Weekly Vulnerabilities Reports > September 23 to 29, 2024

Overview

401 new vulnerabilities reported during this period, including 43 critical vulnerabilities and 124 high severity vulnerabilities. This weekly summary report vulnerabilities in 239 products from 164 vendors including Linux, Google, Gotenna, Cisco, and Synology. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", "NULL Pointer Dereference", and "Missing Authorization".

  • 272 reported vulnerabilities are remotely exploitables.
  • 163 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 194 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 66 reported vulnerabilities.
  • Mayurik has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

Created with Highcharts 7.2.0401
TOTAL
VULNERABILITIES
Created with Highcharts 7.2.043
CRITICAL RISK
VULNERABILITIES
Created with Highcharts 7.2.0124
HIGH RISK
VULNERABILITIES
Created with Highcharts 7.2.0227
MEDIUM RISK
VULNERABILITIES
Created with Highcharts 7.2.07
LOW RISK
VULNERABILITIES
Created with Highcharts 7.2.0272
REMOTELY
EXPLOITABLE
Created with Highcharts 7.2.090
LOCALLY
EXPLOITABLE
Created with Highcharts 7.2.00
EXPLOIT
AVAILABLE
Created with Highcharts 7.2.0194
EXPLOITABLE
ANONYMOUSLY
Created with Highcharts 7.2.0163
AFFECTING
WEB APPLICATION
Created with Highcharts 7.2.0Top 5 Vulnerabilities CategoriesCross-site Scripting: 52.1 %Cross-site Scripting: 52.1 %SQL Injection: 16.0 %SQL Injection: 16.0 %Out-of-bounds Write: 11.0 %Out-of-bounds Write: 11.0 %NULL Pointer Dereference: 10.4 %NULL Pointer Dereference: 10.4 %Missing Authorization: 10.4 %Missing Authorization: 10.4 %
Created with Highcharts 7.2.0Vulnerabilities by Risk LevelsCritical: 10.7 %Critical: 10.7 %High: 30.9 %High: 30.9 %Medium: 56.6 %Medium: 56.6 %Low: 1.7 %Low: 1.7 %
Created with Highcharts 7.2.0#/VulnerabilitiesTop 10 Vulnerable VendorsCriticalHighMediumLowLinuxGoogleGotennaCiscoSynologyMayurikOretnom23HuaweiDoverfuelingsolutionsAdvantech0510152025303540455055606570
Created with Highcharts 7.2.0Vulnerabilities publications by day09-2309-2409-2509-2609-2709-2809-290255075100125

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

43 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-09-25 CVE-2024-8436 The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'edit_imageId' and 'edit_imageDelete' parameters in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
9.9
2024-09-24 CVE-2024-8624 Pluginus SQL Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter

The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

9.9
2024-09-29 CVE-2024-9328 Mayurik SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0

A vulnerability was found in SourceCodester Advocate Office Management System 1.0.

9.8
2024-09-29 CVE-2024-9327 Code Projects SQL Injection vulnerability in Code-Projects Blood Bank System 1.0

A vulnerability was found in code-projects Blood Bank System 1.0.

9.8
2024-09-29 CVE-2024-9326 Phpgurukul SQL Injection vulnerability in PHPgurukul Online Shopping Portal 2.0

A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0.

9.8
2024-09-29 CVE-2024-9322 Anisha SQL Injection vulnerability in Anisha Supply Chain Management 1.0

A vulnerability was found in code-projects Supply Chain Management 1.0.

9.8
2024-09-28 CVE-2024-9318 Mayurik SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Advocate Office Management System 1.0.

9.8
2024-09-28 CVE-2024-9296 Mayurik SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0

A vulnerability was found in SourceCodester Advocate Office Management System 1.0.

9.8
2024-09-28 CVE-2024-9295 Mayurik SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0

A vulnerability was found in SourceCodester Advocate Office Management System 1.0 and classified as critical.

9.8
2024-09-28 CVE-2024-8353 Givewp Deserialization of Untrusted Data vulnerability in Givewp

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'.

9.8
2024-09-27 CVE-2024-8630 Alisonic SQL Injection vulnerability in Alisonic Sibylla Firmware

Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database.

9.8
2024-09-27 CVE-2024-8607 Oceanicsoft SQL Injection vulnerability in Oceanicsoft Valeapp

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0.

9.8
2024-09-27 CVE-2024-8643 Oceanicsoft Session Fixation vulnerability in Oceanicsoft Valeapp

Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0.

9.8
2024-09-27 CVE-2024-9280 KVF Admin Project Unrestricted Upload of File with Dangerous Type vulnerability in Kvf-Admin Project Kvf-Admin 20220212

A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical.

9.8
2024-09-26 CVE-2024-46628 Tendacn OS Command Injection vulnerability in Tendacn G3 Firmware 15.03.05.05

Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.

9.8
2024-09-26 CVE-2024-7108 Nationalkeep Incorrect Authorization vulnerability in Nationalkeep Cybermath 1.4

Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CyberMath: before CYBM.240816253.

9.8
2024-09-26 CVE-2024-7772 Artbees Unrestricted Upload of File with Dangerous Type vulnerability in Artbees Jupiter X Core

The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5.

9.8
2024-09-26 CVE-2024-7781 Artbees Missing Authentication for Critical Function vulnerability in Artbees Jupiter X Core

The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5.

9.8
2024-09-25 CVE-2024-47078 Meshtastic Incorrect Authorization vulnerability in Meshtastic Firmware

Meshtastic is an open source, off-grid, decentralized, mesh network.

9.8
2024-09-25 CVE-2024-7575 Telerik Command Injection vulnerability in Telerik UI for WPF

In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.

9.8
2024-09-25 CVE-2024-7576 Telerik Deserialization of Untrusted Data vulnerability in Telerik UI for WPF

In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.

9.8
2024-09-25 CVE-2024-8275 Stellarwp SQL Injection vulnerability in Stellarwp the Events Calendar

The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up to, and including, 6.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

9.8
2024-09-25 CVE-2024-8485 Jianbo Authorization Bypass Through User-Controlled Key vulnerability in Jianbo Rest API to Miniprogram

The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be updated.

9.8
2024-09-25 CVE-2024-43423 Doverfuelingsolutions Use of Hard-coded Credentials vulnerability in Doverfuelingsolutions products

The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.

9.8
2024-09-25 CVE-2024-43692 Doverfuelingsolutions Unspecified vulnerability in Doverfuelingsolutions products

An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly.

9.8
2024-09-25 CVE-2024-43693 Doverfuelingsolutions Command Injection vulnerability in Doverfuelingsolutions products

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.

9.8
2024-09-25 CVE-2024-45066 Doverfuelingsolutions Command Injection vulnerability in Doverfuelingsolutions products

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.

9.8
2024-09-25 CVE-2024-8877 Riello UPS SQL Injection vulnerability in Riello-Ups Netman 204 Firmware 02.05

Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204.

9.8
2024-09-25 CVE-2024-8878 Riello UPS Weak Password Recovery Mechanism for Forgotten Password vulnerability in Riello-Ups Netman 204 Firmware 02.05

The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05.

9.8
2024-09-25 CVE-2024-8940 Scriptcase Unrestricted Upload of File with Dangerous Type vulnerability in Scriptcase 9.4.019

Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request.

9.8
2024-09-24 CVE-2024-8791 Wpcharitable Authorization Bypass Through User-Controlled Key vulnerability in Wpcharitable Charitable

The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14.

9.8
2024-09-23 CVE-2024-47222 Myoffice Server-Side Request Forgery (SSRF) vulnerability in Myoffice MY Office SDK

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol.

9.8
2024-09-23 CVE-2024-0001 Purestorage Insecure Default Initialization of Resource vulnerability in Purestorage Purity//Fa

A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.

9.8
2024-09-23 CVE-2024-0002 Purestorage Unspecified vulnerability in Purestorage Purity//Fa

A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.

9.8
2024-09-23 CVE-2024-46997 Dataease Unspecified vulnerability in Dataease

DataEase is an open source data visualization analysis tool.

9.8
2024-09-23 CVE-2024-9094 Code Projects SQL Injection vulnerability in Code-Projects Blood Bank System 1.0

A vulnerability classified as critical was found in code-projects Blood Bank System 1.0.

9.8
2024-09-23 CVE-2024-9090 Mayurik SQL Injection vulnerability in Mayurik Modern Loan Management System 1.0

A vulnerability was found in SourceCodester Modern Loan Management System 1.0.

9.8
2024-09-23 CVE-2024-9091 Code Projects SQL Injection vulnerability in Code-Projects Student Record System 1.0

A vulnerability was found in code-projects Student Record System 1.0.

9.8
2024-09-23 CVE-2024-7024 Google Out-of-bounds Write vulnerability in Google Chrome

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6
2024-09-25 CVE-2024-20510 Cisco Incorrect Authorization vulnerability in Cisco IOS XE

A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before user authentication. This vulnerability is due to a logic error when activating the pre-authentication ACL that is received from the authentication, authorization, and accounting (AAA) server.

9.3
2024-09-25 CVE-2024-6592 Watchguard Incorrect Authorization vulnerability in Watchguard Authentication Gateway and Single Sign-On Client

Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through 12.10.2; Windows Single Sign-On Client: through 12.7; MacOS Single Sign-On Client: through 12.5.4.

9.1
2024-09-25 CVE-2024-6593 Watchguard Incorrect Authorization vulnerability in Watchguard Authentication Gateway

Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands. This issue affects Authentication Gateway: through 12.10.2.

9.1
2024-09-24 CVE-2024-8671 Exthemes Path Traversal vulnerability in Exthemes Wooevents

The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2.

