Weekly Vulnerabilities Reports > December 9 to 15, 2024

Overview

488 new vulnerabilities reported during this period, including 33 critical vulnerabilities and 148 high severity vulnerabilities. This weekly summary report vulnerabilities in 52 products from 24 vendors including Adobe, Apple, Gstreamer Project, Huawei, and Lopalopa. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", "SQL Injection", and "Missing Authorization".

  • 379 reported vulnerabilities are remotely exploitables.
  • 253 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 237 reported vulnerabilities are exploitable by an anonymous user.
  • Adobe has the most reported vulnerabilities, with 157 reported vulnerabilities.
  • Gstreamer Project has the most reported critical vulnerabilities, with 16 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

33 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-12-13 CVE-2024-55956 Cleo Command Injection vulnerability in Cleo Harmony, Lexicom and Vltrader

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
9.8
2024-12-13 CVE-2024-9290 The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3.
9.8
2024-12-12 CVE-2024-10124 The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1.
9.8
2024-12-12 CVE-2024-11015 The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0.
9.8
2024-12-12 CVE-2024-12497 1000Projects SQL Injection vulnerability in 1000Projects Attendance Tracking Management System 1.0

A vulnerability classified as critical has been found in 1000 Projects Attendance Tracking Management System 1.0.
9.8
2024-12-12 CVE-2024-44241 Apple Unspecified vulnerability in Apple Ipados

The issue was addressed with improved bounds checks.
9.8
2024-12-12 CVE-2024-44242 Apple Unspecified vulnerability in Apple Ipados

The issue was addressed with improved bounds checks.
9.8
2024-12-12 CVE-2024-44299 Apple Unspecified vulnerability in Apple Ipados

The issue was addressed with improved bounds checks.
9.8
2024-12-12 CVE-2024-54465 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved state management.
9.8
2024-12-12 CVE-2024-54506 Apple Out-of-bounds Read vulnerability in Apple Macos

An out-of-bounds access issue was addressed with improved bounds checking.
9.8
2024-12-12 CVE-2024-54534 Apple Out-of-bounds Write vulnerability in Apple products

The issue was addressed with improved memory handling.
9.8
2024-12-12 CVE-2024-47537 Gstreamer Project Integer Overflow or Wraparound vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
9.8
2024-12-12 CVE-2024-47538 Gstreamer Project Out-of-bounds Write vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
9.8
2024-12-12 CVE-2024-47539 Gstreamer Project Out-of-bounds Write vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
9.8
2024-12-12 CVE-2024-47540 Gstreamer Project Use of Uninitialized Resource vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
9.8
2024-12-12 CVE-2024-47606 Gstreamer Project
Debian 		Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

GStreamer is a library for constructing graphs of media-handling components.
9.8
2024-12-12 CVE-2024-47607 Gstreamer Project Out-of-bounds Write vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
9.8
2024-12-12 CVE-2024-47613 Gstreamer Project Out-of-bounds Write vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
9.8
2024-12-12 CVE-2024-47615 Gstreamer Project Out-of-bounds Write vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
9.8
2024-12-12 CVE-2024-11948 GFI Unspecified vulnerability in GFI Archiver

GFI Archiver Telerik Web UI Remote Code Execution Vulnerability.
9.8
2024-12-12 CVE-2024-12484 Codezips Injection vulnerability in Codezips Technical Discussion Forum 1.0

A vulnerability classified as critical was found in Codezips Technical Discussion Forum 1.0.
9.8
2024-12-09 CVE-2024-54920 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
9.8
2024-12-09 CVE-2024-8259 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.This issue affects NatraCar B2B Dealer Management Program: through 09.12.2024. NOTE: The vendor was contacted and it was learned that the product is not supported.
9.8
2024-12-09 CVE-2024-12352 Totolink Out-of-bounds Write vulnerability in Totolink Ex1800T Firmware 9.1.0Cu.2112B20220316

A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316.
9.8
2024-12-12 CVE-2024-49147 Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.
9.3
2024-12-12 CVE-2024-47597 Gstreamer Project Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
9.1
2024-12-12 CVE-2024-47598 Gstreamer Project Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
9.1
2024-12-12 CVE-2024-47600 Gstreamer Project Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
9.1
2024-12-12 CVE-2024-47774 Gstreamer Project Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
9.1
2024-12-12 CVE-2024-47775 Gstreamer Project Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
9.1
2024-12-12 CVE-2024-47776 Gstreamer Project Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
9.1
2024-12-12 CVE-2024-47777 Gstreamer Project Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
9.1
2024-12-12 CVE-2024-47834 Gstreamer Project Use After Free vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
9.1

148 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-12-12 CVE-2024-12040 The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `wcpcsu` shortcode.
8.8
2024-12-12 CVE-2024-10590 The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07.
8.8
2024-12-12 CVE-2024-11443 The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in all versions up to, and including, 1.0.2.
8.8
2024-12-12 CVE-2024-11689 The HQ Rental Software plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.29.
8.8
2024-12-12 CVE-2024-12492 Anisha SQL Injection vulnerability in Anisha Farmacia 1.0

A vulnerability was found in code-projects Farmacia 1.0.
8.8
2024-12-12 CVE-2024-54498 Apple Unspecified vulnerability in Apple Macos

A path handling issue was addressed with improved validation.
8.8
2024-12-12 CVE-2024-54505 Apple Type Confusion vulnerability in Apple products

