data that is not 4 byte aligned to TX FIFO. To reproduce the issue, write 3 bytes data to NOR chip. dd if=3b of=/dev/mtd0 [ 36.926103] ================================================================== [ 36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838 [ 36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455 [ 36.946721] [ 36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070 [ 36.956185] Hardware name: Freescale i.MX8QM MEK (DT) [ 36.961260] Call trace: [ 36.963723] dump_backtrace+0x90/0xe8 [ 36.967414] show_stack+0x18/0x24 [ 36.970749] dump_stack_lvl+0x78/0x90 [ 36.974451] print_report+0x114/0x5cc [ 36.978151] kasan_report+0xa4/0xf0 [ 36.981670] __asan_report_load_n_noabort+0x1c/0x28 [ 36.986587] nxp_fspi_exec_op+0x26ec/0x2838 [ 36.990800] spi_mem_exec_op+0x8ec/0xd30 [ 36.994762] spi_mem_no_dirmap_read+0x190/0x1e0 [ 36.999323] spi_mem_dirmap_write+0x238/0x32c [ 37.003710] spi_nor_write_data+0x220/0x374 [ 37.007932] spi_nor_write+0x110/0x2e8 [ 37.011711] mtd_write_oob_std+0x154/0x1f0 [ 37.015838] mtd_write_oob+0x104/0x1d0 [ 37.019617] mtd_write+0xb8/0x12c [ 37.022953] mtdchar_write+0x224/0x47c [ 37.026732] vfs_write+0x1e4/0x8c8 [ 37.030163] ksys_write+0xec/0x1d0 [ 37.033586] __arm64_sys_write+0x6c/0x9c [ 37.037539] invoke_syscall+0x6c/0x258 [ 37.041327] el0_svc_common.constprop.0+0x160/0x22c [ 37.046244] do_el0_svc+0x44/0x5c [ 37.049589] el0_svc+0x38/0x78 [ 37.052681] el0t_64_sync_handler+0x13c/0x158 [ 37.057077] el0t_64_sync+0x190/0x194 [ 37.060775] [ 37.062274] Allocated by task 455: [ 37.065701] kasan_save_stack+0x2c/0x54 [ 37.069570] kasan_save_track+0x20/0x3c [ 37.073438] kasan_save_alloc_info+0x40/0x54 [ 37.077736] __kasan_kmalloc+0xa0/0xb8 [ 37.081515] __kmalloc_noprof+0x158/0x2f8 [ 37.085563] mtd_kmalloc_up_to+0x120/0x154 [ 37.089690] mtdchar_write+0x130/0x47c [ 37.093469] vfs_write+0x1e4/0x8c8 [ 37.096901] ksys_write+0xec/0x1d0 [ 37.100332] __arm64_sys_write+0x6c/0x9c [ 37.104287] invoke_syscall+0x6c/0x258 [ 37.108064] el0_svc_common.constprop.0+0x160/0x22c [ 37.112972] do_el0_svc+0x44/0x5c [ 37.116319] el0_svc+0x38/0x78 [ 37.119401] el0t_64_sync_handler+0x13c/0x158 [ 37.123788] el0t_64_sync+0x190/0x194 [ 37.127474] [ 37.128977] The buggy address belongs to the object at ffff00081037c2a0 [ 37.128977] which belongs to the cache kmalloc-8 of size 8 [ 37.141177] The buggy address is located 0 bytes inside of [ 37.141177] allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3) [ 37.153465] [ 37.154971] The buggy address belongs to the physical page: [ 37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c [ 37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.175149] page_type: 0xfdffffff(slab) [ 37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000 [ 37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000 [ 37.194553] page dumped because: kasan: bad access detected [ 37.200144] [ 37.201647] Memory state around the buggy address: [ 37.206460] ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 37.213701] ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc [ 37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc [ 37.228186] ^ [ 37.232473] ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.239718] ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.246962] ============================================================== ---truncated--- | 7.8 |
2024-09-27 | CVE-2024-46859 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses The panasonic laptop code in various places uses the SINF array with index values of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array is big enough. Not all panasonic laptops have this many SINF array entries, for example the Toughbook CF-18 model only has 10 SINF array entries. | 7.8 |
2024-09-27 | CVE-2024-39435 | Unspecified vulnerability in Google Android 12.0/13.0/14.0 In Logmanager service, there is a possible missing verification incorrect input. | 7.8 | |
2024-09-26 | CVE-2022-49038 | Synology | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Synology Drive Client Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors. | 7.8 |
2024-09-26 | CVE-2024-8404 | Papercut | Link Following vulnerability in Papercut NG An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. | 7.8 |
2024-09-25 | CVE-2024-8975 | Grafana | Unquoted Search Path or Element vulnerability in Grafana Alloy Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1. | 7.8 |
2024-09-25 | CVE-2024-8996 | Grafana | Unquoted Search Path or Element vulnerability in Grafana Agent Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2 | 7.8 |
2024-09-25 | CVE-2024-7679 | Telerik | Command Injection vulnerability in Telerik UI for WPF In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | 7.8 |
2024-09-25 | CVE-2024-8316 | Telerik | Deserialization of Untrusted Data vulnerability in Telerik UI for WPF In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. | 7.8 |
2024-09-23 | CVE-2018-20072 | Unspecified vulnerability in Google Chrome Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. | 7.8 | |
2024-09-23 | CVE-2024-7018 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 7.8 | |
2024-09-28 | CVE-2024-9316 | Code Projects | SQL Injection vulnerability in Code-Projects Blood Bank System 1.0 A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. | 7.5 |
2024-09-28 | CVE-2024-23935 | Alpsalpine | Out-of-bounds Write vulnerability in Alpsalpine Ilx-F509 Firmware 6.0.000 Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 7.5 |
2024-09-27 | CVE-2024-23586 | Hcltech | Insufficient Session Expiration vulnerability in Hcltech HCL Nomad HCL Nomad is susceptible to an insufficient session expiration vulnerability. | 7.5 |
2024-09-27 | CVE-2024-9301 | Netflix | Path Traversal vulnerability in Netflix E2Nest A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a | 7.5 |
2024-09-27 | CVE-2024-44910 | Nasa | Out-of-bounds Read vulnerability in Nasa Cryptolib 1.3.0 NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the AOS subsystem (crypto_aos.c). | 7.5 |
2024-09-27 | CVE-2024-44911 | Nasa | Out-of-bounds Read vulnerability in Nasa Cryptolib 1.3.0 NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_aos.c). | 7.5 |
2024-09-27 | CVE-2024-44912 | Nasa | Out-of-bounds Read vulnerability in Nasa Cryptolib 1.3.0 NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TM subsystem (crypto_tm.c). | 7.5 |
2024-09-27 | CVE-2024-47182 | Amirraminfar | Inadequate Encryption Strength vulnerability in Amirraminfar Dozzle Dozzle is a realtime log viewer for docker containers. | 7.5 |
2024-09-27 | CVE-2024-8609 | Oceanicsoft | Information Exposure Through Log Files vulnerability in Oceanicsoft Valeapp Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information.This issue affects ValeApp: before v2.0.0. | 7.5 |
2024-09-27 | CVE-2024-8644 | Oceanicsoft | Cleartext Storage of Sensitive Information vulnerability in Oceanicsoft Valeapp Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).This issue affects ValeApp: before v2.0.0. | 7.5 |
2024-09-27 | CVE-2024-47293 | Huawei | Out-of-bounds Write vulnerability in Huawei Emui and Harmonyos Out-of-bounds write vulnerability in the HAL-WIFI module Impact: Successful exploitation of this vulnerability may affect availability. | 7.5 |
2024-09-27 | CVE-2024-47294 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability. | 7.5 |
2024-09-27 | CVE-2024-9136 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
2024-09-27 | CVE-2024-7713 | AYS PRO | Cleartext Transmission of Sensitive Information vulnerability in Ays-Pro Chatgpt Assistant The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it | 7.5 |
2024-09-27 | CVE-2024-7714 | AYS PRO | Unspecified vulnerability in Ays-Pro Chatgpt Assistant The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. | 7.5 |
2024-09-26 | CVE-2024-37125 | Dell | Unspecified vulnerability in Dell Smartfabric Os10 10.5.3.0/10.5.3.4/10.5.3.5 Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. | 7.5 |
