Vulnerability Summary for the Week of April 8, 2024

Released
Apr 15, 2024
Document ID
SB24-106

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- adobe_commerce
 
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high.2024-04-109CVE-2024-20758
psirt@adobe.com
adobe -- adobe_commerce
 
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact.2024-04-108.1CVE-2024-20759
psirt@adobe.com
adobe -- animate
 
Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-04-117.8CVE-2024-20795
psirt@adobe.com
adobe -- animate
 
Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-04-117.8CVE-2024-20797
psirt@adobe.com
adobe -- illustrator
 
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-04-117.8CVE-2024-30271
psirt@adobe.com
adobe -- illustrator
 
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-04-117.8CVE-2024-30272
psirt@adobe.com
adobe -- illustrator
 
Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-04-117.8CVE-2024-30273
psirt@adobe.com
adobe -- media_encoder
 
Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-04-107.8CVE-2024-20772
psirt@adobe.com
andy_moyle -- church_admin
 
Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.2024-04-079.9CVE-2024-31280
audit@patchstack.com
binary-husky -- gpt_academic
 
GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.2024-04-089.8CVE-2024-31224
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
bitdefender -- gravityzone_control_center_(on_premises)
 
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:  Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for  Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.12024-04-098.1CVE-2024-2223
cve-requests@bitdefender.com
bitdefender -- gravityzone_control_center_(on_premises)
 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.12024-04-098.1CVE-2024-2224
cve-requests@bitdefender.com
britner -- gutenberg_blocks_by_kadence_blocks_-_page_builder_features
 
The Gutenberg Blocks by Kadence Blocks - Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.2024-04-098.5CVE-2023-6964
security@wordfence.com
security@wordfence.com
campcodes -- church_management_system
 
A vulnerability, which was classified as critical, has been found in Campcodes Church Management System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259904.2024-04-107.3CVE-2024-3534
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- church_management_system
 
A vulnerability, which was classified as critical, was found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259905 was assigned to this vulnerability.2024-04-107.3CVE-2024-3535
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cbutlerjr -- wp-members_membership_plugin
 
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page which is the edit users page. This vulnerability was partially patched in version 3.4.9.2, and was fully patched in 3.4.9.3.2024-04-097.2CVE-2024-1852
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
codeisawesome -- aikit
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeIsAwesome AIKit.This issue affects AIKit: from n/a through 4.14.1.2024-04-098.5CVE-2024-31370
audit@patchstack.com
contao -- contao
 
Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages.2024-04-098.3CVE-2024-28235
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
conveythis -- language_translate_widget_for_wordpress_conveythis
 
The Language Translate Widget for WordPress - ConveyThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in all versions up to, and including, 223 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-117.2CVE-2023-6811
security@wordfence.com
security@wordfence.com
croixhaug -- appointment_booking_calendar_-_simply_schedule_appointments_booking_plugin
 
The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-04-098.8CVE-2024-2341
security@wordfence.com
security@wordfence.com
croixhaug -- appointment_booking_calendar_-_simply_schedule_appointments_booking_plugin
 
The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customer_id parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-04-098.8CVE-2024-2342
security@wordfence.com
security@wordfence.com
customily -- customily_product_personalizer
 
The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. We unfortunately could not get in touch with the vendor through various means to disclose this issue.2024-04-097.2CVE-2024-1774
security@wordfence.com
security@wordfence.com
cym1102 -- nginxwebui
 
A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability.2024-04-137.3CVE-2024-3738
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
datafeedrcom -- woocommerce_cloak_affiliate_links
 
The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalink_settings_save' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the affiliate permalink base, driving traffic to malicious sites via the plugin's affiliate links.2024-04-097.5CVE-2024-1308
security@wordfence.com
security@wordfence.com
security@wordfence.com
dattateccom -- env­alosimple:_email_marketing_y_newsletters
 
The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated attackers to upload malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-04-098.8CVE-2024-2125
security@wordfence.com
security@wordfence.com
dell -- alienware_command_center_(awcc)
 
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise.2024-04-107.4CVE-2024-22450
security_alert@emc.com
devitemsllc -- ht_mega_-_absolute_addons_for_elementor
 
The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files on the server, which can contain sensitive information.2024-04-098.8CVE-2024-1974
security@wordfence.com
security@wordfence.com
security@wordfence.com
diracgrid -- dirac
 
DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process (e.g., when using `dirac-proxy-init`), it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a short period of time (sub-millsecond) during the generation process. Version 8.0.41 contains a patch for the issue. As a workaround, setting the `X509_USER_PROXY` environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written, it can be safely copied to the standard location (`/tmp/x509up_uNNNN`).2024-04-098.1CVE-2024-29905
security-advisories@github.com
security-advisories@github.com
eclipse_foundation -- kura
 
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs. This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1]2024-04-097.5CVE-2024-3046
emo@eclipse.org
elextensions -- elex_woocommerce_dynamic_pricing_and_discounts
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts allows Reflected XSS.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2.2024-04-077.1CVE-2024-31255
audit@patchstack.com
esphome -- esphome
 
ESPHome is a system to control microcontrollers remotely through Home Automation systems. API endpoints in dashboard component of ESPHome version 2023.12.9 (command line installation) are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to carry out attacks against a logged user of the dashboard to perform operations on configuration files (create, edit, delete). It is possible for a malicious actor to create a specifically crafted web page that triggers a cross site request against ESPHome, this allows bypassing the authentication for API calls on the platform. This vulnerability allows bypassing authentication on API calls accessing configuration file operations on the behalf of a logged user. In order to trigger the vulnerability, the victim must visit a weaponized page. In addition to this, it is possible to chain this vulnerability with GHSA-9p43-hj5j-96h5/ CVE-2024-27287 to obtain a complete takeover of the user account. Version 2024.3.0 contains a patch for this issue.2024-04-118.1CVE-2024-29019
security-advisories@github.com
security-advisories@github.com
fastify -- fastify-secure-session
 
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is destroyed. When an encrypted cookie with matching session name is provided with subsequent requests, it will decrypt the ciphertext to get the data. The plugin then creates a new session with the data in the ciphertext. Thus theoretically the web instance is still accessing the data from a server-side session, but technically that session is generated solely from a user provided cookie (which is assumed to be non-craftable because it is encrypted with a secret key not known to the user). The issue exists in the session removal process. In the delete function of the code, when the session is deleted, it is marked for deletion. However, if an attacker could gain access to the cookie, they could keep using it forever. Version 7.3.0 contains a patch for the issue. As a workaround, one may include a "last update" field in the session, and treat "old sessions" as expired.2024-04-107.4CVE-2024-31999
security-advisories@github.com
security-advisories@github.com
flipped-aurora -- gin-vue-admin
 
gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System -> Plugin Template feature, an attacker can perform directory traversal by manipulating the `plugName` parameter. They can create specific folders such as `api`, `config`, `global`, `model`, `router`, `service`, and `main.go` function within the specified traversal directory. Moreover, the Go files within these folders can have arbitrary code inserted based on a specific PoC parameter. The main reason for the existence of this vulnerability is the controllability of the PlugName field within the struct. Pseudoversion 0.0.0-20240409100909-b1b7427c6ea6, corresponding to commit b1b7427c6ea6c7a027fa188c6be557f3795e732b, contains a patch for the issue. As a workaround, one may manually use a filtering method available in the GitHub Security Advisory to rectify the directory traversal problem.2024-04-097.7CVE-2024-31457
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
fortinet -- forticlientlinux
 
An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website2024-04-099.6CVE-2023-45590
psirt@fortinet.com
fortinet -- forticlientmac
 
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.2024-04-108.2CVE-2024-31492
psirt@fortinet.com
fortinet -- fortios
 
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack2024-04-097.5CVE-2023-41677
psirt@fortinet.com
fortinet -- fortisandbox
 
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..2024-04-098.8CVE-2024-21755
psirt@fortinet.com
fortinet -- fortisandbox
 
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..2024-04-098.8CVE-2024-21756
psirt@fortinet.com
fortinet -- fortisandbox
 
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests.2024-04-098.1CVE-2024-23671
psirt@fortinet.com
funnelkit -- funnelkit_checkout
 
Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.2024-04-117.5CVE-2023-51672
audit@patchstack.com
gitlab -- gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.2024-04-128.7CVE-2024-2279
cve@gitlab.com
cve@gitlab.com
gitlab -- gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims.2024-04-128.7CVE-2024-3092
cve@gitlab.com
cve@gitlab.com
gowebsmarty -- wp_encryption_-_one_click_free_ssl_certificate_&_ssl_/_https_redirect_to_force_https,_security+
 
The WP Encryption - One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to extract sensitive data including TLS Certificate Private Keys2024-04-097.5CVE-2023-7046
security@wordfence.com
security@wordfence.com
honeywell -- c300
 
C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.2024-04-117.5CVE-2023-5392
psirt@honeywell.com
honeywell -- experion_server
 
Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.2024-04-117.4CVE-2023-5393
psirt@honeywell.com
honeywell -- experion_server
 
Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.2024-04-117.4CVE-2023-5394
psirt@honeywell.com
ibm -- security_verify_access_appliance
 
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306.2024-04-107.5CVE-2024-31871
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_verify_access_appliance
 
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316.2024-04-107.5CVE-2024-31872
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_verify_access_appliance
 
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317.2024-04-107.5CVE-2024-31873
psirt@us.ibm.com
psirt@us.ibm.com
infotheme -- wp_poll_maker
 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1.2024-04-107.7CVE-2024-31240
audit@patchstack.com
iosix -- io-1020_micro_eld
 
IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code.2024-04-129.6CVE-2024-28878
ics-cert@hq.dhs.gov
iosix -- io-1020_micro_eld
 
IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.2024-04-127.4CVE-2024-30210
ics-cert@hq.dhs.gov
iosix -- io-1020_micro_eld
 
IO-1020 Micro ELD web server uses a default password for authentication.2024-04-127.4CVE-2024-31069
ics-cert@hq.dhs.gov
irontec -- sngrep
 
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.2024-04-109CVE-2024-3119
41c37e40-543d-43a2-b660-2fee83ea851a
41c37e40-543d-43a2-b660-2fee83ea851a
41c37e40-543d-43a2-b660-2fee83ea851a
irontec -- sngrep
 
A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages.2024-04-109CVE-2024-3120
41c37e40-543d-43a2-b660-2fee83ea851a
41c37e40-543d-43a2-b660-2fee83ea851a
41c37e40-543d-43a2-b660-2fee83ea851a
j.n._breetvelt_a.k.a._opajaap -- wp_photo_album_plus
 
Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005.2024-04-079.9CVE-2024-31286
audit@patchstack.com
jokr -- network_summary
 
The Network Summary plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter in all versions up to, and including, 2.0.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-04-099.8CVE-2024-2804
security@wordfence.com
security@wordfence.com
jordy_meow -- ai_engine:_chatgpt_chatbot
 
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.2024-04-1210CVE-2023-51409
audit@patchstack.com
jtsternberg -- cmb2
 
The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the text_datetime_timestamp_timezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Please note that the plugin is a developer toolkit. For the vulnerability to become exploitable, the presence of a metabox activation in your code (via functions.php for example) is required.2024-04-097.5CVE-2024-1792
security@wordfence.com
security@wordfence.com
juniper_networks -- junos_os
 
An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects Juniper Networks Junos OS: * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2; Junos OS Evolved: * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO; * 21.2-EVO versions earlier than 21.2R3-S7-EVO; * 21.3-EVO versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S3-EVO; * 22.3-EVO versions earlier than 22.3R3-S1-EVO; * 22.4-EVO versions earlier than 22.4R3-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO; This issue does not affect Juniper Networks * Junos OS versions earlier than 20.4R1; * Junos OS Evolved versions earlier than 20.4R1-EVO. This is a related but separate issue than the one described in JSA79095.2024-04-127.5CVE-2024-21598
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS). This issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below). This issue affects: Junos OS: * all versions before 20.4R3-S10, * from 21.2 before 21.2R3-S8, * from 21.3 before 21.3R3, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2; Junos OS Evolved: * all versions before 21.2R3-S8-EVO, * from 21.3 before 21.3R3-EVO, * from 21.4 before 21.4R3-EVO, * from 22.1 before 22.1R2-EVO.2024-04-127.5CVE-2024-30382
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S6, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S3, * from 22.2 before 22.2R3-S1, * from 22.3 before 22.3R2-S2, 22.3R3, * from 22.4 before 22.4R2-S1, 22.4R3.2024-04-127.5CVE-2024-30392
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received via BGP, rpd crashes and restarts. Continuous receipt of this specific route will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * all versions before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S2-EVO, * from 22.3-EVO before 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.2024-04-127.5CVE-2024-30394
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects: Junos OS: * all versions before 21.2R3-S7,  * from 21.3 before 21.3R3-S5,  * from 21.4 before 21.4R3-S5,  * from 22.1 before 22.1R3-S5,  * from 22.2 before 22.2R3-S3,  * from 22.3 before 22.3R3-S2,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R1-S2, 23.2R2. Junos OS Evolved: * all versions before 21.2R3-S7-EVO,  * from 21.3-EVO before 21.3R3-S5-EVO,  * from 21.4-EVO before 21.4R3-S5-EVO,  * from 22.2-EVO before 22.2R3-S3-EVO,  * from 22.3-EVO before 22.3R3-S2-EVO,  * from 22.4-EVO before 22.4R3-EVO,  * from 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO. This is a related but separate issue than the one described in JSA757392024-04-127.5CVE-2024-30395
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail. This CPU utilization of pkid can be checked using this command:   root@srx> show system processes extensive | match pkid   xxxxx  root  103  0  846M  136M  CPU1  1 569:00 100.00% pkid This issue affects: Juniper Networks Junos OS All versions prior to 20.4R3-S10; 21.2 versions prior to 21.2R3-S7; 21.4 versions prior to 21.4R3-S5; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S3; 22.3 versions prior to 22.3R3-S1; 22.4 versions prior to 22.4R3; 23.2 versions prior to 23.2R1-S2, 23.2R2.2024-04-127.5CVE-2024-30397
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a high amount of specific traffic is received on a SRX4600 device, due to an error in internal packet handling, a consistent rise in CPU memory utilization occurs. This results in packet drops in the traffic and eventually the PFE crashes. A manual reboot of the PFE will be required to restore the device to original state. This issue affects Junos OS:   21.2 before 21.2R3-S7, 21.4 before 21.4R3-S6,  22.1 before 22.1R3-S5, 22.2 before 22.2R3-S3, 22.3 before 22.3R3-S2, 22.4 before 22.4R3, 23.2 before 23.2R1-S2, 23.2R2.2024-04-127.5CVE-2024-30398
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. This issue affects: Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled. * All versions earlier than 21.2R3-S7; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2. 2024-04-127.5CVE-2024-30405
sirt@juniper.net
sirt@juniper.net
juniper_networks -- paragon_active_assurance
 
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The "netrounds-probe-login" daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center. This issue affects Paragon Active Assurance: 4.1.0, 4.2.0.2024-04-128.4CVE-2024-30381
sirt@juniper.net
sirt@juniper.net
juniper_networks_inc. -- crpd
 
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected.  This issue affects Juniper Networks JCNR: * All versions before 23.4. This issue affects Juniper Networks cRPD: * All versions before 23.4R1.2024-04-128.1CVE-2024-30407
sirt@juniper.net
sirt@juniper.net
sirt@juniper.net
levelfourstorefront -- shopping_cart_&_ecommerce_store
 
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-04-128.8CVE-2024-3211
security@wordfence.com
security@wordfence.com
lg -- webos
 
A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA  * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB  * webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA2024-04-099.1CVE-2023-6318
cve-requests@bitdefender.com
lg -- webos
 
A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. * webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA  * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA  * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB  * webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA2024-04-099.1CVE-2023-6319
cve-requests@bitdefender.com
lg -- webos
 
A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA  * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB2024-04-099.1CVE-2023-6320
cve-requests@bitdefender.com
lg -- webos
 
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN.  Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB   webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA2024-04-097.2CVE-2023-6317
cve-requests@bitdefender.com
link_whisper -- link_whisper_free
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Whisper Link Whisper Free allows Reflected XSS.This issue affects Link Whisper Free: from n/a through 0.6.8.2024-04-117.1CVE-2024-27992
audit@patchstack.com
linkwhspr -- link_whisper_free
 
The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-04-098.8CVE-2024-2693
security@wordfence.com
security@wordfence.com
makeplane -- plane
 
Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. The impact of this vulnerability includes, but is not limited to, unauthorized access to internal services accessible from the server, potential leakage of sensitive information from internal services, manipulation of internal systems by interacting with internal APIs. Version 0.17-dev contains a patch for this issue. Those who are unable to update immediately may mitigate the issue by restricting outgoing network connections from servers hosting the application to essential services only and/or implementing strict input validation on URLs or parameters that are used to generate server-side requests.2024-04-109.1CVE-2024-31461
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
mervb1 -- easy_property_listings
 
The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the 'property_status' shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-04-098.8CVE-2024-1893
security@wordfence.com
security@wordfence.com
security@wordfence.com
metagauss -- registrationmagic_-_custom_registration_forms_user_registration_payment,_and_user_loginThe RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator2024-04-098.8CVE-2024-1991
security@wordfence.com
security@wordfence.com
security@wordfence.com
metagauss -- registrationmagic_-_custom_registration_forms_user_registration_payment,_and_user_login
 
The RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-04-098.8CVE-2024-1990
security@wordfence.com
security@wordfence.com
security@wordfence.com
microsoft -- azure_ai_search
 
Azure AI Search Information Disclosure Vulnerability2024-04-097.3CVE-2024-29063
secure@microsoft.com
microsoft -- azure_cyclecloud_8.6.0
 
Azure CycleCloud Elevation of Privilege Vulnerability2024-04-098.8CVE-2024-29993
secure@microsoft.com
microsoft -- azure_kubernetes_service
 
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability2024-04-099CVE-2024-29990
secure@microsoft.com
microsoft -- azure_monitor
 
Azure Monitor Agent Elevation of Privilege Vulnerability2024-04-098.4CVE-2024-29989
secure@microsoft.com
microsoft -- microsoft_365_apps_for_enterprise
 
Microsoft Excel Remote Code Execution Vulnerability2024-04-097.8CVE-2024-26257
secure@microsoft.com
microsoft -- microsoft_defender_for_iot
 
Microsoft Defender for IoT Remote Code Execution Vulnerability2024-04-098.8CVE-2024-21323
secure@microsoft.com
microsoft -- microsoft_defender_for_iot
 
Microsoft Defender for IoT Remote Code Execution Vulnerability2024-04-098.8CVE-2024-29053
secure@microsoft.com
microsoft -- microsoft_defender_for_iot
 
Microsoft Defender for IoT Remote Code Execution Vulnerability2024-04-097.2CVE-2024-21322
secure@microsoft.com
microsoft -- microsoft_defender_for_iot
 
Microsoft Defender for IoT Elevation of Privilege Vulnerability2024-04-097.2CVE-2024-21324
secure@microsoft.com
microsoft -- microsoft_defender_for_iot
 
Microsoft Defender for IoT Elevation of Privilege Vulnerability2024-04-097.2CVE-2024-29054
secure@microsoft.com
microsoft -- microsoft_defender_for_iot
 
Microsoft Defender for IoT Elevation of Privilege Vulnerability2024-04-097.2CVE-2024-29055
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(cu_25)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28908
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(cu_25)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28910
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(cu_25)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28911
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(cu_25)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28913
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(cu_25)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28915
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(cu_25)
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28929
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(cu_25)
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28930
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(cu_25)
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28935
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(cu_25)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28939
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(cu_25)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-29044
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(cu_25)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-29047
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(cu_25)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-29048
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(cu_25)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-29982
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(cu_25)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-29983
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(cu_25)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-097.5CVE-2024-29045
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(gdr)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28927
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(gdr)
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28937
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(gdr)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28940
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(gdr)
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28941
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(gdr)
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28943
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(gdr)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28944
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(gdr)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28945
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(gdr)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-29046
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(gdr)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-29984
secure@microsoft.com
microsoft -- microsoft_sql_server_2019_(gdr)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-29985
secure@microsoft.com
microsoft -- microsoft_sql_server_2022_for_(cu_12)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28906
secure@microsoft.com
microsoft -- microsoft_sql_server_2022_for_(cu_12)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28909
secure@microsoft.com
microsoft -- microsoft_sql_server_2022_for_(cu_12)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28912
secure@microsoft.com
microsoft -- microsoft_sql_server_2022_for_(cu_12)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28914
secure@microsoft.com
microsoft -- microsoft_sql_server_2022_for_(cu_12)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28926
secure@microsoft.com
microsoft -- microsoft_sql_server_2022_for_(cu_12)
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28931
secure@microsoft.com
microsoft -- microsoft_sql_server_2022_for_(cu_12)
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28932
secure@microsoft.com
microsoft -- microsoft_sql_server_2022_for_(cu_12)
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28934
secure@microsoft.com
microsoft -- microsoft_sql_server_2022_for_(cu_12)
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28936
secure@microsoft.com
microsoft -- microsoft_sql_server_2022_for_(cu_12)
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28938
secure@microsoft.com
microsoft -- microsoft_sql_server_2022_for_(cu_12)
 