A type confusion issue was addressed with improved memory handling.
8.8
2024-12-12 CVE-2024-11947 GFI Deserialization of Untrusted Data vulnerability in GFI Archiver

GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability.
8.8
2024-12-12 CVE-2024-11949 GFI Deserialization of Untrusted Data vulnerability in GFI Archiver

GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability.
8.8
2024-12-12 CVE-2024-12381 Google Type Confusion vulnerability in Google Chrome

Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2024-12-12 CVE-2024-12382 Google Use After Free vulnerability in Google Chrome

Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2024-12-12 CVE-2024-12479 Cjbi SQL Injection vulnerability in Cjbi Wetech-Cms 1.0/1.1/1.2

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and classified as critical.
8.8
2024-12-12 CVE-2024-12480 Cjbi SQL Injection vulnerability in Cjbi Wetech-Cms 1.0/1.1/1.2

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2.
8.8
2024-12-12 CVE-2024-12481 Cjbi SQL Injection vulnerability in Cjbi Wetech-Cms 1.0/1.1/1.2

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2.
8.8
2024-12-12 CVE-2024-12485 Fabian Injection vulnerability in Fabian Online Class and Exam Scheduling System 1.0

A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0.
8.8
2024-12-12 CVE-2024-12486 Fabian Injection vulnerability in Fabian Online Class and Exam Scheduling System 1.0

A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0.
8.8
2024-12-12 CVE-2024-12487 Fabian Injection vulnerability in Fabian Online Class and Exam Scheduling System 1.0

A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical.
8.8
2024-12-12 CVE-2024-12488 Fabian Unspecified vulnerability in Fabian Online Class and Exam Scheduling System 1.0

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical.
8.8
2024-12-12 CVE-2024-12489 Fabian Injection vulnerability in Fabian Online Class and Exam Scheduling System 1.0

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0.
8.8
2024-12-10 CVE-2024-43716 Adobe Unspecified vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
8.8
2024-12-10 CVE-2024-43717 Adobe Unspecified vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
8.8
2024-12-10 CVE-2024-43729 Adobe Unspecified vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
8.8
2024-12-10 CVE-2024-43755 Adobe Unspecified vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass.
8.8
2024-12-09 CVE-2024-54926 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.
8.8
2024-12-09 CVE-2024-12358 Datax WEB Project OS Command Injection vulnerability in Datax-Web Project Datax-Web 2.1.1

A vulnerability was found in WeiYe-Jing datax-web 2.1.1.
8.8
2024-12-09 CVE-2024-12360 Online Class AND Exam Scheduling System Project SQL Injection vulnerability in Online Class and Exam Scheduling System Project Online Class and Exam Scheduling System 1.0

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0.
8.8
2024-12-09 CVE-2024-12349 Jwillber Cross-Site Request Forgery (CSRF) vulnerability in Jwillber Jfinalcms 1.0

A vulnerability was found in JFinalCMS 1.0.
8.8
2024-12-09 CVE-2024-12350 Jwillber Code Injection vulnerability in Jwillber Jfinalcms 1.0

A vulnerability was found in JFinalCMS 1.0.
8.8
2024-12-09 CVE-2024-12351 Jwillber SQL Injection vulnerability in Jwillber Jfinalcms 1.0

A vulnerability classified as critical has been found in JFinalCMS 1.0.
8.8
2024-12-12 CVE-2024-54514 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.
8.6
2024-12-10 CVE-2024-11205 The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1.
8.5
2024-12-12 CVE-2024-49063 Microsoft/Muzic Remote Code Execution Vulnerability
8.4
2024-12-10 CVE-2024-43731 Adobe Unspecified vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
8.3
2024-12-12 CVE-2024-49068 Microsoft SharePoint Elevation of Privilege Vulnerability
8.2
2024-12-14 CVE-2024-11721 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5.
8.1
2024-12-13 CVE-2024-10783 The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including, 5.2 when a site is left in an unconfigured state.
8.1
2024-12-12 CVE-2024-12312 The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie.
8.1
2024-12-12 CVE-2024-10111 The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3.
8.1
2024-12-12 CVE-2024-49057 Microsoft Defender for Endpoint on Android Spoofing Vulnerability
8.1
2024-12-14 CVE-2024-31891 IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability.
7.8
2024-12-12 CVE-2024-44224 Apple Incorrect Default Permissions vulnerability in Apple Macos

A permissions issue was addressed with additional restrictions.
7.8
2024-12-12 CVE-2024-44225 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved checks.
7.8
2024-12-12 CVE-2024-44291 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved file handling.
7.8
2024-12-12 CVE-2024-54489 Apple Unspecified vulnerability in Apple Macos

A path handling issue was addressed with improved validation.
7.8
2024-12-12 CVE-2024-54515 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved restrictions.
7.8
2024-12-12 CVE-2024-54529 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved checks.
7.8
2024-12-12 CVE-2024-49069 Microsoft Excel Remote Code Execution Vulnerability
7.8
2024-12-12 CVE-2024-49142 Microsoft Access Remote Code Execution Vulnerability
7.8
2024-12-11 CVE-2024-10251 Ivanti Incorrect Default Permissions vulnerability in Ivanti Security Controls

Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation.
7.8
2024-12-11 CVE-2024-8496 Ivanti Incorrect Default Permissions vulnerability in Ivanti Workspace Control

Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.
7.8
2024-12-11 CVE-2024-9845 Ivanti Incorrect Default Permissions vulnerability in Ivanti Automation

Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation.
7.8
2024-12-10 CVE-2024-52831 Adobe Unspecified vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-52999 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Modeler

Substance3D - Modeler versions 1.14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-53000 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Modeler

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-53001 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Modeler

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-53002 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Modeler

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-53003 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Modeler

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-53955 Adobe Integer Underflow (Wrap or Wraparound) vulnerability in Adobe Bridge

Bridge versions 14.1.3, 15.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-53956 Adobe Out-of-bounds Write vulnerability in Adobe Premiere PRO

Premiere Pro versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-53957 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-53958 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-53959 Adobe Out-of-bounds Write vulnerability in Adobe Framemaker

Adobe Framemaker versions 2020.7, 2022.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-45155 Adobe Access of Uninitialized Pointer vulnerability in Adobe Animate

Animate versions 23.0.8, 24.0.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-45156 Adobe NULL Pointer Dereference vulnerability in Adobe Animate

Animate versions 23.0.8, 24.0.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-49537 Adobe Out-of-bounds Write vulnerability in Adobe After Effects

After Effects versions 24.6.2, 25.0.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-49538 Adobe Out-of-bounds Write vulnerability in Adobe Illustrator

Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-49543 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-49544 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-49545 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-52982 Adobe Unspecified vulnerability in Adobe Animate

Animate versions 23.0.8, 24.0.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-52983 Adobe Integer Overflow or Wraparound vulnerability in Adobe Animate

Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-52984 Adobe Integer Underflow (Wrap or Wraparound) vulnerability in Adobe Animate

Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-52985 Adobe Integer Underflow (Wrap or Wraparound) vulnerability in Adobe Animate

Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-52986 Adobe Integer Underflow (Wrap or Wraparound) vulnerability in Adobe Animate

Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-52987 Adobe Integer Underflow (Wrap or Wraparound) vulnerability in Adobe Animate

Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-52988 Adobe Out-of-bounds Write vulnerability in Adobe Animate

Animate versions 23.0.8, 24.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-52989 Adobe Integer Underflow (Wrap or Wraparound) vulnerability in Adobe Animate

Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-52990 Adobe Unspecified vulnerability in Adobe Animate

Animate versions 23.0.8, 24.0.5 and earlier are affected by a Buffer Underwrite ('Buffer Underflow') vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-52994 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Sampler 4.2.1/4.5.1

Substance3D - Sampler versions 4.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-52995 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Sampler 4.2.1/4.5.1

Substance3D - Sampler versions 4.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-52996 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Sampler 4.2.1/4.5.1

Substance3D - Sampler versions 4.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-52997 Adobe Use After Free vulnerability in Adobe Photoshop 26.0

Photoshop Desktop versions 26.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-53953 Adobe Use After Free vulnerability in Adobe Animate

Animate versions 23.0.8, 24.0.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-53954 Adobe Integer Underflow (Wrap or Wraparound) vulnerability in Adobe Animate

Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-49535 Adobe XXE vulnerability in Adobe products

Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution.
7.8
2024-12-10 CVE-2024-49551 Adobe Out-of-bounds Write vulnerability in Adobe Media Encoder

Media Encoder versions 25.0, 24.6.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-49552 Adobe Out-of-bounds Write vulnerability in Adobe Media Encoder

Media Encoder versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-49553 Adobe Out-of-bounds Write vulnerability in Adobe Media Encoder

Media Encoder versions 25.0, 24.6.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
7.8
2024-12-10 CVE-2024-49849 A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SIMOTION SCOUT TIA V5.6 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions).
7.8
2024-12-10 CVE-2024-53041 A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005).
7.8
2024-12-10 CVE-2024-53242 A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005).
7.8
2024-12-10 CVE-2024-54093 A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5).
7.8
2024-12-10 CVE-2024-54094 A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5).
7.8
2024-12-10 CVE-2024-54095 A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10).
7.8
2024-12-09 CVE-2024-12353 Razormist Unspecified vulnerability in Razormist Phone Contact Manager System 1.0

A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0.
7.8
2024-12-09 CVE-2024-12354 Razormist Out-of-bounds Write vulnerability in Razormist Phone Contact Manager System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0.
7.8
2024-12-09 CVE-2024-12355 Razormist Unspecified vulnerability in Razormist Phone Contact Manager System 1.0

A vulnerability has been found in SourceCodester Phone Contact Manager System 1.0 and classified as problematic.
7.8
2024-12-10 CVE-2023-6947 The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26.
7.7
2024-12-14 CVE-2024-31892 IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.
7.5
2024-12-14 CVE-2024-11711 The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
7.5
2024-12-12 CVE-2024-54103 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
7.5
2024-12-12 CVE-2024-54104 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
7.5
2024-12-12 CVE-2024-54105 Huawei Classic Buffer Overflow vulnerability in Huawei Harmonyos 5.0.0

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
7.5
2024-12-12 CVE-2024-54106 Huawei NULL Pointer Dereference vulnerability in Huawei Harmonyos 5.0.0

Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
7.5
2024-12-12 CVE-2024-54107 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
7.5
2024-12-12 CVE-2024-54108 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
7.5
2024-12-12 CVE-2024-54109 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
7.5
2024-12-12 CVE-2024-54110 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
7.5
2024-12-12 CVE-2024-54111 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
7.5
2024-12-12 CVE-2024-54112 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
7.5
2024-12-12 CVE-2024-54113 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect power consumption.
7.5
2024-12-12 CVE-2024-54114 Huawei Out-of-bounds Read vulnerability in Huawei Harmonyos 5.0.0

Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of this vulnerability will affect availability.
7.5
2024-12-12 CVE-2024-54115 Huawei Out-of-bounds Read vulnerability in Huawei Harmonyos 5.0.0

Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability.
7.5
2024-12-12 CVE-2024-54116 Huawei Out-of-bounds Read vulnerability in Huawei Harmonyos 5.0.0

Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
7.5
2024-12-12 CVE-2024-54117 Huawei Unspecified vulnerability in Huawei Harmonyos 5.0.0

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
7.5
2024-12-12 CVE-2024-12172 The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function in all versions up to, and including, 3.2.21.
7.5
2024-12-12 CVE-2024-54479 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.
7.5
2024-12-12 CVE-2024-54508 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.
7.5
2024-12-12 CVE-2024-47541 Gstreamer Project Out-of-bounds Write vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
7.5
2024-12-12 CVE-2024-47542 Gstreamer Project NULL Pointer Dereference vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
7.5
2024-12-12 CVE-2024-47543 Gstreamer Project Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
7.5
2024-12-12 CVE-2024-47544 Gstreamer Project NULL Pointer Dereference vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
7.5
2024-12-12 CVE-2024-47545 Gstreamer Project Integer Underflow (Wrap or Wraparound) vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
7.5
2024-12-12 CVE-2024-47546 Gstreamer Project Integer Underflow (Wrap or Wraparound) vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
7.5
2024-12-12 CVE-2024-47596 Gstreamer Project Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
7.5
2024-12-12 CVE-2024-47599 Gstreamer Project NULL Pointer Dereference vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
7.5
2024-12-12 CVE-2024-47601 Gstreamer Project NULL Pointer Dereference vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
7.5
2024-12-12 CVE-2024-47602 Gstreamer Project NULL Pointer Dereference vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
7.5
2024-12-12 CVE-2024-47603 Gstreamer Project NULL Pointer Dereference vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
7.5
2024-12-12 CVE-2024-47778 Gstreamer Project Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
7.5
2024-12-12 CVE-2024-47835 Gstreamer Project NULL Pointer Dereference vulnerability in Gstreamer Project Gstreamer

GStreamer is a library for constructing graphs of media-handling components.
7.5
2024-12-12 CVE-2024-12397 A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests.
7.4
2024-12-12 CVE-2024-49070 Microsoft SharePoint Remote Code Execution Vulnerability
7.4
2024-12-12 CVE-2024-10910 The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via grid_plus_load_by_category AJAX action in all versions up to, and including, 1.3.5.
7.3
2024-12-10 CVE-2024-52051 A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SIMOTION SCOUT TIA V5.6 SP1 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions).
7.3
2024-12-14 CVE-2024-11720 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form.
7.2
2024-12-14 CVE-2024-10646 The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping.
7.2
2024-12-14 CVE-2024-9698 The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3.
7.2
2024-12-12 CVE-2024-11052 The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitization and output escaping.
7.2
2024-12-09 CVE-2024-54922 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.
7.2
2024-12-09 CVE-2024-54930 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.
7.2
2024-12-09 CVE-2024-54933 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.
7.2
2024-12-09 CVE-2024-54929 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.
7.2
2024-12-12 CVE-2024-44245 Apple Out-of-bounds Write vulnerability in Apple products

The issue was addressed with improved memory handling.
7.1
2024-12-12 CVE-2024-54528 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved restrictions.
7.1
2024-12-11 CVE-2024-11840 The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucss_update_rule, upload_rules, get_all_rules, update_titan_settings, preload_page, and activate_module functions in all versions up to, and including, 2.4.2.
7.1
2024-12-12 CVE-2024-49059 Microsoft Office Elevation of Privilege Vulnerability
7.0
2024-12-10 CVE-2024-49530 Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
7.0

300 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-12-13 CVE-2024-12417 The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.0.
6.5
2024-12-13 CVE-2024-12420 The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52.
6.5
2024-12-13 CVE-2024-12421 The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1.
6.5
2024-12-13 CVE-2019-25221 The Responsive Filterable Portfolio plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
6.5
2024-12-12 CVE-2024-49071 Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.
6.5
2024-12-12 CVE-2024-52901 IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.
6.5
2024-12-12 CVE-2024-12333 The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3.
6.5
2024-12-12 CVE-2024-12406 The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
6.5
2024-12-12 CVE-2024-11430 The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvn_schart_2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
6.5
2024-12-12 CVE-2024-44248 Apple Unspecified vulnerability in Apple Macos