2024-09-26 | CVE-2024-7107 | Nationalkeep | Files or Directories Accessible to External Parties vulnerability in Nationalkeep Cybermath 1.4 Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations.This issue affects CyberMath: before CYBM.240816253. | 7.5 |
2024-09-26 | CVE-2024-9199 | Clibomanager | Unspecified vulnerability in Clibomanager Clibo Manager 1.1.9.2 Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an attacker to send a large number of emails to the victim in a short time, affecting availability and leading to a denial of service (DoS). | 7.5 |
2024-09-26 | CVE-2024-47197 | Apache | Insecure Storage of Sensitive Information vulnerability in Apache Maven Archetype 3.2.1 Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not want to publish. | 7.5 |
2024-09-25 | CVE-2024-47083 | Microsoft | Information Exposure Through Log Files vulnerability in Microsoft Power Platform Terraform Provider Power Platform Terraform Provider allows managing environments and other resources within Power Platform. | 7.5 |
2024-09-25 | CVE-2024-20433 | Cisco | Out-of-bounds Write vulnerability in Cisco IOS A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets. | 7.5 |
2024-09-25 | CVE-2024-20436 | Cisco | NULL Pointer Dereference vulnerability in Cisco IOS XE A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a null pointer dereference when accessing specific URLs. | 7.5 |
2024-09-25 | CVE-2024-22892 | Openslides | Inadequate Encryption Strength vulnerability in Openslides 4.0.15 OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords. | 7.5 |
2024-09-25 | CVE-2024-6594 | Watchguard | Improper Handling of Exceptional Conditions vulnerability in Watchguard Single Sign-On Client Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. | 7.5 |
2024-09-25 | CVE-2024-8175 | An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. | 7.5 | |
2024-09-25 | CVE-2024-8484 | Jianbo | SQL Injection vulnerability in Jianbo Rest API to Miniprogram The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
2024-09-25 | CVE-2022-43845 | IBM | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 7.5 |
2024-09-25 | CVE-2023-5359 | Boldgrid | Cleartext Storage of Sensitive Information vulnerability in Boldgrid W3 Total Cache The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. | 7.5 |
2024-09-25 | CVE-2024-46610 | Thecosy | Unspecified vulnerability in Thecosy Icecms 1.0.0/2.0.1 An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java | 7.5 |
2024-09-25 | CVE-2024-46935 | Rocket Chat | Unspecified vulnerability in Rocket.Chat Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). | 7.5 |
2024-09-23 | CVE-2024-42861 | Linuxptp Project | Unspecified vulnerability in Linuxptp Project Linuxptp An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function | 7.5 |
2024-09-23 | CVE-2024-46985 | Dataease | XXE vulnerability in Dataease DataEase is an open source data visualization analysis tool. | 7.5 |
2024-09-27 | CVE-2024-38861 | Tomtretbar | Improper Certificate Validation vulnerability in Tomtretbar Mikrotik Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. | 7.4 |
2024-09-25 | CVE-2024-8481 | Simplelib | Code Injection vulnerability in Simplelib Special Text Boxes The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. | 7.3 |
2024-09-24 | CVE-2024-8623 | Pluginus | Code Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. | 7.3 |
2024-09-27 | CVE-2024-9130 | Givewp | SQL Injection vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
2024-09-26 | CVE-2024-43191 | IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request. | 7.2 | |
2024-09-26 | CVE-2024-8704 | Advancedfilemanager | Path Traversal vulnerability in Advancedfilemanager Advanced File Manager The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter. | 7.2 |
2024-09-25 | CVE-2024-7385 | Freelancer Coder | SQL Injection vulnerability in Freelancer-Coder Wordpress Simple Html Sitemap The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
2024-09-25 | CVE-2024-8514 | Prisna | Deserialization of Untrusted Data vulnerability in Prisna Google Website Translator The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisna_import' parameter. | 7.2 |
2024-09-25 | CVE-2024-8349 | Uncannyowl | Missing Authorization vulnerability in Uncannyowl Uncanny Groups for Learndash The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. | 7.2 |
2024-09-23 | CVE-2024-0003 | Purestorage | Unspecified vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. | 7.2 |
2024-09-23 | CVE-2024-0004 | Purestorage | Code Injection vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. | 7.2 |
2024-09-23 | CVE-2024-9093 | Rems | SQL Injection vulnerability in Rems Profile Registration Without Reload/Refresh 1.0 A vulnerability classified as critical has been found in SourceCodester Profile Registration without Reload Refresh 1.0. | 7.2 |
2024-09-27 | CVE-2024-46854 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. | 7.1 |
2024-09-27 | CVE-2024-46865 | Linux | Use of Uninitialized Resource vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. | 7.1 |
2024-09-27 | CVE-2024-46858 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action napi_poll netlink_sendmsg __napi_poll netlink_unicast process_backlog netlink_unicast_kernel __netif_receive_skb genl_rcv __netif_receive_skb_one_core netlink_rcv_skb NF_HOOK genl_rcv_msg ip_local_deliver_finish genl_family_rcv_msg ip_protocol_deliver_rcu genl_family_rcv_msg_doit tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit tcp_v4_do_rcv mptcp_nl_remove_addrs_list tcp_rcv_established mptcp_pm_remove_addrs_and_subflows tcp_data_queue remove_anno_list_by_saddr mptcp_incoming_options mptcp_pm_del_add_timer mptcp_pm_del_add_timer kfree(entry) In remove_anno_list_by_saddr(running on CPU2), after leaving the critical zone protected by "pm.lock", the entry will be released, which leads to the occurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1). Keeping a reference to add_timer inside the lock, and calling sk_stop_timer_sync() with this reference, instead of "entry->add_timer". Move list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock, do not directly access any members of the entry outside the pm lock, which can avoid similar "entry->x" uaf. | 7.0 |
227 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-09-28 | CVE-2024-23924 | Alpsalpine | OS Command Injection vulnerability in Alpsalpine Ilx-F509 Firmware 6.0.000 Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. | 6.8 |
2024-09-28 | CVE-2024-23961 | Alpsalpine | OS Command Injection vulnerability in Alpsalpine Ilx-F509 Firmware 6.0.000 Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. | 6.8 |
2024-09-23 | CVE-2024-23922 | Sony | Insufficient Verification of Data Authenticity vulnerability in Sony Xav-Ax5500 Firmware 1.13 Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. | 6.8 |
2024-09-23 | CVE-2024-23972 | Sony | Classic Buffer Overflow vulnerability in Sony Xav-Ax5500 Firmware 1.13 Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. | 6.8 |
2024-09-26 | CVE-2022-49039 | Synology | Out-of-bounds Write vulnerability in Synology Drive Client Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands via unspecified vectors. | 6.7 |
2024-09-26 | CVE-2024-41722 | Gotenna | Unspecified vulnerability in Gotenna In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. | 6.5 |
2024-09-26 | CVE-2024-43108 | Gotenna | Insufficient Verification of Data Authenticity vulnerability in Gotenna The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. | 6.5 |
2024-09-26 | CVE-2024-43694 | Gotenna | Insecure Storage of Sensitive Information vulnerability in Gotenna Atak Plugin In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. | 6.5 |