9.1

124 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-09-29 CVE-2024-9324 Intelbras Improper Enforcement of Message or Data Structure vulnerability in Intelbras Incontrol web

A vulnerability was found in Intelbras InControl up to 2.21.57.

8.8
2024-09-29 CVE-2024-9319 Rems SQL Injection vulnerability in Rems Online Timesheet APP 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Online Timesheet App 1.0.

8.8
2024-09-28 CVE-2024-9317 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Eyewear Shop 1.0

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0.

8.8
2024-09-28 CVE-2024-9315 Oretnom23 SQL Injection vulnerability in Oretnom23 Employee and Visitor Gate Pass Logging System 1.0

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0.

8.8
2024-09-28 CVE-2024-23923 Alpsalpine Use After Free vulnerability in Alpsalpine Ilx-F509 Firmware 6.0.000

Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability.

8.8
2024-09-28 CVE-2024-23958 Autel Use of Hard-coded Credentials vulnerability in Autel Maxicharger AC Elite Business C50 Firmware 1.32.00

Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability.

8.8
2024-09-28 CVE-2024-23938 Silabs Out-of-bounds Write vulnerability in Silabs Gecko OS 1.0.46

Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability.

8.8
2024-09-28 CVE-2024-23957 Autel Out-of-bounds Write vulnerability in Autel Maxicharger AC Elite Business C50 Firmware 1.32.00

Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability.

8.8
2024-09-27 CVE-2024-9293 Skyselang SQL Injection vulnerability in Skyselang Yyladmin

A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0.

8.8
2024-09-27 CVE-2024-28948 Advantech Cross-Site Request Forgery (CSRF) vulnerability in Advantech Adam-5630 Firmware

Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability.

8.8
2024-09-27 CVE-2024-39275 Advantech Unspecified vulnerability in Advantech Adam-5630 Firmware

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed.

8.8
2024-09-27 CVE-2024-7149 Themewinter Path Traversal vulnerability in Themewinter Eventin

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters.

8.8
2024-09-27 CVE-2024-8922 Piwebsolution Deserialization of Untrusted Data vulnerability in Piwebsolution Product Enquiry for Woocommerce

The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquiry_detail.php.

8.8
2024-09-26 CVE-2024-39577 Dell Unspecified vulnerability in Dell Smartfabric Os10 10.5.3.0/10.5.3.4/10.5.3.5

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability.

8.8
2024-09-26 CVE-2024-47126 Gotenna Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Gotenna PRO

The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys.

8.8
2024-09-26 CVE-2024-47169 Agnai Path Traversal: '.../...//' vulnerability in Agnai

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system.

8.8
2024-09-26 CVE-2024-8126 Advancedfilemanager Unrestricted Upload of File with Dangerous Type vulnerability in Advancedfilemanager Advanced File Manager

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8.

8.8
2024-09-26 CVE-2024-47330 Supsystic Missing Authorization vulnerability in Supsystic Slider and Social Share Buttons

Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9.

8.8
2024-09-25 CVE-2024-46489 Ferrislucas Code Injection vulnerability in Ferrislucas Promptr 6.0.7

A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL.

8.8
2024-09-25 CVE-2024-47305 Dineshkarki Cross-Site Request Forgery (CSRF) vulnerability in Dineshkarki USE ANY Font

Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08.

8.8
2024-09-25 CVE-2024-47315 Givewp Cross-Site Request Forgery (CSRF) vulnerability in Givewp

Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1.

8.8
2024-09-25 CVE-2024-20437 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device.

8.8
2024-09-25 CVE-2024-8290 Wclovers Authorization Bypass Through User-Controlled Key vulnerability in Wclovers Frontend Manager for Woocommerce Along With Bookings Subscription Listings Compatible

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function due to missing validation on the ID user controlled key.

8.8
2024-09-25 CVE-2024-45373 Doverfuelingsolutions Unspecified vulnerability in Doverfuelingsolutions products

Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.

8.8
2024-09-25 CVE-2024-9120 Google Use After Free vulnerability in Google Chrome

Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-09-25 CVE-2024-9121 Google Out-of-bounds Write vulnerability in Google Chrome

Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8
2024-09-25 CVE-2024-9122 Google Type Confusion vulnerability in Google Chrome

Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

8.8
2024-09-25 CVE-2024-9123 Google Integer Overflow or Wraparound vulnerability in Google Chrome

Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

8.8
2024-09-24 CVE-2024-8795 BA Booking Cross-Site Request Forgery (CSRF) vulnerability in Ba-Booking BA Book Everything

The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20.

8.8
2024-09-23 CVE-2024-7023 Google Unspecified vulnerability in Google Chrome

Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file.

8.8
2024-09-23 CVE-2021-38023 Google Use After Free vulnerability in Google Chrome

Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2024-09-23 CVE-2024-0005 Purestorage Command Injection vulnerability in Purestorage Purity//Fa

A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.

8.8
2024-09-23 CVE-2024-47066 Lobehub Server-Side Request Forgery (SSRF) vulnerability in Lobehub Lobe Chat

Lobe Chat is an open-source artificial intelligence chat framework.

8.8
2024-09-23 CVE-2024-45348 MI Command Injection vulnerability in MI Ax9000 Firmware

Xiaomi Router AX9000 has a post-authorization command injection vulnerability.

8.8
2024-09-23 CVE-2024-8606 Checkmk Incorrect Authorization vulnerability in Checkmk 2.2.0/2.3.0

Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication

8.8
2024-09-25 CVE-2024-20455 Cisco Unspecified vulnerability in Cisco IOS XE

A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because UTD improperly handles certain packets as those packets egress an SD-WAN IPsec tunnel.

8.6
2024-09-25 CVE-2024-20464 Cisco Unspecified vulnerability in Cisco IOS XE 17.13.1/17.13.1A

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets.

8.6
2024-09-25 CVE-2024-20467 Cisco Unspecified vulnerability in Cisco IOS XE 17.11.99Sw/17.12.1/17.12.1A

A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper management of resources during fragment reassembly.

8.6
2024-09-25 CVE-2024-20480 Cisco Always-Incorrect Control Flow Implementation vulnerability in Cisco IOS XE

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition that requires a manual reload to recover.

8.6
2024-09-26 CVE-2024-0132 Nvidia Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Nvidia Container Toolkit and Nvidia GPU Operator

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system.

8.3
2024-09-27 CVE-2024-40510 Openpetra Cross-site Scripting vulnerability in Openpetra 2023.02

Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMCommon.asmx function.

8.2
2024-09-26 CVE-2023-52946 Synology Classic Buffer Overflow vulnerability in Synology Drive Client

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors.

8.2
2024-09-25 CVE-2024-8942 Scriptcase Cross-site Scripting vulnerability in Scriptcase 9.4.019

Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others.

8.2
2024-09-28 CVE-2024-23959 Autel Out-of-bounds Write vulnerability in Autel Maxicharger AC Elite Business C50 Firmware 1.32.00

Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-based Buffer Overflow Remote Code Execution Vulnerability.

8.0
2024-09-28 CVE-2024-23967 Autel Out-of-bounds Write vulnerability in Autel Maxicharger AC Elite Business C50 Firmware 1.32.00

Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability.

8.0
2024-09-25 CVE-2024-47082 Strawberryrocks Cross-Site Request Forgery (CSRF) vulnerability in Strawberryrocks Strawberry

Strawberry GraphQL is a library for creating GraphQL APIs.

8.0
2024-09-25 CVE-2021-38963 IBM Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability.

8.0
2024-09-29 CVE-2024-9325 Intelbras Untrusted Search Path vulnerability in Intelbras Incontrol web

A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56.

7.8
2024-09-27 CVE-2024-46804 Linux Improper Validation of Array Index vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check for hdcp ddc access [Why] Coverity reports OVERRUN warning.

7.8
2024-09-27 CVE-2024-46811 Linux Improper Validation of Array Index vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box [Why] Coverity reports OVERRUN warning.

7.8
2024-09-27 CVE-2024-46812 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration [Why] Coverity reports Memory - illegal accesses. [How] Skip inactive planes.

7.8
2024-09-27 CVE-2024-46813 Linux Improper Validation of Array Index vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check link_index before accessing dc->links[] [WHY & HOW] dc->links[] has max size of MAX_LINKS and NULL is return when trying to access with out-of-bound index. This fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.

7.8
2024-09-27 CVE-2024-46814 Linux Improper Validation of Array Index vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check msg_id before processing transcation [WHY & HOW] HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid array index, and it needs checking before used. This fixes 4 OVERRUN issues reported by Coverity.

7.8
2024-09-27 CVE-2024-46815 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] [WHY & HOW] num_valid_sets needs to be checked to avoid a negative index when accessing reader_wm_sets[num_valid_sets - 1]. This fixes an OVERRUN issue reported by Coverity.

7.8
2024-09-27 CVE-2024-46818 Linux Improper Validation of Array Index vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpio_id before used as array index [WHY & HOW] GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore should be checked in advance. This fixes 5 OVERRUN issues reported by Coverity.

7.8
2024-09-27 CVE-2024-46820 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend We do not directly enable/disable VCN IRQ in vcn 5.0.0. And we do not handle the IRQ state as well.

7.8
2024-09-27 CVE-2024-46821 Linux Improper Validation of Array Index vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix negative array index read Avoid using the negative values for clk_idex as an index into an array pptable->DpmDescriptor. V2: fix clk_index return check (Tim Huang)

7.8
2024-09-27 CVE-2024-46828 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: fix bulk flow accounting logic for host fairness In sch_cake, we keep track of the count of active bulk flows per host, when running in dst/src host fairness mode, which is used as the round-robin weight when iterating through flows.