This issue was addressed through improved state management.
6.5
2024-12-12 CVE-2024-54486 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.
6.5
2024-12-12 CVE-2024-54502 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.
6.5
2024-12-12 CVE-2024-49062 Microsoft SharePoint Information Disclosure Vulnerability
6.5
2024-12-12 CVE-2024-49064 Microsoft SharePoint Information Disclosure Vulnerability
6.5
2024-12-10 CVE-2024-54038 Adobe Unspecified vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
6.5
2024-12-14 CVE-2024-12446 The Post to Pdf plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gmptp_single_post' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-11752 The Eveeno plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eveeno' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-12459 The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-12474 The GeoDataSource Country Region DropDown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gds-country-dropdown' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-12501 The Simple Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-11095 The Visualmodo Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping.
6.4
2024-12-14 CVE-2024-11751 The TCBD Popover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd-popover-image ' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-11755 The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown post settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping.
6.4
2024-12-14 CVE-2024-11759 The Bukza plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bukza' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-11763 The Plezi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'plezi' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-11770 The Post Carousel & Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-cs' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-11855 The Koalendar – Events & Appointments Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping.
6.4
2024-12-14 CVE-2024-11865 The Tabs Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on tab descriptions.
6.4
2024-12-14 CVE-2024-11867 The Companion Portfolio – Responsive Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'companion-portfolio' shortcode in all versions up to, and including, 2.4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-11869 The Buk for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buk' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-11873 The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glomex_integration' shortcode in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-11876 The Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeum_opensky' shortcode in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-11877 The Cricket Live Score plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cricket_score' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-11879 The Stripe Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stripe_donation' shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-11883 The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnx_script_code' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-11884 The Wp photo text slider 50 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-photo-slider' shortcode in all versions up to, and including, 8.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-11888 The IDer Login for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ider_login_button' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-11889 The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-search' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-11894 The The Permalinker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'permalink' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-12448 The Posts and Products Views for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'papvfwc_views' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-12458 The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-12502 The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-landing' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-12517 The WooCommerce Cart Count Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cart_button' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-14 CVE-2024-12523 The States Map US plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'states_map' shortcode in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-13 CVE-2024-11827 The Out of the Block: OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ootb_query shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-13 CVE-2024-11754 The Booking System Trafft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trafftbooking' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-13 CVE-2024-11832 The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JavaScript row settings in all versions up to, and including, 2.8.4.4 due to insufficient input sanitization and output escaping.
6.4
2024-12-13 CVE-2024-11910 The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping.
6.4
2024-12-13 CVE-2024-12465 The Property Hive Stamp Duty Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stamp_duty_calculator_scotland' shortcode in all versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-13 CVE-2024-11767 The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'newsman_subscribe_widget' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-11760 The Currency Converter Widget ? PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'currency-converter-widget-pro' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-10784 The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Tile Gallery' widget in all versions up to, and including, 1.5.126 due to insufficient input sanitization and output escaping.
6.4
2024-12-12 CVE-2024-11757 The WP GeoNames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-geonames' shortcode in all versions up to, and including, 1.9.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-11765 The WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_portfolio' shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-11766 The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_book_showcase' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-11781 The Smart Agenda – Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartagenda' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-11785 The Integrate Firebase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'firebase_show' shortcode in all versions up to, and including, 0.9.3 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-11871 The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'patreon' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-11882 The FAQ And Answers – Create Frequently Asked Questions Area on WP Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'faq' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-10182 The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping.
6.4
2024-12-12 CVE-2024-11384 The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arenablog' shortcode in all versions up to, and including, 0.3.0 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-11410 The Top and footer bars for announcements, notifications, advertisements, promotions – YooBar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Yoo Bar settings in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping.
6.4
2024-12-12 CVE-2024-11750 The ONLYOFFICE DocSpace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice-docspace' shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-11875 The Add infos to the events calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fuss' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-11891 The Perfect Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfai' shortcode in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-12463 The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arena_embed_amp' shortcode in all versions up to, and including, 0.3.0 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-11413 The HostFact bestelformulier integratie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bestelformulier' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-11427 The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catch-popup' shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-11433 The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sa-form' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-11442 The Horizontal scroll image slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'horizontal-scroll-image-slideshow' shortcode in all versions up to, and including, 10.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-11901 The PowerBI Embed Reports plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MO_API_POWER_BI' shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-12 CVE-2024-11914 The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attire-blocks/post-carousel' block in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping.
6.4
2024-12-12 CVE-2024-12461 The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprevive_async' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-12-10 CVE-2024-11928 The iChart – Easy Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping.
6.4
2024-12-10 CVE-2024-11945 The Email Reminders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping.
6.4
2024-12-10 CVE-2024-11940 The Property Hive Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘price’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping.
6.4
2024-12-13 CVE-2024-11012 The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njt_nofi_text AJAX action in all versions up to, and including, 2.1.4.
6.3
2024-12-14 CVE-2024-12422 The Import Eventbrite Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping.
6.1
2024-12-14 CVE-2024-11462 The Filestack Official plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'fstab' and 'filestack_options' parameters in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping.
6.1
2024-12-14 CVE-2024-12411 The WP Ad Guru – Banner ad, Responsive popup, Popup maker, Ad rotator & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping.
6.1
2024-12-14 CVE-2024-12555 The SIP Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.
6.1
2024-12-13 CVE-2024-9608 The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.24.1.
6.1
2024-12-13 CVE-2024-11809 The Primer MyData for Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'img_src' parameter in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping.
6.1
2024-12-13 CVE-2024-12572 The Hello In All Languages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6.
6.1
2024-12-12 CVE-2024-12160 The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6.
6.1
2024-12-12 CVE-2024-11359 The Library Bookshelves plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8.
6.1
2024-12-12 CVE-2024-12072 The Analytics Cat – Google Analytics Made Easy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2.
6.1
2024-12-12 CVE-2024-11459 The Country Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping.
6.1
2024-12-12 CVE-2024-11723 The kvCORE IDX plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter on pages with the kvcoreidx_listings_sitemap_ranges, kvcoreidx_listings_sitemap_page, kvcoreidx_agent_profile_sitemap, or kvcoreidx_agent_profile shortcode present in all versions up to, and including, 2.3.35 due to insufficient input sanitization and output escaping.
6.1
2024-12-12 CVE-2024-11804 The Planaday API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 11.4 due to insufficient input sanitization and output escaping.
6.1
2024-12-12 CVE-2024-12156 The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping.
6.1
2024-12-12 CVE-2024-12162 The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping.
6.1
2024-12-12 CVE-2024-12441 The BP Email Assign Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping.
6.1
2024-12-12 CVE-2024-11279 The Schema App Structured Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.4.
6.1
2024-12-12 CVE-2024-11417 The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.97.5.
6.1
2024-12-12 CVE-2024-11419 The Password for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.
6.1
2024-12-12 CVE-2024-11683 The Newsletter Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'token_type' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping.
6.1
2024-12-12 CVE-2024-12258 The WP Service Payment Form With Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping.
6.1
2024-12-12 CVE-2024-12260 The Ultimate Endpoints With Rest Api plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping.
6.1
2024-12-12 CVE-2024-12338 The Website Toolbox Community plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘websitetoolbox_username’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping.
6.1
2024-12-11 CVE-2024-12325 The Waymark plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping.
6.1
2024-12-11 CVE-2024-12004 The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2.
6.1
2024-12-11 CVE-2024-12283 The WP Pipes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘x1’ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping.
6.1
2024-12-10 CVE-2024-49550 Adobe Cross-site Scripting vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
6.1
2024-12-10 CVE-2024-54032 Adobe Cross-site Scripting vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
6.1
2024-12-10 CVE-2024-54034 Adobe Cross-site Scripting vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
6.1
2024-12-10 CVE-2024-54036 Adobe Cross-site Scripting vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
6.1
2024-12-10 CVE-2024-54042 Adobe Cross-site Scripting vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
6.1
2024-12-10 CVE-2024-54043 Adobe Cross-site Scripting vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
6.1
2024-12-10 CVE-2024-54044 Adobe Cross-site Scripting vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
6.1
2024-12-10 CVE-2024-54045 Adobe Cross-site Scripting vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
6.1
2024-12-10 CVE-2024-54046 Adobe Cross-site Scripting vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
6.1
2024-12-10 CVE-2024-54047 Adobe Cross-site Scripting vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
6.1
2024-12-10 CVE-2024-54048 Adobe Cross-site Scripting vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
6.1
2024-12-10 CVE-2024-54049 Adobe Cross-site Scripting vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
6.1
2024-12-10 CVE-2024-54050 Adobe Open Redirect vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability.
6.1
2024-12-10 CVE-2024-54051 Adobe Open Redirect vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability.
6.1
2024-12-10 CVE-2024-12323 The turboSMTP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping.
6.1
2024-12-10 CVE-2024-11973 The Quran multilanguage Text & Audio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sourate' and 'lang' parameter in all versions up to, and including, 2.3.21 due to insufficient input sanitization and output escaping.
6.1
2024-12-12 CVE-2024-54492 Apple Unspecified vulnerability in Apple products