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28942
secure@microsoft.com
microsoft -- microsoft_sql_server_2022_for_(cu_12)
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-29043
secure@microsoft.com
microsoft -- microsoft_visual_studio_2019_version_16.11_(includes_16.0_-_16.10)
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-28933
secure@microsoft.com
microsoft -- microsoft_visual_studio_2022_version_17.9
 
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability2024-04-097.3CVE-2024-21409
secure@microsoft.com
microsoft -- outlook_for_windows
 
Outlook for Windows Spoofing Vulnerability2024-04-098.1CVE-2024-20670
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Remote Procedure Call Runtime Remote Code Execution Vulnerability2024-04-098.8CVE-2024-20678
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability2024-04-098.8CVE-2024-26179
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-098CVE-2024-26180
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-098CVE-2024-26189
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability2024-04-098.8CVE-2024-26200
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability2024-04-098.8CVE-2024-26205
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-26210
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability2024-04-098.8CVE-2024-26214
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-098CVE-2024-26240
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability2024-04-098.8CVE-2024-26244
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-098CVE-2024-28925
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Cryptographic Services Remote Code Execution Vulnerability2024-04-098.4CVE-2024-29050
secure@microsoft.com
microsoft -- windows_10_version_1809
 
SmartScreen Prompt Security Feature Bypass Vulnerability2024-04-098.8CVE-2024-29988
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Kernel Elevation of Privilege Vulnerability2024-04-097.8CVE-2024-20693
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft Install Service Elevation of Privilege Vulnerability2024-04-097.8CVE-2024-26158
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-097.8CVE-2024-26175
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-097.4CVE-2024-26194
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability2024-04-097.2CVE-2024-26208
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability2024-04-097.8CVE-2024-26211
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Kernel Elevation of Privilege Vulnerability2024-04-097.8CVE-2024-26218
secure@microsoft.com
microsoft -- windows_10_version_1809
 
HTTP.sys Denial of Service Vulnerability2024-04-097.5CVE-2024-26219
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability2024-04-097.3CVE-2024-26232
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Defender Credential Guard Elevation of Privilege Vulnerability2024-04-097.8CVE-2024-26237
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Telephony Server Elevation of Privilege Vulnerability2024-04-097.8CVE-2024-26239
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Win32k Elevation of Privilege Vulnerability2024-04-097.8CVE-2024-26241
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Telephony Server Elevation of Privilege Vulnerability2024-04-097CVE-2024-26242
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows SMB Elevation of Privilege Vulnerability2024-04-097.8CVE-2024-26245
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Kerberos Elevation of Privilege Vulnerability2024-04-097.5CVE-2024-26248
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability2024-04-097.5CVE-2024-26254
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-097.5CVE-2024-28896
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-097.8CVE-2024-28920
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-097.8CVE-2024-29061
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-097.1CVE-2024-29062
secure@microsoft.com
microsoft -- windows_11_version_22h2
 
libarchive Remote Code Execution Vulnerability2024-04-097.8CVE-2024-26256
secure@microsoft.com
microsoft -- windows_server_2012
 
Secure Boot Security Feature Bypass Vulnerability2024-04-097.1CVE-2024-20688
secure@microsoft.com
microsoft -- windows_server_2012
 
Secure Boot Security Feature Bypass Vulnerability2024-04-097.1CVE-2024-20689
secure@microsoft.com
microsoft -- windows_server_2019
 
DHCP Server Service Remote Code Execution Vulnerability2024-04-097.2CVE-2024-26195
secure@microsoft.com
microsoft -- windows_server_2019
 
DHCP Server Service Remote Code Execution Vulnerability2024-04-097.2CVE-2024-26202
secure@microsoft.com
microsoft -- windows_server_2019
 
DHCP Server Service Denial of Service Vulnerability2024-04-097.5CVE-2024-26212
secure@microsoft.com
microsoft -- windows_server_2019
 
DHCP Server Service Denial of Service Vulnerability2024-04-097.5CVE-2024-26215
secure@microsoft.com
microsoft -- windows_server_2019
 
Windows File Server Resource Management Service Elevation of Privilege Vulnerability2024-04-097.3CVE-2024-26216
secure@microsoft.com
microsoft -- windows_server_2019
 
Windows DNS Server Remote Code Execution Vulnerability2024-04-097.2CVE-2024-26221
secure@microsoft.com
microsoft -- windows_server_2019
 
Windows DNS Server Remote Code Execution Vulnerability2024-04-097.2CVE-2024-26222
secure@microsoft.com
microsoft -- windows_server_2019
 
Windows DNS Server Remote Code Execution Vulnerability2024-04-097.2CVE-2024-26223
secure@microsoft.com
microsoft -- windows_server_2019
 
Windows DNS Server Remote Code Execution Vulnerability2024-04-097.2CVE-2024-26224
secure@microsoft.com
microsoft -- windows_server_2019
 
Windows DNS Server Remote Code Execution Vulnerability2024-04-097.2CVE-2024-26227
secure@microsoft.com
microsoft -- windows_server_2019
 
Windows Cryptographic Services Security Feature Bypass Vulnerability2024-04-097.8CVE-2024-26228
secure@microsoft.com
microsoft -- windows_server_2019
 
Windows CSC Service Elevation of Privilege Vulnerability2024-04-097.8CVE-2024-26229
secure@microsoft.com
microsoft -- windows_server_2019
 
Windows Telephony Server Elevation of Privilege Vulnerability2024-04-097.8CVE-2024-26230
secure@microsoft.com
microsoft -- windows_server_2019
 
Windows DNS Server Remote Code Execution Vulnerability2024-04-097.2CVE-2024-26231
secure@microsoft.com
microsoft -- windows_server_2019
 
Windows DNS Server Remote Code Execution Vulnerability2024-04-097.2CVE-2024-26233
secure@microsoft.com
microsoft -- windows_server_2019
 
Windows Distributed File System (DFS) Remote Code Execution Vulnerability2024-04-097.2CVE-2024-29066
secure@microsoft.com
microsoft -- windows_server_2022,_23h2_edition_(server_core_installation)
 
Microsoft Brokering File System Elevation of Privilege Vulnerability2024-04-097CVE-2024-26213
secure@microsoft.com
microsoft -- windows_server_2022,_23h2_edition_(server_core_installation)
 
Windows Update Stack Elevation of Privilege Vulnerability2024-04-097.8CVE-2024-26235
secure@microsoft.com
microsoft -- windows_server_2022,_23h2_edition_(server_core_installation)
 
Windows Update Stack Elevation of Privilege Vulnerability2024-04-097CVE-2024-26236
secure@microsoft.com
microsoft -- windows_server_2022,_23h2_edition_(server_core_installation)
 
Microsoft Brokering File System Elevation of Privilege Vulnerability2024-04-097.8CVE-2024-28904
secure@microsoft.com
microsoft -- windows_server_2022,_23h2_edition_(server_core_installation)
 
Microsoft Brokering File System Elevation of Privilege Vulnerability2024-04-097.8CVE-2024-28905
secure@microsoft.com
microsoft -- windows_server_2022,_23h2_edition_(server_core_installation)
 
Microsoft Brokering File System Elevation of Privilege Vulnerability2024-04-097.8CVE-2024-28907
secure@microsoft.com
microsoft -- windows_server_2022
 
Windows Authentication Elevation of Privilege Vulnerability2024-04-097.8CVE-2024-21447
secure@microsoft.com
microsoft -- windows_server_2022
 
Windows USB Print Driver Elevation of Privilege Vulnerability2024-04-097CVE-2024-26243
secure@microsoft.com
microsoft -- windows_server_2022
 
Windows Storage Elevation of Privilege Vulnerability2024-04-097.8CVE-2024-29052
secure@microsoft.com
moove_agency -- import_xml_and_rss_feeds
 
Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5.2024-04-077.2CVE-2024-31292
audit@patchstack.com
n/a -- csmock
 
A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.2024-04-107.6CVE-2024-2243
patrick@puiterwijk.org
patrick@puiterwijk.org
n/a -- eap
 
A flaw was found in JBoss EAP. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in OidcSessionTokenStore when determining if a cached token should be used or not. This logic needs to be updated to take into account the new "provider-url" option in addition to the "realm" option.2024-04-107.3CVE-2023-6236
secalert@redhat.com
secalert@redhat.com
n/a -- eap
 
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.2024-04-097.3CVE-2024-1233
secalert@redhat.com
secalert@redhat.com
n/a -- mysql2
 
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.2024-04-119.8CVE-2024-21508
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
n/a -- ofono
 
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver().2024-04-108.1CVE-2023-2794
patrick@puiterwijk.org
n/a -- qemu
 
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.2024-04-098.2CVE-2024-3446
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
nerdpressteam -- hubbub_lite_-_fast_reliable_social_sharing_buttons
 
The Hubbub Lite - Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the 'dpsp_maybe_unserialize' function. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-04-097.5CVE-2024-2501
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
netdata -- netdata
 
Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-04-128.8CVE-2024-32019
security-advisories@github.com
security-advisories@github.com
nozomi_networks -- guardian
 
Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation.2024-04-107.2CVE-2023-6916
prodsec@nozominetworks.com
nozomi_networks -- guardian
 
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets. Network traffic may not be analyzed until the IDS module is restarted.2024-04-107.5CVE-2024-0218
prodsec@nozominetworks.com
nvidia -- chatrtx
 
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering2024-04-088.2CVE-2024-0082
psirt@nvidia.com
octopus_deploy -- octopus_server
 
A race condition was identified through which privilege escalation was possible in certain configurations.2024-04-098.8CVE-2024-2975
security@octopus.com
opengnsys -- opengnsys
 
SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database.2024-04-129.8CVE-2024-3704
cve-coordination@incibe.es
opengnsys -- opengnsys
 
Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/M_Icons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell injection.2024-04-128.8CVE-2024-3705
cve-coordination@incibe.es
opentext -- arcsight_management_center
 
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.2024-04-088.7CVE-2024-2834
security@opentext.com
palo_alto_networks -- pan-os
 
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.2024-04-1210CVE-2024-3400
psirt@paloaltonetworks.com
psirt@paloaltonetworks.com
psirt@paloaltonetworks.com
palo_alto_networks -- pan-os
 
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.2024-04-107.5CVE-2024-3382
psirt@paloaltonetworks.com
palo_alto_networks -- pan-os
 
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.2024-04-107.4CVE-2024-3383
psirt@paloaltonetworks.com
palo_alto_networks -- pan-os
 
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.2024-04-107.5CVE-2024-3384
psirt@paloaltonetworks.com
palo_alto_networks -- pan-os
 
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls2024-04-107.5CVE-2024-3385
psirt@paloaltonetworks.com
pencidesign -- soledad
 
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.2024-04-097.1CVE-2024-31367
audit@patchstack.com
phpgurukul -- small_crm
 
A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260480.2024-04-127.3CVE-2024-3691
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pickplugins -- product_designer
 
Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32.2024-04-078.7CVE-2024-31277
audit@patchstack.com
planet -- igs-4215-16t2s
 
Information exposure vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to access some administrative resources due to lack of proper management of the Switch web interface.2024-04-117.7CVE-2024-2740
cve-coordination@incibe.es
planet -- igs-4215-16t2s

 
Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to trick some authenticated users into performing actions in their session, such as adding or updating accounts through the Switch web interface.2024-04-117.1CVE-2024-2741
cve-coordination@incibe.es
presstigers -- simple_job_board
 
The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the job_board_applicant_list_columns_value function. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code when a submitted job application is viewed.2024-04-099.8CVE-2024-1813
security@wordfence.com
security@wordfence.com
rapidload -- rapidload_power-up_for_autoptimize
 
Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize.This issue affects RapidLoad Power-Up for Autoptimize: from n/a through 2.2.11.2024-04-077.2CVE-2024-31288
audit@patchstack.com
redisbloom -- redisbloom
 
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.2024-04-097CVE-2024-25115
security-advisories@github.com
security-advisories@github.com
redon-tech -- redon-hub
 
Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch.2024-04-088.8CVE-2024-31442
security-advisories@github.com
security-advisories@github.com
reservation_diary -- redi_restaurant_reservation
 
Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Cross-Site Scripting (XSS).This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.2024-04-107.1CVE-2024-31299
audit@patchstack.com
rust-lang -- rust
 
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected. The `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument. On Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted. One exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution. Due to the complexity of `cmd.exe`, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an `InvalidInput` error when it cannot safely escape an argument. This error will be emitted when spawning the process. The fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library's escaping logic.2024-04-0910CVE-2024-24576
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
saleswonder.biz -- 5_stars_rating_funnel
 
Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating Funnel.This issue affects 5 Stars Rating Funnel: from n/a through 1.2.67.2024-04-107.5CVE-2024-31358
audit@patchstack.com
sap_se -- sap_asset_accounting
 
SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.2024-04-097.2CVE-2024-27901
cna@sap.com
cna@sap.com
sap_se -- sap_businessobjects_web_intelligence
 
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.2024-04-097.7CVE-2024-25646
cna@sap.com
cna@sap.com
sap_se -- sap_netweaver_as_java_user_management_engine
 
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.2024-04-098.8CVE-2024-27899
cna@sap.com
cna@sap.com
sc0ttkclark -- pods_-_custom_content_types_and_fields
 
The Pods - Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-04-098.8CVE-2023-6967
security@wordfence.com
security@wordfence.com
security@wordfence.com
sc0ttkclark -- pods_-_custom_content_types_and_fields
 
The Pods - Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access or higher, to execute code on the server.2024-04-098.8CVE-2023-6999
security@wordfence.com
security@wordfence.com
security@wordfence.com
searchiq -- searchiq
 
Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5.2024-04-107.5CVE-2024-31259
audit@patchstack.com
shapedplugin -- carousel,_slider_gallery_by_wp_carousel_-_image_carousel_&_photo_gallery_post_carousel_&_post_grid_product_carousel_&_product_grid_for_woocommerce
 
The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-04-107.2CVE-2024-3020
security@wordfence.com
security@wordfence.com
siemens -- parasolid_v35.1
 
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.2024-04-097.8CVE-2024-26275
productcert@siemens.com
siemens -- scalance_w1748-1_m12
 
A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0). This CVE refers to Scenario 3 "Override client's security context" of CVE-2022-47522. Affected devices can be tricked into associating a newly negotiated, attacker-controlled, security context with frames belonging to a victim. This could allow a physically proximate attacker to decrypt frames meant for the victim.2024-04-098.4CVE-2024-30191
productcert@siemens.com
siemens -- sinec_nms
 
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system.2024-04-097.6CVE-2024-31978
productcert@siemens.com
sizam -- rehub_framework
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sizam REHub Framework.This issue affects REHub Framework: from n/a before 19.6.2.2024-04-078.5CVE-2024-31234
audit@patchstack.com
sizam -- rehub

 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sizam Rehub.This issue affects Rehub: from n/a through 19.6.1.2024-04-078.5CVE-2024-31233
audit@patchstack.com
skymoonlabs -- moveto
 
Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.2024-04-119.8CVE-2024-25912
audit@patchstack.com
smartersite -- wp_compress_-_image_optimizer_[all-in-one]
 
The WP Compress - Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset the CDN region and set a malicious URL to deliver images.2024-04-097.5CVE-2024-1934
security@wordfence.com
security@wordfence.com
security@wordfence.com
solwin_infotech -- user_activity_log
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log.This issue affects User Activity Log: from n/a through 1.8.2024-04-107.6CVE-2024-31356
audit@patchstack.com
sonaar_music -- mp3_audio_player_for_music_radio_&_podcast_by_sonaar
 
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1.2024-04-107.5CVE-2024-31343
audit@patchstack.com
sourcecodester -- prison_management_system
 
A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /Admin/login.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259691.2024-04-087.3CVE-2024-3438
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- prison_management_system
 
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Account/login.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259692.2024-04-087.3CVE-2024-3439
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
specialk -- simple_ajax_chat_-_add_a_fast,_secure_chat_box
 
The Simple Ajax Chat - Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field in all versions up to, and including, 20240216 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-097.2CVE-2024-2957
security@wordfence.com
security@wordfence.com
stylemix -- masterstudy_lms_wordpress_plugin_-_for_online_courses_and_education
 
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.2024-04-099.8CVE-2024-3136
security@wordfence.com
security@wordfence.com
security@wordfence.com
subnet_solutions -- powersystem_server
 
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server 2021.2024-04-098.4CVE-2024-3313
ics-cert@hq.dhs.gov
sukhchain_singh -- auto_poster
 
Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2.2024-04-079.1CVE-2024-31345
audit@patchstack.com
techlabpro1 -- classified_listing_-_classified_ads_&_business_directory_plugin
 
The Classified Listing - Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtcl_update_user_account' function. This makes it possible for unauthenticated attackers to change the administrator user's password and email address via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This locks the administrator out of the site and prevents them from resetting their password, while granting the attacker access to their account.2024-04-098.8CVE-2024-1315
security@wordfence.com
security@wordfence.com
security@wordfence.com
themefusion -- avada_|_website_builder_for_wordpress_&_woocommerce
 
The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticted attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-04-097.2CVE-2024-2344
security@wordfence.com
security@wordfence.com
security@wordfence.com
themify -- post_type_builder_(ptb)
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a through 2.0.8.2024-04-097.1CVE-2024-31365
audit@patchstack.com
themify -- post_type_builder_(ptb)
 
Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8.2024-04-097.1CVE-2024-31366
audit@patchstack.com
thimpress -- learnpress_export_import
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3.2024-04-077.6CVE-2024-31241
audit@patchstack.com
tooltip -- wordpress_tooltips
 
Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3.2024-04-117.1CVE-2024-31285
audit@patchstack.com
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
 
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point.2024-04-098.1CVE-2023-49133
talos-cna@cisco.com
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
 
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.2024-04-098.1CVE-2023-49134
talos-cna@cisco.com
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
 
A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.2024-04-097.5CVE-2023-48724
talos-cna@cisco.com
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
 
A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.2024-04-097.4CVE-2023-49074
talos-cna@cisco.com
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
 
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x0045ab7c` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.2024-04-097.2CVE-2023-49906
talos-cna@cisco.com
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
 
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.2024-04-097.2CVE-2023-49907
talos-cna@cisco.com
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
 
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x0045abc8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.2024-04-097.2CVE-2023-49908
talos-cna@cisco.com
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
 
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x0045ab38` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.2024-04-097.2CVE-2023-49909
talos-cna@cisco.com
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
 
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.2024-04-097.2CVE-2023-49910
talos-cna@cisco.com
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
 
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.2024-04-097.2CVE-2023-49911
talos-cna@cisco.com
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
 
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.2024-04-097.2CVE-2023-49912
talos-cna@cisco.com
tp-link -- ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3)
 
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.2024-04-097.2CVE-2023-49913
talos-cna@cisco.com
traccar -- traccar
 
Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file extension, and partial control over the file name. While it's not for an attacker to overwrite an existing file, an attacker can create new files with certain names and attacker-controlled extensions anywhere on the file system. This can potentially lead to remote code execution, XSS, DOS, etc. The default install of Traccar makes this vulnerability more severe. Self-registration is enabled by default, allowing anyone to create an account to exploit this vulnerability. Traccar also runs by default with root/system privileges, allowing files to be placed anywhere on the file system. Version 6.0 contains a fix for the issue. One may also turn off self-registration by default, as that would make most vulnerabilities in the application much harder to exploit by default and reduce the severity considerably.2024-04-109.6CVE-2024-31214
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
traccar -- traccar
 
Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vulnerability to upload files with the prefix `device.` under any folder. Attackers can use this vulnerability for phishing, cross-site scripting attacks, and potentially execute arbitrary commands on the server. Version 6.0 contains a patch for the issue.2024-04-108.5CVE-2024-24809
security-advisories@github.com
security-advisories@github.com
traefik -- traefik
 
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.2024-04-127.5CVE-2024-28869
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
tribulant -- slideshow_gallery
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.2024-04-108.5CVE-2024-31355
audit@patchstack.com
undsgn -- uncode_core
 
Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8.2024-04-128.8CVE-2023-51515
audit@patchstack.com
webinarpress -- webinarpress
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebinarPress allows Reflected XSS.This issue affects WebinarPress: from n/a through 1.33.9.2024-04-077.1CVE-2024-31256
audit@patchstack.com
wedevs -- wp_erp_|_complete_hr_solution_with_recruitment_&_job_listings_|_woocommerce_crm_&_accounting
 
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with accounting manager or admin privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-04-097.2CVE-2024-0952
security@wordfence.com
security@wordfence.com
welotec -- tk515l
 
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.2024-04-099.8CVE-2023-1083
info@cert.vde.com
welotec -- tk515l
 
An remote attacker with low privileges can perform a command injection which can lead to root access.2024-04-098.8CVE-2023-1082
info@cert.vde.com
wintercms -- wn-dusk-plugin
 
wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk browser testing into Winter CMS. The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment (such as headless Chrome) to act as a user in the Backend or User plugin without having to go through authentication. This route is `[[URL]]/_dusk/login/[[USER ID]]/[[MANAGER]]` - where `[[URL]]` is the base URL of the site, `[[USER ID]]` is the ID of the user account and `[[MANAGER]]` is the authentication manager (either `backend` for Backend, or `user` for the User plugin). If a configuration of a site using the Dusk plugin is set up in such a way that the Dusk plugin is available publicly and the test cases in Dusk are run with live data, this route may potentially be used to gain access to any user account in either the Backend or User plugin without authentication. As indicated in the `README`, this plugin should only be used in development and should *NOT* be used in a production instance. It is specifically recommended that the plugin be installed as a development dependency only in Composer. In order to remediate this issue, the special routes used above will now no longer be registered unless the `APP_ENV` environment variable is specifically set to `dusk`. Since Winter by default does not use this environment variable and it is not populated by default, it will only exist if Dusk's automatic configuration is used (which won't exhibit this vulnerability) or if a developer manually specifies it in their configuration. The automatic configuration performed by the Dusk plugin has also been hardened by default to use sane defaults and not allow external environment variables to leak into this configuration. This will only affect users in which the Winter CMS installation meets ALL the following criteria: 1. The Dusk plugin is installed in the Winter CMS instance. 2. The application is in production mode (ie. the `debug` config value is set to `true` in `config/app.php`). 3. The Dusk plugin's automatic configuration has been overridden, either by providing a custom `.env.dusk` file or by providing custom configuration in the `config/dusk` folder, or by providing configuration environment variables externally. 4. The environment has been configured to use production data in the database for testing, and not the temporary SQLite database that Dusk uses by default. 5. The application is connectable via the web. This issue has been fixed in version 2.1.0. Users are advised to upgrade.2024-04-128.8CVE-2024-32003
security-advisories@github.com
security-advisories@github.com
wisdmlabs -- edwiser_bridge
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.2.2024-04-077.6CVE-2024-31260
audit@patchstack.com
wpeverest -- everest_forms_-_build_contact_forms_surveys_polls_quizzes_newsletter_&_application_forms_and_many_more_with_ease!
 