2024-09-26 | CVE-2024-45374 | Gotenna | Insecure Storage of Sensitive Information vulnerability in Gotenna The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. | 6.5 |
2024-09-26 | CVE-2024-45723 | Gotenna | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Gotenna The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. | 6.5 |
2024-09-26 | CVE-2024-45987 | Online Voting System Project | Cross-Site Request Forgery (CSRF) vulnerability in Online Voting System Project Online Voting System 1.0 Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. | 6.5 |
2024-09-26 | CVE-2024-47122 | Gotenna | Insecure Storage of Sensitive Information vulnerability in Gotenna PRO In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device (EUD). | 6.5 |
2024-09-26 | CVE-2024-47124 | Gotenna | Cleartext Transmission of Sensitive Information vulnerability in Gotenna PRO The goTenna Pro App does not encrypt callsigns in messages. | 6.5 |
2024-09-26 | CVE-2024-47130 | Gotenna | Missing Authentication for Critical Function vulnerability in Gotenna PRO The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. | 6.5 |
2024-09-26 | CVE-2024-47003 | Mattermost | Unspecified vulnerability in Mattermost Server Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend. | 6.5 |
2024-09-26 | CVE-2024-45372 | Planex | Cross-Site Request Forgery (CSRF) vulnerability in Planex Mzk-Dp300N Firmware MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. | 6.5 |
2024-09-26 | CVE-2022-49037 | Synology | Information Exposure Through Log Files vulnerability in Synology Drive Client Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 6.5 |
2024-09-25 | CVE-2024-20414 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. | 6.5 |
2024-09-25 | CVE-2024-20508 | Cisco | Out-of-bounds Write vulnerability in Cisco Unified Threat Defense Snort Intrusion Prevention System Engine A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of HTTP requests when they are processed by Cisco UTD Snort IPS Engine. | 6.5 |
2024-09-25 | CVE-2024-41445 | Ihedvall | Out-of-bounds Write vulnerability in Ihedvall MDF Library 2.1 Library MDF (mdflib) v2.1 is vulnerable to a heap-based buffer overread via a crafted mdf4 file is parsed using the ReadData function | 6.5 |
2024-09-25 | CVE-2024-6512 | Devolutions | Incorrect Authorization vulnerability in Devolutions Server Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism. | 6.5 |
2024-09-25 | CVE-2024-8483 | Madrasthemes | Unspecified vulnerability in Madrasthemes MAS Static Content The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. | 6.5 |
2024-09-25 | CVE-2024-8621 | Mmrs151 | SQL Injection vulnerability in Mmrs151 Daily Prayer Time The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
2024-09-25 | CVE-2024-38324 | IBM | Improper Certificate Validation vulnerability in IBM Storage Defender 2.0.0/2.0.4 IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system. | 6.5 |
2024-09-23 | CVE-2024-43996 | Wpmet | Path Traversal vulnerability in Wpmet Elementskit 2.3.6/2.6.4/3.6.0 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.This issue affects ElementsKit Pro: from n/a through 3.6.0. | 6.5 |
2024-09-25 | CVE-2024-8267 | The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the 'wp:radio-player' Gutenberg block in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping. | 6.4 | |
2024-09-28 | CVE-2024-9297 | Oretnom23 | Missing Authorization vulnerability in Oretnom23 Railway Reservation System 1.0 A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. | 6.3 |
2024-09-28 | CVE-2024-9300 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Railway Reservation System 1.0 A vulnerability classified as problematic was found in SourceCodester Online Railway Reservation System 1.0. | 6.1 |
2024-09-28 | CVE-2024-8712 | Stape | Cross-site Scripting vulnerability in Stape GTM Server Side The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.19. | 6.1 |
2024-09-28 | CVE-2024-8715 | Objectiv | Cross-site Scripting vulnerability in Objectiv Simple Ldap Login The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. | 6.1 |
2024-09-28 | CVE-2024-8788 | Wpfactory | Cross-site Scripting vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.11. | 6.1 |
2024-09-27 | CVE-2024-46453 | Honeywell | Cross-site Scripting vulnerability in Honeywell Iq3Xcite Firmware A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 |
2024-09-27 | CVE-2024-47186 | Filamentphp | Cross-site Scripting vulnerability in Filamentphp Filament Filament is a collection of full-stack components for Laravel development. | 6.1 |
2024-09-27 | CVE-2024-25412 | Flatpress | Cross-site Scripting vulnerability in Flatpress A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field. | 6.1 |
2024-09-27 | CVE-2024-38308 | Advantech | Cross-site Scripting vulnerability in Advantech Adam 5550-Firmware Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. | 6.1 |
2024-09-27 | CVE-2024-6931 | Stellarwp | Cross-site Scripting vulnerability in Stellarwp the Events Calendar The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via RSVP name field in all versions up to, and including, 6.6.3 due to insufficient input sanitization and output escaping. | 6.1 |
2024-09-26 | CVE-2022-4541 | Nitinmaurya | Cross-site Scripting vulnerability in Nitinmaurya Wordpress Visitors 1.0 The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. | 6.1 |
2024-09-26 | CVE-2024-8872 | Bizswoop | Cross-site Scripting vulnerability in Bizswoop Store Hours for Woocommerce The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3.20. | 6.1 |
2024-09-26 | CVE-2024-6517 | Dotsquares | Cross-site Scripting vulnerability in Dotsquares Contact Form 7 Math Captcha The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users. | 6.1 |
2024-09-26 | CVE-2024-45836 | Planex | Cross-site Scripting vulnerability in Planex products Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. | 6.1 |
2024-09-26 | CVE-2024-8803 | Madfishdigital | Cross-site Scripting vulnerability in Madfishdigital Bulk Noindex & Nofollow Toolkit The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.15. | 6.1 |
2024-09-25 | CVE-2024-46655 | Ellevo | Cross-site Scripting vulnerability in Ellevo 6.2.0.38160 A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL. | 6.1 |
2024-09-25 | CVE-2024-45613 | Ckeditor | Cross-site Scripting vulnerability in Ckeditor Ckeditor5 CKEditor 5 is a JavaScript rich-text editor. | 6.1 |
2024-09-25 | CVE-2024-3866 | Ninjaforms | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. | 6.1 |
2024-09-25 | CVE-2024-7617 | Itpathsolutions | Cross-site Scripting vulnerability in Itpathsolutions Contact Form to ANY API The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. | 6.1 |
2024-09-25 | CVE-2024-8549 | Xtendify | Cross-site Scripting vulnerability in Xtendify Simple Calendar The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.2. | 6.1 |
2024-09-25 | CVE-2024-8713 | Pierros | Cross-site Scripting vulnerability in Pierros Kodex Posts Likes 2.4.3 The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. | 6.1 |
2024-09-25 | CVE-2024-8741 | Outtheboxthemes | Cross-site Scripting vulnerability in Outtheboxthemes Beam ME UP Scotty The Beam me up Scotty – Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.21. | 6.1 |
2024-09-25 | CVE-2024-41725 | Doverfuelingsolutions | Cross-site Scripting vulnerability in Doverfuelingsolutions products ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting. | 6.1 |
2024-09-25 | CVE-2024-46934 | Rocket Chat | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). | 6.1 |
2024-09-25 | CVE-2024-9148 | Flowiseai | Cross-site Scripting vulnerability in Flowiseai Embed and Flowise Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0. | 6.1 |
2024-09-24 | CVE-2024-8544 | Fatcatapps | Cross-site Scripting vulnerability in Fatcatapps Pixel CAT The Pixel Cat – Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.0.5. | 6.1 |
