All CVEs — 2024 (Page 7/307)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2024-12-20

Medium

CVE-2024-11774

The Outdooractive Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode in all versions up to, and including, 1.5 due to insufficient input sani…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2024-11411

The Spotlightr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode in all versions up to, and including, 0.1.9 due to insufficient input saniti…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2024-11331

The استخراج محصولات ووکامرس برای آیسی plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL i…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2024-11297

The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core sea…

CVSS: 5.3 CWE: CWE-200

Medium

CVE-2024-8968

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Si…

CVSS: 4.7 CWE: CWE-79

Medium

CVE-2024-5955

Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be i…

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2024-11108

The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could all…

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2024-10706

The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting atta…

CVSS: 4.8 CWE: CWE-79

Medium

CVE-2024-10555

CVSS: 4.8 CWE: CWE-79

High

CVE-2024-21549

Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerabilit…

CVSS: 8.6 CWE: CWE-20

Low

CVE-2024-44298

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about a user's contacts.

CVSS: 3.3 CWE: CWE-922

Medium

CVE-2024-44293

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may be able to view sensitive user information.

CVSS: 5.5 CWE: CWE-352

Medium

CVE-2024-44292

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.

CVSS: 5.5 CWE: CWE-922

Medium

CVE-2024-44223

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login W…

CVSS: 4.6 CWE: CWE-281

Medium

CVE-2024-44211

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.

CVSS: 5.5 CWE: CWE-59

High

CVE-2024-44195

A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to read arbitrary files.

CVSS: 7.5 CWE: CWE-22

High

CVE-2023-42867

This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.

CVSS: 7.8 CWE: CWE-281

Medium

CVE-2024-11776

The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode in all versions up to, and including, 1.4.10 due to insufficient…

CVSS: 6.4 CWE: CWE-79

High

CVE-2022-34159

Huawei printers have an input verification vulnerability. Successful exploitation of this vulnerability may cause device service exceptions. (Vulnerability ID: HWPSIRT-2022-80078) This vulnerability…

CVSS: 7.5 CWE: CWE-20

High

CVE-2022-32204

There is an improper input verification vulnerability in Huawei printer product. Successful exploitation of this vulnerability may cause service abnormal. (Vulnerability ID: HWPSIRT-2022-87185) This…

CVSS: 7.5 CWE: CWE-20

Critical

CVE-2022-32203

There is a command injection vulnerability in Huawei terminal printer product. Successful exploitation could result in the highest privileges of the printer. (Vulnerability ID: HWPSIRT-2022-51773) T…

CVSS: 9.8 CWE: CWE-77

Medium

CVE-2024-12678

Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE…

CVSS: 6.5 CWE: CWE-266

High

CVE-2022-32144

There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192) This v…

CVSS: 8.6 CWE: CWE-20

Low

CVE-2020-9250

There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient ver…

CVSS: 3.3 CWE: CWE-287

High

CVE-2024-54538

A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, wa…

CVSS: 7.5 CWE: CWE-770

Medium

CVE-2024-12832

Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on af…

CVSS: 6.3 CWE: CWE-89

High

CVE-2024-12831

Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewa…

CVSS: 7.8 CWE: CWE-863

High

CVE-2024-12830

Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG…

CVSS: 7.3 CWE: CWE-22

High

CVE-2024-12829

Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG F…

CVSS: 8.8 CWE: CWE-78

2024-12-19

Critical

CVE-2024-56327

pyrage is a set of Python bindings for the rage file encryption library (age in Rust). `pyrage` uses the Rust `age` crate for its underlying operations, and `age` is vulnerable to GHSA-4fg7-vxc8-qx5w…

CVSS: 9.8 CWE: CWE-94

High

CVE-2024-54663

An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI) vulnerability exists in the /h/rest endpoint, allowing authenticate…

CVSS: 7.5 CWE: CWE-829

Medium

CVE-2024-54009

Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information.

CVSS: 4.0 CWE: CWE-200

High

CVE-2024-12700

There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web…

CVSS: 8.8 CWE: CWE-434

Critical

CVE-2024-54984

An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message. NOTE: this is disputed by the supplier.

CVSS: 9.8 CWE: CWE-306

Critical

CVE-2024-54983

An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a crafted NAS message.

CVSS: 9.8 CWE: CWE-306

High

CVE-2024-12729

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).

CVSS: 8.8 CWE: CWE-94

Critical

CVE-2024-12728

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).