7.8
2024-09-27 CVE-2024-46830 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX reads guest memory. Note, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN via sync_regs(), which already holds SRCU.

7.8
2024-09-27 CVE-2024-46831 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap: Fix use-after-free error in kunit test This is a clear use-after-free error.

7.8
2024-09-27 CVE-2024-46833 Linux Improper Validation of Array Index vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: hns3: void array out of bound when loop tnl_num When query reg inf of SSU, it loops tnl_num times.

7.8
2024-09-27 CVE-2024-46836 Linux Improper Validation of Array Index vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed_udc: validate endpoint index for ast udc We should verify the bound of the array to assure that host may not manipulate the index to point past endpoint array. Found by static analysis.

7.8
2024-09-27 CVE-2024-46844 Linux Access of Uninitialized Pointer vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initialize it in all possible cases in setup_one_line().

7.8
2024-09-27 CVE-2024-46845 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Only clear timer if a kthread exists The timerlat tracer can use user space threads to check for osnoise and timer latency.

7.8
2024-09-27 CVE-2024-46849 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'pad' pointer initialization after this function when memory is already reallocated. Kasan bug report: ================================================================== BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc Read of size 8 at addr ffff000000e8b260 by task modprobe/356 CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1 Call trace: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x78/0x90 print_report+0xfc/0x5c0 kasan_report+0xb8/0xfc __asan_load8+0x9c/0xb8 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card] meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils] platform_probe+0x8c/0xf4 really_probe+0x110/0x39c __driver_probe_device+0xb8/0x18c driver_probe_device+0x108/0x1d8 __driver_attach+0xd0/0x25c bus_for_each_dev+0xe0/0x154 driver_attach+0x34/0x44 bus_add_driver+0x134/0x294 driver_register+0xa8/0x1e8 __platform_driver_register+0x44/0x54 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card] do_one_initcall+0xdc/0x25c do_init_module+0x10c/0x334 load_module+0x24c4/0x26cc init_module_from_file+0xd4/0x128 __arm64_sys_finit_module+0x1f4/0x41c invoke_syscall+0x60/0x188 el0_svc_common.constprop.0+0x78/0x13c do_el0_svc+0x30/0x40 el0_svc+0x38/0x78 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194

7.8
2024-09-27 CVE-2024-46852 Linux Off-by-one Error vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix off-by-one in CMA heap fault handler Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps: Don't track CMA dma-buf pages under RssFile") it was possible to obtain a mapping larger than the buffer size via mremap and bypass the overflow check in dma_buf_mmap_internal.

7.8
2024-09-27 CVE-2024-46853 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the data that is not 4 byte aligned to TX FIFO. To reproduce the issue, write 3 bytes data to NOR chip. dd if=3b of=/dev/mtd0 [ 36.926103] ================================================================== [ 36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838 [ 36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455 [ 36.946721] [ 36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070 [ 36.956185] Hardware name: Freescale i.MX8QM MEK (DT) [ 36.961260] Call trace: [ 36.963723] dump_backtrace+0x90/0xe8 [ 36.967414] show_stack+0x18/0x24 [ 36.970749] dump_stack_lvl+0x78/0x90 [ 36.974451] print_report+0x114/0x5cc [ 36.978151] kasan_report+0xa4/0xf0 [ 36.981670] __asan_report_load_n_noabort+0x1c/0x28 [ 36.986587] nxp_fspi_exec_op+0x26ec/0x2838 [ 36.990800] spi_mem_exec_op+0x8ec/0xd30 [ 36.994762] spi_mem_no_dirmap_read+0x190/0x1e0 [ 36.999323] spi_mem_dirmap_write+0x238/0x32c [ 37.003710] spi_nor_write_data+0x220/0x374 [ 37.007932] spi_nor_write+0x110/0x2e8 [ 37.011711] mtd_write_oob_std+0x154/0x1f0 [ 37.015838] mtd_write_oob+0x104/0x1d0 [ 37.019617] mtd_write+0xb8/0x12c [ 37.022953] mtdchar_write+0x224/0x47c [ 37.026732] vfs_write+0x1e4/0x8c8 [ 37.030163] ksys_write+0xec/0x1d0 [ 37.033586] __arm64_sys_write+0x6c/0x9c [ 37.037539] invoke_syscall+0x6c/0x258 [ 37.041327] el0_svc_common.constprop.0+0x160/0x22c [ 37.046244] do_el0_svc+0x44/0x5c [ 37.049589] el0_svc+0x38/0x78 [ 37.052681] el0t_64_sync_handler+0x13c/0x158 [ 37.057077] el0t_64_sync+0x190/0x194 [ 37.060775] [ 37.062274] Allocated by task 455: [ 37.065701] kasan_save_stack+0x2c/0x54 [ 37.069570] kasan_save_track+0x20/0x3c [ 37.073438] kasan_save_alloc_info+0x40/0x54 [ 37.077736] __kasan_kmalloc+0xa0/0xb8 [ 37.081515] __kmalloc_noprof+0x158/0x2f8 [ 37.085563] mtd_kmalloc_up_to+0x120/0x154 [ 37.089690] mtdchar_write+0x130/0x47c [ 37.093469] vfs_write+0x1e4/0x8c8 [ 37.096901] ksys_write+0xec/0x1d0 [ 37.100332] __arm64_sys_write+0x6c/0x9c [ 37.104287] invoke_syscall+0x6c/0x258 [ 37.108064] el0_svc_common.constprop.0+0x160/0x22c [ 37.112972] do_el0_svc+0x44/0x5c [ 37.116319] el0_svc+0x38/0x78 [ 37.119401] el0t_64_sync_handler+0x13c/0x158 [ 37.123788] el0t_64_sync+0x190/0x194 [ 37.127474] [ 37.128977] The buggy address belongs to the object at ffff00081037c2a0 [ 37.128977] which belongs to the cache kmalloc-8 of size 8 [ 37.141177] The buggy address is located 0 bytes inside of [ 37.141177] allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3) [ 37.153465] [ 37.154971] The buggy address belongs to the physical page: [ 37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c [ 37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.175149] page_type: 0xfdffffff(slab) [ 37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000 [ 37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000 [ 37.194553] page dumped because: kasan: bad access detected [ 37.200144] [ 37.201647] Memory state around the buggy address: [ 37.206460] ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 37.213701] ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc [ 37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc [ 37.228186] ^ [ 37.232473] ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.239718] ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.246962] ============================================================== ---truncated---

7.8
2024-09-27 CVE-2024-46859 Linux Improper Validation of Array Index vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses The panasonic laptop code in various places uses the SINF array with index values of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array is big enough. Not all panasonic laptops have this many SINF array entries, for example the Toughbook CF-18 model only has 10 SINF array entries.

7.8
2024-09-27 CVE-2024-39435 Google Unspecified vulnerability in Google Android 12.0/13.0/14.0

In Logmanager service, there is a possible missing verification incorrect input.

7.8
2024-09-26 CVE-2022-49038 Synology Inclusion of Functionality from Untrusted Control Sphere vulnerability in Synology Drive Client

Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors.

7.8
2024-09-26 CVE-2024-8404 Papercut Link Following vulnerability in Papercut NG

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled.

7.8
2024-09-25 CVE-2024-8975 Grafana Unquoted Search Path or Element vulnerability in Grafana Alloy

Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1.

7.8
2024-09-25 CVE-2024-8996 Grafana Unquoted Search Path or Element vulnerability in Grafana Agent

Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2

7.8
2024-09-25 CVE-2024-7679 Telerik Command Injection vulnerability in Telerik UI for WPF

In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.

7.8
2024-09-25 CVE-2024-8316 Telerik Deserialization of Untrusted Data vulnerability in Telerik UI for WPF

In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.

7.8
2024-09-23 CVE-2018-20072 Google Unspecified vulnerability in Google Chrome

Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file.

7.8
2024-09-23 CVE-2024-7018 Google Out-of-bounds Write vulnerability in Google Chrome

Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

7.8
2024-09-28 CVE-2024-9316 Code Projects SQL Injection vulnerability in Code-Projects Blood Bank System 1.0

A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0.

7.5
2024-09-28 CVE-2024-23935 Alpsalpine Out-of-bounds Write vulnerability in Alpsalpine Ilx-F509 Firmware 6.0.000

Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability.

7.5
2024-09-27 CVE-2024-23586 Hcltech Insufficient Session Expiration vulnerability in Hcltech HCL Nomad

HCL Nomad is susceptible to an insufficient session expiration vulnerability.

7.5
2024-09-27 CVE-2024-9301 Netflix Path Traversal vulnerability in Netflix E2Nest

A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a

7.5
2024-09-27 CVE-2024-44910 Nasa Out-of-bounds Read vulnerability in Nasa Cryptolib 1.3.0

NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the AOS subsystem (crypto_aos.c).

7.5
2024-09-27 CVE-2024-44911 Nasa Out-of-bounds Read vulnerability in Nasa Cryptolib 1.3.0

NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_aos.c).

7.5
2024-09-27 CVE-2024-44912 Nasa Out-of-bounds Read vulnerability in Nasa Cryptolib 1.3.0

NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TM subsystem (crypto_tm.c).

7.5
2024-09-27 CVE-2024-47182 Amirraminfar Inadequate Encryption Strength vulnerability in Amirraminfar Dozzle

Dozzle is a realtime log viewer for docker containers.

7.5
2024-09-27 CVE-2024-8609 Oceanicsoft Information Exposure Through Log Files vulnerability in Oceanicsoft Valeapp

Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information.This issue affects ValeApp: before v2.0.0.

7.5
2024-09-27 CVE-2024-8644 Oceanicsoft Cleartext Storage of Sensitive Information vulnerability in Oceanicsoft Valeapp

Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).This issue affects ValeApp: before v2.0.0.