2024-09-24 | CVE-2024-8662 | Ibericode | Cross-site Scripting vulnerability in Ibericode Koko Analytics The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. | 6.1 |
2024-09-24 | CVE-2024-8716 | Xplodedthemes | Cross-site Scripting vulnerability in Xplodedthemes XT Ajax ADD to Cart for Woocommerce The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. | 6.1 |
2024-09-24 | CVE-2024-8738 | Castos | Cross-site Scripting vulnerability in Castos Seriously Simple Stats The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. | 6.1 |
2024-09-23 | CVE-2024-8770 | Github | Cross-site Scripting vulnerability in Github Enterprise Server A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program. | 6.1 |
2024-09-23 | CVE-2024-47068 | Rollupjs | Cross-site Scripting vulnerability in Rollupjs Rollup Rollup is a module bundler for JavaScript. | 6.1 |
2024-09-23 | CVE-2024-47069 | Oveleon | Cross-site Scripting vulnerability in Oveleon Cookiebar Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. | 6.1 |
2024-09-23 | CVE-2024-47227 | Iredmail | Cross-site Scripting vulnerability in Iredmail Iredadmin iRedAdmin before 2.6 allows XSS, e.g., via order_name. | 6.1 |
2024-09-23 | CVE-2024-9092 | Rems | Cross-site Scripting vulnerability in Rems Profile Registration Without Reload/Refresh 1.0 A vulnerability was found in SourceCodester Profile Registration without Reload Refresh 1.0. | 6.1 |
2024-09-23 | CVE-2024-43201 | Planetfitness | Improper Certificate Validation vulnerability in Planetfitness Planet Fitness Workouts The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information. | 5.9 |
2024-09-25 | CVE-2024-20465 | Cisco | Unspecified vulnerability in Cisco IOS A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the incorrect handling of IPv4 ACLs on switched virtual interfaces when an administrator enables and disables Resilient Ethernet Protocol (REP). | 5.8 |
2024-09-27 | CVE-2024-34542 | Advantech | Insufficiently Protected Credentials vulnerability in Advantech Adam-5630 Firmware Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process. | 5.7 |
2024-09-27 | CVE-2024-37187 | Advantech | Insufficiently Protected Credentials vulnerability in Advantech Adam-5550 Firmware Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding. | 5.7 |
2024-09-27 | CVE-2024-46802 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: added NULL check at start of dc_validate_stream [Why] prevent invalid memory access [How] check if dc and stream are NULL | 5.5 |
2024-09-27 | CVE-2024-46803 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check debug trap enable before write dbg_ev_file In interrupt context, write dbg_ev_file will be run by work queue. | 5.5 |
2024-09-27 | CVE-2024-46805 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix the waring dereferencing hive Check the amdgpu_hive_info *hive that maybe is NULL. | 5.5 |
2024-09-27 | CVE-2024-46806 | Linux | Divide By Zero vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the warning division or modulo by zero Checks the partition mode and returns an error for an invalid mode. | 5.5 |
2024-09-27 | CVE-2024-46807 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: Check tbo resource pointer Validate tbo resource pointer, skip if NULL | 5.5 |
2024-09-27 | CVE-2024-46808 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range [Why & How] ASSERT if return NULL from kcalloc. | 5.5 |
2024-09-27 | CVE-2024-46809 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check BIOS images before it is used BIOS images may fail to load and null checks are added before they are used. This fixes 6 NULL_RETURNS issues reported by Coverity. | 5.5 |
2024-09-27 | CVE-2024-46810 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Make sure the connector is fully initialized before signalling any HPD events via drm_kms_helper_hotplug_event(), otherwise this may lead to NULL pointer dereference. | 5.5 |
2024-09-27 | CVE-2024-46816 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links [Why] Coverity report OVERRUN warning. | 5.5 |
2024-09-27 | CVE-2024-46817 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 [Why] Coverity reports OVERRUN warning. | 5.5 |
2024-09-27 | CVE-2024-46819 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: the warning dereferencing obj for nbio_v7_4 if ras_manager obj null, don't print NBIO err data | 5.5 |
2024-09-27 | CVE-2024-46822 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry In a review discussion of the changes to support vCPU hotplug where a check was added on the GICC being enabled if was online, it was noted that there is need to map back to the cpu and use that to index into a cpumask. | 5.5 |
2024-09-27 | CVE-2024-46823 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: kunit/overflow: Fix UB in overflow_allocation_test The 'device_name' array doesn't exist out of the 'overflow_allocation_test' function scope. | 5.5 |
2024-09-27 | CVE-2024-46824 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: iommufd: Require drivers to supply the cache_invalidate_user ops If drivers don't do this then iommufd will oops invalidation ioctls with something like: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000086000004 EC = 0x21: IABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101059000 [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP Modules linked in: CPU: 2 PID: 371 Comm: qemu-system-aar Not tainted 6.8.0-rc7-gde77230ac23a #9 Hardware name: linux,dummy-virt (DT) pstate: 81400809 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=-c) pc : 0x0 lr : iommufd_hwpt_invalidate+0xa4/0x204 sp : ffff800080f3bcc0 x29: ffff800080f3bcf0 x28: ffff0000c369b300 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 x23: 0000000000000000 x22: 00000000c1e334a0 x21: ffff0000c1e334a0 x20: ffff800080f3bd38 x19: ffff800080f3bd58 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8240d6d8 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000001000000002 x7 : 0000fffeac1ec950 x6 : 0000000000000000 x5 : ffff800080f3bd78 x4 : 0000000000000003 x3 : 0000000000000002 x2 : 0000000000000000 x1 : ffff800080f3bcc8 x0 : ffff0000c6034d80 Call trace: 0x0 iommufd_fops_ioctl+0x154/0x274 __arm64_sys_ioctl+0xac/0xf0 invoke_syscall+0x48/0x110 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xb4 el0t_64_sync_handler+0x120/0x12c el0t_64_sync+0x190/0x194 All existing drivers implement this op for nesting, this is mostly a bisection aid. | 5.5 |
2024-09-27 | CVE-2024-46825 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check The lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is normally called with input from the firmware, so it should use IWL_FW_CHECK() instead of WARN_ON(). | 5.5 |
2024-09-27 | CVE-2024-46826 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. | 5.5 |
2024-09-27 | CVE-2024-46827 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix firmware crash due to invalid peer nss Currently, if the access point receives an association request containing an Extended HE Capabilities Information Element with an invalid MCS-NSS, it triggers a firmware crash. This issue arises when EHT-PHY capabilities shows support for a bandwidth and MCS-NSS set for that particular bandwidth is filled by zeros and due to this, driver obtains peer_nss as 0 and sending this value to firmware causes crash. Address this issue by implementing a validation step for the peer_nss value before passing it to the firmware. | 5.5 |
2024-09-27 | CVE-2024-46829 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. | 5.5 |
2024-09-27 | CVE-2024-46832 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed This avoids warning: [ 0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 Caused by get_c0_compare_int on secondary CPU. We also skipped saving IRQ number to struct clock_event_device *cd as it's never used by clockevent core, as per comments it's only meant for "non CPU local devices". | 5.5 |