CVSS: 9.8 CWE: CWE-1391

Critical

CVE-2024-12727

A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code exe…

CVSS: 9.8 CWE: CWE-89

High

CVE-2024-12672

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor cou…

CVSS: 7.3 CWE: CWE-787

High

CVE-2024-12175

Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was al…

CVSS: 7.8 CWE: CWE-416

High

CVE-2024-11364

Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable…

CVSS: 7.3 CWE: CWE-908

High

CVE-2024-11157

CVSS: 7.3 CWE: CWE-787

Medium

CVE-2024-7139

Due to an unchecked buffer length, a specially crafted L2CAP packet can cause a buffer overflow. This buffer overflow triggers an assert, which results in a temporary denial of service. If a watchd…

CVSS: 6.5 CWE: CWE-617

Medium

CVE-2024-7138

An assert may be triggered, causing a temporary denial of service when a peer device sends a specially crafted malformed L2CAP packet. If a watchdog timer is not enabled, a hard reset is required to…

CVSS: 6.5 CWE: CWE-617

Medium

CVE-2024-7137

The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Receiving a packet that exceeds the restricted buffer length may cause a…

CVSS: 6.5 CWE: CWE-787

High

CVE-2024-53991

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use `FileStore::LocalStore` which means uploads and backups are stored…

CVSS: 7.5 CWE: CWE-200

Medium

CVE-2024-52794

Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advis…

CVSS: 6.8 CWE: CWE-79

Low

CVE-2024-52589

Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patc…

CVSS: 2.2 CWE: CWE-200

Medium

CVE-2024-49765

Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create a…

CVSS: 5.3 CWE: CWE-359

High

CVE-2024-12111

In a specific scenario a LDAP user can abuse the authentication process in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 2…

CVSS: 8.0 CWE: CWE-77

High

CVE-2024-56200

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could af…

CVSS: 8.6 CWE: CWE-400

High

CVE-2024-56159

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such a…

CVSS: 7.8 CWE: CWE-219

High

CVE-2024-55196

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers.

CVSS: 7.5 CWE: CWE-312

Critical

CVE-2024-54150

cjwt is a C JSON Web Token (JWT) Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between…

CVSS: 9.1 CWE: CWE-347

Medium

CVE-2020-6923

The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow.

CVSS: 5.7 CWE: CWE-120

Medium

CVE-2024-52897

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.

CVSS: 6.2 CWE: CWE-209

Medium

CVE-2024-51471

IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of…

CVSS: 5.3 CWE: CWE-125

Medium

CVE-2024-49336

IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to…

CVSS: 6.5 CWE: CWE-918

High

CVE-2024-38819

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain…

CVSS: 7.5 CWE: CWE-22

Medium

CVE-2024-12794

A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/q…

CVSS: 6.3 CWE: CWE-74

Medium

CVE-2024-12793

A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php…

CVSS: 4.3 CWE: CWE-22

High

CVE-2024-12792

A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument…

CVSS: 7.3 CWE: CWE-74

High

CVE-2024-12791

A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email lea…

CVSS: 7.3 CWE: CWE-74

Critical

CVE-2024-55081

An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input.

CVSS: 9.8 CWE: CWE-611

Medium

CVE-2024-52896

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.

CVSS: 6.2 CWE: CWE-209

Low

CVE-2024-12801

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback…

CVSS: 2.4 CWE: CWE-918

Low

CVE-2024-12790

A vulnerability was found in code-projects Hostel Management Site 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file room-details.php. The manipulation lead…

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2024-12789

A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argum…

CVSS: 6.3 CWE: CWE-74

High

CVE-2024-12788

A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file signinpost.php. The manipulation of t…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2021-22501

Improper Restriction of XML External Entity Reference vulnerability in OpenText™ Operations Bridge Manager allows Input Data Manipulation. The vulnerability could be exploited to confidential infor…

CVSS: 5.3 CWE: CWE-611

High

CVE-2024-9154

A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. This issue affects Ewon Flexy 205: through 14.8s0 (#2633).

CVSS: 8.6 CWE: CWE-94

High

CVE-2024-55082

A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request.

CVSS: 7.5 CWE: CWE-918

Medium

CVE-2024-38864

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data.

CVSS: 4.8 CWE: CWE-732

Medium

CVE-2024-12798

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code b…

CVSS: 5.9 CWE: CWE-917

High

CVE-2024-12787

A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/c…

CVSS: 7.3 CWE: CWE-74

High

CVE-2024-54790

A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter.