7.5
2024-09-27 CVE-2024-47293 Huawei Out-of-bounds Write vulnerability in Huawei Emui and Harmonyos

Out-of-bounds write vulnerability in the HAL-WIFI module Impact: Successful exploitation of this vulnerability may affect availability.

7.5
2024-09-27 CVE-2024-47294 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability.

7.5
2024-09-27 CVE-2024-9136 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

7.5
2024-09-27 CVE-2024-7713 AYS PRO Cleartext Transmission of Sensitive Information vulnerability in Ays-Pro Chatgpt Assistant

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it

7.5
2024-09-27 CVE-2024-7714 AYS PRO Unspecified vulnerability in Ays-Pro Chatgpt Assistant

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0.

7.5
2024-09-26 CVE-2024-37125 Dell Unspecified vulnerability in Dell Smartfabric Os10 10.5.3.0/10.5.3.4/10.5.3.5

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability.

7.5
2024-09-26 CVE-2024-7107 Nationalkeep Files or Directories Accessible to External Parties vulnerability in Nationalkeep Cybermath 1.4

Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations.This issue affects CyberMath: before CYBM.240816253.

7.5
2024-09-26 CVE-2024-9199 Clibomanager Unspecified vulnerability in Clibomanager Clibo Manager 1.1.9.2

Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an attacker to send a large number of emails to the victim in a short time, affecting availability and leading to a denial of service (DoS).

7.5
2024-09-26 CVE-2024-47197 Apache Insecure Storage of Sensitive Information vulnerability in Apache Maven Archetype 3.2.1

Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not want to publish.

7.5
2024-09-25 CVE-2024-47083 Microsoft Information Exposure Through Log Files vulnerability in Microsoft Power Platform Terraform Provider

Power Platform Terraform Provider allows managing environments and other resources within Power Platform.

7.5
2024-09-25 CVE-2024-20433 Cisco Out-of-bounds Write vulnerability in Cisco IOS

A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets.

7.5
2024-09-25 CVE-2024-20436 Cisco NULL Pointer Dereference vulnerability in Cisco IOS XE

A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a null pointer dereference when accessing specific URLs.

7.5
2024-09-25 CVE-2024-22892 Openslides Inadequate Encryption Strength vulnerability in Openslides 4.0.15

OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords.

7.5
2024-09-25 CVE-2024-6594 Watchguard Improper Handling of Exceptional Conditions vulnerability in Watchguard Single Sign-On Client

Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands.

7.5
2024-09-25 CVE-2024-8175 An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.
7.5
2024-09-25 CVE-2024-8484 Jianbo SQL Injection vulnerability in Jianbo Rest API to Miniprogram

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

7.5
2024-09-25 CVE-2022-43845 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.

7.5
2024-09-25 CVE-2023-5359 Boldgrid Cleartext Storage of Sensitive Information vulnerability in Boldgrid W3 Total Cache

The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source.

7.5
2024-09-25 CVE-2024-46610 Thecosy Unspecified vulnerability in Thecosy Icecms 1.0.0/2.0.1

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java

7.5
2024-09-25 CVE-2024-46935 Rocket Chat Unspecified vulnerability in Rocket.Chat

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS).

7.5
2024-09-23 CVE-2024-42861 Linuxptp Project Unspecified vulnerability in Linuxptp Project Linuxptp

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function

7.5
2024-09-23 CVE-2024-46985 Dataease XXE vulnerability in Dataease

DataEase is an open source data visualization analysis tool.

7.5
2024-09-27 CVE-2024-38861 Tomtretbar Improper Certificate Validation vulnerability in Tomtretbar Mikrotik

Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic.

7.4
2024-09-25 CVE-2024-8481 Simplelib Code Injection vulnerability in Simplelib Special Text Boxes

The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2.

7.3
2024-09-24 CVE-2024-8623 Pluginus Code Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter

The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3.

7.3
2024-09-27 CVE-2024-9130 Givewp SQL Injection vulnerability in Givewp

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

7.2
2024-09-26 CVE-2024-43191 IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.
7.2
2024-09-26 CVE-2024-8704 Advancedfilemanager Path Traversal vulnerability in Advancedfilemanager Advanced File Manager

The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter.

7.2
2024-09-25 CVE-2024-7385 Freelancer Coder SQL Injection vulnerability in Freelancer-Coder Wordpress Simple Html Sitemap

The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

7.2
2024-09-25 CVE-2024-8514 Prisna Deserialization of Untrusted Data vulnerability in Prisna Google Website Translator

The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisna_import' parameter.

7.2
2024-09-25 CVE-2024-8349 Uncannyowl Missing Authorization vulnerability in Uncannyowl Uncanny Groups for Learndash

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1.

7.2
2024-09-23 CVE-2024-0003 Purestorage Unspecified vulnerability in Purestorage Purity//Fa

A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.

7.2
2024-09-23 CVE-2024-0004 Purestorage Code Injection vulnerability in Purestorage Purity//Fa

A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.

7.2
2024-09-23 CVE-2024-9093 Rems SQL Injection vulnerability in Rems Profile Registration Without Reload/Refresh 1.0

A vulnerability classified as critical has been found in SourceCodester Profile Registration without Reload Refresh 1.0.

7.2
2024-09-27 CVE-2024-46854 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked.

7.1
2024-09-27 CVE-2024-46865 Linux Use of Uninitialized Resource vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first.

7.1
2024-09-27 CVE-2024-46858 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action napi_poll netlink_sendmsg __napi_poll netlink_unicast process_backlog netlink_unicast_kernel __netif_receive_skb genl_rcv __netif_receive_skb_one_core netlink_rcv_skb NF_HOOK genl_rcv_msg ip_local_deliver_finish genl_family_rcv_msg ip_protocol_deliver_rcu genl_family_rcv_msg_doit tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit tcp_v4_do_rcv mptcp_nl_remove_addrs_list tcp_rcv_established mptcp_pm_remove_addrs_and_subflows tcp_data_queue remove_anno_list_by_saddr mptcp_incoming_options mptcp_pm_del_add_timer mptcp_pm_del_add_timer kfree(entry) In remove_anno_list_by_saddr(running on CPU2), after leaving the critical zone protected by "pm.lock", the entry will be released, which leads to the occurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1). Keeping a reference to add_timer inside the lock, and calling sk_stop_timer_sync() with this reference, instead of "entry->add_timer". Move list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock, do not directly access any members of the entry outside the pm lock, which can avoid similar "entry->x" uaf.

7.0

227 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-09-28 CVE-2024-23924 Alpsalpine OS Command Injection vulnerability in Alpsalpine Ilx-F509 Firmware 6.0.000

Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability.

6.8
2024-09-28 CVE-2024-23961 Alpsalpine OS Command Injection vulnerability in Alpsalpine Ilx-F509 Firmware 6.0.000

Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability.

6.8
2024-09-23 CVE-2024-23922 Sony Insufficient Verification of Data Authenticity vulnerability in Sony Xav-Ax5500 Firmware 1.13

Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability.

6.8
2024-09-23 CVE-2024-23972 Sony Classic Buffer Overflow vulnerability in Sony Xav-Ax5500 Firmware 1.13

Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability.

6.8
2024-09-26 CVE-2022-49039 Synology Out-of-bounds Write vulnerability in Synology Drive Client

Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands via unspecified vectors.

6.7
2024-09-26 CVE-2024-41722 Gotenna Unspecified vulnerability in Gotenna

In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks.

6.5
2024-09-26 CVE-2024-43108 Gotenna Insufficient Verification of Data Authenticity vulnerability in Gotenna

The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.

6.5
2024-09-26 CVE-2024-43694 Gotenna Insecure Storage of Sensitive Information vulnerability in Gotenna Atak Plugin

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device.

6.5
2024-09-26 CVE-2024-45374 Gotenna Insecure Storage of Sensitive Information vulnerability in Gotenna

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method.

6.5
2024-09-26 CVE-2024-45723 Gotenna Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Gotenna

The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys.

6.5
2024-09-26 CVE-2024-45987 Online Voting System Project Cross-Site Request Forgery (CSRF) vulnerability in Online Voting System Project Online Voting System 1.0

Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php.

6.5
2024-09-26 CVE-2024-47122 Gotenna Insecure Storage of Sensitive Information vulnerability in Gotenna PRO

In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device (EUD).

6.5
2024-09-26 CVE-2024-47124 Gotenna Cleartext Transmission of Sensitive Information vulnerability in Gotenna PRO

The goTenna Pro App does not encrypt callsigns in messages.

6.5
2024-09-26 CVE-2024-47130 Gotenna Missing Authentication for Critical Function vulnerability in Gotenna PRO

The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages.

6.5
2024-09-26 CVE-2024-47003 Mattermost Unspecified vulnerability in Mattermost Server

Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend.

6.5
2024-09-26 CVE-2024-45372 Planex Cross-Site Request Forgery (CSRF) vulnerability in Planex Mzk-Dp300N Firmware

MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability.

6.5
2024-09-26 CVE-2022-49037 Synology Information Exposure Through Log Files vulnerability in Synology Drive Client

Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors.

6.5
2024-09-25 CVE-2024-20414 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE

A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method.

6.5
2024-09-25 CVE-2024-20508 Cisco Out-of-bounds Write vulnerability in Cisco Unified Threat Defense Snort Intrusion Prevention System Engine

A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of HTTP requests when they are processed by Cisco UTD Snort IPS Engine.