2024-09-27 | CVE-2024-46834 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ethtool: fail closed if we can't get max channel used in indirection tables Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with active RSS contexts") proves that allowing indirection table to contain channels with out of bounds IDs may lead to crashes. | 5.5 |
2024-09-27 | CVE-2024-46835 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix smatch static checker warning adev->gfx.imu.funcs could be NULL | 5.5 |
2024-09-27 | CVE-2024-46837 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on group_create We were allowing any users to create a high priority group without any permission checks. | 5.5 |
2024-09-27 | CVE-2024-46838 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: userfaultfd: don't BUG_ON() if khugepaged yanks our page table Since khugepaged was changed to allow retracting page tables in file mappings without holding the mmap lock, these BUG_ON()s are wrong - get rid of them. We could also remove the preceding "if (unlikely(...))" block, but then we could reach pte_offset_map_lock() with transhuge pages not just for file mappings but also for anonymous mappings - which would probably be fine but I think is not necessarily expected. | 5.5 |
2024-09-27 | CVE-2024-46840 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUG_ON(refs == 0), which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer. | 5.5 |
2024-09-27 | CVE-2024-46841 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() We handle errors here properly, ENOMEM isn't fatal, return the error. | 5.5 |
2024-09-27 | CVE-2024-46842 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the routine unconditionally frees submitted mailbox commands regardless of return status. | 5.5 |
2024-09-27 | CVE-2024-46843 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only if added If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before adding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host has been defered after MCQ configuration introduced by commit 0cab4023ec7b ("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported"). To guarantee that SCSI host is removed only if it has been added, set the scsi_host_added flag to true after adding a SCSI host and check whether it is set or not before removing it. | 5.5 |
2024-09-27 | CVE-2024-46846 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: spi: rockchip: Resolve unbalanced runtime PM / system PM handling Commit e882575efc77 ("spi: rockchip: Suspend and resume the bus during NOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and simply disabled clocks unconditionally when suspending the system. | 5.5 |
2024-09-27 | CVE-2024-46847 | Linux | Improper Validation of Array Index vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmap_block is initialised before adding to queue Commit 8c61291fd850 ("mm: fix incorrect vbq reference in purge_fragmented_block") extended the 'vmap_block' structure to contain a 'cpu' field which is set at allocation time to the id of the initialising CPU. When a new 'vmap_block' is being instantiated by new_vmap_block(), the partially initialised structure is added to the local 'vmap_block_queue' xarray before the 'cpu' field has been initialised. | 5.5 |
2024-09-27 | CVE-2024-46848 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174 intel_pmu_handle_irq+0x285/0x370 Call Trace: <NMI> ? __warn+0xa4/0x220 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? report_bug+0x3e/0xa0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? irq_work_claim+0x1e/0x40 ? intel_pmu_handle_irq+0x285/0x370 perf_event_nmi_handler+0x3d/0x60 nmi_handle+0x104/0x330 Thanks to Thomas Gleixner's analysis, the issue is caused by the low initial period (1) of the frequency estimation algorithm, which triggers the defects of the HW, specifically erratum HSW11 and HSW143. | 5.5 |
2024-09-27 | CVE-2024-46855 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: fix sk refcount leaks We must put 'sk' reference before returning. | 5.5 |
2024-09-27 | CVE-2024-46856 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices The probe() function is only used for DP83822 and DP83826 PHY, leaving the private data pointer uninitialized for the DP83825 models which causes a NULL pointer dereference in the recently introduced/changed functions dp8382x_config_init() and dp83822_set_wol(). Add the dp8382x_probe() function, so all PHY models will have a valid private data pointer to fix this issue and also prevent similar issues in the future. | 5.5 |
2024-09-27 | CVE-2024-46857 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix bridge mode operations when there are no VFs Currently, trying to set the bridge mode attribute when numvfs=0 leads to a crash: bridge link set dev eth2 hwmode vepa [ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030 [...] [ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core] [...] [ 168.976037] Call Trace: [ 168.976188] <TASK> [ 168.978620] _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core] [ 168.979074] mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core] [ 168.979471] rtnl_bridge_setlink+0xe9/0x1f0 [ 168.979714] rtnetlink_rcv_msg+0x159/0x400 [ 168.980451] netlink_rcv_skb+0x54/0x100 [ 168.980675] netlink_unicast+0x241/0x360 [ 168.980918] netlink_sendmsg+0x1f6/0x430 [ 168.981162] ____sys_sendmsg+0x3bb/0x3f0 [ 168.982155] ___sys_sendmsg+0x88/0xd0 [ 168.985036] __sys_sendmsg+0x59/0xa0 [ 168.985477] do_syscall_64+0x79/0x150 [ 168.987273] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 168.987773] RIP: 0033:0x7f8f7950f917 (esw->fdb_table.legacy.vepa_fdb is null) The bridge mode is only relevant when there are multiple functions per port. | 5.5 |
2024-09-27 | CVE-2024-46860 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change When disabling wifi mt7921_ipv6_addr_change() is called as a notifier. At this point mvif->phy is already NULL so we cannot use it here. | 5.5 |
2024-09-27 | CVE-2024-46861 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: do not stop RX on failing RX callback RX callbacks can fail for multiple reasons: * Payload too short * Payload formatted incorrecly (e.g. | 5.5 |
2024-09-27 | CVE-2024-46862 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test !link->num_adr as a condition to end the loop in hda_sdw_machine_select(). So an empty item in struct snd_soc_acpi_link_adr array is required. | 5.5 |
2024-09-27 | CVE-2024-46863 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test !link->num_adr as a condition to end the loop in hda_sdw_machine_select(). So an empty item in struct snd_soc_acpi_link_adr array is required. | 5.5 |
2024-09-27 | CVE-2024-46864 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: fix kexec crash due to VP assist page corruption commit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline") introduces a new cpuhp state for hyperv initialization. cpuhp_setup_state() returns the state number if state is CPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states. For the hyperv case, since a new cpuhp state was introduced it would return 0. | 5.5 |
2024-09-27 | CVE-2024-46866 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: add missing bo locking in show_meminfo() bo_meminfo() wants to inspect bo state like tt and the ttm resource, however this state can change at any point leading to stuff like NPD and UAF, if the bo lock is not held. | 5.5 |
2024-09-27 | CVE-2024-46867 | Linux | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: fix deadlock in show_meminfo() There is a real deadlock as well as sleeping in atomic() bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. | 5.5 |
2024-09-27 | CVE-2024-46868 | Linux | Improper Locking vulnerability in Linux Kernel 6.10.2/6.11 In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire() If the __qcuefi pointer is not set, then in the original code, we would hold onto the lock. | 5.5 |