The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.2024-04-097.2CVE-2024-1812
security@wordfence.com
security@wordfence.com
wpexperts -- wholesale_for_woocommerce
 
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.2024-04-107.5CVE-2024-31297
audit@patchstack.com
wpmudev -- forminator_-_contact_form,_payment_form_&_custom_form_builder
 
The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-097.2CVE-2024-1794
security@wordfence.com
security@wordfence.com
wpvividplugins -- migration_backup_staging_-_wpvivid
 
WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This is due to the plugin not providing sufficient path validation on the tree_node[node][id] parameter. This makes it possible for authenticated attackers, with admin-level access and above, to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-04-127.2CVE-2024-3054
security@wordfence.com
security@wordfence.com
wpwhitesecurity -- wp_activity_log_premium
 
The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. One demonstrated attack included the injection of a PHP Object.2024-04-098.8CVE-2024-2018
security@wordfence.com
security@wordfence.com
xibosignage -- xibo-cms
 
Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request headers are not correctly sanitised when stored in the session and display tables. These headers can be used to inject a malicious script into the session page to exfiltrate session IDs and User Agents. These session IDs / User Agents can subsequently be used to hijack active sessions. A malicious script can be injected into the display grid to exfiltrate information related to displays. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Upgrading to a fixed version is necessary to remediate. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this issue.2024-04-128.8CVE-2024-29022
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xibosignage -- xibo-cms
 
Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session. Users must be granted access to the session page, or be a super admin. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this vulnerability.2024-04-127.2CVE-2024-29023
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki -- xwiki-commons
 
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape `{`, which, when used in certain places, allows XWiki syntax injection and thereby remote code execution. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9 RC1. Apart from upgrading, there is no generic workaround. However, replacing `$escapetool.html` by `$escapetool.xml` in XWiki documents fixes the vulnerability. In a standard XWiki installation, the maintainers are only aware of the document `Panels.PanelLayoutUpdate` that exposes this vulnerability, patching this document is thus a workaround. Any extension could expose this vulnerability and might thus require patching, too.2024-04-1010CVE-2024-31996
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki -- xwiki-platform
 
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki.2024-04-1010CVE-2024-31982
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki -- xwiki-platform
 
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the document `XWiki.SearchSuggestSourceSheet`.2024-04-109.9CVE-2024-31465
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki -- xwiki-platform
 
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically used on the instance, an administrator can create the document `XWiki.PDFClass` and block its edition, after making sure that it does not contain a `style` attribute. Otherwise, there are no known workarounds aside from upgrading.2024-04-109.9CVE-2024-31981
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki -- xwiki-platform
 
XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting in version 4.3-milestone-2 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, this can be exploited for remote code execution if the translation value is not properly escaped where it is used. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may restrict edit rights on documents that contain translations.2024-04-109.9CVE-2024-31983
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki -- xwiki-platform
 
XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the `Main.SolrSpaceFacet` page.2024-04-109.9CVE-2024-31984
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki -- xwiki-platform
 
XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page.2024-04-109CVE-2024-31986
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki -- xwiki-platform
 
XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote code execution. This has been patched in XWiki 14.10.19, 15.5.4 and 15.10RC1. No known workarounds are available except for upgrading.2024-04-109.9CVE-2024-31987
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki -- xwiki-platform
 
XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user to either visit a crafted URL or to view an image with this URL that could be in a comment, the attacker can get the admin to execute arbitrary XWiki syntax including scripting macros with Groovy or Python code. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9. As a workaround, one may update `RTFrontend.ConvertHTML` manually with the patch. This will, however, break some synchronization processes in the realtime editor, so upgrading should be the preferred way on installations where this editor is used.2024-04-109.6CVE-2024-31988
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki -- xwiki-platform
 
XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. This allows remote code execution and thereby impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9-RC1. No known workarounds are available.2024-04-109.9CVE-2024-31997
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
yt-dlp -- yt-dlp
 
yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2024.04.09 fixes this issue by properly escaping `%`. It replaces them with `%%cd:~,%`, a variable that expands to nothing, leaving only the leading percent. It is recommended to upgrade yt-dlp to version 2024.04.09 as soon as possible. Also, always be careful when using `--exec`, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade, avoid using any output template expansion in `--exec` other than `{}` (filepath); if expansion in `--exec` is needed, verify the fields you are using do not contain `"`, `|` or `&`; and/or instead of using `--exec`, write the info json and load the fields from it instead.2024-04-098.3CVE-2024-22423
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
zauberzeug -- nicegui
 
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the `/_nicegui/{__version__}/resources/{key}/{path:path}` route. As a result any file on the backend filesystem which the web server has access to can be read by an attacker with access to the NiceUI leaflet website. This vulnerability has been addressed in version 1.4.21. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-04-128.2CVE-2024-32005
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
10web -- form_maker_by_10web_-_mobile-friendly_drag_&_drop_contact_form_builder
 
The Form Maker by 10Web - Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive data including user signatures.2024-04-095.9CVE-2024-2112
security@wordfence.com
security@wordfence.com
adobe -- adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2024-04-105.4CVE-2024-20778
psirt@adobe.com
adobe -- adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2024-04-105.4CVE-2024-20779
psirt@adobe.com
adobe -- adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2024-04-105.4CVE-2024-20780
psirt@adobe.com
adobe -- adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2024-04-105.4CVE-2024-26046
psirt@adobe.com
adobe -- adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2024-04-105.4CVE-2024-26047
psirt@adobe.com
adobe -- adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2024-04-105.4CVE-2024-26076
psirt@adobe.com
adobe -- adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2024-04-105.4CVE-2024-26079
psirt@adobe.com
adobe -- adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2024-04-105.4CVE-2024-26084
psirt@adobe.com
adobe -- adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2024-04-105.4CVE-2024-26087
psirt@adobe.com
adobe -- adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2024-04-105.4CVE-2024-26097
psirt@adobe.com
adobe -- adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2024-04-105.4CVE-2024-26098
psirt@adobe.com
adobe -- adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2024-04-105.4CVE-2024-26122
psirt@adobe.com
adobe -- after_effects
 
After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-04-105.5CVE-2024-20737
psirt@adobe.com
adobe -- animate
 
Animate versions 23.0.4, 24.0.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause a system crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-04-115.5CVE-2024-20794
psirt@adobe.com
adobe -- animate
 
Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-04-115.5CVE-2024-20796
psirt@adobe.com
adobe -- bridge
 
Bridge versions 13.0.6, 14.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-04-115.5CVE-2024-20771
psirt@adobe.com
adobe -- illustrator
 
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-04-115.5CVE-2024-20798
psirt@adobe.com
adobe -- indesign_desktop
 
InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-04-105.5CVE-2024-20766
psirt@adobe.com
adobe -- photoshop_desktop
 
Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-04-105.5CVE-2024-20770
psirt@adobe.com
aerin -- loan_repayment_calculator_and_application_form
 
Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4.2024-04-125.4CVE-2024-31263
audit@patchstack.com
alex_tselegidis -- easy!appointments
 
Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.2.2024-04-116.3CVE-2023-32295
audit@patchstack.com
aminur_islam -- wp_login_and_logout_redirect
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aminur Islam WP Login and Logout Redirect allows Stored XSS.This issue affects WP Login and Logout Redirect: from n/a through 1.2.2024-04-115.9CVE-2024-31927
audit@patchstack.com
appcheap.io -- app_builder
 
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7.2024-04-104.7CVE-2024-31282
audit@patchstack.com
apppresser_team -- apppresser
 
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.2024-04-124.3CVE-2024-31268
audit@patchstack.com
arnan_de_gans -- no-bot_registration
 
Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1.2024-04-124.3CVE-2024-31372
audit@patchstack.com
athemes -- sydney_toolbox
 
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-3208
security@wordfence.com
security@wordfence.com
automatic1111 -- stable-diffusion-webui
 
stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access.2024-04-126.3CVE-2024-31462
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
automattic -- woocommerce
 
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2.2024-04-074.3CVE-2024-22155
audit@patchstack.com
automattic -- wp_job_manager
 
Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0.2024-04-125.3CVE-2023-52211
audit@patchstack.com
ayecode_ltd -- userswp
 
Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6.2024-04-115.4CVE-2024-31936
audit@patchstack.com
bdthemes -- element_pack_elementor_addons_(header_footer,_template_library,_dynamic_grid_&_carousel,_remote_arrows)
 
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the element_pack_ajax_search function. This makes it possible for unauthenticated attackers to extract sensitive data including password protected post details.2024-04-115.3CVE-2024-2966
security@wordfence.com
security@wordfence.com
bdthemes -- prime_slider_-_addons_for_elementor
 
Missing Authorization vulnerability in BdThemes Prime Slider - Addons For Elementor.This issue affects Prime Slider - Addons For Elementor: from n/a through 3.11.10.2024-04-114.3CVE-2024-24883
audit@patchstack.com
bdthemes -- ultimate_store_kit_elementor_addons
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.5.2.2024-04-086.5CVE-2024-31357
audit@patchstack.com
beaver_builder -- beaver_themer
 
The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2023-6694
security@wordfence.com
security@wordfence.com
beaver_builder -- beaver_themer
 
The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary user_meta values.2024-04-096.5CVE-2023-6695
security@wordfence.com
security@wordfence.com
bestwebsoft -- contact_form_by_bestwebsoft_-_advanced_contact_us_form_builder_for_wordpressThe Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'cntctfrm_contact_subject' parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-04-096.1CVE-2024-2200
security@wordfence.com
security@wordfence.com
bestwebsoft -- contact_form_by_bestwebsoft_-_advanced_contact_us_form_builder_for_wordpress
 
The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'cntctfrm_contact_address' parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-04-096.1CVE-2024-2198
security@wordfence.com
security@wordfence.com
bfintal -- stackable_-_page_builder_gutenberg_blocks
 
The Stackable - Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2039
security@wordfence.com
security@wordfence.com
blazethemes -- newsmatic
 
The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post content.2024-04-095.3CVE-2024-1587
security@wordfence.com
security@wordfence.com
blocksmarket -- gradient_text_widget_for_elementor
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksmarket Gradient Text Widget for Elementor allows Stored XSS.This issue affects Gradient Text Widget for Elementor: from n/a through 1.0.1.2024-04-076.5CVE-2024-31346
audit@patchstack.com
bogdanfix -- wp_sendfox
 
Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0.2024-04-115.4CVE-2024-27970
audit@patchstack.com
boldthemes -- bold_page_builder
 
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-106.4CVE-2024-2734
security@wordfence.com
security@wordfence.com
boldthemes -- bold_page_builder
 
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Price List' element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-106.4CVE-2024-2735
security@wordfence.com
security@wordfence.com
boldthemes -- bold_page_builder
 
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-106.4CVE-2024-2736
security@wordfence.com
security@wordfence.com
boldthemes -- bold_page_builder
 
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-3266
security@wordfence.com
security@wordfence.com
boldthemes -- bold_page_builder
 
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-3267
security@wordfence.com
security@wordfence.com
boldthemes -- bold_page_builder
 
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Separator" element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-105.4CVE-2024-2733
security@wordfence.com
security@wordfence.com
bosch -- ams
 
A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user.2024-04-114.6CVE-2023-32228
psirt@bosch.com
bracketspace -- advanced_cron_manager_-_debug_&_control
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BracketSpace Advanced Cron Manager - debug & control allows Stored XSS.This issue affects Advanced Cron Manager - debug & control: from n/a through 2.5.2.2024-04-115.9CVE-2024-31926
audit@patchstack.com
bracketspace -- simple_post_notes
 
Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6.2024-04-114.3CVE-2024-31935
audit@patchstack.com
bradvin -- best_wordpress_gallery_plugin_-_foogallery
 
The Best WordPress Gallery Plugin - FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2081
security@wordfence.com
security@wordfence.com
security@wordfence.com
brainstormforce -- astra
 
The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2347
security@wordfence.com
security@wordfence.com
brainstormforce -- cards_for_beaver_builder
 
The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2305
security@wordfence.com
security@wordfence.com
brainstormforce -- spectra_-_wordpress_gutenberg_blocks
 
The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2023-6486
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
brechtvds -- wp_recipe_maker
 
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe dashboard (which is administrator-only by default but can be assigned to arbitrary capabilities), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-094.4CVE-2024-1571
security@wordfence.com
security@wordfence.com
bricksforge -- bricksforge
 
Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.2024-04-105.3CVE-2024-31242
audit@patchstack.com
britner -- gutenberg_blocks_by_kadence_blocks_-_page_builder_features
 
The Gutenberg Blocks by Kadence Blocks - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled.2024-04-094.4CVE-2024-0598
security@wordfence.com
security@wordfence.com
security@wordfence.com
britner -- gutenberg_blocks_by_kadence_blocks_page_builder_features
 
The Gutenberg Blocks by Kadence Blocks - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget's anchor style parameter in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-1999
security@wordfence.com
security@wordfence.com
security@wordfence.com
bunny.net -- bunny.net
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.Net allows Stored XSS.This issue affects bunny.Net: from n/a through 2.0.1.2024-04-115.9CVE-2024-31361
audit@patchstack.com
byzoro -- smart_s80_management_platform
 
A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-04-094.7CVE-2024-3521
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- church_management_system
 
A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/delete_log.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259906 is the identifier assigned to this vulnerability.2024-04-106.3CVE-2024-3536
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- church_management_system
 
A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/admin_user.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259907.2024-04-106.3CVE-2024-3537
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- church_management_system
 
A vulnerability was found in Campcodes Church Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/addTithes.php. The manipulation of the argument na leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259908.2024-04-106.3CVE-2024-3538
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- church_management_system
 
A vulnerability was found in Campcodes Church Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addgiving.php. The manipulation of the argument amount leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259909 was assigned to this vulnerability.2024-04-106.3CVE-2024-3539
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- church_management_system
 
A vulnerability was found in Campcodes Church Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_sundaysch.php. The manipulation of the argument Gender leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259910 is the identifier assigned to this vulnerability.2024-04-106.3CVE-2024-3540
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- house_rental_management_system
 
A vulnerability was found in Campcodes House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260483.2024-04-126.3CVE-2024-3696
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- house_rental_management_system
 
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260484.2024-04-126.3CVE-2024-3697
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- house_rental_management_system
 
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_payment.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260485 was assigned to this vulnerability.2024-04-126.3CVE-2024-3698
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- house_rental_management_system
 
A vulnerability, which was classified as critical, was found in Campcodes House Rental Management System 1.0. This affects an unknown part of the file ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260571.2024-04-136.3CVE-2024-3719
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_event_management_system
 
A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0. This affects an unknown part of the file /api/process.php. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259893 was assigned to this vulnerability.2024-04-096.3CVE-2024-3522
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_event_management_system
 
A vulnerability classified as critical was found in Campcodes Online Event Management System 1.0. This vulnerability affects unknown code of the file /views/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259894 is the identifier assigned to this vulnerability.2024-04-096.3CVE-2024-3523
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
catch_plugins -- generate_child_theme
 
Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Generate Child Theme.This issue affects Generate Child Theme: from n/a through 2.0.2024-04-125.4CVE-2024-31279
audit@patchstack.com
celomitan -- gum_elementor_addon
 
The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2348
security@wordfence.com
security@wordfence.com
security@wordfence.com
clavaque -- s2member_-_best_membership_plugin_for_all_kinds_of_memberships_content_restriction_paywalls_&_member_access_subscriptions
 
The s2Member - Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This makes it possible for unauthenticated attackers to see the contents of those posts and pages.2024-04-095.3CVE-2024-0899
security@wordfence.com
security@wordfence.com
coded_commerce,_llc -- benchmark_email_lite
 
Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through 4.1.2024-04-124.3CVE-2024-31360
audit@patchstack.com
codepeople -- contact_form_email
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44.2024-04-105.3CVE-2024-31302
audit@patchstack.com
collizo4sky -- paid_membership_plugin_ecommerce,_user_registration_form,_login_form_user_profile_&_restrict_content_-_profilepress
 
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-106.4CVE-2024-3210
security@wordfence.com
security@wordfence.com
colorlibplugins -- fancybox_for_wordpress
 
The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-04-094.4CVE-2024-0662
security@wordfence.com
security@wordfence.com
connekthq -- wordpress_infinite_scroll_-_ajax_load_more
 
The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. This is limited to Windows instances.2024-04-094.9CVE-2024-1790
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
contao -- contao
 
Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files (back end and front end), which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, remove upload fields from frontend forms and disable uploads for untrusted back end users.2024-04-095.4CVE-2024-28190
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
contao -- contao
 
Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me token, changing the password would not be enough to reclaim control over the account. Version 4.13.40 contains a fix for the issue. As a workaround, disable "Allow auto login" in the login module.2024-04-095.9CVE-2024-30262
security-advisories@github.com
security-advisories@github.com
contao -- contao
 
Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable BBCode for comments.2024-04-094.3CVE-2024-28234
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
convertkit -- convertkit
 
Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5.2024-04-105.3CVE-2024-31245
audit@patchstack.com
cp_plus -- wi-fi_camera
 
A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected by this vulnerability is an unknown functionality of the component User Management. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259615. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-04-085.4CVE-2024-3434
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
creativeminds -- invitation_code_content_restriction_plugin_from_creativeminds
 
The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'target_id' parameter in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-04-096.1CVE-2022-4965
security@wordfence.com
security@wordfence.com
creativethemes -- blocksy_companion
 
Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28.2024-04-115.4CVE-2024-31932
audit@patchstack.com
cssigniterteam -- elements_plus!
 