6.5
2024-09-25 CVE-2024-41445 Ihedvall Out-of-bounds Write vulnerability in Ihedvall MDF Library 2.1

Library MDF (mdflib) v2.1 is vulnerable to a heap-based buffer overread via a crafted mdf4 file is parsed using the ReadData function

6.5
2024-09-25 CVE-2024-6512 Devolutions Incorrect Authorization vulnerability in Devolutions Server

Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.

6.5
2024-09-25 CVE-2024-8483 Madrasthemes Unspecified vulnerability in Madrasthemes MAS Static Content

The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function.

6.5
2024-09-25 CVE-2024-8621 Mmrs151 SQL Injection vulnerability in Mmrs151 Daily Prayer Time

The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

6.5
2024-09-25 CVE-2024-38324 IBM Improper Certificate Validation vulnerability in IBM Storage Defender 2.0.0/2.0.4

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.

6.5
2024-09-23 CVE-2024-43996 Wpmet Path Traversal vulnerability in Wpmet Elementskit 2.3.6/2.6.4/3.6.0

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.This issue affects ElementsKit Pro: from n/a through 3.6.0.

6.5
2024-09-25 CVE-2024-8267 The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the 'wp:radio-player' Gutenberg block in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping.
6.4
2024-09-28 CVE-2024-9297 Oretnom23 Missing Authorization vulnerability in Oretnom23 Railway Reservation System 1.0

A vulnerability was found in SourceCodester Online Railway Reservation System 1.0.

6.3
2024-09-28 CVE-2024-9300 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Railway Reservation System 1.0

A vulnerability classified as problematic was found in SourceCodester Online Railway Reservation System 1.0.

6.1
2024-09-28 CVE-2024-8712 Stape Cross-site Scripting vulnerability in Stape GTM Server Side

The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.19.

6.1
2024-09-28 CVE-2024-8715 Objectiv Cross-site Scripting vulnerability in Objectiv Simple Ldap Login

The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0.

6.1
2024-09-28 CVE-2024-8788 Wpfactory Cross-site Scripting vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce

The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.11.

6.1
2024-09-27 CVE-2024-46453 Honeywell Cross-site Scripting vulnerability in Honeywell Iq3Xcite Firmware

A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

6.1
2024-09-27 CVE-2024-47186 Filamentphp Cross-site Scripting vulnerability in Filamentphp Filament

Filament is a collection of full-stack components for Laravel development.

6.1
2024-09-27 CVE-2024-25412 Flatpress Cross-site Scripting vulnerability in Flatpress

A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.

6.1
2024-09-27 CVE-2024-38308 Advantech Cross-site Scripting vulnerability in Advantech Adam 5550-Firmware

Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user.

6.1
2024-09-27 CVE-2024-6931 Stellarwp Cross-site Scripting vulnerability in Stellarwp the Events Calendar

The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via RSVP name field in all versions up to, and including, 6.6.3 due to insufficient input sanitization and output escaping.

6.1
2024-09-26 CVE-2022-4541 Nitinmaurya Cross-site Scripting vulnerability in Nitinmaurya Wordpress Visitors 1.0

The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping.

6.1
2024-09-26 CVE-2024-8872 Bizswoop Cross-site Scripting vulnerability in Bizswoop Store Hours for Woocommerce

The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3.20.

6.1
2024-09-26 CVE-2024-6517 Dotsquares Cross-site Scripting vulnerability in Dotsquares Contact Form 7 Math Captcha

The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users.

6.1
2024-09-26 CVE-2024-45836 Planex Cross-site Scripting vulnerability in Planex products

Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras.

6.1
2024-09-26 CVE-2024-8803 Madfishdigital Cross-site Scripting vulnerability in Madfishdigital Bulk Noindex & Nofollow Toolkit

The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.15.

6.1
2024-09-25 CVE-2024-46655 Ellevo Cross-site Scripting vulnerability in Ellevo 6.2.0.38160

A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL.

6.1
2024-09-25 CVE-2024-45613 Ckeditor Cross-site Scripting vulnerability in Ckeditor Ckeditor5

CKEditor 5 is a JavaScript rich-text editor.

6.1
2024-09-25 CVE-2024-3866 Ninjaforms Cross-site Scripting vulnerability in Ninjaforms Ninja Forms

The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping.

6.1
2024-09-25 CVE-2024-7617 Itpathsolutions Cross-site Scripting vulnerability in Itpathsolutions Contact Form to ANY API

The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping.

6.1
2024-09-25 CVE-2024-8549 Xtendify Cross-site Scripting vulnerability in Xtendify Simple Calendar

The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.2.

6.1
2024-09-25 CVE-2024-8713 Pierros Cross-site Scripting vulnerability in Pierros Kodex Posts Likes 2.4.3

The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.0.

6.1
2024-09-25 CVE-2024-8741 Outtheboxthemes Cross-site Scripting vulnerability in Outtheboxthemes Beam ME UP Scotty

The Beam me up Scotty – Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.21.

6.1
2024-09-25 CVE-2024-41725 Doverfuelingsolutions Cross-site Scripting vulnerability in Doverfuelingsolutions products

ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting.

6.1
2024-09-25 CVE-2024-46934 Rocket Chat Cross-site Scripting vulnerability in Rocket.Chat

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS).

6.1
2024-09-25 CVE-2024-9148 Flowiseai Cross-site Scripting vulnerability in Flowiseai Embed and Flowise

Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.

6.1
2024-09-24 CVE-2024-8544 Fatcatapps Cross-site Scripting vulnerability in Fatcatapps Pixel CAT

The Pixel Cat – Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.0.5.

6.1
2024-09-24 CVE-2024-8662 Ibericode Cross-site Scripting vulnerability in Ibericode Koko Analytics

The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.12.

6.1
2024-09-24 CVE-2024-8716 Xplodedthemes Cross-site Scripting vulnerability in Xplodedthemes XT Ajax ADD to Cart for Woocommerce

The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2.

6.1
2024-09-24 CVE-2024-8738 Castos Cross-site Scripting vulnerability in Castos Seriously Simple Stats

The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0.

6.1
2024-09-23 CVE-2024-8770 Github Cross-site Scripting vulnerability in Github Enterprise Server

A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.

6.1
2024-09-23 CVE-2024-47068 Rollupjs Cross-site Scripting vulnerability in Rollupjs Rollup

Rollup is a module bundler for JavaScript.

6.1
2024-09-23 CVE-2024-47069 Oveleon Cross-site Scripting vulnerability in Oveleon Cookiebar

Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website.

6.1
2024-09-23 CVE-2024-47227 Iredmail Cross-site Scripting vulnerability in Iredmail Iredadmin

iRedAdmin before 2.6 allows XSS, e.g., via order_name.

6.1
2024-09-23 CVE-2024-9092 Rems Cross-site Scripting vulnerability in Rems Profile Registration Without Reload/Refresh 1.0

A vulnerability was found in SourceCodester Profile Registration without Reload Refresh 1.0.

6.1
2024-09-23 CVE-2024-43201 Planetfitness Improper Certificate Validation vulnerability in Planetfitness Planet Fitness Workouts

The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information.

5.9
2024-09-25 CVE-2024-20465 Cisco Unspecified vulnerability in Cisco IOS

A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the incorrect handling of IPv4 ACLs on switched virtual interfaces when an administrator enables and disables Resilient Ethernet Protocol (REP).

5.8
2024-09-27 CVE-2024-34542 Advantech Insufficiently Protected Credentials vulnerability in Advantech Adam-5630 Firmware

Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.

5.7
2024-09-27 CVE-2024-37187 Advantech Insufficiently Protected Credentials vulnerability in Advantech Adam-5550 Firmware

Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding.

5.7
2024-09-27 CVE-2024-46802 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: added NULL check at start of dc_validate_stream [Why] prevent invalid memory access [How] check if dc and stream are NULL

5.5
2024-09-27 CVE-2024-46803 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check debug trap enable before write dbg_ev_file In interrupt context, write dbg_ev_file will be run by work queue.

5.5
2024-09-27 CVE-2024-46805 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix the waring dereferencing hive Check the amdgpu_hive_info *hive that maybe is NULL.

5.5
2024-09-27 CVE-2024-46806 Linux Divide By Zero vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the warning division or modulo by zero Checks the partition mode and returns an error for an invalid mode.

5.5
2024-09-27 CVE-2024-46807 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: Check tbo resource pointer Validate tbo resource pointer, skip if NULL

5.5
2024-09-27 CVE-2024-46808 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range [Why & How] ASSERT if return NULL from kcalloc.

5.5
2024-09-27 CVE-2024-46809 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check BIOS images before it is used BIOS images may fail to load and null checks are added before they are used. This fixes 6 NULL_RETURNS issues reported by Coverity.

5.5
2024-09-27 CVE-2024-46810 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Make sure the connector is fully initialized before signalling any HPD events via drm_kms_helper_hotplug_event(), otherwise this may lead to NULL pointer dereference.

5.5
2024-09-27 CVE-2024-46816 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links [Why] Coverity report OVERRUN warning.

5.5
2024-09-27 CVE-2024-46817 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 [Why] Coverity reports OVERRUN warning.

5.5
2024-09-27 CVE-2024-46819 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: the warning dereferencing obj for nbio_v7_4 if ras_manager obj null, don't print NBIO err data

5.5
2024-09-27 CVE-2024-46822 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry In a review discussion of the changes to support vCPU hotplug where a check was added on the GICC being enabled if was online, it was noted that there is need to map back to the cpu and use that to index into a cpumask.

5.5
2024-09-27 CVE-2024-46823 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: kunit/overflow: Fix UB in overflow_allocation_test The 'device_name' array doesn't exist out of the 'overflow_allocation_test' function scope.