This issue was addressed by using HTTPS when sending information over the network.
5.9
2024-12-12 CVE-2024-54494 Apple Race Condition vulnerability in Apple products

A race condition was addressed with additional validation.
5.9
2024-12-12 CVE-2024-12483 Ujcms Authorization Bypass Through User-Controlled Key vulnerability in Ujcms

A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3.
5.9
2024-12-12 CVE-2024-44201 Apple Unspecified vulnerability in Apple Iphone OS

The issue was addressed with improved memory handling.
5.5
2024-12-12 CVE-2024-44220 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved memory handling.
5.5
2024-12-12 CVE-2024-44243 Apple Unspecified vulnerability in Apple Macos 15.0/15.1/15.1.1

A configuration issue was addressed with additional restrictions.
5.5
2024-12-12 CVE-2024-44300 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved file handling.
5.5
2024-12-12 CVE-2024-54471 Apple Insufficiently Protected Credentials vulnerability in Apple Macos

This issue was addressed with additional entitlement checks.
5.5
2024-12-12 CVE-2024-54474 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved checks.
5.5
2024-12-12 CVE-2024-54476 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved checks.
5.5
2024-12-12 CVE-2024-54477 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved checks.
5.5
2024-12-12 CVE-2024-54484 Apple Information Exposure Through Log Files vulnerability in Apple Macos

The issue was resolved by sanitizing logging.
5.5
2024-12-12 CVE-2024-54490 Apple Unspecified vulnerability in Apple Macos

This issue was addressed by enabling hardened runtime.
5.5
2024-12-12 CVE-2024-54495 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved permissions logic.
5.5
2024-12-12 CVE-2024-54500 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.
5.5
2024-12-12 CVE-2024-54501 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.
5.5
2024-12-12 CVE-2024-54504 Apple Unspecified vulnerability in Apple Macos