The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2335
security@wordfence.com
security@wordfence.com
cym1102 -- nginxwebui
 
A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260578 is the identifier assigned to this vulnerability.2024-04-136.3CVE-2024-3739
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cym1102 -- nginxwebui
 
A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260579.2024-04-136.3CVE-2024-3740
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cym1102 -- nginxwebui
 
A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575.2024-04-134.3CVE-2024-3736
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
danieliser -- popup_maker_-_popup_for_opt-ins_lead_gen_&_more
 
The Popup Maker - Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2336
security@wordfence.com
security@wordfence.com
dataease -- dataease
 
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.2024-04-085.3CVE-2024-30269
security-advisories@github.com
security-advisories@github.com
dell -- alienware_command_center_(awcc)
 
Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system.2024-04-106.7CVE-2024-0159
security_alert@emc.com
dell -- cpg_bios
 
Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.2024-04-104.7CVE-2024-22448
security_alert@emc.com
dell -- dell_storage_resource_manager
 
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.2024-04-125.9CVE-2024-0157
security_alert@emc.com
devitemsllc -- shoplentor_-_woocommerce_builder_for_elementor_&_gutenberg_+12_modules_-_all_in_one_solution_(formerly_woolentor)
 
The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +12 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-1960
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
devitemsllc -- shoplentor_-_woocommerce_builder_for_elementor_&_gutenberg_+12_modules_-_all_in_one_solution_(formerly_woolentor)
 
The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +12 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2946
security@wordfence.com
security@wordfence.com
devowl -- real_media_library:_media_library_folder_&_file_manager
 
The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its style attributes in all versions up to, and including, 4.22.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2027
security@wordfence.com
security@wordfence.com
dfactory -- post_views_counter
 
Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counter <= 1.4.4 versions.2024-04-124.3CVE-2024-31264
audit@patchstack.com
dglingren -- media_library_assistant
 
The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-04-096.4CVE-2024-2871
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
digitalbazaar -- zcap
 
`@digitalbazaar/zcap` provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the `expires` property is not properly checked against the current date or other `date` param. This can allow invocations outside of the original intended time period. A zcap still cannot be invoked without being able to use the associated private key material. `@digitalbazaar/zcap` v9.0.1 fixes expiration checking. As a workaround, one may revoke a zcap at any time.2024-04-104.3CVE-2024-31995
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
easy_digital_downloads -- easy_digital_downloads
 
Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6.2024-04-124.3CVE-2024-31293
audit@patchstack.com
ecwid -- ecwid_ecommerce_shopping_cart
 
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2456
security@wordfence.com
security@wordfence.com
elbanyaoui -- woocommerce_clover_payment_gateway
 
The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid.2024-04-095.3CVE-2024-0626
security@wordfence.com
security@wordfence.com
security@wordfence.com
elementor -- hello_elementor
 
Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0.2024-04-124.3CVE-2024-31289
audit@patchstack.com
elemntor -- elementor_website_builder_-_more_than_just_a_page_builder
 
The Elementor Website Builder - More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2117
security@wordfence.com
security@wordfence.com
elextensions -- elex_woocommerce_dynamic_pricing_and_discounts
 
Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2.2024-04-124.3CVE-2024-31364
audit@patchstack.com
envato -- template_kit_-_import
 
The Template Kit - Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2334
security@wordfence.com
security@wordfence.com
security@wordfence.com
exactly_www -- ewww_image_optimizer
 
Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Image Optimizer.This issue affects EWWW Image Optimizer: from n/a through 7.2.3.2024-04-104.3CVE-2024-31924
audit@patchstack.com
expresstech -- quiz_and_survey_master
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2.2024-04-115.9CVE-2024-27966
audit@patchstack.com
faktor_vier -- f4_improvements
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FAKTOR VIER F4 Improvements allows Stored XSS.This issue affects F4 Improvements: from n/a through 1.8.0.2024-04-115.9CVE-2024-31925
audit@patchstack.com
fetch_designs -- sign-up_sheets
 
Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets.This issue affects Sign-up Sheets: from n/a through 2.2.11.1.2024-04-124.3CVE-2024-31303
audit@patchstack.com
formsite -- formsite_|_embed_online_forms_to_collect_orders_registrations_leads_and_surveys
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Formsite Formsite | Embed online forms to collect orders, registrations, leads, and surveys allows Stored XSS.This issue affects Formsite | Embed online forms to collect orders, registrations, leads, and surveys: from n/a through 1.6.2024-04-076.5CVE-2024-31257
audit@patchstack.com
fortinet -- fortimanager
 
A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates.2024-04-096.7CVE-2023-47542
psirt@fortinet.com
fortinet -- fortios
 
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, version 7.0.14 and below, version 6.4.15 and below command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests.2024-04-096.7CVE-2023-48784
psirt@fortinet.com
fortinet -- fortios
 
An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests.2024-04-095.3CVE-2024-23662
psirt@fortinet.com
fortinet -- fortisandbox
 
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.0.5 through 3.0.7 may allows attacker to execute unauthorized code or commands via CLI.2024-04-096.7CVE-2023-47540
psirt@fortinet.com
fortinet -- fortisandbox
 
An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 and 2.3.0 through 2.3.3 and 2.2.0 through 2.2.2 and 2.1.0 through 2.1.3 and 2.0.0 through 2.0.3 allows attacker to execute unauthorized code or commands via CLI.2024-04-096.7CVE-2023-47541
psirt@fortinet.com
fortinet -- fortisandbox
 
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests.2024-04-095.9CVE-2024-31487
psirt@fortinet.com
fr-d-ric_gilles -- fg_drupal_to_wordpress
 
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3.2024-04-105.3CVE-2024-31247
audit@patchstack.com
getbowtied -- shopkeeper_extender
 
The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_slide' shortcode in all versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-126.4CVE-2024-2801
security@wordfence.com
security@wordfence.com
gitlab -- gitlab
 
A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature.2024-04-124.3CVE-2023-6489
cve@gitlab.com
cve@gitlab.com
gitlab -- gitlab
 
An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file.2024-04-124.3CVE-2023-6678
cve@gitlab.com
cve@gitlab.com
givewp -- givewp
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1.2024-04-125.9CVE-2022-40211
audit@patchstack.com
gn_themes -- wp_shortcodes_plugin_-_shortcodes_ultimate
 
The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'note_color' shortcode in all versions up to, and including, 7.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-3512
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
hcl_software -- bigfix_enterprise_suite_asset_discovery
 
The NMAP Importer service​ may expose data store credentials to authorized users of the Windows Registry.2024-04-086.6CVE-2024-23584
psirt@hcl.com
hidekazu_ishikawa -- x-t9
 
Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet Gridsby, TT Themes HappenStance, Marsian i-excel, Out the Box Panoramic, Modernthemesnet Sensible WP.This issue affects X-T9: from n/a through 1.19.0; Lightning: from n/a through 15.18.0; Default Mag: from n/a through 1.3.5; Namaha: from n/a through 1.0.40; CityLogic: from n/a through 1.1.29; i-max: from n/a through 1.6.2; Emmet Lite: from n/a through 1.7.5; Decode: from n/a through 3.15.3; Sliding Door: from n/a through 3.3; Shopstar!: from n/a through 1.1.33; Gridsby: from n/a through 1.3.0; HappenStance: from n/a through 3.0.1; i-excel: from n/a through 1.7.9; Panoramic: from n/a through 1.1.56; Sensible WP: from n/a through 1.3.1.2024-04-104.3CVE-2024-31386
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
i_thirteen_web_solution -- wp_responsive_tabs_horizontal_vertical_and_accordion_tabs
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs allows Stored XSS.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17.2024-04-116.5CVE-2024-27989
audit@patchstack.com
ibm -- qradar_siem
 
IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706.2024-04-115.9CVE-2023-50949
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_verify_access_appliance
 
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318.2024-04-106.2CVE-2024-31874
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- sterling_b2b_integrator
 
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273338.2024-04-125.4CVE-2023-50307
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- sterling_b2b_integrator
 
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280894.2024-04-125.4CVE-2024-22357
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- sterling_b2b_integrator
 
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 268691.2024-04-124.8CVE-2023-45186
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271531.2024-04-124.8CVE-2023-47714
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- storage_defender
 
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986.2024-04-126.4CVE-2024-27261
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896.2024-04-126.3CVE-2024-22358
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897.2024-04-126.1CVE-2024-22359
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974.2024-04-124.4CVE-2024-22334
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979.2024-04-124.3CVE-2024-22339
psirt@us.ibm.com
psirt@us.ibm.com
ideaboxcreations -- powerpack_addons_for_elementor_(free_widgets_extensions_and_templates)
 
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2492
security@wordfence.com
security@wordfence.com
ideaboxcreations -- powerpack_lite_for_beaver_builder
 
The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link in multiple elements in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2289
security@wordfence.com
security@wordfence.com
j_3rk -- video_conferencing_with_zoom
 
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the get_assign_host_id AJAX action. This makes it possible for authenticated attackers, with subscriber access or higher, to enumerate usernames, emails and IDs of all users on a site.2024-04-094.3CVE-2024-2033
security@wordfence.com
security@wordfence.com
jackdewey -- link_library
 
The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-04-096.1CVE-2024-2325
security@wordfence.com
security@wordfence.com
jcodex -- woocommerce_checkout_field_editor_(checkout_manager)
 
Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8.2024-04-125.4CVE-2024-31262
audit@patchstack.com
jetmonsters -- getwid_-_gutenberg_blocks
 
The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-1948
security@wordfence.com
security@wordfence.com
jetmonsters -- jetwidgets_for_elementor
 
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2138
security@wordfence.com
security@wordfence.com
jetmonsters -- jetwidgets_for_elementor
 
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2507
security@wordfence.com
security@wordfence.com
joel_hardi -- user_spam_remover
 
Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0.2024-04-105.3CVE-2024-31298
audit@patchstack.com
joomunited -- wp_media_folder
 
Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.2024-04-115.4CVE-2024-25907
audit@patchstack.com
joomunited -- wp_media_folder
 
Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.2024-04-114.3CVE-2024-25908
audit@patchstack.com
jtermaat -- 360_javascript_viewer
 
The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with subscriber access or higher, to update plugin settings.2024-04-094.3CVE-2024-1637
security@wordfence.com
security@wordfence.com
security@wordfence.com
julien_berthelot_/_mpembed.com -- wp_matterport_shortcode
 
Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode.This issue affects WP Matterport Shortcode: from n/a through 2.1.8.2024-04-114.3CVE-2024-32109
audit@patchstack.com
juniper_networks -- junos_os_evolved
 
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps, an Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition. This issue affects Juniper Networks Junos OS Evolved: 23.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.2024-04-126.5CVE-2024-30403
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os_evolved
 
An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS).  When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO.2024-04-125.3CVE-2024-21590
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os_evolved
 
An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited Denial of Service (DoS) to the management plane. When an incoming connection was blocked because it exceeded the connections-per-second rate-limit, the system doesn't consider existing connections anymore for subsequent connection attempts so that the connection limit can be exceeded. This issue affects Junos OS Evolved: All versions before 21.4R3-S4-EVO, 22.1-EVO versions before 22.1R3-S3-EVO, 22.2-EVO versions before 22.2R3-S2-EVO,  22.3-EVO versions before 22.3R2-S1-EVO, 22.3R3-EVO.2024-04-125.3CVE-2024-30390
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os_evolved
 
A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO.  This issue does not affect releases before 23.1R1-EVO.2024-04-125.5CVE-2024-30406
sirt@juniper.net
sirt@juniper.net
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition. Circuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue. This issue only affects MX Series with MPC10, MPC11, LC9600, and MX304. This issue affects: Juniper Networks Junos OS 21.4 versions from 21.4R3 earlier than 21.4R3-S5; 22.2 versions from 22.2R2 earlier than 22.2R3-S2; 22.3 versions from 22.3R1 earlier than 22.3R2-S2; 22.3 versions from 22.3R3 earlier than 22.3R3-S1 22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3; 23.2 versions earlier than 23.2R1-S1, 23.2R2.2024-04-126.5CVE-2024-21593
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). Specific valid link-local traffic is not blocked on ports in STP blocked state but is instead sent to the control plane of the device. This leads to excessive resource consumption and in turn severe impact on all control and management protocols of the device. This issue affects Juniper Networks Junos OS: * 21.2 version 21.2R3-S3 and later versions earlier than 21.2R3-S6; * 22.1 version 22.1R3 and later versions earlier than 22.1R3-S4; * 22.2 version 22.2R2 and later versions earlier than 22.2R3-S2; * 22.3 version 22.3R2 and later versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. This issue does not affect Juniper Networks Junos OS 21.4R1 and later versions of 21.4.2024-04-126.5CVE-2024-21605
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS). If specific values for the IPsec parameters local-ip, remote-ip, remote ike-id, and traffic selectors are sent from the peer, a memory leak occurs during every IPsec SA rekey which is carried out with a specific message sequence. This will eventually result in an iked process crash and restart. The iked process memory consumption can be checked using the below command:   user@host> show system processes extensive | grep iked           PID USERNAME   PRI NICE   SIZE   RES   STATE   C TIME WCPU COMMAND           56903 root       31   0     4016M 2543M CPU0   0 2:10 10.50% iked This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2.2024-04-126.5CVE-2024-21609
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. This issue affects: Junos OS: * from 21.4 before 21.4R3-S4,  * from 22.1 before 22.1R3-S4,  * from 22.2 before 22.2R3-S2,  * from 22.3 before 22.3R2-S2, 22.3R3-S1,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R2. Junos OS Evolved: * from 21.4-EVO before 21.4R3-S5-EVO,  * from 22.1-EVO before 22.1R3-S4-EVO,  * from 22.2-EVO before 22.2R3-S2-EVO,  * from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO,  * from 22.4-EVO before 22.4R3-EVO,  * from 23.2-EVO before 23.2R2-EVO. This issue does not affect: * Junos OS versions prior to 21.4R1; * Junos OS Evolved versions prior to 21.4R1-EVO.2024-04-126.5CVE-2024-21618
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart. This issue affects Junos OS: All versions before 20.4R3-S9, 21.2 versions before 21.2R3-S5,  21.3 versions before 21.3R3-S5,  21.4 versions before 21.4R3-S4, 22.1 versions before 22.1R3-S2, 22.2 versions before 22.2R3-S2, 22.3 versions before 22.3R2-S2, 22.3R3, 22.4 versions before 22.4R2.2024-04-126.5CVE-2024-30387
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss. This issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series: * 20.4 versions from 20.4R3-S4 before 20.4R3-S8, * 21.2 versions from 21.2R3-S2 before 21.2R3-S6, * 21.4 versions from 21.4R2 before 21.4R3-S4, * 22.1 versions from 22.1R2 before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R2-S2, 22.3R3, * 22.4 versions before 22.4R2-S1, 22.4R3.2024-04-126.5CVE-2024-30388
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can't be established anymore. A similar behavior will be seen for telnet etc. Stuck mgd processes can be monitored by executing the following command:   user@host> show system processes extensive | match mgd | match sbwait This issue affects Juniper Networks Junos OS on MX Series: All versions earlier than 20.4R3-S9; 21.2 versions earlier than 21.2R3-S7; 21.3 versions earlier than 21.3R3-S5; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S2; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2.2024-04-125.3CVE-2024-21610
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system. On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system. This issue affects: Junos OS: * all versions before 21.2R3-S7,  * from 21.4 before 21.4R3-S5,  * from 22.1 before 22.1R3-S5,  * from 22.2 before 22.2R3-S3,  * from 22.3 before 22.3R3-S2,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R1-S2. Junos OS Evolved:  * all versions before 21.2R3-S7-EVO,  * from 21.3 before 21.3R3-S5-EVO,  * from 21.4 before 21.4R3-S5-EVO,  * from 22.1 before 22.1R3-S5-EVO,  * from 22.2 before 22.2R3-S3-EVO,  * from 22.3 before 22.3R3-S2-EVO, * from 22.4 before 22.4R3-EVO,  * from 23.2 before 23.2R1-S2.2024-04-125CVE-2024-21615
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os

 
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos). If a specific CLI command is issued, a PFE crash will occur. This will cause traffic forwarding to be interrupted until the system self-recovers.  This issue affects Junos OS:  All versions before 20.4R3-S10, 21.2 versions before 21.2R3-S7, 21.4 versions before 21.4R3-S6.2024-04-125.5CVE-2024-30384
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os

 
A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). In an EVPN-VXLAN scenario, when state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control. This issue affects: Junos OS:  * All versions before 20.4R3-S8, * 21.2 versions before 21.2R3-S6, * 21.3 versions before 21.3R3-S5, * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R3,, * 22.4 versions before 22.4R2; Junos OS Evolved:  * All versions before 20.4R3-S8-EVO, * 21.2-EVO versions before 21.2R3-S6-EVO,  * 21.3-EVO versions before 21.3R3-S5-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.1-EVO versions before 22.1R3-S3-EVO, * 22.2-EVO versions before 22.2R3-S1-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R2-EVO.2024-04-125.3CVE-2024-30386
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface it doesn't recognize matching packets but permits any traffic. This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6. This issue does not affect Junos OS releases earlier than 21.4R1.2024-04-125.8CVE-2024-30389
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC. Through code review, it was determined that the interface definition code for aftman could read beyond a buffer boundary, leading to a stack-based buffer overflow. This issue affects Junos OS on MX Series and EX9200-15C: * from 21.2 before 21.2R3-S1, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2, * from 22.2 before 22.2R2;  This issue does not affect: * versions of Junos OS prior to 20.3R1; * any version of Junos OS 20.4.2024-04-125.9CVE-2024-30401
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition. This issue affects: Junos OS: All versions earlier than 20.4R3-S10; 21.2 versions earlier than 21.2R3-S7; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S1; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2. Junos OS Evolved: All versions earlier than 21.4R3-S5-EVO; 22.1-EVO versions earlier than 22.1R3-S4-EVO; 22.2-EVO versions earlier than 22.2R3-S3-EVO; 22.3-EVO versions earlier than 22.3R3-S1-EVO; 22.4-EVO versions earlier than 22.4R3-EVO; 23.2-EVO versions earlier than 23.2R2-EVO.2024-04-125.9CVE-2024-30402
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service.  This issue affects Juniper Networks Junos OS: * from 22.1 before 22.1R1-S2, 22.1R2. Junos OS Evolved:  * from 22.1 before 22.1R1-S2-EVO, 22.1R2-EVO.2024-04-125.3CVE-2024-30409
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_os
 
A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed. This issue affects Junos OS: All versions before 20.4R3-S7, 21.1 versions before 21.1R3,  21.2 versions before 21.2R2-S1, 21.2R3,  21.3 versions before 21.3R1-S2, 21.3R2.2024-04-124.8CVE-2024-30391
sirt@juniper.net
sirt@juniper.net
juniper_networks -- junos_
 
An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback (lo0) interface. The intended function is that the lo0 firewall filter takes precedence over the revenue interface firewall filter.  This issue affects only IPv6 firewall filter. This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability.  This issue affects Juniper Networks Junos OS: * All versions before 20.4R3-S10, * from 21.2 before 21.2R3-S7, * from 21.4 before 21.4R3-S6. 2024-04-125.8CVE-2024-30410
sirt@juniper.net
sirt@juniper.net
junkcoder,_ristoniinemets -- ajax_thumbnail_rebuild
 
Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13.2024-04-114.3CVE-2022-47604
audit@patchstack.com
kekotron -- ai_post_generator_|_autowriter
 
The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber access or higher, to view all posts generated with this plugin (even in non-published status), create new posts (and publish them), publish unpublished post or perform post deletions.2024-04-096.3CVE-2024-1850
security@wordfence.com
security@wordfence.com
security@wordfence.com
khl32 -- font_farsi
 
The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-04-094.4CVE-2024-3093
security@wordfence.com
security@wordfence.com
kurudrive -- vk_all_in_one_expansion_unit
 
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content.2024-04-096.5CVE-2024-2093
security@wordfence.com
security@wordfence.com
security@wordfence.com
kyivstarteam -- react-native-sms-user-consent
 
A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The manipulation leads to improper export of android application components. Attacking locally is a requirement. Upgrading to version 1.1.5 is able to address this issue. The name of the patch is 5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259508.2024-04-075.3CVE-2021-4438
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
leadinfo -- leadinfo
 
Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.This issue affects Leadinfo: from n/a through 1.0.2024-04-114.3CVE-2024-32112
audit@patchstack.com
leap13 -- premium_addons_for_elementor
 
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-0376
security@wordfence.com
security@wordfence.com
leap13 -- premium_addons_for_elementor
 
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-106.4CVE-2024-2664
security@wordfence.com
security@wordfence.com
leap13 -- premium_addons_for_elementor
 
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button in all versions up to, and including, 4.10.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-106.5CVE-2024-2665
security@wordfence.com
security@wordfence.com
leap13 -- premium_addons_for_elementor
 
The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and attempts to edit the content.2024-04-105.4CVE-2024-2666
security@wordfence.com
security@wordfence.com
leap13 -- premium_addons_for_elementor
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons for Elementor.This issue affects Premium Addons for Elementor: from n/a through 4.10.22.2024-04-104.3CVE-2024-31278
audit@patchstack.com
lifterlms -- lifterlms
 
Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issue affects LifterLMS: from n/a through 7.5.0.2024-04-124.3CVE-2024-31363
audit@patchstack.com
link_whisper -- link_whisper_free
 
Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.9.2024-04-114.3CVE-2024-31934
audit@patchstack.com
livemesh -- elementor_addons_by_livemesh
 
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text_alignment' attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-1458
security@wordfence.com
security@wordfence.com
livemesh -- elementor_addons_by_livemesh
 
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the Team Members widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-1461
security@wordfence.com
security@wordfence.com
livemesh -- elementor_addons_by_livemesh
 
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-1464
security@wordfence.com
security@wordfence.com
livemesh -- elementor_addons_by_livemesh
 
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carousel_skin' attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-1465
security@wordfence.com
security@wordfence.com
livemesh -- elementor_addons_by_livemesh
 
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slider_style' attribute of the Posts Multislider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-27986 may be a duplicate of this issue.2024-04-096.4CVE-2024-1466
security@wordfence.com
security@wordfence.com
livemesh -- elementor_addons_by_livemesh
 
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget '_id' attributes in all versions up to, and including, 8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-106.4CVE-2024-2539
security@wordfence.com
security@wordfence.com
livemesh -- elementor_addons_by_livemesh
 