5.5
2024-09-27 CVE-2024-46824 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: iommufd: Require drivers to supply the cache_invalidate_user ops If drivers don't do this then iommufd will oops invalidation ioctls with something like: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000086000004 EC = 0x21: IABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101059000 [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP Modules linked in: CPU: 2 PID: 371 Comm: qemu-system-aar Not tainted 6.8.0-rc7-gde77230ac23a #9 Hardware name: linux,dummy-virt (DT) pstate: 81400809 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=-c) pc : 0x0 lr : iommufd_hwpt_invalidate+0xa4/0x204 sp : ffff800080f3bcc0 x29: ffff800080f3bcf0 x28: ffff0000c369b300 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 x23: 0000000000000000 x22: 00000000c1e334a0 x21: ffff0000c1e334a0 x20: ffff800080f3bd38 x19: ffff800080f3bd58 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8240d6d8 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000001000000002 x7 : 0000fffeac1ec950 x6 : 0000000000000000 x5 : ffff800080f3bd78 x4 : 0000000000000003 x3 : 0000000000000002 x2 : 0000000000000000 x1 : ffff800080f3bcc8 x0 : ffff0000c6034d80 Call trace: 0x0 iommufd_fops_ioctl+0x154/0x274 __arm64_sys_ioctl+0xac/0xf0 invoke_syscall+0x48/0x110 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xb4 el0t_64_sync_handler+0x120/0x12c el0t_64_sync+0x190/0x194 All existing drivers implement this op for nesting, this is mostly a bisection aid.

5.5
2024-09-27 CVE-2024-46825 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check The lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is normally called with input from the firmware, so it should use IWL_FW_CHECK() instead of WARN_ON().

5.5
2024-09-27 CVE-2024-46826 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice.

5.5
2024-09-27 CVE-2024-46827 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix firmware crash due to invalid peer nss Currently, if the access point receives an association request containing an Extended HE Capabilities Information Element with an invalid MCS-NSS, it triggers a firmware crash. This issue arises when EHT-PHY capabilities shows support for a bandwidth and MCS-NSS set for that particular bandwidth is filled by zeros and due to this, driver obtains peer_nss as 0 and sending this value to firmware causes crash. Address this issue by implementing a validation step for the peer_nss value before passing it to the firmware.

5.5
2024-09-27 CVE-2024-46829 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held.

5.5
2024-09-27 CVE-2024-46832 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed This avoids warning: [ 0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 Caused by get_c0_compare_int on secondary CPU. We also skipped saving IRQ number to struct clock_event_device *cd as it's never used by clockevent core, as per comments it's only meant for "non CPU local devices".

5.5
2024-09-27 CVE-2024-46834 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ethtool: fail closed if we can't get max channel used in indirection tables Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with active RSS contexts") proves that allowing indirection table to contain channels with out of bounds IDs may lead to crashes.

5.5
2024-09-27 CVE-2024-46835 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix smatch static checker warning adev->gfx.imu.funcs could be NULL

5.5
2024-09-27 CVE-2024-46837 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on group_create We were allowing any users to create a high priority group without any permission checks.

5.5
2024-09-27 CVE-2024-46838 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: don't BUG_ON() if khugepaged yanks our page table Since khugepaged was changed to allow retracting page tables in file mappings without holding the mmap lock, these BUG_ON()s are wrong - get rid of them. We could also remove the preceding "if (unlikely(...))" block, but then we could reach pte_offset_map_lock() with transhuge pages not just for file mappings but also for anonymous mappings - which would probably be fine but I think is not necessarily expected.

5.5
2024-09-27 CVE-2024-46840 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUG_ON(refs == 0), which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer.

5.5
2024-09-27 CVE-2024-46841 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() We handle errors here properly, ENOMEM isn't fatal, return the error.

5.5
2024-09-27 CVE-2024-46842 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the routine unconditionally frees submitted mailbox commands regardless of return status.

5.5
2024-09-27 CVE-2024-46843 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only if added If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before adding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host has been defered after MCQ configuration introduced by commit 0cab4023ec7b ("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported"). To guarantee that SCSI host is removed only if it has been added, set the scsi_host_added flag to true after adding a SCSI host and check whether it is set or not before removing it.

5.5
2024-09-27 CVE-2024-46846 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: spi: rockchip: Resolve unbalanced runtime PM / system PM handling Commit e882575efc77 ("spi: rockchip: Suspend and resume the bus during NOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and simply disabled clocks unconditionally when suspending the system.

5.5
2024-09-27 CVE-2024-46847 Linux Improper Validation of Array Index vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmap_block is initialised before adding to queue Commit 8c61291fd850 ("mm: fix incorrect vbq reference in purge_fragmented_block") extended the 'vmap_block' structure to contain a 'cpu' field which is set at allocation time to the id of the initialising CPU. When a new 'vmap_block' is being instantiated by new_vmap_block(), the partially initialised structure is added to the local 'vmap_block_queue' xarray before the 'cpu' field has been initialised.

5.5
2024-09-27 CVE-2024-46848 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174 intel_pmu_handle_irq+0x285/0x370 Call Trace: <NMI> ? __warn+0xa4/0x220 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? report_bug+0x3e/0xa0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? irq_work_claim+0x1e/0x40 ? intel_pmu_handle_irq+0x285/0x370 perf_event_nmi_handler+0x3d/0x60 nmi_handle+0x104/0x330 Thanks to Thomas Gleixner's analysis, the issue is caused by the low initial period (1) of the frequency estimation algorithm, which triggers the defects of the HW, specifically erratum HSW11 and HSW143.

5.5
2024-09-27 CVE-2024-46855 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: fix sk refcount leaks We must put 'sk' reference before returning.

5.5
2024-09-27 CVE-2024-46856 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices The probe() function is only used for DP83822 and DP83826 PHY, leaving the private data pointer uninitialized for the DP83825 models which causes a NULL pointer dereference in the recently introduced/changed functions dp8382x_config_init() and dp83822_set_wol(). Add the dp8382x_probe() function, so all PHY models will have a valid private data pointer to fix this issue and also prevent similar issues in the future.

5.5
2024-09-27 CVE-2024-46857 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix bridge mode operations when there are no VFs Currently, trying to set the bridge mode attribute when numvfs=0 leads to a crash: bridge link set dev eth2 hwmode vepa [ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030 [...] [ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core] [...] [ 168.976037] Call Trace: [ 168.976188] <TASK> [ 168.978620] _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core] [ 168.979074] mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core] [ 168.979471] rtnl_bridge_setlink+0xe9/0x1f0 [ 168.979714] rtnetlink_rcv_msg+0x159/0x400 [ 168.980451] netlink_rcv_skb+0x54/0x100 [ 168.980675] netlink_unicast+0x241/0x360 [ 168.980918] netlink_sendmsg+0x1f6/0x430 [ 168.981162] ____sys_sendmsg+0x3bb/0x3f0 [ 168.982155] ___sys_sendmsg+0x88/0xd0 [ 168.985036] __sys_sendmsg+0x59/0xa0 [ 168.985477] do_syscall_64+0x79/0x150 [ 168.987273] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 168.987773] RIP: 0033:0x7f8f7950f917 (esw->fdb_table.legacy.vepa_fdb is null) The bridge mode is only relevant when there are multiple functions per port.

5.5
2024-09-27 CVE-2024-46860 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change When disabling wifi mt7921_ipv6_addr_change() is called as a notifier. At this point mvif->phy is already NULL so we cannot use it here.

5.5
2024-09-27 CVE-2024-46861 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: do not stop RX on failing RX callback RX callbacks can fail for multiple reasons: * Payload too short * Payload formatted incorrecly (e.g.

5.5
2024-09-27 CVE-2024-46862 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test !link->num_adr as a condition to end the loop in hda_sdw_machine_select(). So an empty item in struct snd_soc_acpi_link_adr array is required.

5.5
2024-09-27 CVE-2024-46863 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test !link->num_adr as a condition to end the loop in hda_sdw_machine_select(). So an empty item in struct snd_soc_acpi_link_adr array is required.

5.5
2024-09-27 CVE-2024-46864 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: fix kexec crash due to VP assist page corruption commit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline") introduces a new cpuhp state for hyperv initialization. cpuhp_setup_state() returns the state number if state is CPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states. For the hyperv case, since a new cpuhp state was introduced it would return 0.

5.5
2024-09-27 CVE-2024-46866 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: add missing bo locking in show_meminfo() bo_meminfo() wants to inspect bo state like tt and the ttm resource, however this state can change at any point leading to stuff like NPD and UAF, if the bo lock is not held.

5.5
2024-09-27 CVE-2024-46867 Linux Improper Locking vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: fix deadlock in show_meminfo() There is a real deadlock as well as sleeping in atomic() bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks.

5.5
2024-09-27 CVE-2024-46868 Linux Improper Locking vulnerability in Linux Kernel 6.10.2/6.11

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire() If the __qcuefi pointer is not set, then in the original code, we would hold onto the lock.

5.5
2024-09-27 CVE-2024-47290 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Input validation vulnerability in the USB service module Impact: Successful exploitation of this vulnerability may affect availability.

5.5
2024-09-27 CVE-2024-47291 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Permission vulnerability in the ActivityManagerService (AMS) module Impact: Successful exploitation of this vulnerability may affect availability.

5.5
2024-09-27 CVE-2024-47292 Huawei Path Traversal vulnerability in Huawei Emui and Harmonyos

Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5
2024-09-26 CVE-2023-52949 Synology Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent

Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.

5.5
2024-09-26 CVE-2024-8405 Papercut Command Injection vulnerability in Papercut NG

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled.

5.5
2024-09-25 CVE-2024-46488 Asg017 Out-of-bounds Write vulnerability in Asg017 Sqlite-Vec 0.1.1

sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function.