A privacy issue was addressed with improved private data redaction for log entries.
5.5
2024-12-12 CVE-2024-54513 Apple Unspecified vulnerability in Apple products

A permissions issue was addressed with additional restrictions.
5.5
2024-12-12 CVE-2024-54524 Apple Unspecified vulnerability in Apple Macos 15.0/15.1/15.1.1

A logic issue was addressed with improved file handling.
5.5
2024-12-12 CVE-2024-54526 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.
5.5
2024-12-12 CVE-2024-54527 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.
5.5
2024-12-12 CVE-2024-54531 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved memory handling.
5.5
2024-12-12 CVE-2024-49065 Microsoft Office Remote Code Execution Vulnerability
5.5
2024-12-10 CVE-2024-52833 Adobe NULL Pointer Dereference vulnerability in Adobe Substance 3D Modeler

Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
5.5
2024-12-10 CVE-2024-53004 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Modeler

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
5.5
2024-12-10 CVE-2024-53005 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Modeler

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
5.5
2024-12-10 CVE-2024-53006 Adobe NULL Pointer Dereference vulnerability in Adobe Substance 3D Modeler

Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
5.5
2024-12-10 CVE-2024-49541 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator

Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
5.5
2024-12-10 CVE-2024-49546 Adobe Out-of-bounds Read vulnerability in Adobe Indesign

InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
5.5
2024-12-10 CVE-2024-49547 Adobe Out-of-bounds Read vulnerability in Adobe Indesign

InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
5.5
2024-12-10 CVE-2024-49548 Adobe Out-of-bounds Read vulnerability in Adobe Indesign

InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
5.5
2024-12-10 CVE-2024-49549 Adobe Out-of-bounds Read vulnerability in Adobe Indesign

InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
5.5
2024-12-10 CVE-2024-53951 Adobe Out-of-bounds Read vulnerability in Adobe Indesign

InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
5.5
2024-12-10 CVE-2024-53952 Adobe NULL Pointer Dereference vulnerability in Adobe Indesign

InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
5.5
2024-12-10 CVE-2024-49554 Adobe NULL Pointer Dereference vulnerability in Adobe Media Encoder

Media Encoder versions 25.0, 24.6.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
5.5
2024-12-10 CVE-2024-49704 A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21).
5.5
2024-12-13 CVE-2024-12042 The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, and including, 4.16.4 due to insufficient file type validation.
5.4
2024-12-13 CVE-2024-12574 The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping.
5.4
2024-12-12 CVE-2024-10583 The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in all versions up to, and including, 1.20.2 due to insufficient input sanitization and output escaping.
5.4
2024-12-12 CVE-2024-12536 Mayurik Cross-site Scripting vulnerability in Mayurik Advocate Office Management System 1.0

A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0.
5.4
2024-12-10 CVE-2024-43712 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser.
5.4
2024-12-10 CVE-2024-43713 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-43714 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-43715 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-43718 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43719 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-43720 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-43721 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-43722 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-43723 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-43724 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-43725 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43726 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43727 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43728 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43730 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43733 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-43734 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43735 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
5.4
2024-12-10 CVE-2024-43736 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43737 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43738 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser.
5.4
2024-12-10 CVE-2024-43739 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43740 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43742 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43743 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43744 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43745 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
5.4
2024-12-10 CVE-2024-43746 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43747 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43748 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43749 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43750 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43751 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43752 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-43754 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser.
5.4
2024-12-10 CVE-2024-52816 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52817 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52818 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52822 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-52823 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-52824 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52825 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52826 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52827 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52828 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52829 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52830 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52832 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52834 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52835 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52836 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52837 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-52838 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-52839 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-52840 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-52841 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52842 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52843 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52844 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-52845 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52846 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52847 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52848 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52849 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52850 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52851 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52852 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52853 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52854 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52855 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52857 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52858 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52859 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52860 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-52861 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52862 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52864 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52865 Adobe Unspecified vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a privileged attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52991 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52992 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-52993 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-53960 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-54037 Adobe Cross-site Scripting vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session.
5.4
2024-12-10 CVE-2024-54039 Adobe Cross-site Scripting vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-54040 Adobe Cross-site Scripting vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-54041 Adobe Cross-site Scripting vulnerability in Adobe Connect

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
5.4
2024-12-10 CVE-2024-47117 IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting.
5.4
2024-12-09 CVE-2024-54935 Lopalopa Cross-site Scripting vulnerability in Lopalopa E-Learning Management System 1.0

A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0.
5.4
2024-12-09 CVE-2024-54919 Lopalopa Cross-site Scripting vulnerability in Lopalopa E-Learning Management System 1.0

A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0.
5.4
2024-12-09 CVE-2024-54936 Lopalopa Cross-site Scripting vulnerability in Lopalopa E-Learning Management System 1.0

A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0.
5.4
2024-12-09 CVE-2024-12359 Code Projects Cross-site Scripting vulnerability in Code-Projects Admin Dashboard 1.0