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on author display names. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-106.4CVE-2024-2655
security@wordfence.com
security@wordfence.com
lizardbyte -- sunshine
 
Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability.2024-04-085.9CVE-2024-31221
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
mailmunch -- mailmunch_-_grow_your_email_list
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailMunch - Grow your Email List allows Stored XSS.This issue affects MailMunch - Grow your Email List: from n/a through 3.1.6.2024-04-076.5CVE-2024-31349
audit@patchstack.com
mark_stockton -- quicksand_post_filter_jquery_plugin
 
Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1.2024-04-115.3CVE-2024-24850
audit@patchstack.com
matrix-org -- matrix-appservice-irc
 
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don't have access to. As a precondition to the attack, the malicious user needs to know the event ID of the message they want to leak, as well as to be joined to both the Matrix room and the IRC channel it is bridged to. The message reply containing the leaked message content is visible to IRC channel members when this happens. matrix-appservice-irc 2.0.0 checks whether the user has permission to view an event before constructing a reply. Administrators should upgrade to this version. It's possible to limit the amount of information leaked by setting a reply template that doesn't contain the original message. See these lines `601-604` in the configuration file linked.2024-04-124.3CVE-2024-32000
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
mautic -- mautic
 
Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available2024-04-105.3CVE-2024-2730
vulnerability@ncsc.ch
mautic -- mautic
 
Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available.2024-04-105.4CVE-2024-2731
vulnerability@ncsc.ch
mautic -- mautic
 
Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.2024-04-105CVE-2024-3448
vulnerability@ncsc.ch
max_foundry -- media_library_folders
 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.8.2024-04-106.5CVE-2024-31287
audit@patchstack.com
mbis -- permalink_manager_lite
 
The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the 's' parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-04-096.1CVE-2024-2738
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
mbis -- permalink_manager_lite
 
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts.2024-04-094.3CVE-2024-2543
security@wordfence.com
security@wordfence.com
security@wordfence.com
memberpress -- memberpress
 
The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Note - the issue was partially patched in 1.11.25, but could still potentially be exploited under some circumstances.2024-04-096.1CVE-2024-1412
security@wordfence.com
security@wordfence.com
metagauss -- profilegrid_
 
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.6.2024-04-074.3CVE-2024-31291
audit@patchstack.com
metagauss -- profilegrid_
 
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.2024-04-124.3CVE-2024-31362
audit@patchstack.com
metagauss -- registrationmagic
 
Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9.2024-04-114.3CVE-2024-25935
audit@patchstack.com
metaslider -- slider_gallery_and_carousel_by_metaslider_-_responsive_wordpress_slideshows
 
The Slider, Gallery, and Carousel by MetaSlider - Responsive WordPress Slideshows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'metaslider' shortcode in all versions up to, and including, 3.70.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-116.4CVE-2024-3285
security@wordfence.com
security@wordfence.com
michael_leithold -- dsgvo_all_in_one_for_wp
 
Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3.2024-04-114.3CVE-2024-27967
audit@patchstack.com
micro.company -- form_to_chat_app
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.Company Form to Chat App allows Stored XSS.This issue affects Form to Chat App: from n/a through 1.1.6.2024-04-076.5CVE-2024-31258
audit@patchstack.com
microsoft -- azure_arc_extension
 
Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability2024-04-096.2CVE-2024-28917
secure@microsoft.com
microsoft -- azure_compute_gallery
 
Azure Compute Gallery Elevation of Privilege Vulnerability2024-04-096.5CVE-2024-21424
secure@microsoft.com
microsoft -- azure_identity_library_for_.net
 
Azure Identity Library for .NET Information Disclosure Vulnerability2024-04-095.5CVE-2024-29992
secure@microsoft.com
microsoft -- azure_migrate
 
Azure Migrate Remote Code Execution Vulnerability2024-04-096.4CVE-2024-26193
secure@microsoft.com
microsoft -- azure_private_5g_core
 
Azure Private 5G Core Denial of Service Vulnerability2024-04-095.9CVE-2024-20685
secure@microsoft.com
microsoft -- microsoft_sharepoint_server_2019
 
Microsoft SharePoint Server Spoofing Vulnerability2024-04-096.8CVE-2024-26251
secure@microsoft.com
microsoft -- windows_10_version_1809
 
BitLocker Security Feature Bypass Vulnerability2024-04-096.1CVE-2024-20665
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-096.7CVE-2024-20669
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-096.8CVE-2024-26168
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-096.7CVE-2024-26171
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Kerberos Denial of Service Vulnerability2024-04-096.5CVE-2024-26183
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Proxy Driver Spoofing Vulnerability2024-04-096.7CVE-2024-26234
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-096.7CVE-2024-26250
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows rndismp6.sys Remote Code Execution Vulnerability2024-04-096.8CVE-2024-26252
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows rndismp6.sys Remote Code Execution Vulnerability2024-04-096.8CVE-2024-26253
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-096.8CVE-2024-28897
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-096.3CVE-2024-28898
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-096.7CVE-2024-28903
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-096.7CVE-2024-28919
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-096.7CVE-2024-28921
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-096.4CVE-2024-28923
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-096.7CVE-2024-28924
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Hyper-V Denial of Service Vulnerability2024-04-096.2CVE-2024-29064
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows DWM Core Library Information Disclosure Vulnerability2024-04-095.5CVE-2024-26172
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Remote Access Connection Manager Information Disclosure Vulnerability2024-04-095.5CVE-2024-26207
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability2024-04-095.5CVE-2024-26209
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Remote Access Connection Manager Information Disclosure Vulnerability2024-04-095.5CVE-2024-26217
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Mobile Hotspot Information Disclosure Vulnerability2024-04-095CVE-2024-26220
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Remote Access Connection Manager Information Disclosure Vulnerability2024-04-095.5CVE-2024-26255
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Remote Access Connection Manager Information Disclosure Vulnerability2024-04-095.5CVE-2024-28900
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Remote Access Connection Manager Information Disclosure Vulnerability2024-04-095.5CVE-2024-28901
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Remote Access Connection Manager Information Disclosure Vulnerability2024-04-095.5CVE-2024-28902
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Secure Boot Security Feature Bypass Vulnerability2024-04-094.1CVE-2024-28922
secure@microsoft.com
microsoft -- windows_server_2019
 
Windows Distributed File System (DFS) Information Disclosure Vulnerability2024-04-096.5CVE-2024-26226
secure@microsoft.com
microsoft -- windows_server_2019
 
Windows Authentication Elevation of Privilege Vulnerability2024-04-094.3CVE-2024-29056
secure@microsoft.com
mndpsingh287 -- file_manager
 
The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information.2024-04-096.8CVE-2024-2654
security@wordfence.com
security@wordfence.com
security@wordfence.com
n/a -- dedecms
 
A vulnerability, which was classified as critical, was found in DedeCMS 5.7.112-UTF8. Affected is an unknown function of the file stepselect_main.php. The manipulation of the argument ids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260472. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-04-126.3CVE-2024-3685
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a -- dedecms
 
A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-04-124.3CVE-2024-3686
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a -- eyoucms
 
A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259612. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-04-074.7CVE-2024-3431
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a -- freeipa
 
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.2024-04-105.3CVE-2024-1481
secalert@redhat.com
secalert@redhat.com
n/a -- mysql2
 
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.2024-04-106.5CVE-2024-21507
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
n/a -- mysql2
 
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.2024-04-106.5CVE-2024-21509
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
n/a -- qemu
 
A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.2024-04-105.5CVE-2024-3567
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
n/a -- save_as_image_plugin_by_pdfcrowd
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Save as Image plugin by Pdfcrowd allows Stored XSS.This issue affects Save as Image plugin by Pdfcrowd: from n/a through 3.2.1 .2024-04-115.9CVE-2024-31931
audit@patchstack.com
netentsec -- ns-asg_application_security_gateway
 
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add_postlogin.php. The manipulation of the argument SingleLoginId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259711.2024-04-086.3CVE-2024-3455
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
netentsec -- ns-asg_application_security_gateway
 
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/config_Anticrack.php. The manipulation of the argument GroupId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259712.2024-04-086.3CVE-2024-3456
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
netentsec -- ns-asg_application_security_gateway
 
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/config_ISCGroupNoCache.php. The manipulation of the argument GroupId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259713 was assigned to this vulnerability.2024-04-086.3CVE-2024-3457
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
netentsec -- ns-asg_application_security_gateway
 
A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /admin/add_ikev2.php. The manipulation of the argument TunnelId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259714 is the identifier assigned to this vulnerability.2024-04-086.3CVE-2024-3458
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nextendweb -- smart_slider_3
 
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files, including SVG files, which can be used to conduct stored cross-site scripting attacks.2024-04-136.4CVE-2024-3027
security@wordfence.com
security@wordfence.com
nick_pelton -- search_keyword_redirect
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Pelton Search Keyword Redirect allows Stored XSS.This issue affects Search Keyword Redirect: from n/a through 1.0.2024-04-115.9CVE-2024-32080
audit@patchstack.com
nickboss -- wordpress_file_upload
 
The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2847
security@wordfence.com
security@wordfence.com
ninjateam -- wp_chat_app
 
The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageAlt' block attribute in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2513
security@wordfence.com
security@wordfence.com
nudgify -- nudgify_social_proof,_sales_popup_&_fomo
 
Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3.2024-04-124.3CVE-2024-31239
audit@patchstack.com
nuknightlab -- knight_lab_timeline
 
The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2287
security@wordfence.com
security@wordfence.com
nvidia -- chatrtx
 
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure.2024-04-086.5CVE-2024-0083
psirt@nvidia.com
oceanwp -- ocean_extra
 
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'twitter_username' parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-3167
security@wordfence.com
security@wordfence.com
security@wordfence.com
octolize -- usps_shipping_for_woocommerce_-_live_rates
 
Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce - Live Rates.This issue affects USPS Shipping for WooCommerce - Live Rates: from n/a through 1.9.2.2024-04-104.3CVE-2024-31943
audit@patchstack.com
octolize -- woocommerce_ups_shipping_-_live_rates_and_access_points
 
Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping - Live Rates and Access Points.This issue affects WooCommerce UPS Shipping - Live Rates and Access Points: from n/a through 2.2.4.2024-04-104.3CVE-2024-31944
audit@patchstack.com
open-telemetry -- opentelemetry-dotnet
 
OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and `OpenTelemetry.Instrumentation.AspNetCore` writes the `url.query` attribute/tag on spans (`Activity`) when tracing is enabled for incoming http requests. These attributes are defined by the Semantic Conventions for HTTP Spans. Up until version `1.8.1` the values written by `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will pass-through the raw query string as was sent or received (respectively). This may lead to sensitive information (e.g. EUII - End User Identifiable Information, credentials, etc.) being leaked into telemetry backends (depending on the application(s) being instrumented) which could cause privacy and/or security incidents. Note: Older versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` may use different tag names but have the same vulnerability. The `1.8.1` versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will now redact by default all values detected on transmitted or received query strings. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-04-124.1CVE-2024-32028
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
open-xchange_gmbh -- ox_app_suite
 
RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Potentially malicious attributes now get removed from external RSS content. No publicly available exploits are known.2024-04-086.1CVE-2024-23192
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
open-xchange_gmbh -- ox_app_suite
 
Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering attack to make users import external content. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-generated content has been improved. No publicly available exploits are known.2024-04-085.4CVE-2024-23189
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
open-xchange_gmbh -- ox_app_suite
 
Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known.2024-04-085.4CVE-2024-23190
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
open-xchange_gmbh -- ox_app_suite
 
Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known.2024-04-085.4CVE-2024-23191
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
opengnsys -- opengnsys
 
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored.2024-04-125.9CVE-2024-3706
cve-coordination@incibe.es
opengnsys -- opengnsys
 
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.2024-04-125.3CVE-2024-3707
cve-coordination@incibe.es
palo_alto_networks -- pan-os
 
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.2024-04-105.3CVE-2024-3386
psirt@paloaltonetworks.com
palo_alto_networks -- pan-os
 
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.2024-04-105.3CVE-2024-3387
psirt@paloaltonetworks.com
palo_alto_networks -- pan-os
 
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.2024-04-104.1CVE-2024-3388
psirt@paloaltonetworks.com
patrickposner -- passster_-_password_protect_pages_and_content
 
The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2026
security@wordfence.com
security@wordfence.com
pdfcrowd -- save_as_pdf_plugin_by_pdfcrowd
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.1 .2024-04-115.9CVE-2024-31930
audit@patchstack.com
peach_payments -- peach_payments_gateway
 
Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9.2024-04-115.4CVE-2024-25922
audit@patchstack.com
peepso -- community_by_peepso
 
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1.2024-04-124.3CVE-2024-31251
audit@patchstack.com
pencidesign -- soledad
 
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.2024-04-096.5CVE-2024-31368
audit@patchstack.com
pencidesign -- soledad
 
Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.2024-04-095.4CVE-2024-31369
audit@patchstack.com
phpbits_creative_studio -- easy_login_styler_-_white_label_admin_login_page_for_wordpress
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phpbits Creative Studio Easy Login Styler - White Label Admin Login Page for WordPress allows Stored XSS.This issue affects Easy Login Styler - White Label Admin Login Page for WordPress: from n/a through 1.0.6.2024-04-075.9CVE-2024-31344
audit@patchstack.com
phpgurukul -- small_crm
 
A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260479.2024-04-126.3CVE-2024-3690
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pickplugins -- accordion
 
The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with contributor access and above, to duplicate arbitrary posts, allowing access to the contents of password-protected posts.2024-04-095.4CVE-2024-1641
security@wordfence.com
security@wordfence.com
security@wordfence.com
ping_identity -- pingfederate
 
Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests.2024-04-106.5CVE-2023-40148
responsible-disclosure@pingidentity.com
responsible-disclosure@pingidentity.com
planet -- igs-4215-16t2s
 
Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality.2024-04-116.4CVE-2024-2742
cve-coordination@incibe.es
pluginsware -- advanced_classifieds_&_directory_pro
 
The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber access or higher, to delete arbitrary media uploads.2024-04-094.3CVE-2024-2222
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
polevaultweb -- intagrate_lite
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Polevaultweb Intagrate Lite allows Stored XSS.This issue affects Intagrate Lite: from n/a through 1.3.7.2024-04-115.9CVE-2024-31929
audit@patchstack.com
popup_likebox_team -- popup_like_box
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through 3.7.2.2024-04-115.9CVE-2024-31387
audit@patchstack.com
prasunsen -- watu_quiz
 
The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-0873
security@wordfence.com
security@wordfence.com
prasunsen -- watu_quiz
 
The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which can include session tokens and user emails.2024-04-094.3CVE-2024-0872
security@wordfence.com
security@wordfence.com
princeahmed -- wp_radio_-_worldwide_online_radio_stations_directory_for_wordpress
 
The WP Radio - Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as insufficient access control on the settings. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-106.4CVE-2024-1041
security@wordfence.com
security@wordfence.com
princeahmed -- wp_radio_-_worldwide_online_radio_stations_directory_for_wordpress
 
The WP Radio - Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber access and above, to import radio stations, remove countries, and modify the plugin's settings, which can lead to Cross-Site Scripting, tracked separately in CVE-2024-1041.2024-04-106.4CVE-2024-1042
security@wordfence.com
security@wordfence.com
propertyhive -- propertyhive
 
Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9.2024-04-115.4CVE-2024-27985
audit@patchstack.com
psi-4ward -- psitransfer
 
PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. The vulnerability allows an attacker to influence those users who come to the file distribution after them and slip the victim files with a malicious or phishing signature. Version 2.2.0 contains a patch for the issue. CVE-2024-31453 allows users to violate the integrity of a file bucket and upload new files there, while the vulnerability with the number CVE-2024-31454 allows users to violate the integrity of a single file that is uploaded by another user by writing data there and not allows you to upload new files to the bucket. Thus, vulnerabilities are reproduced differently, require different security recommendations and affect different objects of the application's business logic.2024-04-096.5CVE-2024-31453
security-advisories@github.com
security-advisories@github.com
psi-4ward -- psitransfer
 
PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The vulnerability allows an attacker to influence those users who come to the file distribution after them and slip the victim files with a malicious or phishing signature. Version 2.2.0 contains a patch for this issue. CVE-2024-31454 allows users to violate the integrity of a file that is uploaded by another user. In this case, additional files are not loaded into the file bucket. Violation of integrity at the level of individual files. While the vulnerability with the number CVE-2024-31453 allows users to violate the integrity of a file bucket without violating the integrity of files uploaded by other users. Thus, vulnerabilities are reproduced differently, require different security recommendations and affect different objects of the application's business logic.2024-04-096.5CVE-2024-31454
security-advisories@github.com
security-advisories@github.com
puneethreddyhc -- event_management
 
A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259613 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-04-075.5CVE-2024-3432
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
qodeinteractive -- qi_addons_for_elementor
 
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-0826
security@wordfence.com
security@wordfence.com
security@wordfence.com
rainbowgeek -- seopress_-_on-site_seo
 
The SEOPress - On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2165
security@wordfence.com
security@wordfence.com
rankmath -- rank_math_seo_with_ai_seo_tools
 
The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo block attributes in all versions up to, and including, 1.0.214 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2536
security@wordfence.com
security@wordfence.com
realmag777 -- wolf_-_wordpress_posts_bulk_editor_and_manager_professional
 
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF - WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF - WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1.2024-04-104.3CVE-2024-31430
audit@patchstack.com
audit@patchstack.com
redisbloom -- redisbloom
 
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.2024-04-095.5CVE-2024-25116
security-advisories@github.com
security-advisories@github.com
relevanssi -- relevanssi_-_a_better_search_(pro)
 
The Relevanssi - A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS.2024-04-095.3CVE-2024-3213
security@wordfence.com
security@wordfence.com
security@wordfence.com
relevanssi -- relevanssi_-_a_better_search_(pro)
 
The Relevanssi - A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.2024-04-095.8CVE-2024-3214
security@wordfence.com
security@wordfence.com
repute_infosystems -- arforms_form_builder
 
Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.2024-04-126.3CVE-2024-31272
audit@patchstack.com
repute_infosystems -- bookingpress
 
Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81.2024-04-074.3CVE-2024-31296
audit@patchstack.com
revolution_slider -- slider_revolution
 
The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure revslider can be extended to authors.2024-04-096.4CVE-2024-2306
security@wordfence.com
security@wordfence.com
rtcamp -- transcoder
 
Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.This issue affects Transcoder: from n/a through 1.3.5.2024-04-124.3CVE-2024-31305
audit@patchstack.com
rubengc -- gamipress_-_the_#1_gamification_plugin_to_reward_points_achievements_badges_&_ranks_in_wordpress
 
The GamiPress - The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2783
security@wordfence.com
security@wordfence.com
saleor -- saleor
 
Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string in `refreshToken` mutation, while the token persists in `JWT_REFRESH_TOKEN_COOKIE_NAME` cookie, application omits validation against CSRF token and returns valid access token. Versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19 contain a patch for the issue. As a workaround, one may replace `saleor.graphql.account.mutations.authentication.refresh_token.py.get_refresh_token`. This will fix the issue, but be aware, that it returns `JWT_MISSING_TOKEN` instead of `JWT_INVALID_TOKEN`.2024-04-084.2CVE-2024-31205
security-advisories@github.com
security-advisories@github.com
saleor -- saleor
 
Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2.2024-04-114.3CVE-2024-32105
audit@patchstack.com
saleswonder.biz_team -- wp2leads
 
Missing Authorization vulnerability in Saleswonder.Biz Team WP2LEADS.This issue affects WP2LEADS: from n/a through 3.2.7.2024-04-085.4CVE-2024-31375
audit@patchstack.com
sap_se -- sap_business_connector
 
The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client side.2024-04-094.8CVE-2024-30214
cna@sap.com
cna@sap.com
sap_se -- sap_business_connector
 
The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is obtained, or the amount or kind of loss is limited.2024-04-094.8CVE-2024-30215
cna@sap.com
cna@sap.com
sap_se -- sap_group_reporting_data_collection_(enter_package_data)
 
SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization causing high impact on Integrity of the appliction.2024-04-096.5CVE-2024-28167
cna@sap.com
cna@sap.com
sap_se -- sap_netweaver_as_abap_and_abap_platform
 
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability.2024-04-096.5CVE-2024-30218
cna@sap.com
cna@sap.com
sap_se -- sap_netweaver
 
SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality.2024-04-095.3CVE-2024-27898
cna@sap.com
cna@sap.com
sap_se -- sap_s/4_hana_(cash_management)
 
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the application. Confidentiality and Availability are not impacted.2024-04-094.3CVE-2024-30216
cna@sap.com
cna@sap.com
sap_se -- sap_s/4_hana_(cash_management)
 
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted.2024-04-094.3CVE-2024-30217
cna@sap.com
cna@sap.com
saumya_majumder -- wp_server_health_stats
 