5.5
2024-09-25 CVE-2024-7421 Devolutions Information Exposure Through Log Files vulnerability in Devolutions Remote Desktop Manager

An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions

5.5
2024-09-25 CVE-2024-9169 The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping.
5.5
2024-09-29 CVE-2024-9323 Mayurik Cross-site Scripting vulnerability in Mayurik Free and Open Source Inventory Management System 1.0

A vulnerability was found in SourceCodester Inventory Management System 1.0.

5.4
2024-09-29 CVE-2024-9320 Rems Cross-site Scripting vulnerability in Rems Online Timesheet APP 1.0

A vulnerability has been found in SourceCodester Online Timesheet App 1.0 and classified as problematic.

5.4
2024-09-28 CVE-2024-9299 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Railway Reservation System 1.0

A vulnerability classified as problematic has been found in SourceCodester Online Railway Reservation System 1.0.

5.4
2024-09-28 CVE-2024-8547 Garrettgrimm Cross-site Scripting vulnerability in Garrettgrimm Simple Popup Plugin 4.5

The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-28 CVE-2024-9023 Axton Cross-site Scripting vulnerability in Axton Wp-Webauthn

The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wwa_login_form shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-27 CVE-2024-9291 KVF Admin Project Cross-site Scripting vulnerability in Kvf-Admin Project Kvf-Admin 20220212

A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff.

5.4
2024-09-27 CVE-2024-8608 Oceanicsoft Cross-site Scripting vulnerability in Oceanicsoft Valeapp

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp allows Stored XSS.This issue affects ValeApp: before v2.0.0.

5.4
2024-09-27 CVE-2024-8681 Leap13 Cross-site Scripting vulnerability in Leap13 Premium Addons for Elementor

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-27 CVE-2024-8991 Hyumika Cross-site Scripting vulnerability in Hyumika Openstreetmap

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osm_map and osm_map_v3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-27 CVE-2024-9049 Fastlinemedia Cross-site Scripting vulnerability in Fastlinemedia Beaver Builder

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-27 CVE-2024-8965 Codesupply Cross-site Scripting vulnerability in Codesupply Absolute Reviews

The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Name' field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping.

5.4
2024-09-26 CVE-2024-47125 Gotenna Improper Authentication vulnerability in Gotenna PRO

The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages.

5.4
2024-09-26 CVE-2024-9177 Themedy Cross-site Scripting vulnerability in Themedy Toolbox

The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all versions up to, and including, 1.0.14, and up to, and including 1.0.15 for the plugin's themedy_button shortcode due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-26 CVE-2024-8725 Advancedfilemanager Unrestricted Upload of File with Dangerous Type vulnerability in Advancedfilemanager Advanced File Manager

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions.

5.4
2024-09-26 CVE-2024-9115 Chetanvaghela Cross-site Scripting vulnerability in Chetanvaghela Common Tools for Site

The Common Tools for Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping.

5.4
2024-09-26 CVE-2024-9117 Mapplic Cross-site Scripting vulnerability in Mapplic 1.0

The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping.

5.4
2024-09-26 CVE-2024-9125 Kingblack Cross-site Scripting vulnerability in Kingblack King IE

The king_IE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping.

5.4
2024-09-26 CVE-2024-9127 Codecabin Cross-site Scripting vulnerability in Codecabin Super Testimonials 3.0.0

The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping.

5.4
2024-09-26 CVE-2024-9173 Alefypimentel Cross-site Scripting vulnerability in Alefypimentel GF Custom Style 2.0

The GF Custom Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping.

5.4
2024-09-26 CVE-2024-9198 Clibomanager Cross-site Scripting vulnerability in Clibomanager Clibo Manager 1.1.9.1

Vulnerability in Clibo Manager v1.1.9.1 that could allow an attacker to execute an stored Cross-Site Scripting (stored XSS ) by uploading a malicious .svg image in the section: Profile > Profile picture.

5.4
2024-09-26 CVE-2024-42406 Mattermost Unspecified vulnerability in Mattermost Server

Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is disabled, which allows an attacker to retrieve post and file information about archived channels.

5.4
2024-09-26 CVE-2024-45843 Mattermost Server-Side Request Forgery (SSRF) vulnerability in Mattermost Server

Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba.

5.4
2024-09-26 CVE-2024-8861 Metagauss Cross-site Scripting vulnerability in Metagauss Profilegrid

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute for certain HTML elements without sufficient restriction or context validation.

5.4
2024-09-26 CVE-2024-8723 Wangbin Cross-site Scripting vulnerability in Wangbin 012 PS Multi Languages

The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping.

5.4
2024-09-25 CVE-2023-51157 Zkteco Cross-site Scripting vulnerability in Zkteco Wdms 5.1.3

Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter.

5.4
2024-09-25 CVE-2024-20475 Cisco Cross-site Scripting vulnerability in Cisco Catalyst Sd-Wan Manager

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.

5.4
2024-09-25 CVE-2024-8546 Wpmet Cross-site Scripting vulnerability in Wpmet Elementskit Elementor Addons

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-25 CVE-2024-8858 Livemeshelementor Cross-site Scripting vulnerability in Livemeshelementor Addons for Elementor

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘piechart_settings’ parameter in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping.

5.4
2024-09-25 CVE-2024-47303 Livemeshelementor Cross-site Scripting vulnerability in Livemeshelementor Addons for Elementor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.5.

5.4
2024-09-25 CVE-2024-8668 Hasthemes Cross-site Scripting vulnerability in Hasthemes Woolentor - Woocommerce Elementor Addons + Builder

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip and countdown functionality in all versions up to, and including, 2.9.7 due to insufficient input sanitization and output escaping.

5.4
2024-09-25 CVE-2024-8515 Themesflat Cross-site Scripting vulnerability in Themesflat Addons for Elementor 2.0.0/2.1.2

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like 'TF E Slider Widget', 'TF Video Widget', 'TF Team Widget' and more in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on URL attributes.

5.4
2024-09-25 CVE-2024-9024 Braginteractive Cross-site Scripting vulnerability in Braginteractive Material Design Icons

The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-25 CVE-2024-9027 Wpzoom Cross-site Scripting vulnerability in Wpzoom Shortcodes

The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-25 CVE-2024-9028 Devfarm Cross-site Scripting vulnerability in Devfarm WP GPX Maps

The WP GPX Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sgpx' shortcode in all versions up to, and including, 1.7.08 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-25 CVE-2024-9068 Themexclub Cross-site Scripting vulnerability in Themexclub Oneelements

The OneElements – Best Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping.

5.4
2024-09-25 CVE-2024-9069 Graphicsly Cross-site Scripting vulnerability in Graphicsly

The Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping.

5.4
2024-09-25 CVE-2024-9073 Gutengeek Cross-site Scripting vulnerability in Gutengeek Free Gutenberg Blocks

The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping.

5.4
2024-09-25 CVE-2024-47048 Rocket Chat Cross-site Scripting vulnerability in Rocket.Chat

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps.

5.4
2024-09-25 CVE-2024-7398 Concretecms Cross-site Scripting vulnerability in Concretecms Concrete CMS

Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output.

5.4
2024-09-25 CVE-2024-8103 Gcsdesign Cross-site Scripting vulnerability in Gcsdesign WP Category Dropdown

The WP Category Dropdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping.

5.4
2024-09-25 CVE-2024-8917 Anwp Cross-site Scripting vulnerability in Anwp Football Leagues

The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping.

5.4
2024-09-25 CVE-2024-8919 Wpdeveloperr Cross-site Scripting vulnerability in Wpdeveloperr Confetti Fall Animation

The Confetti Fall Animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'confetti-fall-animation' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-24 CVE-2024-8628 Mailoptin Cross-site Scripting vulnerability in Mailoptin

The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all versions up to, and including, 1.2.70.3 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-24 CVE-2024-8657 Ggnome Cross-site Scripting vulnerability in Ggnome Garden Gnome Package

The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-09-23 CVE-2024-9089 Mayurik Cross-site Scripting vulnerability in Mayurik Modern Loan Management System 1.0

A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic.

5.4
2024-09-29 CVE-2024-9321 Oretnom23 Unspecified vulnerability in Oretnom23 Railway Reservation System 1.0

A vulnerability was found in SourceCodester Online Railway Reservation System 1.0 and classified as critical.

5.3
2024-09-28 CVE-2024-9189 Wpfactory Missing Authorization vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce

The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function in all versions up to, and including, 2.12.12.

5.3
2024-09-27 CVE-2024-9202 Eclipse Missing Authorization vulnerability in Eclipse Dataspace Components

In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets (= data offers) another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single dataset, which should be subject to the same filtering process, but currently is missing the correct filtering. This enables parties to potentially see datasets they should not have access to, thereby exposing sensitive information.

5.3
2024-09-26 CVE-2024-4099 Gitlab Improper Encoding or Escaping of Output vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1.

5.3
2024-09-26 CVE-2024-47121 Gotenna Weak Password Requirements vulnerability in Gotenna PRO

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method.

5.3
2024-09-26 CVE-2024-9025 Codesupply Missing Authorization vulnerability in Codesupply Sight

The Sight – Professional Image Gallery and Portfolio plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handler_post_title' function in all versions up to, and including, 1.1.2.

5.3
2024-09-26 CVE-2023-52950 Synology Missing Encryption of Sensitive Data vulnerability in Synology Active Backup for Business Agent

Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors.

5.3
2024-09-25 CVE-2024-8678 Revolut Missing Authorization vulnerability in Revolut Gateway for Woocommerce

The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wc/v3/revolut REST API endpoint in all versions up to, and including, 4.17.3.