CVSS: 7.5 CWE: CWE-89

High

CVE-2024-47093

Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS

CVSS: 8.8 CWE: CWE-79

High

CVE-2024-25131

A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially craf…

CVSS: 8.8 CWE: CWE-20

High

CVE-2024-12786

A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Dow…

CVSS: 7.8 CWE: CWE-266

Medium

CVE-2024-12785

A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file sendmail.php. The man…

CVSS: 6.3 CWE: CWE-74

Medium

CVE-2024-9102

phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutraliz…

CVSS: 5.0 CWE: CWE-1236

Low

CVE-2024-9101

A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the…

CVSS: 2.1 CWE: CWE-79

Medium

CVE-2024-12784

A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been classified as critical. Affected is an unknown function of the file editbill.php. The manipulation of the argument…

CVSS: 6.3 CWE: CWE-74

Critical

CVE-2024-10244

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection.This issue affects Web Software: before 3.6.

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2021-26102

A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted…

CVSS: 9.8 CWE: CWE-305

Low

CVE-2024-12783

A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /billaction.php. The manipulation of the…

CVSS: 3.5 CWE: CWE-79

High

CVE-2024-12782

A vulnerability has been found in Fujifilm Business Innovation Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /…

CVSS: 7.3 CWE: CWE-266

High

CVE-2021-32589

A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below,…

CVSS: 8.1 CWE: CWE-416

Medium

CVE-2024-45819

PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of…

CVSS: 5.5 CWE: CWE-276

Medium

CVE-2024-45818

The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired…

CVSS: 6.5 CWE: CWE-667

Medium

CVE-2024-37962

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Fusion allows Stored XSS.This issue affects Fusion: from n/a through 1.6.1.

CVSS: 6.5 CWE: CWE-79

Critical

CVE-2024-12626

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘a-0-o-search_fiel…

CVSS: 9.6 CWE: CWE-79

Medium

CVE-2024-12331

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to,…

CVSS: 4.3 CWE: CWE-862

High

CVE-2021-26115

An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to ro…

CVSS: 7.8 CWE: CWE-78

High

CVE-2020-15934

An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by…

CVSS: 8.8 CWE: CWE-269

Medium

CVE-2020-12820

Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the Fort…

CVSS: 5.4 CWE: CWE-121

Medium

CVE-2024-11616

Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that th…

CVSS: 5.6 CWE: CWE-125

Critical

CVE-2023-4617

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and…

CVSS: 10.0 CWE: CWE-863

High

CVE-2024-12569

Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under s…

CVSS: 7.8 CWE: CWE-532

High

CVE-2024-4230

External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malici…

CVSS: 7.8 CWE: CWE-73

High

CVE-2024-4229

Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious loca…

CVSS: 7.8 CWE: CWE-276

High

CVE-2021-26093

An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the co…

CVSS: 7.3 CWE: CWE-824

Medium

CVE-2020-12819

A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid…

CVSS: 5.4 CWE: CWE-122

Medium

CVE-2024-12560

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_bloc…

CVSS: 4.3 CWE: CWE-200

Medium

CVE-2024-11768

The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up…

CVSS: 5.3 CWE: CWE-285

High

CVE-2024-11740

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an act…

CVSS: 7.3 CWE: CWE-94

High

CVE-2024-11984

A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload r…

CVSS: 8.8 CWE: CWE-434

High

CVE-2024-51532

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit thi…

CVSS: 7.1 CWE: CWE-88

High

CVE-2024-35141

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges.

CVSS: 7.8 CWE: CWE-250

Medium

CVE-2024-12121

The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. This makes it…

CVSS: 5.4 CWE: CWE-918

Medium

CVE-2024-10548

The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List ('/wp-json/pm/v2/projects/1/task-lis…

CVSS: 6.5 CWE: CWE-200

Medium

CVE-2023-30443

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.

CVSS: 5.3 CWE: CWE-770

Medium

CVE-2023-23357

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrat…

CVSS: 4.8 CWE: CWE-79

Medium

CVE-2023-23356

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access…

CVSS: 5.5 CWE: CWE-77

High

CVE-2023-23354

CVSS: 7.3 CWE: CWE-79

Medium

CVE-2022-27600

An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-…

CVSS: 6.8 CWE: CWE-400

High

CVE-2022-27595

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthoriz…

CVSS: 7.8 CWE: CWE-427

Medium

CVE-2022-33954

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials.

CVSS: 4.6 CWE: CWE-522

Medium

CVE-2021-39081

IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CVSS: 5.9 CWE: CWE-319

Medium

CVE-2024-55603

Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom ses…

CVSS: 6.5 CWE: CWE-613