A vulnerability was found in code-projects Admin Dashboard 1.0.
5.4
2024-12-14 CVE-2024-11712 The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2.
5.3
2024-12-14 CVE-2024-12578 The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint.
5.3
2024-12-13 CVE-2024-12309 The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the get_post_status() due to missing validation on a user controlled key.
5.3
2024-12-13 CVE-2024-12579 The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10.
5.3
2024-12-12 CVE-2024-12265 The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint in all versions up to, and including, 2.12.17.
5.3
2024-12-12 CVE-2024-44212 Apple Origin Validation Error vulnerability in Apple products

A cookie management issue was addressed with improved state management.
5.3
2024-12-12 CVE-2024-44246 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved routing of Safari-originated requests.
5.3
2024-12-12 CVE-2024-54466 Apple Missing Authorization vulnerability in Apple Macos

An authorization issue was addressed with improved state management.
5.3
2024-12-11 CVE-2024-11351 The Restrict – membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature.
5.3
2024-12-11 CVE-2024-11008 The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature.
5.3
2024-12-11 CVE-2024-12294 The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function.
5.3
2024-12-10 CVE-2024-45709 SolarWinds Web Help Desk was susceptible to a local file read vulnerability.
5.3
2024-12-09 CVE-2024-54937 Lopalopa Unspecified vulnerability in Lopalopa E-Learning Management System 1.0

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.
5.3
2024-12-09 CVE-2024-12357 Mayurik Unspecified vulnerability in Mayurik Best House Rental Management System 1.0

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as problematic.
5.3
2024-12-12 CVE-2024-54510 Apple Race Condition vulnerability in Apple products

A race condition was addressed with improved locking.
5.1
2024-12-10 CVE-2024-54005 A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21).
5.1
2024-12-14 CVE-2024-11710 The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'fieldfor', 'visibleParent' and 'id' parameters in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
4.9
2024-12-14 CVE-2024-11713 The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
4.9
2024-12-14 CVE-2024-11714 The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
4.9
2024-12-14 CVE-2024-11715 The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2.
4.8
2024-12-12 CVE-2024-12503 Classcms Cross-site Scripting vulnerability in Classcms 4.8

A vulnerability classified as problematic was found in ClassCMS 4.8.
4.8
2024-12-10 CVE-2024-49531 Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
4.7
2024-12-10 CVE-2024-43732 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser.
4.6
2024-12-10 CVE-2024-53832 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30).
4.6
2024-12-14 CVE-2024-12628 The bodi0`s Easy cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cache-folder' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping.
4.4
2024-12-13 CVE-2024-12581 The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53 due to insufficient input sanitization and output escaping.
4.4
2024-12-12 CVE-2024-12271 The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping.
4.4
2024-12-12 CVE-2024-12401 A flaw was found in the cert-manager package.
4.4
2024-12-12 CVE-2024-11727 The NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content settings for notifications in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping.
4.4
2024-12-11 CVE-2024-35117 IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.
4.4
2024-12-14 CVE-2024-10690 The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODE_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included.
4.3
2024-12-14 CVE-2024-12447 The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key.
4.3
2024-12-13 CVE-2024-11275 The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27.
4.3
2024-12-13 CVE-2024-11911 The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12.
4.3
2024-12-13 CVE-2024-12414 The Themify Store Locator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.9.
4.3
2024-12-12 CVE-2024-11181 The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be included.
4.3
2024-12-12 CVE-2024-11724 The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX action in all versions up to, and including, 3.6.5.
4.3
2024-12-12 CVE-2024-12201 The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1.
4.3
2024-12-12 CVE-2024-12329 The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6.
4.3
2024-12-12 CVE-2024-12018 The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6.
4.3
2024-12-12 CVE-2024-12059 The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode.
4.3
2024-12-12 CVE-2024-12263 The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cloud_delete() and cloud_update() functions in all versions up to, and including, 1.5.5.
4.3
2024-12-12 CVE-2024-11709 The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ai_post_generator_delete_Post AJAX action in all versions up to, and including, 3.5.
4.3
2024-12-12 CVE-2024-12526 The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.0.
4.3
2024-12-12 CVE-2024-12341 The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7cs_action_callback' function in all versions up to, and including, 1.0.
4.3
2024-12-12 CVE-2024-12482 Cjbi Path Traversal vulnerability in Cjbi Wetech-Cms 1.0/1.1/1.2

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2.
4.3
2024-12-11 CVE-2024-51460 IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace.
4.3
2024-12-12 CVE-2024-54503 Apple Unspecified vulnerability in Apple Ipados

An inconsistent user interface issue was addressed with improved state management.
4.2
2024-12-09 CVE-2024-12369 A vulnerability was found in OIDC-Client.
4.2

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-12-13 CVE-2024-12300 The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to, and including, 7.3.
3.7
2024-12-12 CVE-2024-44200 Apple Unspecified vulnerability in Apple Ipados

This issue was addressed with improved redaction of sensitive information.
3.3
2024-12-12 CVE-2024-44290 Apple Unspecified vulnerability in Apple Ipados

This issue was addressed with improved redaction of sensitive information.
3.3
2024-12-12 CVE-2024-54493 Apple Unspecified vulnerability in Apple Macos

This issue was addressed through improved state management.
3.3
2024-12-11 CVE-2023-23472 IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
3.1
2024-12-11 CVE-2023-37395 IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.
2.5
2024-12-12 CVE-2024-54485 Apple Unspecified vulnerability in Apple Iphone OS

The issue was addressed by adding additional logic.
2.4