Cross-Site Request Forgery (CSRF) vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3.2024-04-124.3CVE-2024-31250
audit@patchstack.com
sc0ttkclark -- pods_-_custom_content_types_and_fields
 
The Pods - Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode. This makes it possible for authenticated attackers, with contributor access or higher, to create pods and users (with default role).2024-04-094.3CVE-2023-6965
security@wordfence.com
security@wordfence.com
security@wordfence.com
setriosoft -- bizcalendar_web
 
The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-04-106.1CVE-2024-1780
security@wordfence.com
security@wordfence.com
shopware -- shopware
 
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to `POST /store-api/account/logout`, the cart will be cleared, but the User won't be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on `CustomerLogoutEvent` and invalidates the session additionally. The problem has been fixed in Shopware 6.6.1.0 and 6.5.8.8. Those who are unable to update can install the latest version of the Shopware Security Plugin as a workaround.2024-04-085.3CVE-2024-31447
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
shortpixel -- shortpixel_adaptive_images
 
Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2.2024-04-105.3CVE-2024-31230
audit@patchstack.com
siemens -- scalance_w1748-1_m12
 
A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0). This CVE refers to Scenario 2 "Abuse the queue for network disruptions" of CVE-2022-47522. Affected devices can be tricked into enabling its power-saving mechanisms for a victim client. This could allow a physically proximate attacker to execute disconnection and denial-of-service attacks.2024-04-096.1CVE-2024-30190
productcert@siemens.com
siemens -- scalance_w721-1_rj45
 
A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0) (All versions), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6) (All versions), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0) (All versions), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0) (All versions), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0) (All versions), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0) (All versions), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0) (All versions), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0) (All versions), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0) (All versions), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0) (All versions), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0) (All versions), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0) (All versions), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6) (All versions), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0) (All versions), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0) (All versions), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0) (All versions), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0) (All versions), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0) (All versions), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0) (All versions), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0) (All versions), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0) (All versions), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0) (All versions), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0) (All versions), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0) (All versions), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0) (All versions), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0) (All versions), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0) (All versions), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0) (All versions), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0) (All versions). This CVE refers to Scenario 1 "Leak frames from the Wi-Fi queue" of CVE-2022-47522. Affected devices queue frames in order to subsequently change the security context and leak the queued frames. This could allow a physically proximate attacker to intercept (possibly cleartext) target-destined frames.2024-04-096.1CVE-2024-30189
productcert@siemens.com
siemens -- simatic_pcs_7_v9.1
 
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions). The affected products do not properly validate the input provided in the login dialog box. An attacker could leverage this vulnerability to cause a persistent denial of service condition.2024-04-096.2CVE-2023-50821
productcert@siemens.com
sigstore -- cosign
 
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other services on the machine that will not be available for the duration of the machine denial. The root cause of this issue is that Cosign reads the attachment from a remote image entirely into memory without checking the size of the attachment first. As such, a large attachment can make Cosign read a large attachment into memory; If the attachments size is larger than the machine has memory available, the machine will be denied of service. The Go runtime will make a SigKill after a few seconds of system-wide denial. This issue can allow a supply-chain escalation from a compromised registry to the Cosign user: If an attacher has compromised a registry or the account of an image vendor, they can include a malicious attachment and hurt the image consumer. Version 2.2.4 contains a patch for the vulnerability.2024-04-104.2CVE-2024-29902
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
sigstore -- cosign
 
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted artifact can control the amount of memory that Cosign allocates. The exact issue is Cosign allocates excessive memory on the lines that creates a slice of the same length as the manifests. Version 2.2.4 contains a patch for the vulnerability.2024-04-104.2CVE-2024-29903
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
silverks -- graphene
 
The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source.2024-04-095.3CVE-2024-1984
security@wordfence.com
security@wordfence.com
smub -- easy_digital_downloads_-_sell_digital_files_&_subscriptions_(ecommerce_store_+_payments_made_easy)
 
The Easy Digital Downloads - Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII.2024-04-095.3CVE-2024-2302
security@wordfence.com
security@wordfence.com
security@wordfence.com
smub -- wordpress_gallery_plugin_-_nextgen_gallery
 
The WordPress Gallery Plugin - NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.2024-04-095.3CVE-2024-3097
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
soflyy -- import_any_xml_or_csv_file_to_wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3.2024-04-104.3CVE-2024-31939
audit@patchstack.com
softaculous -- page_builder:_pagelayer_-_drag_and_drop_website_builder
 
The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attr' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2504
security@wordfence.com
security@wordfence.com
security@wordfence.com
someguy9 -- lightweight_accordion
 
The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2436
security@wordfence.com
security@wordfence.com
security@wordfence.com
sourcecodester -- kortex_lite_advocate_office_management_system
 
A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This issue affects some unknown processing of the file /control/deactivate_case.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260273 was assigned to this vulnerability.2024-04-114.7CVE-2024-3617
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- kortex_lite_advocate_office_management_system
 
A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file /control/activate_case.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260274 is the identifier assigned to this vulnerability.2024-04-114.7CVE-2024-3618
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- kortex_lite_advocate_office_management_system
 
A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /control/addcase_stage.php. The manipulation of the argument cname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260275.2024-04-114.7CVE-2024-3619
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- kortex_lite_advocate_office_management_system
 
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /control/adds.php. The manipulation of the argument name/gender/dob/email/mobile/address leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260276.2024-04-114.7CVE-2024-3620
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- kortex_lite_advocate_office_management_system
 
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. This affects an unknown part of the file /control/register_case.php. The manipulation of the argument title/case_no/client_name/court/case_type/case_stage/legel_acts/description/filling_date/hearing_date/opposite_lawyer/total_fees/unpaid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260277 was assigned to this vulnerability.2024-04-114.7CVE-2024-3621
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- laundry_management_system
 
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259702 is the identifier assigned to this vulnerability.2024-04-086.3CVE-2024-3445
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- laundry_management_system
 
A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical. This issue affects the function laporan_filter of the file /application/controller/Pelanggan.php. The manipulation of the argument jeniskelamin leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259745 was assigned to this vulnerability.2024-04-086.3CVE-2024-3464
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- laundry_management_system
 
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been classified as critical. Affected is the function laporan_filter of the file /application/controller/Transaki.php. The manipulation of the argument dari/sampai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259746 is the identifier assigned to this vulnerability.2024-04-086.3CVE-2024-3465
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- laundry_management_system
 
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function laporan_filter of the file /application/controller/Pengeluaran.php. The manipulation of the argument dari/sampai leads to sql injection. The associated identifier of this vulnerability is VDB-259747.2024-04-085.5CVE-2024-3466
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- online_courseware
 
A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. This vulnerability affects unknown code of the file admin/editt.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259588.2024-04-076.3CVE-2024-3416
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- online_courseware
 
A vulnerability, which was classified as critical, has been found in SourceCodester Online Courseware 1.0. This issue affects some unknown processing of the file admin/saveeditt.php. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259589 was assigned to this vulnerability.2024-04-076.3CVE-2024-3417
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- online_courseware
 
A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259590 is the identifier assigned to this vulnerability.2024-04-076.3CVE-2024-3418
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- online_courseware
 
A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/edit.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259591.2024-04-076.3CVE-2024-3419
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- online_courseware
 
A vulnerability was found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/saveedit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259592.2024-04-076.3CVE-2024-3420
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- online_courseware
 
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argument selector leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259593 was assigned to this vulnerability.2024-04-076.3CVE-2024-3421
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- online_courseware
 
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259594 is the identifier assigned to this vulnerability.2024-04-076.3CVE-2024-3422
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- online_courseware
 
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259595.2024-04-076.3CVE-2024-3423
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- online_courseware
 
A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/listscore.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259596.2024-04-076.3CVE-2024-3424
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- online_courseware
 
A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259597 was assigned to this vulnerability.2024-04-076.3CVE-2024-3425
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- prison_management_system
 
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259630 is the identifier assigned to this vulnerability.2024-04-086.3CVE-2024-3436
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- prison_management_system
 
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Employee/edit-profile.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259694 is the identifier assigned to this vulnerability.2024-04-086.3CVE-2024-3441
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- prison_management_system
 
A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. This affects an unknown part of the file /Employee/delete_leave.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259695.2024-04-086.3CVE-2024-3442
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- prison_management_system
 
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259631.2024-04-084.7CVE-2024-3437
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- prison_management_system
 
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/edit_profile.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259693 was assigned to this vulnerability.2024-04-084.7CVE-2024-3440
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
spwebguy -- responsive_tabs
 
The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tabs_color value in all versions up to, and including, 4.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-3514
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
stacklok -- minder
 
Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue is patched in pull request 2941. As a workaround, revert prior to `5c381cf`, or roll forward past `2eb94e7`.2024-04-094.3CVE-2024-31455
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
staxwp -- elementor_addons_widgets_and_enhancements_-_stax
 
The Elementor Addons, Widgets and Enhancements - Stax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Heading' widgets in all versions up to, and including, 1.4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-3064
security@wordfence.com
security@wordfence.com
stephanie_leary -- convert_post_types
 
Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Convert Post Types.This issue affects Convert Post Types: from n/a through 1.4.2024-04-114.3CVE-2024-32108
audit@patchstack.com
stiofansisland -- userswp_-_front-end_login_form,_user_registration_user_profile_&_members_directory_plugin_for_wordpress
 
The UsersWP - Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2423
security@wordfence.com
security@wordfence.com
security@wordfence.com
strangerstudios -- paid_memberships_pro_-_content_restriction_user_registration_&_paid_subscriptions
 
The Paid Memberships Pro - Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-04-094.3CVE-2024-0588
security@wordfence.com
security@wordfence.com
stylemix -- masterstudy_lms_wordpress_plugin__for_online_courses_and_education
 
The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts.2024-04-094.3CVE-2024-1904
security@wordfence.com
security@wordfence.com
supportcandy -- supportcandy
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3.2024-04-116.5CVE-2024-27991
audit@patchstack.com
supsystic -- easy_google_maps
 
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11.2024-04-124.3CVE-2024-31269
audit@patchstack.com
supsystic -- ultimate_maps_by_supsystic
 
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16.2024-04-124.3CVE-2024-31271
audit@patchstack.com
tausworks -- global_elementor_buttons
 
The Global Elementor Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link URL in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2327
security@wordfence.com
security@wordfence.com
tbk -- dvr-4104
 
A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260576.2024-04-136.3CVE-2024-3737
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tbk --dvr-4104 

 
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.2024-04-136.3CVE-2024-3721
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
techlabpro1 -- classified_listing_-_classified_ads_&_business_directory_plugin
 
The Classified Listing - Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms.2024-04-096.5CVE-2024-1352
security@wordfence.com
security@wordfence.com
security@wordfence.com
the_moneytizer -- the_moneytizer
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Moneytizer allows Stored XSS.This issue affects The Moneytizer: from n/a through 9.5.20.2024-04-116.5CVE-2024-27990
audit@patchstack.com
the_tcpdump_group -- tcpdump
 
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.2024-04-126.2CVE-2024-2397
security@tcpdump.org
theeventscalendar -- event_tickets_and_registration
 
The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including emails and street addresses.2024-04-094.3CVE-2024-2261
security@wordfence.com
security@wordfence.com
thehappymonster -- happy_addons_for_elementor
 
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-1498
security@wordfence.com
security@wordfence.com
security@wordfence.com
thehappymonster -- happy_addons_for_elementor
 
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2787
security@wordfence.com
security@wordfence.com
thehappymonster -- happy_addons_for_elementor
 
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2788
security@wordfence.com
security@wordfence.com
thehappymonster -- happy_addons_for_elementor
 
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2789
security@wordfence.com
security@wordfence.com
thehappymonster -- happy_addons_for_elementor
 
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on the title_tag attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-095.4CVE-2024-2786
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
thehappymonster -- happy_addons_for_elementor
 
The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access and above, to clone arbitrary posts (including private and password protected ones) which may lead to information exposure.2024-04-094.3CVE-2024-1387
security@wordfence.com
security@wordfence.com
security@wordfence.com
themefusion -- avada_|_website_builder_for_wordpress_&_woocommerce
 
The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2311
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
themefusion -- avada_|_website_builder_for_wordpress_&_woocommerce
 
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.2024-04-096.4CVE-2024-2343
security@wordfence.com
security@wordfence.com
security@wordfence.com
themefusion -- avada_|_website_builder_for_wordpress_&_woocommerce
 
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.2024-04-095.3CVE-2024-2340
security@wordfence.com
security@wordfence.com
themeisle -- multiple_page_generator_plugin_-_mpg
 
Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin - MPG.This issue affects Multiple Page Generator Plugin - MPG: from n/a through 3.4.0.2024-04-125.4CVE-2024-31301
audit@patchstack.com
themeisle -- otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse
 
The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2226
security@wordfence.com
security@wordfence.com
themeisle -- otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse
 
The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-116.4CVE-2024-3343
security@wordfence.com
security@wordfence.com
themeisle -- otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse
 
The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-116.4CVE-2024-3344
security@wordfence.com
security@wordfence.com
themeisle -- rss_aggregator_by_feedzy_-_feed_to_post_autoblogging_news_&_youtube_video_feeds_aggregator
 
The RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on the Content-Type field of error messages when retrieving an invalid RSS feed. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-076.4CVE-2023-6877
security@wordfence.com
security@wordfence.com
themepoints -- testimonials
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Testimonials allows Stored XSS.This issue affects Testimonials: from n/a through 3.0.5.2024-04-076.5CVE-2024-31348
audit@patchstack.com
themepunch -- essential_grid_gallery_wordpress_plugin

 
The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password protected posts that may have private or sensitive information.2024-04-105.3CVE-2024-3235
security@wordfence.com
security@wordfence.com
themesgrove -- all-in-one_addons_for_elementor_-_widgetkit
 
The All-in-One Addons for Elementor - WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Pricing Single, Pricing Icon, Pricing Tab) in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-126.4CVE-2024-2137
security@wordfence.com
security@wordfence.com
thimpress -- learnpress_-_wordpress_lms_plugin
 
The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to obtain information on orders placed by other users and guests, which can be leveraged to sign up for paid courses that were purchased by guests. Emails of other users are also exposed.2024-04-096.5CVE-2024-1289
security@wordfence.com
security@wordfence.com
thimpress -- learnpress_-_wordpress_lms_plugin
 
The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with LP Instructor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-094.4CVE-2024-1463
security@wordfence.com
security@wordfence.com
tianwell -- fire_intelligent_command_platform
 
A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260572.2024-04-136.3CVE-2024-3720
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totalpressorg -- custom_post_types_custom_fields_&_more
 
The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2023-6993
security@wordfence.com
security@wordfence.com
tribulant -- slideshow_gallery
 
Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.2024-04-105.3CVE-2024-31353
audit@patchstack.com
tribulant -- slideshow_gallery
 
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.2024-04-124.3CVE-2024-31354
audit@patchstack.com
varun_kumar -- easy_logo
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Varun Kumar Easy Logo allows Stored XSS.This issue affects Easy Logo: from n/a through 1.9.3.2024-04-115.9CVE-2024-32083
audit@patchstack.com
visitor_analytics -- twipla_(visitor_analytics_io)
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visitor Analytics TWIPLA (Visitor Analytics IO) allows Stored XSS.This issue affects TWIPLA (Visitor Analytics IO): from n/a through 1.2.0.2024-04-115.9CVE-2024-31937
audit@patchstack.com
vjinfotech -- wp_import_export_lite
 
Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26.2024-04-074.4CVE-2024-31308
audit@patchstack.com
wangshen -- secgate_3600
 
A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It has been classified as critical. This affects an unknown part of the file /?g=net_pro_keyword_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259701 was assigned to this vulnerability.2024-04-084.7CVE-2024-3444
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
webdevmattcrom -- givewp_-_donation_plugin_and_fundraising_platform
 
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-1424
security@wordfence.com
security@wordfence.com
webdevmattcrom -- givewp_-_donation_plugin_and_fundraising_platform
 
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-136.4CVE-2024-1957
security@wordfence.com
security@wordfence.com
webfactory -- wp_reset_-_most_advanced_wordpress_reset_tool
 
The WP Reset - Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.99 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames.2024-04-095.9CVE-2023-6799
security@wordfence.com
security@wordfence.com
webtechstreet -- elementor_addon_elements
 
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.5CVE-2024-2792
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
webtoffee -- wordpress_comments_import_&_export
 
Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5.2024-04-124.3CVE-2024-31235
audit@patchstack.com
wen_themes -- wen_responsive_columns
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS.This issue affects WEN Responsive Columns: from n/a through 1.3.2.2024-04-116.5CVE-2024-27988
audit@patchstack.com
woocommerce -- woocommerce_shipping_per_product
 
Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4.2024-04-124.3CVE-2023-51499
audit@patchstack.com
wp_compress -- wp_compress_-_image_optimizer_[all-in-one]
 
Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Compress - Image Optimizer [All-In-One].This issue affects WP Compress - Image Optimizer [All-In-One]: from n/a through 6.10.35.2024-04-114.3CVE-2024-32106
audit@patchstack.com
wp_darko -- top_bar
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Darko Top Bar allows Stored XSS.This issue affects Top Bar: from n/a through 3.0.5.2024-04-115.9CVE-2024-31928
audit@patchstack.com
wp_enhanced -- free_downloads_woocommerce
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Enhanced Free Downloads WooCommerce allows Stored XSS.This issue affects Free Downloads WooCommerce: from n/a through 3.5.8.2.2024-04-116.5CVE-2024-27969
audit@patchstack.com
wp_oauth_server -- oauth_server
 
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3.2024-04-104.7CVE-2024-31253
audit@patchstack.com
wp_royal -- royal_elementor_addons
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.93.2024-04-076.5CVE-2024-31236
audit@patchstack.com
wp_swings -- points_and_rewards_for_woocommerce
 
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0.2024-04-115.4CVE-2023-27607
audit@patchstack.com
wpcalc -- modal_window_-_create_popup_modal_window
 
The Modal Window - create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2457
security@wordfence.com
security@wordfence.com
wpclever -- wpc_smart_quick_view_for_woocommerce
 
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-04-134.4CVE-2023-6494
security@wordfence.com
security@wordfence.com
wpcloudgallery -- wordpress_gallery_exporter
 
Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3.2024-04-106.5CVE-2024-31342
audit@patchstack.com
wpdeveloper -- essential_blocks_for_gutenberg
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.5.3.2024-04-076.5CVE-2024-31306
audit@patchstack.com
wpdevteam -- betterdocs_-_best_documentation_faq_&_knowledge_base_plugin_with_ai_support_&_instant_answer_for_elementor_&_gutenberg
 
The BetterDocs - Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2845
security@wordfence.com
security@wordfence.com
wpdevteam -- embedpress_-_embed_pdf_google_docs_vimeo_wistia_embed_youtube_videos,_audios_maps_&_embed_any_documents_in_gutenberg_&_elementor
 
The EmbedPress - Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_calendar' shortcode in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-3244
security@wordfence.com
security@wordfence.com
security@wordfence.com
wpdevteam -- essential_addons_for_elementor_-_best_elementor_templates_widgets_kits_&_woocommerce_builders
 
The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget in all versions up to, and including, 5.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2650
security@wordfence.com
security@wordfence.com
wpdevteam -- essential_addons_for_elementor_best_elementor_templates,_widgets,_kits_&_woocommerce_builders
 
The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's message parameter in all versions up to, and including, 5.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2623
security@wordfence.com
security@wordfence.com
security@wordfence.com
wpdevteam -- essential_addons_for_elementor_best_elementor_templates,_widgets,_kits_&_woocommerce_builders
 
The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the load_more function. This can allow unauthenticated attackers to extract sensitive data including private and draft posts.2024-04-095.3CVE-2024-2974
security@wordfence.com
security@wordfence.com
wpgmaps -- wp_go_maps_(formerly_wp_google_maps)
 
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's Google API key. While this does not affect the security of sites using this plugin, it allows unauthenticated attackers to make requests using this API key with the potential of exhausting requests resulting in an inability to use the map functionality offered by the plugin.2024-04-095.3CVE-2023-6777
security@wordfence.com
security@wordfence.com
wpkube -- subscribe_to_comments_reloaded
 
Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725.2024-04-105.3CVE-2024-31249
audit@patchstack.com
wpmudev -- forminator_-_contact_form_payment_form_&_custom_form_builder
 
The Forminator - Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-3053
security@wordfence.com
security@wordfence.com
wpzoom -- beaver_builder_addons_by_wpzoom
 
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2181
security@wordfence.com
security@wordfence.com
wpzoom -- beaver_builder_addons_by_wpzoom
 
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-30424 is likely a duplicate of this issue.2024-04-096.4CVE-2024-2183
security@wordfence.com
security@wordfence.com
wpzoom -- beaver_builder_addons_by_wpzoom
 
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2185
security@wordfence.com
security@wordfence.com
wpzoom -- beaver_builder_addons_by_wpzoom
 
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Members widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2186
security@wordfence.com
security@wordfence.com
wpzoom -- beaver_builder_addons_by_wpzoom
 
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonials widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-04-096.4CVE-2024-2187
security@wordfence.com
security@wordfence.com
wpzoom -- wpzoom_social_feed_widget_&_block
 