5.3
2024-09-25 CVE-2024-6845 Smartsearchwp Missing Authorization vulnerability in Smartsearchwp

The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key

5.3
2024-09-25 CVE-2024-8658 Mycred Missing Authorization vulnerability in Mycred

The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mycred_update_database() function in all versions up to, and including, 2.7.3.

5.3
2024-09-25 CVE-2024-7426 Peepso Information Exposure Through an Error Message vulnerability in Peepso

The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.6.0.

5.3
2024-09-25 CVE-2024-7491 The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woof_messenger_remove_subscr AJAX action due to missing validation on the 'key' user controlled key.
5.3
2024-09-25 CVE-2024-8941 Scriptcase Path Traversal vulnerability in Scriptcase 9.4.019

Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass SecurityManager's intended restrictions and list and/or read a parent directory via a “/...” or directly into a path used in the POST parameter “field_file” by a web application.

5.3
2024-09-24 CVE-2024-8794 BA Booking Unspecified vulnerability in Ba-Booking BA Book Everything

The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20.

5.3
2024-09-26 CVE-2023-52948 Synology Missing Encryption of Sensitive Data vulnerability in Synology Active Backup for Business Agent

Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.

5.0
2024-09-24 CVE-2024-38266 An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.
4.9
2024-09-24 CVE-2024-38267 Zyxel Unspecified vulnerability in Zyxel products

An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.

4.9
2024-09-24 CVE-2024-38268 Zyxel Unspecified vulnerability in Zyxel products

An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.

4.9
2024-09-24 CVE-2024-38269 Zyxel Unspecified vulnerability in Zyxel products

An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.

4.9
2024-09-28 CVE-2024-8189 Ngothang Cross-site Scripting vulnerability in Ngothang WP Multitasking

The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmt_menu_name’ parameter in all versions up to, and including, 0.1.17 due to insufficient input sanitization and output escaping.

4.8
2024-09-27 CVE-2024-47184 Ampache Cross-site Scripting vulnerability in Ampache

Ampache is a web based audio/video streaming application and file manager.

4.8
2024-09-27 CVE-2024-9279 Funnyzpc Cross-site Scripting vulnerability in Funnyzpc Mee-Admin

A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6.

4.8
2024-09-26 CVE-2024-8633 10Web Cross-site Scripting vulnerability in 10Web Form Maker

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping.

4.8
2024-09-25 CVE-2024-7878 Technowich Cross-site Scripting vulnerability in Technowich WP Ulike

The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2024-09-25 CVE-2024-8291 Concretecms Cross-site Scripting vulnerability in Concretecms Concrete CMS

Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.  A rogue admin could add malicious code to the Thumbnails/Add-Type.

4.8
2024-09-23 CVE-2024-8758 Expresstech Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master

The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2024-09-27 CVE-2024-46850 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state.

4.7
2024-09-27 CVE-2024-46851 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state.

4.7
2024-09-28 CVE-2024-23960 Alpsalpine Improper Verification of Cryptographic Signature vulnerability in Alpsalpine Ilx-F509 Firmware 6.0.000

Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability.

4.6
2024-09-27 CVE-2024-39431 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0/14.0

In UMTS RLC driver, there is a possible out of bounds write due to a missing bounds check.

4.5
2024-09-27 CVE-2024-39432 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0/14.0

In UMTS RLC driver, there is a possible out of bounds read due to a missing bounds check.

4.5
2024-09-27 CVE-2024-39433 Google Out-of-bounds Write vulnerability in Google Android 13.0/14.0

In drm service, there is a possible out of bounds write due to a missing bounds check.

4.4
2024-09-27 CVE-2024-39434 Google Out-of-bounds Read vulnerability in Google Android 13.0/14.0

In drm service, there is a possible out of bounds read due to a missing bounds check.

4.4
2024-09-26 CVE-2024-7259 A flaw was found in oVirt.
4.4
2024-09-26 CVE-2023-46175 IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user.
4.4
2024-09-26 CVE-2022-49040 Synology Classic Buffer Overflow vulnerability in Synology Drive Client

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors.

4.4
2024-09-26 CVE-2022-49041 Synology Classic Buffer Overflow vulnerability in Synology Drive Client

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors.

4.4
2024-09-28 CVE-2024-9298 Oretnom23 Authorization Bypass Through User-Controlled Key vulnerability in Oretnom23 Railway Reservation System 1.0

A vulnerability was found in SourceCodester Online Railway Reservation System 1.0.

4.3
2024-09-27 CVE-2024-9281 Bg5Sbk Cross-Site Request Forgery (CSRF) vulnerability in Bg5Sbk Minicms

A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic.

4.3
2024-09-27 CVE-2024-9282 Bg5Sbk Cross-Site Request Forgery (CSRF) vulnerability in Bg5Sbk Minicms

A vulnerability was found in bg5sbk MiniCMS 1.11.

4.3
2024-09-26 CVE-2024-8974 Gitlab Incorrect Authorization vulnerability in Gitlab

Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."

4.3
2024-09-26 CVE-2024-41715 Gotenna Information Exposure Through Discrepancy vulnerability in Gotenna Atak Plugin

The goTenna Pro ATAK Plugin does not inject extra characters into broadcasted frames to obfuscate the length of messages.

4.3
2024-09-26 CVE-2024-41931 Gotenna Unspecified vulnerability in Gotenna

The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message.

4.3
2024-09-26 CVE-2024-43814 Gotenna Unspecified vulnerability in Gotenna

The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information (PLI) updates every 60 seconds once the plugin is active and goTenna is connected.

4.3
2024-09-26 CVE-2024-45838 Gotenna Cleartext Transmission of Sensitive Information vulnerability in Gotenna

The goTenna Pro ATAK Plugin does not encrypt callsigns in messages.

4.3
2024-09-26 CVE-2024-47128 Gotenna Unspecified vulnerability in Gotenna PRO

The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message.

4.3
2024-09-26 CVE-2024-47129 Gotenna Information Exposure Through Discrepancy vulnerability in Gotenna PRO

The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages.

4.3
2024-09-26 CVE-2024-47170 Agnai Path Traversal vulnerability in Agnai

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system.

4.3
2024-09-26 CVE-2024-47171 Agnai Path Traversal vulnerability in Agnai

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system.

4.3
2024-09-26 CVE-2024-8771 The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'preview_email_template_design' function in all versions up to, and including, 5.7.34.
4.3
2024-09-26 CVE-2024-31899 IBM Insufficiently Protected Credentials vulnerability in IBM Cognos Command Center 10.2.4.1/10.2.5

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device.

4.3
2024-09-26 CVE-2024-47145 Mattermost Unspecified vulnerability in Mattermost Server

Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links.

4.3
2024-09-26 CVE-2024-8552 Wpchill Missing Authorization vulnerability in Wpchill Download Monitor

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9.

4.3
2024-09-25 CVE-2024-20434 Cisco Integer Overflow or Wraparound vulnerability in Cisco IOS XE

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information.

4.3
2024-09-25 CVE-2024-8910 Hasthemes Unspecified vulnerability in Hasthemes HT Mega

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmega_accordion.php.

4.3
2024-09-25 CVE-2024-7892 Vladyslavbondarenko Cross-Site Request Forgery (CSRF) vulnerability in Vladyslavbondarenko Adstxt

The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

4.3
2024-09-25 CVE-2024-8516 Themesflat Unspecified vulnerability in Themesflat Addons for Elementor 2.0.0/2.1.2

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render() function.

4.3
2024-09-25 CVE-2024-6590 Javmah Missing Authorization vulnerability in Javmah Spreadsheet Integration

The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins.

4.3
2024-09-25 CVE-2024-7386 The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1.
4.3
2024-09-25 CVE-2024-8434 Themehunk Missing Authorization vulnerability in Themehunk Mega Menu

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9.

4.3
2024-09-25 CVE-2024-8476 Wpplugin Cross-Site Request Forgery (CSRF) vulnerability in Wpplugin Easy Paypal Events

The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1.

4.3
2024-09-25 CVE-2024-8437 The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5.
4.3
2024-09-25 CVE-2024-8801 Wedevs Unspecified vulnerability in Wedevs Happy Addons for Elementor

The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget.

4.3
2024-09-24 CVE-2024-8432 Webba Booking Missing Authorization vulnerability in Webba-Booking Webba Booking

The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() function in all versions up to, and including, 5.0.48.

4.3
2024-09-23 CVE-2023-7281 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

4.3
2024-09-23 CVE-2023-7282 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page.

4.3
2024-09-23 CVE-2024-7019 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.

4.3
2024-09-23 CVE-2024-7020 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

4.3
2024-09-23 CVE-2024-7022 Google Use of Uninitialized Resource vulnerability in Google Chrome

Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

4.3

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-09-26 CVE-2024-0133 Nvidia Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Nvidia Container Toolkit and Nvidia GPU Operator

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system.

3.4
2024-09-26 CVE-2023-52947 Synology Missing Authentication for Critical Function vulnerability in Synology Active Backup for Business Agent

Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors.

3.3
2024-09-26 CVE-2024-47123 Gotenna Insufficient Verification of Data Authenticity vulnerability in Gotenna PRO

The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms.

3.1
2024-09-26 CVE-2024-47127 Gotenna Improper Authentication vulnerability in Gotenna PRO

In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks.

3.1
2024-09-26 CVE-2024-4278 Gitlab Unspecified vulnerability in Gitlab

An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1.

2.7
2024-09-25 CVE-2024-8350 Uncannyowl Missing Authorization vulnerability in Uncannyowl Uncanny Groups for Learndash

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1.

2.7
2024-09-23 CVE-2024-8263 Github Unspecified vulnerability in Github Enterprise Server

An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags.

2.7