2024-09-27 | CVE-2024-47290 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Input validation vulnerability in the USB service module Impact: Successful exploitation of this vulnerability may affect availability. | 5.5 |
2024-09-27 | CVE-2024-47291 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Permission vulnerability in the ActivityManagerService (AMS) module Impact: Successful exploitation of this vulnerability may affect availability. | 5.5 |
2024-09-27 | CVE-2024-47292 | Huawei | Path Traversal vulnerability in Huawei Emui and Harmonyos Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 5.5 |
2024-09-26 | CVE-2023-52949 | Synology | Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. | 5.5 |
2024-09-26 | CVE-2024-8405 | Papercut | Command Injection vulnerability in Papercut NG An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. | 5.5 |
2024-09-25 | CVE-2024-46488 | Asg017 | Out-of-bounds Write vulnerability in Asg017 Sqlite-Vec 0.1.1 sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. | 5.5 |
2024-09-25 | CVE-2024-7421 | Devolutions | Information Exposure Through Log Files vulnerability in Devolutions Remote Desktop Manager An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions | 5.5 |
2024-09-25 | CVE-2024-9169 | The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. | 5.5 | |
2024-09-29 | CVE-2024-9323 | Mayurik | Cross-site Scripting vulnerability in Mayurik Free and Open Source Inventory Management System 1.0 A vulnerability was found in SourceCodester Inventory Management System 1.0. | 5.4 |
2024-09-29 | CVE-2024-9320 | Rems | Cross-site Scripting vulnerability in Rems Online Timesheet APP 1.0 A vulnerability has been found in SourceCodester Online Timesheet App 1.0 and classified as problematic. | 5.4 |
2024-09-28 | CVE-2024-9299 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Railway Reservation System 1.0 A vulnerability classified as problematic has been found in SourceCodester Online Railway Reservation System 1.0. | 5.4 |
2024-09-28 | CVE-2024-8547 | Garrettgrimm | Cross-site Scripting vulnerability in Garrettgrimm Simple Popup Plugin 4.5 The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-09-28 | CVE-2024-9023 | Axton | Cross-site Scripting vulnerability in Axton Wp-Webauthn The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wwa_login_form shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-09-27 | CVE-2024-9291 | KVF Admin Project | Cross-site Scripting vulnerability in Kvf-Admin Project Kvf-Admin 20220212 A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. | 5.4 |
2024-09-27 | CVE-2024-8608 | Oceanicsoft | Cross-site Scripting vulnerability in Oceanicsoft Valeapp Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp allows Stored XSS.This issue affects ValeApp: before v2.0.0. | 5.4 |
2024-09-27 | CVE-2024-8681 | Leap13 | Cross-site Scripting vulnerability in Leap13 Premium Addons for Elementor The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-09-27 | CVE-2024-8991 | Hyumika | Cross-site Scripting vulnerability in Hyumika Openstreetmap The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osm_map and osm_map_v3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-09-27 | CVE-2024-9049 | Fastlinemedia | Cross-site Scripting vulnerability in Fastlinemedia Beaver Builder The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-09-27 | CVE-2024-8965 | Codesupply | Cross-site Scripting vulnerability in Codesupply Absolute Reviews The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Name' field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. | 5.4 |
2024-09-26 | CVE-2024-47125 | Gotenna | Improper Authentication vulnerability in Gotenna PRO The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. | 5.4 |
2024-09-26 | CVE-2024-9177 | Themedy | Cross-site Scripting vulnerability in Themedy Toolbox The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all versions up to, and including, 1.0.14, and up to, and including 1.0.15 for the plugin's themedy_button shortcode due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-09-26 | CVE-2024-8725 | Advancedfilemanager | Unrestricted Upload of File with Dangerous Type vulnerability in Advancedfilemanager Advanced File Manager Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. | 5.4 |
2024-09-26 | CVE-2024-9115 | Chetanvaghela | Cross-site Scripting vulnerability in Chetanvaghela Common Tools for Site The Common Tools for Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. | 5.4 |
2024-09-26 | CVE-2024-9117 | Mapplic | Cross-site Scripting vulnerability in Mapplic 1.0 The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. | 5.4 |
2024-09-26 | CVE-2024-9125 | Kingblack | Cross-site Scripting vulnerability in Kingblack King IE The king_IE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. | 5.4 |
2024-09-26 | CVE-2024-9127 | Codecabin | Cross-site Scripting vulnerability in Codecabin Super Testimonials 3.0.0 The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. | 5.4 |
2024-09-26 | CVE-2024-9173 | Alefypimentel | Cross-site Scripting vulnerability in Alefypimentel GF Custom Style 2.0 The GF Custom Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. | 5.4 |
2024-09-26 | CVE-2024-9198 | Clibomanager | Cross-site Scripting vulnerability in Clibomanager Clibo Manager 1.1.9.1 Vulnerability in Clibo Manager v1.1.9.1 that could allow an attacker to execute an stored Cross-Site Scripting (stored XSS ) by uploading a malicious .svg image in the section: Profile > Profile picture. | 5.4 |
2024-09-26 | CVE-2024-42406 | Mattermost | Unspecified vulnerability in Mattermost Server Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is disabled, which allows an attacker to retrieve post and file information about archived channels. | 5.4 |
2024-09-26 | CVE-2024-45843 | Mattermost | Server-Side Request Forgery (SSRF) vulnerability in Mattermost Server Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba. | 5.4 |
2024-09-26 | CVE-2024-8861 | Metagauss | Cross-site Scripting vulnerability in Metagauss Profilegrid The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute for certain HTML elements without sufficient restriction or context validation. | 5.4 |
2024-09-26 | CVE-2024-8723 | Wangbin | Cross-site Scripting vulnerability in Wangbin 012 PS Multi Languages The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. | 5.4 |
2024-09-25 | CVE-2023-51157 | Zkteco | Cross-site Scripting vulnerability in Zkteco Wdms 5.1.3 Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter. | 5.4 |
2024-09-25 | CVE-2024-20475 | Cisco | Cross-site Scripting vulnerability in Cisco Catalyst Sd-Wan Manager A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. | 5.4 |
2024-09-25 | CVE-2024-8546 | Wpmet | Cross-site Scripting vulnerability in Wpmet Elementskit Elementor Addons The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-09-25 | CVE-2024-8858 | Livemeshelementor | Cross-site Scripting vulnerability in Livemeshelementor Addons for Elementor The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘piechart_settings’ parameter in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping. | 5.4 |
2024-09-25 | CVE-2024-47303 | Livemeshelementor | Cross-site Scripting vulnerability in Livemeshelementor Addons for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.5. | 5.4 |
2024-09-25 | CVE-2024-8668 | Hasthemes | Cross-site Scripting vulnerability in Hasthemes Woolentor - Woocommerce Elementor Addons + Builder The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip and countdown functionality in all versions up to, and including, 2.9.7 due to insufficient input sanitization and output escaping. | 5.4 |