The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all Instagram images installed on the site.2024-04-134.3CVE-2024-3662
security@wordfence.com
security@wordfence.com
xiamen_four-faith -- rmp_router_management_platform
 
A vulnerability was found in Xiamen Four-Faith RMP Router Management Platform 5.2.2. It has been declared as critical. This vulnerability affects unknown code of the file /Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=. The manipulation of the argument groupId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260476. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-04-126.3CVE-2024-3688
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
xlplugins -- finale_lite
 
Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0.2024-04-114.3CVE-2024-32107
audit@patchstack.com
xwiki -- xwiki-platform
 
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's possible for an attacker to have access to the hash password of a user if they have rights to edit the users' page. With the default right scheme in XWiki this vulnerability is normally prevented on user profiles, except by users with Admin rights. Note that this vulnerability also impacts any extensions that might use passwords stored in xobjects: for those usecases it depends on the right of those pages. There is currently no way to be 100% sure that this vulnerability has been exploited, as an attacker with enough privilege could have deleted the revision where the xobject was deleted after rolling-back the deletion. But again, this operation requires high privileges on the target page (Admin right). A page with a user password xobject which have in its history a revision where the object has been deleted should be considered at risk and the password should be changed there. a diff, to ensure it's not coming from a password field. As another mitigation, admins should ensure that the user pages are properly protected: the edit right shouldn't be allowed for other users than Admin and owner of the profile (which is the default right). There is not much workaround possible for a privileged user other than upgrading XWiki.2024-04-106.8CVE-2024-31464
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki -- xwiki-platform
 
XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in any content as an image. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, manually apply the patch by modifying the `Scheduler.WebHome` page.2024-04-105.4CVE-2024-31985
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xylus_themes -- wp_event_aggregator
 
Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6.2024-04-124.3CVE-2024-31371
audit@patchstack.com
yith -- yith_woocommerce_gift_cards_premium
 
Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1.2024-04-116.5CVE-2022-44633
audit@patchstack.com
zaytech -- smart_online_order_for_clover
 
Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5.2024-04-125.4CVE-2024-31238
audit@patchstack.com
zoom_video_communications_inc. -- zoom_desktop_client_for_linux
 
Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access.2024-04-094.1CVE-2024-27242
security@zoom.us
zoom_video_communications_inc. -- zoom_desktop_client_for_macos
 
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access.2024-04-095.5CVE-2024-27247
security@zoom.us
zoom_video_communications_inc. -- zoom_desktop_client_for_windows
 
Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access.2024-04-095.9CVE-2024-24694
security@zoom.us

Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
authzed -- spicedb

 
SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return the subjects found under subjects for either `folder` or `folder#parent`. This bug only manifests if the same subject type is used multiple types in a relation, relationships exist for both subject types and an arrow is used over the relation. Any user making a negative authorization decision based on the results of a LookupSubjects request with version before v1.30.1 is affected. Version 1.30.1 contains a patch for the issue. As a workaround, avoid using LookupSubjects for negative authorization decisions and/or avoid using the broken schema.2024-04-102.2CVE-2024-32001
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
bihell--dice

 
A vulnerability was found in bihell Dice 3.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260474 is the identifier assigned to this vulnerability.2024-04-123.5CVE-2024-3687
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- church_management_system

 
A vulnerability classified as problematic has been found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/admin_user.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259911.2024-04-103.5CVE-2024-3541
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- church_management_system

 
A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. This vulnerability affects unknown code of the file /admin/add_visitor.php. The manipulation of the argument mobile leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259912.2024-04-103.5CVE-2024-3542
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_online_student_management_system

 
A vulnerability was found in Campcodes Complete Online Student Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file units_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259898 is the identifier assigned to this vulnerability.2024-04-103.5CVE-2024-3528
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_online_student_management_system

 
A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been classified as problematic. This affects an unknown part of the file students_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259899.2024-04-103.5CVE-2024-3529
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_online_student_management_system

 
A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file Marks_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259900.2024-04-103.5CVE-2024-3530
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_online_student_management_system

 
A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file courses_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259901 was assigned to this vulnerability.2024-04-103.5CVE-2024-3531
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_online_student_management_system

 
A vulnerability classified as problematic has been found in Campcodes Complete Online Student Management System 1.0. Affected is an unknown function of the file attendance_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259902 is the identifier assigned to this vulnerability.2024-04-103.5CVE-2024-3532
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- complete_online_student_management_system

 
A vulnerability classified as problematic was found in Campcodes Complete Online Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file academic_year_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259903.2024-04-103.5CVE-2024-3533
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_event_management_system

 
A vulnerability, which was classified as problematic, has been found in Campcodes Online Event Management System 1.0. This issue affects some unknown processing of the file /views/process.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259895.2024-04-103.5CVE-2024-3524
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_event_management_system


 
A vulnerability, which was classified as problematic, was found in Campcodes Online Event Management System 1.0. Affected is an unknown function of the file /views/index.php. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259896.2024-04-103.5CVE-2024-3525
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_event_management_system

 
A vulnerability has been found in Campcodes Online Event Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259897 was assigned to this vulnerability.2024-04-103.5CVE-2024-3526
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
contao -- contao

 
Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, do not output user data from frontend forms next to each other, always separate them by at least one character.2024-04-093.1CVE-2024-28191
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
gamerz -- wp-postratings

 
A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.65 is able to address this issue. The identifier of the patch is 6182a5682b12369ced0becd3b505439ce2eb8132. It is recommended to upgrade the affected component. The identifier VDB-259629 was assigned to this vulnerability.2024-04-083.5CVE-2011-10006
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
hcl_software-- dryicec_myxalytics

 
HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration.2024-04-103.7CVE-2023-50347
psirt@hcl.com
N/A -- qksms

 
A vulnerability was found in QKSMS up to 3.9.4 on Android. It has been classified as problematic. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259611. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-04-072.4CVE-2024-3430
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
N/A -- smart_office

 
A vulnerability was found in Smart Office up to 20240405. It has been classified as problematic. Affected is an unknown function of the file Main.aspx. The manipulation of the argument New Password/Confirm Password with the input 1 leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-04-133.7CVE-2024-3735
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
namithjawahar-- wp-insert

 
A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.9 is able to address this issue. The name of the patch is a07b7b08084b9b85859f3968ce7fde0fd1fcbba3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259628.2024-04-083.5CVE-2014-125111
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
puneethreddyhc-- eventmanagement

 
A vulnerability classified as problematic has been found in PuneethReddyHC Event Management 1.0. Affected is an unknown function of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to cross site scripting. It is possible to launch the attack remotely. VDB-259614 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-04-073.5CVE-2024-3433
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
siemens -- parasolid_v35.1

 
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.2024-04-093.3CVE-2024-26276
productcert@siemens.com
siemens -- parasolid_v35.1

 
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.2024-04-093.3CVE-2024-26277
productcert@siemens.com
sourcecodester -- computer-laboratory_management_system

 
A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260482 is the identifier assigned to this vulnerability.2024-04-123.5CVE-2024-3695
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- laundry_management_system
 
A vulnerability has been found in SourceCodester Laundry Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /karyawan/edit. The manipulation of the argument karyawan leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259744.2024-04-083.5CVE-2024-3463
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- prison_management_system

 
A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/apply_leave.php. The manipulation of the argument txtstart_date/txtend_date leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259696.2024-04-083.5CVE-2024-3443
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester-- online_courseware

 
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Courseware 1.0. Affected by this issue is some unknown functionality of the file editt.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259598 is the identifier assigned to this vulnerability.2024-04-073.5CVE-2024-3426
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester-- online_courseware

 
A vulnerability, which was classified as problematic, was found in SourceCodester Online Courseware 1.0. This affects an unknown part of the file addq.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259599.2024-04-073.5CVE-2024-3427
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester-- online_courseware

 
A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259600.2024-04-073.5CVE-2024-3428
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester--warehouse_management_system

 
A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file barang.php. The manipulation of the argument nama_barang/merek leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260269 was assigned to this vulnerability.2024-04-113.5CVE-2024-3612
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester--warehouse_management_system

 
A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file supplier.php. The manipulation of the argument nama_supplier/alamat_supplier/notelp_supplier leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260270 is the identifier assigned to this vulnerability.2024-04-113.5CVE-2024-3613
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester--warehouse_management_system

 
A vulnerability classified as problematic has been found in SourceCodester Warehouse Management System 1.0. This affects an unknown part of the file customer.php. The manipulation of the argument nama_customer/alamat_customer/notelp_customer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260271.2024-04-113.5CVE-2024-3614
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester--warehouse_management_system

 
A vulnerability classified as problematic was found in SourceCodester Warehouse Management System 1.0. This vulnerability affects unknown code of the file pengguna.php. The manipulation of the argument admin_user/admin_nama/admin_alamat/admin_telepon leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260272.2024-04-113.5CVE-2024-3616
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sumome -- sumo

 
Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34.2024-04-123.7CVE-2024-31265
audit@patchstack.com
webtoffee -- wordpress_backup_&_migration

 
Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7.2024-04-103.7CVE-2024-31254
audit@patchstack.com
zhejiang_land_zongheng_network_technology--o2oaA vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-04-123.7CVE-2024-3689
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com

Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
aimhubio -- aimhubio/aim
 
A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py` file, where improper restriction of user access to the `RunView` object allows for the execution of arbitrary code via the `query` parameter. This issue enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise.2024-04-10not yet calculatedCVE-2024-2195
security@huntr.dev
aimhubio -- aimhubio/aim
 
aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboard. An attacker can exploit this by tricking a user into executing a malicious script that sends unauthorized requests to the aim server, leading to potential data loss and unauthorized data manipulation.2024-04-10not yet calculatedCVE-2024-2196
security@huntr.dev
apache_software_foundation -- apache_kafka
 
While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced. Two preconditions are needed to trigger the bug: 1. The administrator decides to remove an ACL 2. The resource associated with the removed ACL continues to have two or more other ACLs associated with it after the removal. When those two preconditions are met, Kafka will treat the resource as if it had only one ACL associated with it after the removal, rather than the two or more that would be correct. The incorrect condition is cleared by removing all brokers in ZK mode, or by adding a new ACL to the affected resource. Once the migration is completed, there is no metadata loss (the ACLs all remain). The full impact depends on the ACLs in use. If only ALLOW ACLs were configured during the migration, the impact would be limited to availability impact. if DENY ACLs were configured, the impact could include confidentiality and integrity impact depending on the ACLs configured, as the DENY ACLs might be ignored due to this vulnerability during the migration period.2024-04-12not yet calculatedCVE-2024-27309
security@apache.org
apache_software_foundation -- apache_solr_operator
 
Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for accessing Solr: including the "solr" and "admin" accounts for use by end-users, and a "k8s-oper" account which the operator uses for its own requests to Solr. One common source of these operator requests is healthchecks: liveness, readiness, and startup probes are all used to determine Solr's health and ability to receive traffic. By default, the operator configures the Solr APIs used for these probes to be exempt from authentication, but users may specifically request that authentication be required on probe endpoints as well. Whenever one of these probes would fail, if authentication was in use, the Solr Operator would create a Kubernetes "event" containing the username and password of the "k8s-oper" account. Within the affected version range, this vulnerability affects any solrcloud resource which (1) bootstrapped security through use of the `.solrOptions.security.authenticationType=basic` option, and (2) required authentication be used on probes by setting `.solrOptions.security.probesRequireAuth=true`. Users are recommended to upgrade to Solr Operator version 0.8.1, which fixes this issue by ensuring that probes no longer print the credentials used for Solr requests.  Users may also mitigate the vulnerability by disabling authentication on their healthcheck probes using the setting `.solrOptions.security.probesRequireAuth=false`.2024-04-12not yet calculatedCVE-2024-31391
security@apache.org
apache_software_foundation -- apache_traffic_server
 
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server.  Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute.  ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.2024-04-10not yet calculatedCVE-2024-31309
security@apache.org
security@apache.org
security@apache.org
apache_software_foundation -- apache_zeppelin_sap
 
Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2024-04-09not yet calculatedCVE-2022-47894
security@apache.org
security@apache.org
apache_software_foundation -- apache_zeppelin
 
Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.2024-04-09not yet calculatedCVE-2021-28656
security@apache.org
apache_software_foundation -- apache_zeppelin
 
Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access.  This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.2024-04-09not yet calculatedCVE-2024-31860
security@apache.org
security@apache.org
apache_software_foundation -- apache_zeppelin
 
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attackers can use Shell interpreter as a code generation gateway, and execute the generated code as a normal way. This issue affects Apache Zeppelin: from 0.10.1 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which doesn't have Shell interpreter by default.2024-04-11not yet calculatedCVE-2024-31861
security@apache.org
security@apache.org
apache_software_foundation -- apache_zeppelin
 
Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.2024-04-09not yet calculatedCVE-2024-31862
security@apache.org
security@apache.org
apache_software_foundation -- apache_zeppelin
 
Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.2024-04-09not yet calculatedCVE-2024-31863
security@apache.org
apache_software_foundation -- apache_zeppelin
 
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.2024-04-09not yet calculatedCVE-2024-31864
security@apache.org
security@apache.org
security@apache.org
apache_software_foundation -- apache_zeppelin
 
Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.2024-04-09not yet calculatedCVE-2024-31865
security@apache.org
security@apache.org
apache_software_foundation -- apache_zeppelin
 
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.2024-04-09not yet calculatedCVE-2024-31866
security@apache.org
security@apache.org
apache_software_foundation -- apache_zeppelin
 
Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.2024-04-09not yet calculatedCVE-2024-31867
security@apache.org
security@apache.org
apache_software_foundation -- apache_zeppelin
 
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.2024-04-09not yet calculatedCVE-2024-31868
security@apache.org
security@apache.org
berriai -- berriai/litellm
 
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server.2024-04-10not yet calculatedCVE-2024-2952
security@huntr.dev
devolutions -- server
 
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafted request.2024-04-09not yet calculatedCVE-2024-2918
security@devolutions.net
devolutions -- server
 
Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.2024-04-09not yet calculatedCVE-2024-3545
security@devolutions.net
furuno_systems_co-ltd -- acera_9010-08
 
The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration.2024-04-08not yet calculatedCVE-2024-28744
vultures@jpcert.or.jp
vultures@jpcert.or.jp
gaizhenbiao -- gaizhenbiao/chuanhuchatgpt
 
gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (`openai_api_key`, `google_palm_api_key`, `xmchat_api_key`, etc.), configuration details, and user credentials. The issue stems from the application's handling of HTTP requests for the `config.json` file, which does not properly restrict access based on user authentication.2024-04-10not yet calculatedCVE-2024-2217
security@huntr.dev
security@huntr.dev
google -- chrome
 
Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)2024-04-10not yet calculatedCVE-2024-3157
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google -- chrome
 
Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-04-10not yet calculatedCVE-2024-3515
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google -- chrome
 
Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-04-10not yet calculatedCVE-2024-3516
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
gradio-app -- gradio-app/gradio
 
gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect file uploads to unintended locations on the server.2024-04-10not yet calculatedCVE-2024-1728
security@huntr.dev
security@huntr.dev
hp_inc. -- poly_ccx_devices
 
A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor.2024-04-09not yet calculatedCVE-2024-3281
hp-security-alert@hp.com
hp-security-alert@hp.com
huawei -- harmonyosVulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-08not yet calculatedCVE-2023-52537
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosPermission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.2024-04-08not yet calculatedCVE-2023-52539
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosVulnerability of improper authentication in the Iaware module. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-08not yet calculatedCVE-2023-52540
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosAuthentication vulnerability in the API for app pre-loading. Impact: Successful exploitation of this vulnerability may affect service confidentiality.2024-04-08not yet calculatedCVE-2023-52541
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosPermission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-08not yet calculatedCVE-2023-52542
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosPermission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-08not yet calculatedCVE-2023-52543
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosVulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.2024-04-08not yet calculatedCVE-2023-52544
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosVulnerability of undefined permissions in the Calendar app. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-08not yet calculatedCVE-2023-52545
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosVulnerability of package name verification being bypassed in the Calendar app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.2024-04-08not yet calculatedCVE-2023-52546
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosVulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.2024-04-08not yet calculatedCVE-2023-52549
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosVulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.2024-04-08not yet calculatedCVE-2023-52550
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosVulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.2024-04-08not yet calculatedCVE-2023-52551
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosInput verification vulnerability in the power module. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-08not yet calculatedCVE-2023-52552
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosRace condition vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-08not yet calculatedCVE-2023-52553
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosPermission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.2024-04-08not yet calculatedCVE-2023-52554
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosVulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.2024-04-07not yet calculatedCVE-2023-52713
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosVulnerability of defects introduced in the design process in the hwnff module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.2024-04-07not yet calculatedCVE-2023-52714
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosThe SystemUI module has a vulnerability in permission management. Impact: Successful exploitation of this vulnerability may affect availability.2024-04-07not yet calculatedCVE-2023-52715
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosVulnerability of starting activities in the background in the ActivityManagerService (AMS) module. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-07not yet calculatedCVE-2023-52716
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosPermission verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-07not yet calculatedCVE-2023-52717
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyos
 
Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-08not yet calculatedCVE-2023-52359
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyos
 
Vulnerability of input parameters being not strictly verified in the RSMC module. Impact: Successful exploitation of this vulnerability may cause out-of-bounds write.2024-04-08not yet calculatedCVE-2023-52364
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyos
 
Vulnerability of improper control over foreground service notifications in the notification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.2024-04-07not yet calculatedCVE-2023-52382
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyos
 
Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-08not yet calculatedCVE-2023-52385
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyos
 
Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-08not yet calculatedCVE-2023-52386
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyos
 
Permission control vulnerability in the clock module. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-08not yet calculatedCVE-2023-52388
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyos
 
Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.2024-04-08not yet calculatedCVE-2024-27895
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyos
 
Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect integrity.2024-04-08not yet calculatedCVE-2024-27896
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyos
 
Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.2024-04-08not yet calculatedCVE-2024-27897
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyos
 
Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-07not yet calculatedCVE-2024-30413
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyos
 
Command injection vulnerability in the AccountManager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.2024-04-07not yet calculatedCVE-2024-30414
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyos
 
Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-07not yet calculatedCVE-2024-30415
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyos
 
Use After Free (UAF) vulnerability in the underlying driver module. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-07not yet calculatedCVE-2024-30416
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyos
 
Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.2024-04-07not yet calculatedCVE-2024-30417
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyos
 
Vulnerability of insufficient permission verification in the app management module. Impact: Successful exploitation of this vulnerability will affect availability.2024-04-07not yet calculatedCVE-2024-30418
psirt@huawei.com
psirt@huawei.com
huggingface -- huggingface/transformers
 
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.2024-04-10not yet calculatedCVE-2024-3568
security@huntr.dev
security@huntr.dev
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: usb: musb: tusb6010: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value.2024-04-10not yet calculatedCVE-2021-47181
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsi_mode_sense() buffer length handling Several problems exist with scsi_mode_sense() buffer length handling: 1) The allocation length field of the MODE SENSE(10) command is 16-bits, occupying bytes 7 and 8 of the CDB. With this command, access to mode pages larger than 255 bytes is thus possible. However, the CDB allocation length field is set by assigning len to byte 8 only, thus truncating buffer length larger than 255. 2) If scsi_mode_sense() is called with len smaller than 8 with sdev->use_10_for_ms set, or smaller than 4 otherwise, the buffer length is increased to 8 and 4 respectively, and the buffer is zero filled with these increased values, thus corrupting the memory following the buffer. Fix these 2 problems by using put_unaligned_be16() to set the allocation length field of MODE SENSE(10) CDB and by returning an error when len is too small. Furthermore, if len is larger than 255B, always try MODE SENSE(10) first, even if the device driver did not set sdev->use_10_for_ms. In case of invalid opcode error for MODE SENSE(10), access to mode pages larger than 255 bytes are not retried using MODE SENSE(6). To avoid buffer length overflows for the MODE_SENSE(10) case, check that len is smaller than 65535 bytes. While at it, also fix the folowing: * Use get_unaligned_be16() to retrieve the mode data length and block descriptor length fields of the mode sense reply header instead of using an open coded calculation. * Fix the kdoc dbd argument explanation: the DBD bit stands for Disable Block Descriptor, which is the opposite of what the dbd argument description was.2024-04-10not yet calculatedCVE-2021-47182
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL pointer dereference. Driver unload requests may hang with repeated "2878" log messages. The Link down processing results in ABTS requests for outstanding ELS requests. The Abort WQEs are sent for the ELSs before the driver had set the link state to down. Thus the driver is sending the Abort with the expectation that an ABTS will be sent on the wire. The Abort request is stalled waiting for the link to come up. In some conditions the driver may auto-complete the ELSs thus if the link does come up, the Abort completions may reference an invalid structure. Fix by ensuring that Abort set the flag to avoid link traffic if issued due to conditions where the link failed.2024-04-10not yet calculatedCVE-2021-47183
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL ptr dereference on VSI filter sync Remove the reason of null pointer dereference in sync VSI filters. Added new I40E_VSI_RELEASING flag to signalize deleting and releasing of VSI resources to sync this thread with sync filters subtask. Without this patch it is possible to start update the VSI filter list after VSI is removed, that's causing a kernel oops.2024-04-10not yet calculatedCVE-2021-47184
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look like this one: Workqueue: events_unbound flush_to_ldisc Call trace: dump_backtrace+0x0/0x1ec show_stack+0x24/0x30 dump_stack+0xd0/0x128 panic+0x15c/0x374 watchdog_timer_fn+0x2b8/0x304 __run_hrtimer+0x88/0x2c0 __hrtimer_run_queues+0xa4/0x120 hrtimer_interrupt+0xfc/0x270 arch_timer_handler_phys+0x40/0x50 handle_percpu_devid_irq+0x94/0x220 __handle_domain_irq+0x88/0xf0 gic_handle_irq+0x84/0xfc el1_irq+0xc8/0x180 slip_unesc+0x80/0x214 [slip] tty_ldisc_receive_buf+0x64/0x80 tty_port_default_receive_buf+0x50/0x90 flush_to_ldisc+0xbc/0x110 process_one_work+0x1d4/0x4b0 worker_thread+0x180/0x430 kthread+0x11c/0x120 In the testcase pty04, The first process call the write syscall to send data to the pty master. At the same time, the workqueue will do the flush_to_ldisc to pop data in a loop until there is no more data left. When the sender and workqueue running in different core, the sender sends data fastly in full time which will result in workqueue doing work in loop for a long time and occuring softlockup in flush_to_ldisc with kernel configured without preempt. So I add need_resched check and cond_resched in the flush_to_ldisc loop to avoid it.2024-04-10not yet calculatedCVE-2021-47185
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: tipc: check for null after calling kmemdup kmemdup can return a null pointer so need to check for it, otherwise the null key will be dereferenced later in tipc_crypto_key_xmit as can be seen in the trace [1]. [1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a582024-04-10not yet calculatedCVE-2021-47186
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency The entry/exit latency and minimum residency in state for the idle states of MSM8998 were ..bad: first of all, for all of them the timings were written for CPU sleep but the min-residency-us param was miscalculated (supposedly, while porting this from downstream); Then, the power collapse states are setting PC on both the CPU cluster *and* the L2 cache, which have different timings: in the specific case of L2 the times are higher so these ones should be taken into account instead of the CPU ones. This parameter misconfiguration was not giving particular issues because on MSM8998 there was no CPU scaling at all, so cluster/L2 power collapse was rarely (if ever) hit. When CPU scaling is enabled, though, the wrong timings will produce SoC unstability shown to the user as random, apparently error-less, sudden reboots and/or lockups. This set of parameters are stabilizing the SoC when CPU scaling is ON and when power collapse is frequently hit.2024-04-10not yet calculatedCVE-2021-47187
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c Call trace: ufshcd_queuecommand+0x468/0x65c scsi_send_eh_cmnd+0x224/0x6a0 scsi_eh_test_devices+0x248/0x418 scsi_eh_ready_devs+0xc34/0xe58 scsi_error_handler+0x204/0x80c kthread+0x150/0x1b4 ret_from_fork+0x10/0x30 That warning is triggered by the following statement: WARN_ON(lrbp->cmd); Fix this warning by clearing lrbp->cmd from the abort handler.2024-04-10not yet calculatedCVE-2021-47188
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory ordering between normal and ordered work functions Ordered work functions aren't guaranteed to be handled by the same thread which executed the normal work functions. The only way execution between normal/ordered functions is synchronized is via the WORK_DONE_BIT, unfortunately the used bitops don't guarantee any ordering whatsoever. This manifested as seemingly inexplicable crashes on ARM64, where async_chunk::inode is seen as non-null in async_cow_submit which causes submit_compressed_extents to be called and crash occurs because async_chunk::inode suddenly became NULL. The call trace was similar to: pc : submit_compressed_extents+0x38/0x3d0 lr : async_cow_submit+0x50/0xd0 sp : ffff800015d4bc20 <registers omitted for brevity> Call trace: submit_compressed_extents+0x38/0x3d0 async_cow_submit+0x50/0xd0 run_ordered_work+0xc8/0x280 btrfs_work_helper+0x98/0x250 process_one_work+0x1f0/0x4ac worker_thread+0x188/0x504 kthread+0x110/0x114 ret_from_fork+0x10/0x18 Fix this by adding respective barrier calls which ensure that all accesses preceding setting of WORK_DONE_BIT are strictly ordered before setting the flag. At the same time add a read barrier after reading of WORK_DONE_BIT in run_ordered_work which ensures all subsequent loads would be strictly ordered after reading the bit. This in turn ensures are all accesses before WORK_DONE_BIT are going to be strictly ordered before any access that can occur in ordered_func.2024-04-10not yet calculatedCVE-2021-47189
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perf_env__insert_btf() perf_env__insert_btf() doesn't insert if a duplicate BTF id is encountered and this causes a memory leak. Modify the function to return a success/error value and then free the memory if insertion didn't happen. v2. Adds a return -1 when the insertion error occurs in perf_env__fetch_btf. This doesn't affect anything as the result is never checked.2024-04-10not yet calculatedCVE-2021-47190
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() The following warning was observed running syzkaller: [ 3813.830724] sg_write: data in/out 65466/242 bytes for SCSI command 0x9e-- guessing data in; [ 3813.830724] program syz-executor not setting count and/or reply_len properly [ 3813.836956] ================================================================== [ 3813.839465] BUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x157/0x1e0 [ 3813.841773] Read of size 4096 at addr ffff8883cf80f540 by task syz-executor/1549 [ 3813.846612] Call Trace: [ 3813.846995] dump_stack+0x108/0x15f [ 3813.847524] print_address_description+0xa5/0x372 [ 3813.848243] kasan_report.cold+0x236/0x2a8 [ 3813.849439] check_memory_region+0x240/0x270 [ 3813.850094] memcpy+0x30/0x80 [ 3813.850553] sg_copy_buffer+0x157/0x1e0 [ 3813.853032] sg_copy_from_buffer+0x13/0x20 [ 3813.853660] fill_from_dev_buffer+0x135/0x370 [ 3813.854329] resp_readcap16+0x1ac/0x280 [ 3813.856917] schedule_resp+0x41f/0x1630 [ 3813.858203] scsi_debug_queuecommand+0xb32/0x17e0 [ 3813.862699] scsi_dispatch_cmd+0x330/0x950 [ 3813.863329] scsi_request_fn+0xd8e/0x1710 [ 3813.863946] __blk_run_queue+0x10b/0x230 [ 3813.864544] blk_execute_rq_nowait+0x1d8/0x400 [ 3813.865220] sg_common_write.isra.0+0xe61/0x2420 [ 3813.871637] sg_write+0x6c8/0xef0 [ 3813.878853] __vfs_write+0xe4/0x800 [ 3813.883487] vfs_write+0x17b/0x530 [ 3813.884008] ksys_write+0x103/0x270 [ 3813.886268] __x64_sys_write+0x77/0xc0 [ 3813.886841] do_syscall_64+0x106/0x360 [ 3813.887415] entry_SYSCALL_64_after_hwframe+0x44/0xa9 This issue can be reproduced with the following syzkaller log: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/3\x00') open_by_handle_at(r1, &(0x7f00000003c0)=ANY=[@ANYRESHEX], 0x602000) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40782) write$binfmt_aout(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="00000000deff000000000000000000000000000000000000000000000000000047f007af9e107a41ec395f1bded7be24277a1501ff6196a83366f4e6362bc0ff2b247f68a972989b094b2da4fb3607fcf611a22dd04310d28c75039d"], 0x126) In resp_readcap16() we get "int alloc_len" value -1104926854, and then pass the huge arr_len to fill_from_dev_buffer(), but arr is only 32 bytes. This leads to OOB in sg_copy_buffer(). To solve this issue, define alloc_len as u32.2024-04-10not yet calculatedCVE-2021-47191
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that after iSCSI recovery, iscsid will call into the kernel to set the dev's state to running, and with that patch we now call scsi_rescan_device() with the state_mutex held. If the SCSI error handler thread is just starting to test the device in scsi_send_eh_cmnd() then it's going to try to grab the state_mutex. We are then stuck, because when scsi_rescan_device() tries to send its I/O scsi_queue_rq() calls -> scsi_host_queue_ready() -> scsi_host_in_recovery() which will return true (the host state is still in recovery) and I/O will just be requeued. scsi_send_eh_cmnd() will then never be able to grab the state_mutex to finish error handling. To prevent the deadlock move the rescan-related code to after we drop the state_mutex. This also adds a check for if we are already in the running state. This prevents extra scans and helps the iscsid case where if the transport class has already onlined the device during its recovery process then we don't need userspace to do it again plus possibly block that daemon.2024-04-10not yet calculatedCVE-2021-47192
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix memory leak during rmmod Driver failed to release all memory allocated. This would lead to memory leak during driver removal. Properly free memory when the module is removed.2024-04-10not yet calculatedCVE-2021-47193
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it does not call the cleanup cfg80211_stop_ap(), this leads to the initialization of in-use data. For example, this path re-init the sdata->assigned_chanctx_list while it is still an element of assigned_vifs list, and makes that linked list corrupt.2024-04-10not yet calculatedCVE-2021-47194
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on SPI buses") introduced a per-controller mutex. But mutex_unlock() of said lock is called after the controller is already freed: spi_unregister_controller(ctlr) -> put_device(&ctlr->dev) -> spi_controller_release(dev) -> mutex_unlock(&ctrl->add_lock) Move the put_device() after the mutex_unlock().2024-04-10not yet calculatedCVE-2021-47195
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Set send and receive CQ before forwarding to the driver Preset both receive and send CQ pointers prior to call to the drivers and overwrite it later again till the mlx4 is going to be changed do not overwrite ibqp properties. This change is needed for mlx5, because in case of QP creation failure, it will go to the path of QP destroy which relies on proper CQ pointers. BUG: KASAN: use-after-free in create_qp.cold+0x164/0x16e [mlx5_ib] Write of size 8 at addr ffff8880064c55c0 by task a.out/246 CPU: 0 PID: 246 Comm: a.out Not tainted 5.15.0+ #291 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Call Trace: dump_stack_lvl+0x45/0x59 print_address_description.constprop.0+0x1f/0x140 kasan_report.cold+0x83/0xdf create_qp.cold+0x164/0x16e [mlx5_ib] mlx5_ib_create_qp+0x358/0x28a0 [mlx5_ib] create_qp.part.0+0x45b/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Allocated by task 246: kasan_save_stack+0x1b/0x40 __kasan_kmalloc+0xa4/0xd0 create_qp.part.0+0x92/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Freed by task 246: kasan_save_stack+0x1b/0x40 kasan_set_track+0x1c/0x30 kasan_set_free_info+0x20/0x30 __kasan_slab_free+0x10c/0x150 slab_free_freelist_hook+0xb4/0x1b0 kfree+0xe7/0x2a0 create_qp.part.0+0x52b/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae2024-04-10not yet calculatedCVE-2021-47196
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() Prior to this patch in case mlx5_core_destroy_cq() failed it proceeds to rest of destroy operations. mlx5_core_destroy_cq() could be called again by user and cause additional call of mlx5_debug_cq_remove(). cq->dbg was not nullify in previous call and cause the crash. Fix it by nullify cq->dbg pointer after removal. Also proceed to destroy operations only if FW return 0 for MLX5_CMD_OP_DESTROY_CQ command. general protection fault, probably for non-canonical address 0x2000300004058: 0000 [#1] SMP PTI CPU: 5 PID: 1228 Comm: python Not tainted 5.15.0-rc5_for_upstream_min_debug_2021_10_14_11_06 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:lockref_get+0x1/0x60 Code: 5d e9 53 ff ff ff 48 8d 7f 70 e8 0a 2e 48 00 c7 85 d0 00 00 00 02 00 00 00 c6 45 70 00 fb 5d c3 c3 cc cc cc cc cc cc cc cc 53 <48> 8b 17 48 89 fb 85 d2 75 3d 48 89 d0 bf 64 00 00 00 48 89 c1 48 RSP: 0018:ffff888137dd7a38 EFLAGS: 00010206 RAX: 0000000000000000 RBX: ffff888107d5f458 RCX: 00000000fffffffe RDX: 000000000002c2b0 RSI: ffffffff8155e2e0 RDI: 0002000300004058 RBP: ffff888137dd7a88 R08: 0002000300004058 R09: ffff8881144a9f88 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881141d4000 R13: ffff888137dd7c68 R14: ffff888137dd7d58 R15: ffff888137dd7cc0 FS: 00007f4644f2a4c0(0000) GS:ffff8887a2d40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055b4500f4380 CR3: 0000000114f7a003 CR4: 0000000000170ea0 Call Trace: simple_recursive_removal+0x33/0x2e0 ? debugfs_remove+0x60/0x60 debugfs_remove+0x40/0x60 mlx5_debug_cq_remove+0x32/0x70 [mlx5_core] mlx5_core_destroy_cq+0x41/0x1d0 [mlx5_core] devx_obj_cleanup+0x151/0x330 [mlx5_ib] ? __pollwait+0xd0/0xd0 ? xas_load+0x5/0x70 ? xa_load+0x62/0xa0 destroy_hw_idr_uobject+0x20/0x80 [ib_uverbs] uverbs_destroy_uobject+0x3b/0x360 [ib_uverbs] uobj_destroy+0x54/0xa0 [ib_uverbs] ib_uverbs_cmd_verbs+0xaf2/0x1160 [ib_uverbs] ? uverbs_finalize_object+0xd0/0xd0 [ib_uverbs] ib_uverbs_ioctl+0xc4/0x1b0 [ib_uverbs] __x64_sys_ioctl+0x3e4/0x8e02024-04-10not yet calculatedCVE-2021-47197
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b" The NLP_REG_LOGIN_SEND nlp_flag is set in lpfc_reg_fab_ctrl_node(), but the flag is not cleared upon completion of the login. This allows a second call to lpfc_unreg_rpi() to proceed with nlp_rpi set to LPFC_RPI_ALLOW_ERROR. This results in a use after free access when used as an rpi_ids array index. Fix by clearing the NLP_REG_LOGIN_SEND nlp_flag in lpfc_mbx_cmpl_fc_reg_login().2024-04-10not yet calculatedCVE-2021-47198
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT, Fix multiple allocations and memleak of mod acts CT clear action offload adds additional mod hdr actions to the flow's original mod actions in order to clear the registers which hold ct_state. When such flow also includes encap action, a neigh update event can cause the driver to unoffload the flow and then reoffload it. Each time this happens, the ct clear handling adds that same set of mod hdr actions to reset ct_state until the max of mod hdr actions is reached. Also the driver never releases the allocated mod hdr actions and causing a memleak. Fix above two issues by moving CT clear mod acts allocation into the parsing actions phase and only use it when offloading the rule. The release of mod acts will be done in the normal flow_put(). backtrace: [<000000007316e2f3>] krealloc+0x83/0xd0 [<00000000ef157de1>] mlx5e_mod_hdr_alloc+0x147/0x300 [mlx5_core] [<00000000970ce4ae>] mlx5e_tc_match_to_reg_set_and_get_id+0xd7/0x240 [mlx5_core] [<0000000067c5fa17>] mlx5e_tc_match_to_reg_set+0xa/0x20 [mlx5_core] [<00000000d032eb98>] mlx5_tc_ct_entry_set_registers.isra.0+0x36/0xc0 [mlx5_core] [<00000000fd23b869>] mlx5_tc_ct_flow_offload+0x272/0x1f10 [mlx5_core] [<000000004fc24acc>] mlx5e_tc_offload_fdb_rules.part.0+0x150/0x620 [mlx5_core] [<00000000dc741c17>] mlx5e_tc_encap_flows_add+0x489/0x690 [mlx5_core] [<00000000e92e49d7>] mlx5e_rep_update_flows+0x6e4/0x9b0 [mlx5_core] [<00000000f60f5602>] mlx5e_rep_neigh_update+0x39a/0x5d0 [mlx5_core]2024-04-10not yet calculatedCVE-2021-47199
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap drm_gem_ttm_mmap() drops a reference to the gem object on success. If the gem object's refcount == 1 on entry to drm_gem_prime_mmap(), that drop will free the gem object, and the subsequent drm_gem_object_get() will be a UAF. Fix by grabbing a reference before calling the mmap helper. This issue was forseen when the reference dropping was adding in commit 9786b65bc61ac ("drm/ttm: fix mmap refcounting"): "For that to work properly the drm_gem_object_get() call in drm_gem_ttm_mmap() must be moved so it happens before calling obj->funcs->mmap(), otherwise the gem refcount would go down to zero."2024-04-10not yet calculatedCVE-2021-47200
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: iavf: free q_vectors before queues in iavf_disable_vf iavf_free_queues() clears adapter->num_active_queues, which iavf_free_q_vectors() relies on, so swap the order of these two function calls in iavf_disable_vf(). This resolves a panic encountered when the interface is disabled and then later brought up again after PF communication is restored.2024-04-10not yet calculatedCVE-2021-47201
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() parses the thermal-zones node and registers a thermal_zone device for each subnode. However, if a thermal zone is consuming a thermal sensor and that thermal sensor device hasn't probed yet, an attempt to set trip_point_*_temp for that thermal zone device can cause a NULL pointer dereference. Fix it. console:/sys/class/thermal/thermal_zone87 # echo 120000 > trip_point_0_temp ... Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 ... Call trace: of_thermal_set_trip_temp+0x40/0xc4 trip_point_temp_store+0xc0/0x1dc dev_attr_store+0x38/0x88 sysfs_kf_write+0x64/0xc0 kernfs_fop_write_iter+0x108/0x1d0 vfs_write+0x2f4/0x368 ksys_write+0x7c/0xec __arm64_sys_write+0x20/0x30 el0_svc_common.llvm.7279915941325364641+0xbc/0x1bc do_el0_svc+0x28/0xa0 el0_svc+0x14/0x24 el0_sync_handler+0x88/0xec el0_sync+0x1c0/0x200 While at it, fix the possible NULL pointer dereference in other functions as well: of_thermal_get_temp(), of_thermal_set_emul_temp(), of_thermal_get_trend().2024-04-10not yet calculatedCVE-2021-47202
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter. If such an attempt fails, a local "fail_msg" string is set and a log message output. The job is then added to a completions list for cancellation. Processing of any further jobs from the txq list continues, but since "fail_msg" remains set, jobs are added to the completions list regardless of whether a wqe was passed to the adapter. If successfully added to txcmplq, jobs are added to both lists resulting in list corruption. Fix by clearing the fail_msg string after adding a job to the completions list. This stops the subsequent jobs from being added to the completions list unless they had an appropriate failure.2024-04-10not yet calculatedCVE-2021-47203
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove Access to netdev after free_netdev() will cause use-after-free bug. Move debug log before free_netdev() call to avoid it.2024-04-10not yet calculatedCVE-2021-47204
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and their providers registered. This can cause a page fault later when some clock operation tries to perform MMIO. Fix this by separating the CCU initialization from the memory allocation, and then using a devres callback to unregister the clocks and resets. This also fixes a memory leak of the `struct ccu_reset`, and uses the correct owner (the specific platform driver) for the clocks and resets. Early OF clock providers are never unregistered, and limited error handling is possible, so they are mostly unchanged. The error reporting is made more consistent by moving the message inside of_sunxi_ccu_probe.2024-04-10not yet calculatedCVE-2021-47205
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value.2024-04-10not yet calculatedCVE-2021-47206
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: ALSA: gus: fix null pointer dereference on pointer block The pointer block return from snd_gf1_dma_next_block could be null, so there is a potential null pointer dereference issue. Fix this by adding a null check before dereference.2024-04-10not yet calculatedCVE-2021-47207
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Prevent dead task groups from regaining cfs_rq's Kevin is reporting crashes which point to a use-after-free of a cfs_rq in update_blocked_averages(). Initial debugging revealed that we've live cfs_rq's (on_list=1) in an about to be kfree()'d task group in free_fair_sched_group(). However, it was unclear how that can happen. His kernel config happened to lead to a layout of struct sched_entity that put the 'my_q' member directly into the middle of the object which makes it incidentally overlap with SLUB's freelist pointer. That, in combination with SLAB_FREELIST_HARDENED's freelist pointer mangling, leads to a reliable access violation in form of a #GP which made the UAF fail fast. Michal seems to have run into the same issue[1]. He already correctly diagnosed that commit a7b359fc6a37 ("sched/fair: Correctly insert cfs_rq's to list on unthrottle") is causing the preconditions for the UAF to happen by re-adding cfs_rq's also to task groups that have no more running tasks, i.e. also to dead ones. His analysis, however, misses the real root cause and it cannot be seen from the crash backtrace only, as the real offender is tg_unthrottle_up() getting called via sched_cfs_period_timer() via the timer interrupt at an inconvenient time. When unregister_fair_sched_group() unlinks all cfs_rq's from the dying task group, it doesn't protect itself from getting interrupted.