2024-09-25 | CVE-2024-8515 | Themesflat | Cross-site Scripting vulnerability in Themesflat Addons for Elementor 2.0.0/2.1.2 The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like 'TF E Slider Widget', 'TF Video Widget', 'TF Team Widget' and more in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on URL attributes. | 5.4 |
2024-09-25 | CVE-2024-9024 | Braginteractive | Cross-site Scripting vulnerability in Braginteractive Material Design Icons The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-09-25 | CVE-2024-9027 | Wpzoom | Cross-site Scripting vulnerability in Wpzoom Shortcodes The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-09-25 | CVE-2024-9028 | Devfarm | Cross-site Scripting vulnerability in Devfarm WP GPX Maps The WP GPX Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sgpx' shortcode in all versions up to, and including, 1.7.08 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-09-25 | CVE-2024-9068 | Themexclub | Cross-site Scripting vulnerability in Themexclub Oneelements The OneElements – Best Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. | 5.4 |
2024-09-25 | CVE-2024-9069 | Graphicsly | Cross-site Scripting vulnerability in Graphicsly The Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. | 5.4 |
2024-09-25 | CVE-2024-9073 | Gutengeek | Cross-site Scripting vulnerability in Gutengeek Free Gutenberg Blocks The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. | 5.4 |
2024-09-25 | CVE-2024-47048 | Rocket Chat | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps. | 5.4 |
2024-09-25 | CVE-2024-7398 | Concretecms | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. | 5.4 |
2024-09-25 | CVE-2024-8103 | Gcsdesign | Cross-site Scripting vulnerability in Gcsdesign WP Category Dropdown The WP Category Dropdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. | 5.4 |
2024-09-25 | CVE-2024-8917 | Anwp | Cross-site Scripting vulnerability in Anwp Football Leagues The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. | 5.4 |
2024-09-25 | CVE-2024-8919 | Wpdeveloperr | Cross-site Scripting vulnerability in Wpdeveloperr Confetti Fall Animation The Confetti Fall Animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'confetti-fall-animation' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-09-24 | CVE-2024-8628 | Mailoptin | Cross-site Scripting vulnerability in Mailoptin The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all versions up to, and including, 1.2.70.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-09-24 | CVE-2024-8657 | Ggnome | Cross-site Scripting vulnerability in Ggnome Garden Gnome Package The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-09-23 | CVE-2024-9089 | Mayurik | Cross-site Scripting vulnerability in Mayurik Modern Loan Management System 1.0 A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic. | 5.4 |
2024-09-29 | CVE-2024-9321 | Oretnom23 | Unspecified vulnerability in Oretnom23 Railway Reservation System 1.0 A vulnerability was found in SourceCodester Online Railway Reservation System 1.0 and classified as critical. | 5.3 |
2024-09-28 | CVE-2024-9189 | Wpfactory | Missing Authorization vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function in all versions up to, and including, 2.12.12. | 5.3 |
2024-09-27 | CVE-2024-9202 | Eclipse | Missing Authorization vulnerability in Eclipse Dataspace Components In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets (= data offers) another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single dataset, which should be subject to the same filtering process, but currently is missing the correct filtering. This enables parties to potentially see datasets they should not have access to, thereby exposing sensitive information. | 5.3 |
2024-09-26 | CVE-2024-4099 | Gitlab | Improper Encoding or Escaping of Output vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. | 5.3 |
2024-09-26 | CVE-2024-47121 | Gotenna | Weak Password Requirements vulnerability in Gotenna PRO The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. | 5.3 |
2024-09-26 | CVE-2024-9025 | Codesupply | Missing Authorization vulnerability in Codesupply Sight The Sight – Professional Image Gallery and Portfolio plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handler_post_title' function in all versions up to, and including, 1.1.2. | 5.3 |
2024-09-26 | CVE-2023-52950 | Synology | Missing Encryption of Sensitive Data vulnerability in Synology Active Backup for Business Agent Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors. | 5.3 |
2024-09-25 | CVE-2024-8678 | Revolut | Missing Authorization vulnerability in Revolut Gateway for Woocommerce The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wc/v3/revolut REST API endpoint in all versions up to, and including, 4.17.3. | 5.3 |
2024-09-25 | CVE-2024-6845 | Smartsearchwp | Missing Authorization vulnerability in Smartsearchwp The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key | 5.3 |
2024-09-25 | CVE-2024-8658 | Mycred | Missing Authorization vulnerability in Mycred The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mycred_update_database() function in all versions up to, and including, 2.7.3. | 5.3 |
2024-09-25 | CVE-2024-7426 | Peepso | Information Exposure Through an Error Message vulnerability in Peepso The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.6.0. | 5.3 |
2024-09-25 | CVE-2024-7491 | The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woof_messenger_remove_subscr AJAX action due to missing validation on the 'key' user controlled key. | 5.3 | |
2024-09-25 | CVE-2024-8941 | Scriptcase | Path Traversal vulnerability in Scriptcase 9.4.019 Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass SecurityManager's intended restrictions and list and/or read a parent directory via a “/...” or directly into a path used in the POST parameter “field_file” by a web application. | 5.3 |
2024-09-24 | CVE-2024-8794 | BA Booking | Unspecified vulnerability in Ba-Booking BA Book Everything The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. | 5.3 |
2024-09-26 | CVE-2023-52948 | Synology | Missing Encryption of Sensitive Data vulnerability in Synology Active Backup for Business Agent Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. | 5.0 |
2024-09-24 | CVE-2024-38266 | An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. | 4.9 | |
2024-09-24 | CVE-2024-38267 | Zyxel | Unspecified vulnerability in Zyxel products An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. | 4.9 |
2024-09-24 | CVE-2024-38268 | Zyxel | Unspecified vulnerability in Zyxel products An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. | 4.9 |
2024-09-24 | CVE-2024-38269 | Zyxel | Unspecified vulnerability in Zyxel products An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. | 4.9 |
2024-09-28 | CVE-2024-8189 | Ngothang | Cross-site Scripting vulnerability in Ngothang WP Multitasking The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmt_menu_name’ parameter in all versions up to, and including, 0.1.17 due to insufficient input sanitization and output escaping. | 4.8 |
2024-09-27 | CVE-2024-47184 | Ampache | Cross-site Scripting vulnerability in Ampache Ampache is a web based audio/video streaming application and file manager. | 4.8 |
2024-09-27 | CVE-2024-9279 | Funnyzpc | Cross-site Scripting vulnerability in Funnyzpc Mee-Admin A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. | 4.8 |
2024-09-26 | CVE-2024-8633 | 10Web | Cross-site Scripting vulnerability in 10Web Form Maker The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. | 4.8 |
2024-09-25 | CVE-2024-7878 | Technowich | Cross-site Scripting vulnerability in Technowich WP Ulike The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2024-09-25 | CVE-2024-8291 | Concretecms | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. | 4.8 |
2024-09-23 | CVE-2024-8758 | Expresstech | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2024-09-27 | CVE-2024-46850 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state. | 4.7 |
2024-09-27 | CVE-2024-46851 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state. | 4.7 |
2024-09-28 | CVE-2024-23960 | Alpsalpine | Improper Verification of Cryptographic Signature vulnerability in Alpsalpine Ilx-F509 Firmware 6.0.000 Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. | 4.6 |
2024-09-27 | CVE-2024-39431 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0/14.0 In UMTS RLC driver, there is a possible out of bounds write due to a missing bounds check. | 4.5 | |
2024-09-27 | CVE-2024-39432 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0/14.0 In UMTS RLC driver, there is a possible out of bounds read due to a missing bounds check. | 4.5 | |
2024-09-27 | CVE-2024-39433 | Out-of-bounds Write vulnerability in Google Android 13.0/14.0 In drm service, there is a possible out of bounds write due to a missing bounds check. | 4.4 | |
2024-09-27 | CVE-2024-39434 | Out-of-bounds Read vulnerability in Google Android 13.0/14.0 In drm service, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2024-09-26 | CVE-2024-7259 | A flaw was found in oVirt. | 4.4 | |
2024-09-26 | CVE-2023-46175 | IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user. | 4.4 | |
2024-09-26 | CVE-2022-49040 | Synology | Classic Buffer Overflow vulnerability in Synology Drive Client Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors. | 4.4 |
2024-09-26 | CVE-2022-49041 | Synology | Classic Buffer Overflow vulnerability in Synology Drive Client Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors. | 4.4 |
2024-09-28 | CVE-2024-9298 | Oretnom23 | Authorization Bypass Through User-Controlled Key vulnerability in Oretnom23 Railway Reservation System 1.0 A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. | 4.3 |
2024-09-27 | CVE-2024-9281 | Bg5Sbk | Cross-Site Request Forgery (CSRF) vulnerability in Bg5Sbk Minicms A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. | 4.3 |
2024-09-27 | CVE-2024-9282 | Bg5Sbk | Cross-Site Request Forgery (CSRF) vulnerability in Bg5Sbk Minicms A vulnerability was found in bg5sbk MiniCMS 1.11. | 4.3 |
2024-09-26 | CVE-2024-8974 | Gitlab | Incorrect Authorization vulnerability in Gitlab Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project." | 4.3 |
2024-09-26 | CVE-2024-41715 | Gotenna | Information Exposure Through Discrepancy vulnerability in Gotenna Atak Plugin The goTenna Pro ATAK Plugin does not inject extra characters into broadcasted frames to obfuscate the length of messages. | 4.3 |
2024-09-26 | CVE-2024-41931 | Gotenna | Unspecified vulnerability in Gotenna The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. | 4.3 |
2024-09-26 | CVE-2024-43814 | Gotenna | Unspecified vulnerability in Gotenna The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information (PLI) updates every 60 seconds once the plugin is active and goTenna is connected. | 4.3 |
2024-09-26 | CVE-2024-45838 | Gotenna | Cleartext Transmission of Sensitive Information vulnerability in Gotenna The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. | 4.3 |
2024-09-26 | CVE-2024-47128 | Gotenna | Unspecified vulnerability in Gotenna PRO The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. | 4.3 |
2024-09-26 | CVE-2024-47129 | Gotenna | Information Exposure Through Discrepancy vulnerability in Gotenna PRO The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. | 4.3 |
2024-09-26 | CVE-2024-47170 | Agnai | Path Traversal vulnerability in Agnai Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. | 4.3 |
2024-09-26 | CVE-2024-47171 | Agnai | Path Traversal vulnerability in Agnai Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. | 4.3 |
2024-09-26 | CVE-2024-8771 | The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'preview_email_template_design' function in all versions up to, and including, 5.7.34. | 4.3 | |
2024-09-26 | CVE-2024-31899 | IBM | Insufficiently Protected Credentials vulnerability in IBM Cognos Command Center 10.2.4.1/10.2.5 IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. | 4.3 |
2024-09-26 | CVE-2024-47145 | Mattermost | Unspecified vulnerability in Mattermost Server Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links. | 4.3 |
2024-09-26 | CVE-2024-8552 | Wpchill | Missing Authorization vulnerability in Wpchill Download Monitor The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. | 4.3 |
2024-09-25 | CVE-2024-20434 | Cisco | Integer Overflow or Wraparound vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. | 4.3 |
2024-09-25 | CVE-2024-8910 | Hasthemes | Unspecified vulnerability in Hasthemes HT Mega The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmega_accordion.php. | 4.3 |
2024-09-25 | CVE-2024-7892 | Vladyslavbondarenko | Cross-Site Request Forgery (CSRF) vulnerability in Vladyslavbondarenko Adstxt The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 4.3 |
2024-09-25 | CVE-2024-8516 | Themesflat | Unspecified vulnerability in Themesflat Addons for Elementor 2.0.0/2.1.2 The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render() function. | 4.3 |
2024-09-25 | CVE-2024-6590 | Javmah | Missing Authorization vulnerability in Javmah Spreadsheet Integration The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. | 4.3 |
2024-09-25 | CVE-2024-7386 | The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. | 4.3 | |
2024-09-25 | CVE-2024-8434 | Themehunk | Missing Authorization vulnerability in Themehunk Mega Menu The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. | 4.3 |
2024-09-25 | CVE-2024-8476 | Wpplugin | Cross-Site Request Forgery (CSRF) vulnerability in Wpplugin Easy Paypal Events The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. | 4.3 |
2024-09-25 | CVE-2024-8437 | The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. | 4.3 | |
2024-09-25 | CVE-2024-8801 | Wedevs | Unspecified vulnerability in Wedevs Happy Addons for Elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. | 4.3 |
2024-09-24 | CVE-2024-8432 | Webba Booking | Missing Authorization vulnerability in Webba-Booking Webba Booking The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() function in all versions up to, and including, 5.0.48. | 4.3 |
2024-09-23 | CVE-2023-7281 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 | |
2024-09-23 | CVE-2023-7282 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. | 4.3 | |
2024-09-23 | CVE-2024-7019 | Unspecified vulnerability in Google Chrome Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. | 4.3 | |
2024-09-23 | CVE-2024-7020 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 | |
2024-09-23 | CVE-2024-7022 | Use of Uninitialized Resource vulnerability in Google Chrome Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | 4.3 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-09-26 | CVE-2024-0133 | Nvidia | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Nvidia Container Toolkit and Nvidia GPU Operator NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. | 3.4 |
2024-09-26 | CVE-2023-52947 | Synology | Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. | 3.3 |
2024-09-26 | CVE-2024-47123 | Gotenna | Insufficient Verification of Data Authenticity vulnerability in Gotenna PRO The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. | 3.1 |
2024-09-26 | CVE-2024-47127 | Gotenna | Improper Authentication vulnerability in Gotenna PRO In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. | 3.1 |
2024-09-26 | CVE-2024-4278 | Gitlab | Unspecified vulnerability in Gitlab An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. | 2.7 |
2024-09-25 | CVE-2024-8350 | Uncannyowl | Missing Authorization vulnerability in Uncannyowl Uncanny Groups for Learndash The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. | 2.7 |
2024-09-23 | CVE-2024-8263 | Github | Unspecified vulnerability in Github Enterprise Server An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. | 2.7 |